Marcus Updateinfo to OVAL Converter5.52024-06-04T05:52:45DirectFB-1.7.1-6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the DirectFB-1.7.1-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-2977 at SUSECVE-2014-2977 at NVDCVE-2014-2978 at SUSECVE-2014-2978 at NVDcpe:/o:suse:sles:12:sp4MozillaFirefox-52.9.0esr-109.38.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the MozillaFirefox-52.9.0esr-109.38.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-5913 at SUSECVE-2008-5913 at NVDCVE-2009-0040 at SUSECVE-2009-0040 at NVDCVE-2009-0652 at SUSECVE-2009-0652 at NVDCVE-2009-0771 at SUSECVE-2009-0771 at NVDCVE-2009-0772 at SUSECVE-2009-0772 at NVDCVE-2009-0773 at SUSECVE-2009-0773 at NVDCVE-2009-0774 at SUSECVE-2009-0774 at NVDCVE-2009-0775 at SUSECVE-2009-0775 at NVDCVE-2009-0776 at SUSECVE-2009-0776 at NVDCVE-2009-0777 at SUSECVE-2009-0777 at NVDCVE-2009-1044 at SUSECVE-2009-1044 at NVDCVE-2009-1169 at SUSECVE-2009-1169 at NVDCVE-2009-1302 at SUSECVE-2009-1302 at NVDCVE-2009-1303 at SUSECVE-2009-1303 at NVDCVE-2009-1304 at SUSECVE-2009-1304 at NVDCVE-2009-1305 at SUSECVE-2009-1305 at NVDCVE-2009-1306 at SUSECVE-2009-1306 at NVDCVE-2009-1307 at SUSECVE-2009-1307 at NVDCVE-2009-1308 at SUSECVE-2009-1308 at NVDCVE-2009-1309 at SUSECVE-2009-1309 at NVDCVE-2009-1310 at SUSECVE-2009-1310 at NVDCVE-2009-1311 at SUSECVE-2009-1311 at NVDCVE-2009-1312 at SUSECVE-2009-1312 at NVDCVE-2009-1313 at SUSECVE-2009-1313 at NVDCVE-2009-1563 at SUSECVE-2009-1563 at NVDCVE-2009-2470 at SUSECVE-2009-2470 at NVDCVE-2009-2654 at SUSECVE-2009-2654 at NVDCVE-2009-3069 at SUSECVE-2009-3069 at NVDCVE-2009-3070 at SUSECVE-2009-3070 at NVDCVE-2009-3071 at SUSECVE-2009-3071 at NVDCVE-2009-3072 at SUSECVE-2009-3072 at NVDCVE-2009-3073 at SUSECVE-2009-3073 at NVDCVE-2009-3074 at SUSECVE-2009-3074 at NVDCVE-2009-3075 at SUSECVE-2009-3075 at NVDCVE-2009-3077 at SUSECVE-2009-3077 at NVDCVE-2009-3078 at SUSECVE-2009-3078 at NVDCVE-2009-3079 at SUSECVE-2009-3079 at NVDCVE-2009-3274 at SUSECVE-2009-3274 at NVDCVE-2009-3370 at SUSECVE-2009-3370 at NVDCVE-2009-3371 at SUSECVE-2009-3371 at NVDCVE-2009-3372 at SUSECVE-2009-3372 at NVDCVE-2009-3373 at SUSECVE-2009-3373 at NVDCVE-2009-3374 at SUSECVE-2009-3374 at NVDCVE-2009-3375 at SUSECVE-2009-3375 at NVDCVE-2009-3376 at SUSECVE-2009-3376 at NVDCVE-2009-3377 at SUSECVE-2009-3377 at NVDCVE-2009-3378 at SUSECVE-2009-3378 at NVDCVE-2009-3379 at SUSECVE-2009-3379 at NVDCVE-2009-3380 at SUSECVE-2009-3380 at NVDCVE-2009-3381 at SUSECVE-2009-3381 at NVDCVE-2009-3383 at SUSECVE-2009-3383 at NVDCVE-2009-3388 at SUSECVE-2009-3388 at NVDCVE-2009-3389 at SUSECVE-2009-3389 at NVDCVE-2009-3555 at SUSECVE-2009-3555 at NVDCVE-2009-3979 at SUSECVE-2009-3979 at NVDCVE-2009-3980 at SUSECVE-2009-3980 at NVDCVE-2009-3982 at SUSECVE-2009-3982 at NVDCVE-2009-3983 at SUSECVE-2009-3983 at NVDCVE-2009-3984 at SUSECVE-2009-3984 at NVDCVE-2009-3985 at SUSECVE-2009-3985 at NVDCVE-2010-0164 at SUSECVE-2010-0164 at NVDCVE-2010-0165 at SUSECVE-2010-0165 at NVDCVE-2010-0166 at SUSECVE-2010-0166 at NVDCVE-2010-0167 at SUSECVE-2010-0167 at NVDCVE-2010-0168 at SUSECVE-2010-0168 at NVDCVE-2010-0169 at SUSECVE-2010-0169 at NVDCVE-2010-0170 at SUSECVE-2010-0170 at NVDCVE-2010-0171 at SUSECVE-2010-0171 at NVDCVE-2010-0172 at SUSECVE-2010-0172 at NVDCVE-2010-0173 at SUSECVE-2010-0173 at NVDCVE-2010-0174 at SUSECVE-2010-0174 at NVDCVE-2010-0176 at SUSECVE-2010-0176 at NVDCVE-2010-0177 at SUSECVE-2010-0177 at NVDCVE-2010-0178 at SUSECVE-2010-0178 at NVDCVE-2010-0181 at SUSECVE-2010-0181 at NVDCVE-2010-0182 at SUSECVE-2010-0182 at NVDCVE-2010-0654 at SUSECVE-2010-0654 at NVDCVE-2010-1028 at SUSECVE-2010-1028 at NVDCVE-2010-1121 at SUSECVE-2010-1121 at NVDCVE-2010-1125 at SUSECVE-2010-1125 at NVDCVE-2010-1196 at SUSECVE-2010-1196 at NVDCVE-2010-1197 at SUSECVE-2010-1197 at NVDCVE-2010-1198 at SUSECVE-2010-1198 at NVDCVE-2010-1199 at SUSECVE-2010-1199 at NVDCVE-2010-1200 at SUSECVE-2010-1200 at NVDCVE-2010-1201 at SUSECVE-2010-1201 at NVDCVE-2010-1202 at SUSECVE-2010-1202 at NVDCVE-2010-1203 at SUSECVE-2010-1203 at NVDCVE-2010-1205 at SUSECVE-2010-1205 at NVDCVE-2010-1206 at SUSECVE-2010-1206 at NVDCVE-2010-1207 at SUSECVE-2010-1207 at NVDCVE-2010-1208 at SUSECVE-2010-1208 at NVDCVE-2010-1209 at SUSECVE-2010-1209 at NVDCVE-2010-1210 at SUSECVE-2010-1210 at NVDCVE-2010-1211 at SUSECVE-2010-1211 at NVDCVE-2010-1212 at SUSECVE-2010-1212 at NVDCVE-2010-1213 at SUSECVE-2010-1213 at NVDCVE-2010-1214 at SUSECVE-2010-1214 at NVDCVE-2010-1215 at SUSECVE-2010-1215 at NVDCVE-2010-2751 at SUSECVE-2010-2751 at NVDCVE-2010-2752 at SUSECVE-2010-2752 at NVDCVE-2010-2753 at SUSECVE-2010-2753 at NVDCVE-2010-2754 at SUSECVE-2010-2754 at NVDCVE-2010-2755 at SUSECVE-2010-2755 at NVDCVE-2010-2760 at SUSECVE-2010-2760 at NVDCVE-2010-2762 at SUSECVE-2010-2762 at NVDCVE-2010-2764 at SUSECVE-2010-2764 at NVDCVE-2010-2765 at SUSECVE-2010-2765 at NVDCVE-2010-2766 at SUSECVE-2010-2766 at NVDCVE-2010-2767 at SUSECVE-2010-2767 at NVDCVE-2010-2768 at SUSECVE-2010-2768 at NVDCVE-2010-2769 at SUSECVE-2010-2769 at NVDCVE-2010-3166 at SUSECVE-2010-3166 at NVDCVE-2010-3167 at SUSECVE-2010-3167 at NVDCVE-2010-3168 at SUSECVE-2010-3168 at NVDCVE-2010-3169 at SUSECVE-2010-3169 at NVDCVE-2010-3170 at SUSECVE-2010-3170 at NVDCVE-2010-3173 at SUSECVE-2010-3173 at NVDCVE-2010-3174 at SUSECVE-2010-3174 at NVDCVE-2010-3175 at SUSECVE-2010-3175 at NVDCVE-2010-3176 at SUSECVE-2010-3176 at NVDCVE-2010-3177 at SUSECVE-2010-3177 at NVDCVE-2010-3178 at SUSECVE-2010-3178 at NVDCVE-2010-3179 at SUSECVE-2010-3179 at NVDCVE-2010-3180 at SUSECVE-2010-3180 at NVDCVE-2010-3182 at SUSECVE-2010-3182 at NVDCVE-2010-3183 at SUSECVE-2010-3183 at NVDCVE-2010-3765 at SUSECVE-2010-3765 at NVDCVE-2011-0068 at SUSECVE-2011-0068 at NVDCVE-2011-0069 at SUSECVE-2011-0069 at NVDCVE-2011-0070 at SUSECVE-2011-0070 at NVDCVE-2011-0079 at SUSECVE-2011-0079 at NVDCVE-2011-0080 at SUSECVE-2011-0080 at NVDCVE-2011-0081 at SUSECVE-2011-0081 at NVDCVE-2011-0084 at SUSECVE-2011-0084 at NVDCVE-2011-1187 at SUSECVE-2011-1187 at NVDCVE-2011-1202 at SUSECVE-2011-1202 at NVDCVE-2011-2366 at SUSECVE-2011-2366 at NVDCVE-2011-2367 at SUSECVE-2011-2367 at NVDCVE-2011-2368 at SUSECVE-2011-2368 at NVDCVE-2011-2369 at SUSECVE-2011-2369 at NVDCVE-2011-2370 at SUSECVE-2011-2370 at NVDCVE-2011-2371 at SUSECVE-2011-2371 at NVDCVE-2011-2372 at SUSECVE-2011-2372 at NVDCVE-2011-2373 at SUSECVE-2011-2373 at NVDCVE-2011-2374 at SUSECVE-2011-2374 at NVDCVE-2011-2375 at SUSECVE-2011-2375 at NVDCVE-2011-2377 at SUSECVE-2011-2377 at NVDCVE-2011-2985 at SUSECVE-2011-2985 at NVDCVE-2011-2986 at SUSECVE-2011-2986 at NVDCVE-2011-2988 at SUSECVE-2011-2988 at NVDCVE-2011-2989 at SUSECVE-2011-2989 at NVDCVE-2011-2990 at SUSECVE-2011-2990 at NVDCVE-2011-2991 at SUSECVE-2011-2991 at NVDCVE-2011-2992 at SUSECVE-2011-2992 at NVDCVE-2011-2993 at SUSECVE-2011-2993 at NVDCVE-2011-2995 at SUSECVE-2011-2995 at NVDCVE-2011-2996 at SUSECVE-2011-2996 at NVDCVE-2011-2997 at SUSECVE-2011-2997 at NVDCVE-2011-3000 at SUSECVE-2011-3000 at NVDCVE-2011-3001 at SUSECVE-2011-3001 at NVDCVE-2011-3002 at SUSECVE-2011-3002 at NVDCVE-2011-3003 at SUSECVE-2011-3003 at NVDCVE-2011-3004 at SUSECVE-2011-3004 at NVDCVE-2011-3005 at SUSECVE-2011-3005 at NVDCVE-2011-3026 at SUSECVE-2011-3026 at NVDCVE-2011-3062 at SUSECVE-2011-3062 at NVDCVE-2011-3101 at SUSECVE-2011-3101 at NVDCVE-2011-3232 at SUSECVE-2011-3232 at NVDCVE-2011-3648 at SUSECVE-2011-3648 at NVDCVE-2011-3650 at SUSECVE-2011-3650 at NVDCVE-2011-3651 at SUSECVE-2011-3651 at NVDCVE-2011-3652 at SUSECVE-2011-3652 at NVDCVE-2011-3654 at SUSECVE-2011-3654 at NVDCVE-2011-3655 at SUSECVE-2011-3655 at NVDCVE-2011-3658 at SUSECVE-2011-3658 at NVDCVE-2011-3659 at SUSECVE-2011-3659 at NVDCVE-2011-3660 at SUSECVE-2011-3660 at NVDCVE-2011-3661 at SUSECVE-2011-3661 at NVDCVE-2011-3663 at SUSECVE-2011-3663 at NVDCVE-2012-0441 at SUSECVE-2012-0441 at NVDCVE-2012-0442 at SUSECVE-2012-0442 at NVDCVE-2012-0443 at SUSECVE-2012-0443 at NVDCVE-2012-0444 at SUSECVE-2012-0444 at NVDCVE-2012-0445 at SUSECVE-2012-0445 at NVDCVE-2012-0446 at SUSECVE-2012-0446 at NVDCVE-2012-0447 at SUSECVE-2012-0447 at NVDCVE-2012-0449 at SUSECVE-2012-0449 at NVDCVE-2012-0451 at SUSECVE-2012-0451 at NVDCVE-2012-0452 at SUSECVE-2012-0452 at NVDCVE-2012-0455 at SUSECVE-2012-0455 at NVDCVE-2012-0456 at SUSECVE-2012-0456 at NVDCVE-2012-0457 at SUSECVE-2012-0457 at NVDCVE-2012-0458 at SUSECVE-2012-0458 at NVDCVE-2012-0459 at SUSECVE-2012-0459 at NVDCVE-2012-0460 at SUSECVE-2012-0460 at NVDCVE-2012-0461 at SUSECVE-2012-0461 at NVDCVE-2012-0462 at SUSECVE-2012-0462 at NVDCVE-2012-0463 at SUSECVE-2012-0463 at NVDCVE-2012-0464 at SUSECVE-2012-0464 at NVDCVE-2012-0467 at SUSECVE-2012-0467 at NVDCVE-2012-0468 at SUSECVE-2012-0468 at NVDCVE-2012-0469 at SUSECVE-2012-0469 at NVDCVE-2012-0470 at SUSECVE-2012-0470 at NVDCVE-2012-0471 at SUSECVE-2012-0471 at NVDCVE-2012-0472 at SUSECVE-2012-0472 at NVDCVE-2012-0473 at SUSECVE-2012-0473 at NVDCVE-2012-0474 at SUSECVE-2012-0474 at NVDCVE-2012-0475 at SUSECVE-2012-0475 at NVDCVE-2012-0477 at SUSECVE-2012-0477 at NVDCVE-2012-0478 at SUSECVE-2012-0478 at NVDCVE-2012-0479 at SUSECVE-2012-0479 at NVDCVE-2012-0759 at SUSECVE-2012-0759 at NVDCVE-2012-1937 at SUSECVE-2012-1937 at NVDCVE-2012-1938 at SUSECVE-2012-1938 at NVDCVE-2012-1940 at SUSECVE-2012-1940 at NVDCVE-2012-1941 at SUSECVE-2012-1941 at NVDCVE-2012-1944 at SUSECVE-2012-1944 at NVDCVE-2012-1945 at SUSECVE-2012-1945 at NVDCVE-2012-1946 at SUSECVE-2012-1946 at NVDCVE-2012-1947 at SUSECVE-2012-1947 at NVDCVE-2012-1948 at SUSECVE-2012-1948 at NVDCVE-2012-1949 at SUSECVE-2012-1949 at NVDCVE-2012-1950 at SUSECVE-2012-1950 at NVDCVE-2012-1951 at SUSECVE-2012-1951 at NVDCVE-2012-1952 at SUSECVE-2012-1952 at NVDCVE-2012-1953 at SUSECVE-2012-1953 at NVDCVE-2012-1954 at SUSECVE-2012-1954 at NVDCVE-2012-1955 at SUSECVE-2012-1955 at NVDCVE-2012-1956 at SUSECVE-2012-1956 at NVDCVE-2012-1957 at SUSECVE-2012-1957 at NVDCVE-2012-1958 at SUSECVE-2012-1958 at NVDCVE-2012-1959 at SUSECVE-2012-1959 at NVDCVE-2012-1960 at SUSECVE-2012-1960 at NVDCVE-2012-1961 at SUSECVE-2012-1961 at NVDCVE-2012-1962 at SUSECVE-2012-1962 at NVDCVE-2012-1963 at SUSECVE-2012-1963 at NVDCVE-2012-1965 at SUSECVE-2012-1965 at NVDCVE-2012-1966 at SUSECVE-2012-1966 at NVDCVE-2012-1967 at SUSECVE-2012-1967 at NVDCVE-2012-1970 at SUSECVE-2012-1970 at NVDCVE-2012-1972 at SUSECVE-2012-1972 at NVDCVE-2012-1973 at SUSECVE-2012-1973 at NVDCVE-2012-1974 at SUSECVE-2012-1974 at NVDCVE-2012-1975 at SUSECVE-2012-1975 at NVDCVE-2012-1976 at SUSECVE-2012-1976 at NVDCVE-2012-3956 at SUSECVE-2012-3956 at NVDCVE-2012-3957 at SUSECVE-2012-3957 at NVDCVE-2012-3958 at SUSECVE-2012-3958 at NVDCVE-2012-3959 at SUSECVE-2012-3959 at NVDCVE-2012-3960 at SUSECVE-2012-3960 at NVDCVE-2012-3961 at SUSECVE-2012-3961 at NVDCVE-2012-3962 at SUSECVE-2012-3962 at NVDCVE-2012-3963 at SUSECVE-2012-3963 at NVDCVE-2012-3964 at SUSECVE-2012-3964 at NVDCVE-2012-3965 at SUSECVE-2012-3965 at NVDCVE-2012-3966 at SUSECVE-2012-3966 at NVDCVE-2012-3967 at SUSECVE-2012-3967 at NVDCVE-2012-3968 at SUSECVE-2012-3968 at NVDCVE-2012-3969 at SUSECVE-2012-3969 at NVDCVE-2012-3970 at SUSECVE-2012-3970 at NVDCVE-2012-3971 at SUSECVE-2012-3971 at NVDCVE-2012-3972 at SUSECVE-2012-3972 at NVDCVE-2012-3973 at SUSECVE-2012-3973 at NVDCVE-2012-3975 at SUSECVE-2012-3975 at NVDCVE-2012-3976 at SUSECVE-2012-3976 at NVDCVE-2012-3978 at SUSECVE-2012-3978 at NVDCVE-2012-3980 at SUSECVE-2012-3980 at NVDCVE-2012-3982 at SUSECVE-2012-3982 at NVDCVE-2012-3983 at SUSECVE-2012-3983 at NVDCVE-2012-3984 at SUSECVE-2012-3984 at NVDCVE-2012-3985 at SUSECVE-2012-3985 at NVDCVE-2012-3986 at SUSECVE-2012-3986 at NVDCVE-2012-3988 at SUSECVE-2012-3988 at NVDCVE-2012-3989 at SUSECVE-2012-3989 at NVDCVE-2012-3990 at SUSECVE-2012-3990 at NVDCVE-2012-3991 at SUSECVE-2012-3991 at NVDCVE-2012-3992 at SUSECVE-2012-3992 at NVDCVE-2012-3993 at SUSECVE-2012-3993 at NVDCVE-2012-3994 at SUSECVE-2012-3994 at NVDCVE-2012-3995 at SUSECVE-2012-3995 at NVDCVE-2012-4179 at SUSECVE-2012-4179 at NVDCVE-2012-4180 at SUSECVE-2012-4180 at NVDCVE-2012-4181 at SUSECVE-2012-4181 at NVDCVE-2012-4182 at SUSECVE-2012-4182 at NVDCVE-2012-4183 at SUSECVE-2012-4183 at NVDCVE-2012-4184 at SUSECVE-2012-4184 at NVDCVE-2012-4185 at SUSECVE-2012-4185 at NVDCVE-2012-4186 at SUSECVE-2012-4186 at NVDCVE-2012-4187 at SUSECVE-2012-4187 at NVDCVE-2012-4188 at SUSECVE-2012-4188 at NVDCVE-2012-4191 at SUSECVE-2012-4191 at NVDCVE-2012-4192 at SUSECVE-2012-4192 at NVDCVE-2012-4193 at SUSECVE-2012-4193 at NVDCVE-2012-4194 at SUSECVE-2012-4194 at NVDCVE-2012-4195 at SUSECVE-2012-4195 at NVDCVE-2012-4196 at SUSECVE-2012-4196 at NVDCVE-2012-4201 at SUSECVE-2012-4201 at NVDCVE-2012-4202 at SUSECVE-2012-4202 at NVDCVE-2012-4203 at SUSECVE-2012-4203 at NVDCVE-2012-4204 at SUSECVE-2012-4204 at NVDCVE-2012-4205 at SUSECVE-2012-4205 at NVDCVE-2012-4207 at SUSECVE-2012-4207 at NVDCVE-2012-4208 at SUSECVE-2012-4208 at NVDCVE-2012-4209 at SUSECVE-2012-4209 at NVDCVE-2012-4210 at SUSECVE-2012-4210 at NVDCVE-2012-4212 at SUSECVE-2012-4212 at NVDCVE-2012-4213 at SUSECVE-2012-4213 at NVDCVE-2012-4214 at SUSECVE-2012-4214 at NVDCVE-2012-4215 at SUSECVE-2012-4215 at NVDCVE-2012-4216 at SUSECVE-2012-4216 at NVDCVE-2012-4217 at SUSECVE-2012-4217 at NVDCVE-2012-4218 at SUSECVE-2012-4218 at NVDCVE-2012-5829 at SUSECVE-2012-5829 at NVDCVE-2012-5830 at SUSECVE-2012-5830 at NVDCVE-2012-5833 at SUSECVE-2012-5833 at NVDCVE-2012-5835 at SUSECVE-2012-5835 at NVDCVE-2012-5836 at SUSECVE-2012-5836 at NVDCVE-2012-5837 at SUSECVE-2012-5837 at NVDCVE-2012-5838 at SUSECVE-2012-5838 at NVDCVE-2012-5839 at SUSECVE-2012-5839 at NVDCVE-2012-5840 at SUSECVE-2012-5840 at NVDCVE-2012-5841 at SUSECVE-2012-5841 at NVDCVE-2012-5842 at SUSECVE-2012-5842 at NVDCVE-2012-5843 at SUSECVE-2012-5843 at NVDCVE-2013-0743 at SUSECVE-2013-0743 at NVDCVE-2013-0744 at SUSECVE-2013-0744 at NVDCVE-2013-0745 at SUSECVE-2013-0745 at NVDCVE-2013-0746 at SUSECVE-2013-0746 at NVDCVE-2013-0747 at SUSECVE-2013-0747 at NVDCVE-2013-0748 at SUSECVE-2013-0748 at NVDCVE-2013-0749 at SUSECVE-2013-0749 at NVDCVE-2013-0750 at SUSECVE-2013-0750 at NVDCVE-2013-0751 at SUSECVE-2013-0751 at NVDCVE-2013-0752 at SUSECVE-2013-0752 at NVDCVE-2013-0753 at SUSECVE-2013-0753 at NVDCVE-2013-0754 at SUSECVE-2013-0754 at NVDCVE-2013-0755 at SUSECVE-2013-0755 at NVDCVE-2013-0756 at SUSECVE-2013-0756 at NVDCVE-2013-0757 at SUSECVE-2013-0757 at NVDCVE-2013-0758 at SUSECVE-2013-0758 at NVDCVE-2013-0760 at SUSECVE-2013-0760 at NVDCVE-2013-0761 at SUSECVE-2013-0761 at NVDCVE-2013-0762 at SUSECVE-2013-0762 at NVDCVE-2013-0763 at SUSECVE-2013-0763 at NVDCVE-2013-0764 at SUSECVE-2013-0764 at NVDCVE-2013-0765 at SUSECVE-2013-0765 at NVDCVE-2013-0766 at SUSECVE-2013-0766 at NVDCVE-2013-0767 at SUSECVE-2013-0767 at NVDCVE-2013-0768 at SUSECVE-2013-0768 at NVDCVE-2013-0769 at SUSECVE-2013-0769 at NVDCVE-2013-0770 at SUSECVE-2013-0770 at NVDCVE-2013-0771 at SUSECVE-2013-0771 at NVDCVE-2013-0772 at SUSECVE-2013-0772 at NVDCVE-2013-0773 at SUSECVE-2013-0773 at NVDCVE-2013-0774 at SUSECVE-2013-0774 at NVDCVE-2013-0775 at SUSECVE-2013-0775 at NVDCVE-2013-0776 at SUSECVE-2013-0776 at NVDCVE-2013-0777 at SUSECVE-2013-0777 at NVDCVE-2013-0778 at SUSECVE-2013-0778 at NVDCVE-2013-0779 at SUSECVE-2013-0779 at NVDCVE-2013-0780 at SUSECVE-2013-0780 at NVDCVE-2013-0781 at SUSECVE-2013-0781 at NVDCVE-2013-0782 at SUSECVE-2013-0782 at NVDCVE-2013-0783 at SUSECVE-2013-0783 at NVDCVE-2013-0787 at SUSECVE-2013-0787 at NVDCVE-2013-0788 at SUSECVE-2013-0788 at NVDCVE-2013-0789 at SUSECVE-2013-0789 at NVDCVE-2013-0792 at SUSECVE-2013-0792 at NVDCVE-2013-0793 at SUSECVE-2013-0793 at NVDCVE-2013-0794 at SUSECVE-2013-0794 at NVDCVE-2013-0795 at SUSECVE-2013-0795 at NVDCVE-2013-0796 at SUSECVE-2013-0796 at NVDCVE-2013-0800 at SUSECVE-2013-0800 at NVDCVE-2013-0801 at SUSECVE-2013-0801 at NVDCVE-2013-1669 at SUSECVE-2013-1669 at NVDCVE-2013-1670 at SUSECVE-2013-1670 at NVDCVE-2013-1671 at SUSECVE-2013-1671 at NVDCVE-2013-1674 at SUSECVE-2013-1674 at NVDCVE-2013-1675 at SUSECVE-2013-1675 at NVDCVE-2013-1676 at SUSECVE-2013-1676 at NVDCVE-2013-1677 at SUSECVE-2013-1677 at NVDCVE-2013-1678 at SUSECVE-2013-1678 at NVDCVE-2013-1679 at SUSECVE-2013-1679 at NVDCVE-2013-1680 at SUSECVE-2013-1680 at NVDCVE-2013-1681 at SUSECVE-2013-1681 at NVDCVE-2013-1682 at SUSECVE-2013-1682 at NVDCVE-2013-1683 at SUSECVE-2013-1683 at NVDCVE-2013-1684 at SUSECVE-2013-1684 at NVDCVE-2013-1685 at SUSECVE-2013-1685 at NVDCVE-2013-1686 at SUSECVE-2013-1686 at NVDCVE-2013-1687 at SUSECVE-2013-1687 at NVDCVE-2013-1688 at SUSECVE-2013-1688 at NVDCVE-2013-1690 at SUSECVE-2013-1690 at NVDCVE-2013-1692 at SUSECVE-2013-1692 at NVDCVE-2013-1693 at SUSECVE-2013-1693 at NVDCVE-2013-1694 at SUSECVE-2013-1694 at NVDCVE-2013-1695 at SUSECVE-2013-1695 at NVDCVE-2013-1696 at SUSECVE-2013-1696 at NVDCVE-2013-1697 at SUSECVE-2013-1697 at NVDCVE-2013-1698 at SUSECVE-2013-1698 at NVDCVE-2013-1699 at SUSECVE-2013-1699 at NVDCVE-2013-1701 at SUSECVE-2013-1701 at NVDCVE-2013-1702 at SUSECVE-2013-1702 at NVDCVE-2013-1704 at SUSECVE-2013-1704 at NVDCVE-2013-1705 at SUSECVE-2013-1705 at NVDCVE-2013-1708 at SUSECVE-2013-1708 at NVDCVE-2013-1709 at SUSECVE-2013-1709 at NVDCVE-2013-1710 at SUSECVE-2013-1710 at NVDCVE-2013-1711 at SUSECVE-2013-1711 at NVDCVE-2013-1713 at SUSECVE-2013-1713 at NVDCVE-2013-1714 at SUSECVE-2013-1714 at NVDCVE-2013-1717 at SUSECVE-2013-1717 at NVDCVE-2013-1718 at SUSECVE-2013-1718 at NVDCVE-2013-1719 at SUSECVE-2013-1719 at NVDCVE-2013-1720 at SUSECVE-2013-1720 at NVDCVE-2013-1721 at SUSECVE-2013-1721 at NVDCVE-2013-1722 at SUSECVE-2013-1722 at NVDCVE-2013-1723 at SUSECVE-2013-1723 at NVDCVE-2013-1724 at SUSECVE-2013-1724 at NVDCVE-2013-1725 at SUSECVE-2013-1725 at NVDCVE-2013-1728 at SUSECVE-2013-1728 at NVDCVE-2013-1730 at SUSECVE-2013-1730 at NVDCVE-2013-1732 at SUSECVE-2013-1732 at NVDCVE-2013-1735 at SUSECVE-2013-1735 at NVDCVE-2013-1736 at SUSECVE-2013-1736 at NVDCVE-2013-1737 at SUSECVE-2013-1737 at NVDCVE-2013-1738 at SUSECVE-2013-1738 at NVDCVE-2013-5590 at SUSECVE-2013-5590 at NVDCVE-2013-5591 at SUSECVE-2013-5591 at NVDCVE-2013-5592 at SUSECVE-2013-5592 at NVDCVE-2013-5593 at SUSECVE-2013-5593 at NVDCVE-2013-5595 at SUSECVE-2013-5595 at NVDCVE-2013-5596 at SUSECVE-2013-5596 at NVDCVE-2013-5597 at SUSECVE-2013-5597 at NVDCVE-2013-5598 at SUSECVE-2013-5598 at NVDCVE-2013-5599 at SUSECVE-2013-5599 at NVDCVE-2013-5600 at SUSECVE-2013-5600 at NVDCVE-2013-5601 at SUSECVE-2013-5601 at NVDCVE-2013-5602 at SUSECVE-2013-5602 at NVDCVE-2013-5603 at SUSECVE-2013-5603 at NVDCVE-2013-5604 at SUSECVE-2013-5604 at NVDCVE-2013-5609 at SUSECVE-2013-5609 at NVDCVE-2013-5610 at SUSECVE-2013-5610 at NVDCVE-2013-5611 at SUSECVE-2013-5611 at NVDCVE-2013-5612 at SUSECVE-2013-5612 at NVDCVE-2013-5613 at SUSECVE-2013-5613 at NVDCVE-2013-5614 at SUSECVE-2013-5614 at NVDCVE-2013-5615 at SUSECVE-2013-5615 at NVDCVE-2013-5616 at SUSECVE-2013-5616 at NVDCVE-2013-5618 at SUSECVE-2013-5618 at NVDCVE-2013-5619 at SUSECVE-2013-5619 at NVDCVE-2013-6629 at SUSECVE-2013-6629 at NVDCVE-2013-6630 at SUSECVE-2013-6630 at NVDCVE-2013-6671 at SUSECVE-2013-6671 at NVDCVE-2013-6672 at SUSECVE-2013-6672 at NVDCVE-2013-6673 at SUSECVE-2013-6673 at NVDCVE-2014-1477 at SUSECVE-2014-1477 at NVDCVE-2014-1478 at SUSECVE-2014-1478 at NVDCVE-2014-1479 at SUSECVE-2014-1479 at NVDCVE-2014-1480 at SUSECVE-2014-1480 at NVDCVE-2014-1481 at SUSECVE-2014-1481 at NVDCVE-2014-1482 at SUSECVE-2014-1482 at NVDCVE-2014-1483 at SUSECVE-2014-1483 at NVDCVE-2014-1484 at SUSECVE-2014-1484 at NVDCVE-2014-1485 at SUSECVE-2014-1485 at NVDCVE-2014-1486 at SUSECVE-2014-1486 at NVDCVE-2014-1487 at SUSECVE-2014-1487 at NVDCVE-2014-1488 at SUSECVE-2014-1488 at NVDCVE-2014-1489 at SUSECVE-2014-1489 at NVDCVE-2014-1490 at SUSECVE-2014-1490 at NVDCVE-2014-1491 at SUSECVE-2014-1491 at NVDCVE-2014-1544 at SUSECVE-2014-1544 at NVDCVE-2014-1547 at SUSECVE-2014-1547 at NVDCVE-2014-1548 at SUSECVE-2014-1548 at NVDCVE-2014-1553 at SUSECVE-2014-1553 at NVDCVE-2014-1554 at SUSECVE-2014-1554 at NVDCVE-2014-1555 at SUSECVE-2014-1555 at NVDCVE-2014-1556 at SUSECVE-2014-1556 at NVDCVE-2014-1557 at SUSECVE-2014-1557 at NVDCVE-2014-1562 at SUSECVE-2014-1562 at NVDCVE-2014-1563 at SUSECVE-2014-1563 at NVDCVE-2014-1564 at SUSECVE-2014-1564 at NVDCVE-2014-1565 at SUSECVE-2014-1565 at NVDCVE-2014-1567 at SUSECVE-2014-1567 at NVDCVE-2014-1574 at SUSECVE-2014-1574 at NVDCVE-2014-1575 at SUSECVE-2014-1575 at NVDCVE-2014-1576 at SUSECVE-2014-1576 at NVDCVE-2014-1577 at SUSECVE-2014-1577 at NVDCVE-2014-1578 at SUSECVE-2014-1578 at NVDCVE-2014-1581 at SUSECVE-2014-1581 at NVDCVE-2014-1583 at SUSECVE-2014-1583 at NVDCVE-2014-1585 at SUSECVE-2014-1585 at NVDCVE-2014-1586 at SUSECVE-2014-1586 at NVDCVE-2014-1587 at SUSECVE-2014-1587 at NVDCVE-2014-1588 at SUSECVE-2014-1588 at NVDCVE-2014-1590 at SUSECVE-2014-1590 at NVDCVE-2014-1592 at SUSECVE-2014-1592 at NVDCVE-2014-1593 at SUSECVE-2014-1593 at NVDCVE-2014-1594 at SUSECVE-2014-1594 at NVDCVE-2014-8634 at SUSECVE-2014-8634 at NVDCVE-2014-8635 at SUSECVE-2014-8635 at NVDCVE-2014-8638 at SUSECVE-2014-8638 at NVDCVE-2014-8639 at SUSECVE-2014-8639 at NVDCVE-2014-8641 at SUSECVE-2014-8641 at NVDCVE-2015-0797 at SUSECVE-2015-0797 at NVDCVE-2015-0801 at SUSECVE-2015-0801 at NVDCVE-2015-0807 at SUSECVE-2015-0807 at NVDCVE-2015-0813 at SUSECVE-2015-0813 at NVDCVE-2015-0814 at SUSECVE-2015-0814 at NVDCVE-2015-0815 at SUSECVE-2015-0815 at NVDCVE-2015-0816 at SUSECVE-2015-0816 at NVDCVE-2015-0817 at SUSECVE-2015-0817 at NVDCVE-2015-0818 at SUSECVE-2015-0818 at NVDCVE-2015-0822 at SUSECVE-2015-0822 at NVDCVE-2015-0827 at SUSECVE-2015-0827 at NVDCVE-2015-0831 at SUSECVE-2015-0831 at NVDCVE-2015-0835 at SUSECVE-2015-0835 at NVDCVE-2015-0836 at SUSECVE-2015-0836 at NVDCVE-2015-2708 at SUSECVE-2015-2708 at NVDCVE-2015-2709 at SUSECVE-2015-2709 at NVDCVE-2015-2710 at SUSECVE-2015-2710 at NVDCVE-2015-2713 at SUSECVE-2015-2713 at NVDCVE-2015-2716 at SUSECVE-2015-2716 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-2722 at SUSECVE-2015-2722 at NVDCVE-2015-2724 at SUSECVE-2015-2724 at NVDCVE-2015-2725 at SUSECVE-2015-2725 at NVDCVE-2015-2726 at SUSECVE-2015-2726 at NVDCVE-2015-2728 at SUSECVE-2015-2728 at NVDCVE-2015-2730 at SUSECVE-2015-2730 at NVDCVE-2015-2733 at SUSECVE-2015-2733 at NVDCVE-2015-2734 at SUSECVE-2015-2734 at NVDCVE-2015-2735 at SUSECVE-2015-2735 at NVDCVE-2015-2736 at SUSECVE-2015-2736 at NVDCVE-2015-2737 at SUSECVE-2015-2737 at NVDCVE-2015-2738 at SUSECVE-2015-2738 at NVDCVE-2015-2739 at SUSECVE-2015-2739 at NVDCVE-2015-2740 at SUSECVE-2015-2740 at NVDCVE-2015-2743 at SUSECVE-2015-2743 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-4473 at SUSECVE-2015-4473 at NVDCVE-2015-4474 at SUSECVE-2015-4474 at NVDCVE-2015-4475 at SUSECVE-2015-4475 at NVDCVE-2015-4478 at SUSECVE-2015-4478 at NVDCVE-2015-4479 at SUSECVE-2015-4479 at NVDCVE-2015-4484 at SUSECVE-2015-4484 at NVDCVE-2015-4485 at SUSECVE-2015-4485 at NVDCVE-2015-4486 at SUSECVE-2015-4486 at NVDCVE-2015-4487 at SUSECVE-2015-4487 at NVDCVE-2015-4488 at SUSECVE-2015-4488 at NVDCVE-2015-4489 at SUSECVE-2015-4489 at NVDCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-4492 at SUSECVE-2015-4492 at NVDCVE-2015-4495 at SUSECVE-2015-4495 at NVDCVE-2015-4497 at SUSECVE-2015-4497 at NVDCVE-2015-4498 at SUSECVE-2015-4498 at NVDCVE-2015-4500 at SUSECVE-2015-4500 at NVDCVE-2015-4501 at SUSECVE-2015-4501 at NVDCVE-2015-4506 at SUSECVE-2015-4506 at NVDCVE-2015-4509 at SUSECVE-2015-4509 at NVDCVE-2015-4511 at SUSECVE-2015-4511 at NVDCVE-2015-4513 at SUSECVE-2015-4513 at NVDCVE-2015-4517 at SUSECVE-2015-4517 at NVDCVE-2015-4519 at SUSECVE-2015-4519 at NVDCVE-2015-4520 at SUSECVE-2015-4520 at NVDCVE-2015-4521 at SUSECVE-2015-4521 at NVDCVE-2015-4522 at SUSECVE-2015-4522 at NVDCVE-2015-7174 at SUSECVE-2015-7174 at NVDCVE-2015-7175 at SUSECVE-2015-7175 at NVDCVE-2015-7176 at SUSECVE-2015-7176 at NVDCVE-2015-7177 at SUSECVE-2015-7177 at NVDCVE-2015-7180 at SUSECVE-2015-7180 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7183 at SUSECVE-2015-7183 at NVDCVE-2015-7188 at SUSECVE-2015-7188 at NVDCVE-2015-7189 at SUSECVE-2015-7189 at NVDCVE-2015-7193 at SUSECVE-2015-7193 at NVDCVE-2015-7194 at SUSECVE-2015-7194 at NVDCVE-2015-7196 at SUSECVE-2015-7196 at NVDCVE-2015-7197 at SUSECVE-2015-7197 at NVDCVE-2015-7198 at SUSECVE-2015-7198 at NVDCVE-2015-7199 at SUSECVE-2015-7199 at NVDCVE-2015-7200 at SUSECVE-2015-7200 at NVDCVE-2015-7201 at SUSECVE-2015-7201 at NVDCVE-2015-7202 at SUSECVE-2015-7202 at NVDCVE-2015-7205 at SUSECVE-2015-7205 at NVDCVE-2015-7210 at SUSECVE-2015-7210 at NVDCVE-2015-7212 at SUSECVE-2015-7212 at NVDCVE-2015-7213 at SUSECVE-2015-7213 at NVDCVE-2015-7214 at SUSECVE-2015-7214 at NVDCVE-2015-7222 at SUSECVE-2015-7222 at NVDCVE-2016-10196 at SUSECVE-2016-10196 at NVDCVE-2016-1523 at SUSECVE-2016-1523 at NVDCVE-2016-1930 at SUSECVE-2016-1930 at NVDCVE-2016-1931 at SUSECVE-2016-1931 at NVDCVE-2016-1935 at SUSECVE-2016-1935 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1952 at SUSECVE-2016-1952 at NVDCVE-2016-1953 at SUSECVE-2016-1953 at NVDCVE-2016-1954 at SUSECVE-2016-1954 at NVDCVE-2016-1957 at SUSECVE-2016-1957 at NVDCVE-2016-1958 at SUSECVE-2016-1958 at NVDCVE-2016-1960 at SUSECVE-2016-1960 at NVDCVE-2016-1961 at SUSECVE-2016-1961 at NVDCVE-2016-1962 at SUSECVE-2016-1962 at NVDCVE-2016-1964 at SUSECVE-2016-1964 at NVDCVE-2016-1965 at SUSECVE-2016-1965 at NVDCVE-2016-1966 at SUSECVE-2016-1966 at NVDCVE-2016-1974 at SUSECVE-2016-1974 at NVDCVE-2016-1977 at SUSECVE-2016-1977 at NVDCVE-2016-2790 at SUSECVE-2016-2790 at NVDCVE-2016-2791 at SUSECVE-2016-2791 at NVDCVE-2016-2792 at SUSECVE-2016-2792 at NVDCVE-2016-2793 at SUSECVE-2016-2793 at NVDCVE-2016-2794 at SUSECVE-2016-2794 at NVDCVE-2016-2795 at SUSECVE-2016-2795 at NVDCVE-2016-2796 at SUSECVE-2016-2796 at NVDCVE-2016-2797 at SUSECVE-2016-2797 at NVDCVE-2016-2798 at SUSECVE-2016-2798 at NVDCVE-2016-2799 at SUSECVE-2016-2799 at NVDCVE-2016-2800 at SUSECVE-2016-2800 at NVDCVE-2016-2801 at SUSECVE-2016-2801 at NVDCVE-2016-2802 at SUSECVE-2016-2802 at NVDCVE-2016-2805 at SUSECVE-2016-2805 at NVDCVE-2016-2807 at SUSECVE-2016-2807 at NVDCVE-2016-2808 at SUSECVE-2016-2808 at NVDCVE-2016-2814 at SUSECVE-2016-2814 at NVDCVE-2016-2815 at SUSECVE-2016-2815 at NVDCVE-2016-2818 at SUSECVE-2016-2818 at NVDCVE-2016-2819 at SUSECVE-2016-2819 at NVDCVE-2016-2821 at SUSECVE-2016-2821 at NVDCVE-2016-2822 at SUSECVE-2016-2822 at NVDCVE-2016-2824 at SUSECVE-2016-2824 at NVDCVE-2016-2828 at SUSECVE-2016-2828 at NVDCVE-2016-2830 at SUSECVE-2016-2830 at NVDCVE-2016-2831 at SUSECVE-2016-2831 at NVDCVE-2016-2835 at SUSECVE-2016-2835 at NVDCVE-2016-2836 at SUSECVE-2016-2836 at NVDCVE-2016-2837 at SUSECVE-2016-2837 at NVDCVE-2016-2838 at SUSECVE-2016-2838 at NVDCVE-2016-2839 at SUSECVE-2016-2839 at NVDCVE-2016-5250 at SUSECVE-2016-5250 at NVDCVE-2016-5252 at SUSECVE-2016-5252 at NVDCVE-2016-5254 at SUSECVE-2016-5254 at NVDCVE-2016-5257 at SUSECVE-2016-5257 at NVDCVE-2016-5258 at SUSECVE-2016-5258 at NVDCVE-2016-5259 at SUSECVE-2016-5259 at NVDCVE-2016-5261 at SUSECVE-2016-5261 at NVDCVE-2016-5262 at SUSECVE-2016-5262 at NVDCVE-2016-5263 at SUSECVE-2016-5263 at NVDCVE-2016-5264 at SUSECVE-2016-5264 at NVDCVE-2016-5265 at SUSECVE-2016-5265 at NVDCVE-2016-5270 at SUSECVE-2016-5270 at NVDCVE-2016-5272 at SUSECVE-2016-5272 at NVDCVE-2016-5274 at SUSECVE-2016-5274 at NVDCVE-2016-5276 at SUSECVE-2016-5276 at NVDCVE-2016-5277 at SUSECVE-2016-5277 at NVDCVE-2016-5278 at SUSECVE-2016-5278 at NVDCVE-2016-5280 at SUSECVE-2016-5280 at NVDCVE-2016-5281 at SUSECVE-2016-5281 at NVDCVE-2016-5284 at SUSECVE-2016-5284 at NVDCVE-2016-5290 at SUSECVE-2016-5290 at NVDCVE-2016-5291 at SUSECVE-2016-5291 at NVDCVE-2016-5296 at SUSECVE-2016-5296 at NVDCVE-2016-5297 at SUSECVE-2016-5297 at NVDCVE-2016-6354 at SUSECVE-2016-6354 at NVDCVE-2016-9064 at SUSECVE-2016-9064 at NVDCVE-2016-9066 at SUSECVE-2016-9066 at NVDCVE-2016-9079 at SUSECVE-2016-9079 at NVDCVE-2016-9893 at SUSECVE-2016-9893 at NVDCVE-2016-9895 at SUSECVE-2016-9895 at NVDCVE-2016-9897 at SUSECVE-2016-9897 at NVDCVE-2016-9898 at SUSECVE-2016-9898 at NVDCVE-2016-9899 at SUSECVE-2016-9899 at NVDCVE-2016-9900 at SUSECVE-2016-9900 at NVDCVE-2016-9901 at SUSECVE-2016-9901 at NVDCVE-2016-9902 at SUSECVE-2016-9902 at NVDCVE-2016-9904 at SUSECVE-2016-9904 at NVDCVE-2016-9905 at SUSECVE-2016-9905 at NVDCVE-2017-5373 at SUSECVE-2017-5373 at NVDCVE-2017-5375 at SUSECVE-2017-5375 at NVDCVE-2017-5376 at SUSECVE-2017-5376 at NVDCVE-2017-5378 at SUSECVE-2017-5378 at NVDCVE-2017-5380 at SUSECVE-2017-5380 at NVDCVE-2017-5383 at SUSECVE-2017-5383 at NVDCVE-2017-5386 at SUSECVE-2017-5386 at NVDCVE-2017-5390 at SUSECVE-2017-5390 at NVDCVE-2017-5396 at SUSECVE-2017-5396 at NVDCVE-2017-5398 at SUSECVE-2017-5398 at NVDCVE-2017-5400 at SUSECVE-2017-5400 at NVDCVE-2017-5401 at SUSECVE-2017-5401 at NVDCVE-2017-5402 at SUSECVE-2017-5402 at NVDCVE-2017-5404 at SUSECVE-2017-5404 at NVDCVE-2017-5405 at SUSECVE-2017-5405 at NVDCVE-2017-5407 at SUSECVE-2017-5407 at NVDCVE-2017-5408 at SUSECVE-2017-5408 at NVDCVE-2017-5409 at SUSECVE-2017-5409 at NVDCVE-2017-5410 at SUSECVE-2017-5410 at NVDCVE-2017-5429 at SUSECVE-2017-5429 at NVDCVE-2017-5430 at SUSECVE-2017-5430 at NVDCVE-2017-5432 at SUSECVE-2017-5432 at NVDCVE-2017-5433 at SUSECVE-2017-5433 at NVDCVE-2017-5434 at SUSECVE-2017-5434 at NVDCVE-2017-5435 at SUSECVE-2017-5435 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2017-5437 at SUSECVE-2017-5437 at NVDCVE-2017-5438 at SUSECVE-2017-5438 at NVDCVE-2017-5439 at SUSECVE-2017-5439 at NVDCVE-2017-5440 at SUSECVE-2017-5440 at NVDCVE-2017-5441 at SUSECVE-2017-5441 at NVDCVE-2017-5442 at SUSECVE-2017-5442 at NVDCVE-2017-5443 at SUSECVE-2017-5443 at NVDCVE-2017-5444 at SUSECVE-2017-5444 at NVDCVE-2017-5445 at SUSECVE-2017-5445 at NVDCVE-2017-5446 at SUSECVE-2017-5446 at NVDCVE-2017-5447 at SUSECVE-2017-5447 at NVDCVE-2017-5448 at SUSECVE-2017-5448 at NVDCVE-2017-5449 at SUSECVE-2017-5449 at NVDCVE-2017-5451 at SUSECVE-2017-5451 at NVDCVE-2017-5454 at SUSECVE-2017-5454 at NVDCVE-2017-5455 at SUSECVE-2017-5455 at NVDCVE-2017-5456 at SUSECVE-2017-5456 at NVDCVE-2017-5459 at SUSECVE-2017-5459 at NVDCVE-2017-5460 at SUSECVE-2017-5460 at NVDCVE-2017-5461 at SUSECVE-2017-5461 at NVDCVE-2017-5462 at SUSECVE-2017-5462 at NVDCVE-2017-5464 at SUSECVE-2017-5464 at NVDCVE-2017-5465 at SUSECVE-2017-5465 at NVDCVE-2017-5466 at SUSECVE-2017-5466 at NVDCVE-2017-5467 at SUSECVE-2017-5467 at NVDCVE-2017-5469 at SUSECVE-2017-5469 at NVDCVE-2017-5470 at SUSECVE-2017-5470 at NVDCVE-2017-5472 at SUSECVE-2017-5472 at NVDCVE-2017-7749 at SUSECVE-2017-7749 at NVDCVE-2017-7750 at SUSECVE-2017-7750 at NVDCVE-2017-7751 at SUSECVE-2017-7751 at NVDCVE-2017-7752 at SUSECVE-2017-7752 at NVDCVE-2017-7753 at SUSECVE-2017-7753 at NVDCVE-2017-7754 at SUSECVE-2017-7754 at NVDCVE-2017-7755 at SUSECVE-2017-7755 at NVDCVE-2017-7756 at SUSECVE-2017-7756 at NVDCVE-2017-7757 at SUSECVE-2017-7757 at NVDCVE-2017-7758 at SUSECVE-2017-7758 at NVDCVE-2017-7761 at SUSECVE-2017-7761 at NVDCVE-2017-7763 at SUSECVE-2017-7763 at NVDCVE-2017-7764 at SUSECVE-2017-7764 at NVDCVE-2017-7765 at SUSECVE-2017-7765 at NVDCVE-2017-7768 at SUSECVE-2017-7768 at NVDCVE-2017-7778 at SUSECVE-2017-7778 at NVDCVE-2017-7779 at SUSECVE-2017-7779 at NVDCVE-2017-7782 at SUSECVE-2017-7782 at NVDCVE-2017-7784 at SUSECVE-2017-7784 at NVDCVE-2017-7785 at SUSECVE-2017-7785 at NVDCVE-2017-7786 at SUSECVE-2017-7786 at NVDCVE-2017-7787 at SUSECVE-2017-7787 at NVDCVE-2017-7791 at SUSECVE-2017-7791 at NVDCVE-2017-7792 at SUSECVE-2017-7792 at NVDCVE-2017-7793 at SUSECVE-2017-7793 at NVDCVE-2017-7798 at SUSECVE-2017-7798 at NVDCVE-2017-7800 at SUSECVE-2017-7800 at NVDCVE-2017-7801 at SUSECVE-2017-7801 at NVDCVE-2017-7802 at SUSECVE-2017-7802 at NVDCVE-2017-7803 at SUSECVE-2017-7803 at NVDCVE-2017-7804 at SUSECVE-2017-7804 at NVDCVE-2017-7805 at SUSECVE-2017-7805 at NVDCVE-2017-7807 at SUSECVE-2017-7807 at NVDCVE-2017-7810 at SUSECVE-2017-7810 at NVDCVE-2017-7814 at SUSECVE-2017-7814 at NVDCVE-2017-7818 at SUSECVE-2017-7818 at NVDCVE-2017-7819 at SUSECVE-2017-7819 at NVDCVE-2017-7823 at SUSECVE-2017-7823 at NVDCVE-2017-7824 at SUSECVE-2017-7824 at NVDCVE-2017-7825 at SUSECVE-2017-7825 at NVDCVE-2017-7826 at SUSECVE-2017-7826 at NVDCVE-2017-7828 at SUSECVE-2017-7828 at NVDCVE-2017-7830 at SUSECVE-2017-7830 at NVDCVE-2018-12359 at SUSECVE-2018-12359 at NVDCVE-2018-12360 at SUSECVE-2018-12360 at NVDCVE-2018-12362 at SUSECVE-2018-12362 at NVDCVE-2018-12363 at SUSECVE-2018-12363 at NVDCVE-2018-12364 at SUSECVE-2018-12364 at NVDCVE-2018-12365 at SUSECVE-2018-12365 at NVDCVE-2018-12366 at SUSECVE-2018-12366 at NVDCVE-2018-12368 at SUSECVE-2018-12368 at NVDCVE-2018-5089 at SUSECVE-2018-5089 at NVDCVE-2018-5091 at SUSECVE-2018-5091 at NVDCVE-2018-5095 at SUSECVE-2018-5095 at NVDCVE-2018-5096 at SUSECVE-2018-5096 at NVDCVE-2018-5097 at SUSECVE-2018-5097 at NVDCVE-2018-5098 at SUSECVE-2018-5098 at NVDCVE-2018-5099 at SUSECVE-2018-5099 at NVDCVE-2018-5102 at SUSECVE-2018-5102 at NVDCVE-2018-5103 at SUSECVE-2018-5103 at NVDCVE-2018-5104 at SUSECVE-2018-5104 at NVDCVE-2018-5117 at SUSECVE-2018-5117 at NVDCVE-2018-5125 at SUSECVE-2018-5125 at NVDCVE-2018-5127 at SUSECVE-2018-5127 at NVDCVE-2018-5129 at SUSECVE-2018-5129 at NVDCVE-2018-5130 at SUSECVE-2018-5130 at NVDCVE-2018-5131 at SUSECVE-2018-5131 at NVDCVE-2018-5144 at SUSECVE-2018-5144 at NVDCVE-2018-5145 at SUSECVE-2018-5145 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDCVE-2018-5147 at SUSECVE-2018-5147 at NVDCVE-2018-5148 at SUSECVE-2018-5148 at NVDCVE-2018-5150 at SUSECVE-2018-5150 at NVDCVE-2018-5154 at SUSECVE-2018-5154 at NVDCVE-2018-5155 at SUSECVE-2018-5155 at NVDCVE-2018-5156 at SUSECVE-2018-5156 at NVDCVE-2018-5157 at SUSECVE-2018-5157 at NVDCVE-2018-5158 at SUSECVE-2018-5158 at NVDCVE-2018-5159 at SUSECVE-2018-5159 at NVDCVE-2018-5168 at SUSECVE-2018-5168 at NVDCVE-2018-5174 at SUSECVE-2018-5174 at NVDCVE-2018-5178 at SUSECVE-2018-5178 at NVDCVE-2018-5183 at SUSECVE-2018-5183 at NVDCVE-2018-5188 at SUSECVE-2018-5188 at NVDCVE-2018-6126 at SUSECVE-2018-6126 at NVDcpe:/o:suse:sles:12:sp4SuSEfirewall2-3.6.312.333-3.13.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the SuSEfirewall2-3.6.312.333-3.13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-15638 at SUSECVE-2017-15638 at NVDcpe:/o:suse:sles:12:sp4aaa_base-13.2+git20140911.61c1681-38.8.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the aaa_base-13.2+git20140911.61c1681-38.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0461 at SUSECVE-2011-0461 at NVDcpe:/o:suse:sles:12:sp4accountsservice-0.6.42-16.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the accountsservice-0.6.42-16.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2737 at SUSECVE-2012-2737 at NVDcpe:/o:suse:sles:12:sp4alsa-1.0.27.2-15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the alsa-1.0.27.2-15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0035 at SUSECVE-2009-0035 at NVDcpe:/o:suse:sles:12:sp4ant-1.9.4-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ant-1.9.4-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1571 at SUSECVE-2013-1571 at NVDCVE-2018-10886 at SUSECVE-2018-10886 at NVDcpe:/o:suse:sles:12:sp4apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache-commons-beanutils-1.9.2-1.149 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3540 at SUSECVE-2014-3540 at NVDcpe:/o:suse:sles:12:sp4apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache-commons-daemon-1.0.15-6.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2729 at SUSECVE-2011-2729 at NVDcpe:/o:suse:sles:12:sp4apache-commons-httpclient-3.1-4.364 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache-commons-httpclient-3.1-4.364 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-5783 at SUSECVE-2012-5783 at NVDcpe:/o:suse:sles:12:sp4apache2-2.4.23-29.24.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache2-2.4.23-29.24.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0023 at SUSECVE-2009-0023 at NVDCVE-2009-1191 at SUSECVE-2009-1191 at NVDCVE-2009-1195 at SUSECVE-2009-1195 at NVDCVE-2009-1890 at SUSECVE-2009-1890 at NVDCVE-2009-1891 at SUSECVE-2009-1891 at NVDCVE-2009-1955 at SUSECVE-2009-1955 at NVDCVE-2009-1956 at SUSECVE-2009-1956 at NVDCVE-2009-2412 at SUSECVE-2009-2412 at NVDCVE-2009-2699 at SUSECVE-2009-2699 at NVDCVE-2009-3094 at SUSECVE-2009-3094 at NVDCVE-2009-3095 at SUSECVE-2009-3095 at NVDCVE-2009-3555 at SUSECVE-2009-3555 at NVDCVE-2009-3560 at SUSECVE-2009-3560 at NVDCVE-2009-3720 at SUSECVE-2009-3720 at NVDCVE-2010-0408 at SUSECVE-2010-0408 at NVDCVE-2010-0425 at SUSECVE-2010-0425 at NVDCVE-2010-0434 at SUSECVE-2010-0434 at NVDCVE-2010-1452 at SUSECVE-2010-1452 at NVDCVE-2010-1623 at SUSECVE-2010-1623 at NVDCVE-2010-2068 at SUSECVE-2010-2068 at NVDCVE-2011-1176 at SUSECVE-2011-1176 at NVDCVE-2011-3192 at SUSECVE-2011-3192 at NVDCVE-2011-3368 at SUSECVE-2011-3368 at NVDCVE-2011-3607 at SUSECVE-2011-3607 at NVDCVE-2011-4317 at SUSECVE-2011-4317 at NVDCVE-2012-0021 at SUSECVE-2012-0021 at NVDCVE-2012-0031 at SUSECVE-2012-0031 at NVDCVE-2012-0053 at SUSECVE-2012-0053 at NVDCVE-2012-2687 at SUSECVE-2012-2687 at NVDCVE-2012-3499 at SUSECVE-2012-3499 at NVDCVE-2012-3502 at SUSECVE-2012-3502 at NVDCVE-2013-1896 at SUSECVE-2013-1896 at NVDCVE-2013-2249 at SUSECVE-2013-2249 at NVDCVE-2013-5704 at SUSECVE-2013-5704 at NVDCVE-2013-6438 at SUSECVE-2013-6438 at NVDCVE-2014-0098 at SUSECVE-2014-0098 at NVDCVE-2014-0117 at SUSECVE-2014-0117 at NVDCVE-2014-0118 at SUSECVE-2014-0118 at NVDCVE-2014-0226 at SUSECVE-2014-0226 at NVDCVE-2014-0231 at SUSECVE-2014-0231 at NVDCVE-2014-3523 at SUSECVE-2014-3523 at NVDCVE-2014-3581 at SUSECVE-2014-3581 at NVDCVE-2014-3583 at SUSECVE-2014-3583 at NVDCVE-2014-8109 at SUSECVE-2014-8109 at NVDCVE-2015-0228 at SUSECVE-2015-0228 at NVDCVE-2015-0253 at SUSECVE-2015-0253 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2016-0736 at SUSECVE-2016-0736 at NVDCVE-2016-1546 at SUSECVE-2016-1546 at NVDCVE-2016-2161 at SUSECVE-2016-2161 at NVDCVE-2016-4975 at SUSECVE-2016-4975 at NVDCVE-2016-4979 at SUSECVE-2016-4979 at NVDCVE-2016-5387 at SUSECVE-2016-5387 at NVDCVE-2016-8740 at SUSECVE-2016-8740 at NVDCVE-2016-8743 at SUSECVE-2016-8743 at NVDCVE-2017-15710 at SUSECVE-2017-15710 at NVDCVE-2017-15715 at SUSECVE-2017-15715 at NVDCVE-2017-3167 at SUSECVE-2017-3167 at NVDCVE-2017-3169 at SUSECVE-2017-3169 at NVDCVE-2017-7659 at SUSECVE-2017-7659 at NVDCVE-2017-7679 at SUSECVE-2017-7679 at NVDCVE-2017-9788 at SUSECVE-2017-9788 at NVDCVE-2017-9789 at SUSECVE-2017-9789 at NVDCVE-2017-9798 at SUSECVE-2017-9798 at NVDCVE-2018-1283 at SUSECVE-2018-1283 at NVDCVE-2018-1301 at SUSECVE-2018-1301 at NVDCVE-2018-1302 at SUSECVE-2018-1302 at NVDCVE-2018-1303 at SUSECVE-2018-1303 at NVDCVE-2018-1312 at SUSECVE-2018-1312 at NVDCVE-2018-1333 at SUSECVE-2018-1333 at NVDcpe:/o:suse:sles:12:sp4apache2-mod_apparmor-2.8.2-49.21 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache2-mod_apparmor-2.8.2-49.21 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDcpe:/o:suse:sles:12:sp4apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache2-mod_jk-1.2.40-5.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-5519 at SUSECVE-2008-5519 at NVDCVE-2014-8111 at SUSECVE-2014-8111 at NVDcpe:/o:suse:sles:12:sp4apache2-mod_nss-1.0.14-19.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache2-mod_nss-1.0.14-19.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4566 at SUSECVE-2013-4566 at NVDCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2015-5244 at SUSECVE-2015-5244 at NVDCVE-2016-3099 at SUSECVE-2016-3099 at NVDcpe:/o:suse:sles:12:sp4apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the apache2-mod_perl-2.0.8-11.43 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1667 at SUSECVE-2013-1667 at NVDcpe:/o:suse:sles:12:sp4at-3.1.14-8.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the at-3.1.14-8.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-6354 at SUSECVE-2016-6354 at NVDcpe:/o:suse:sles:12:sp4audiofile-0.3.6-10.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the audiofile-0.3.6-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-7747 at SUSECVE-2015-7747 at NVDCVE-2017-6827 at SUSECVE-2017-6827 at NVDCVE-2017-6828 at SUSECVE-2017-6828 at NVDCVE-2017-6829 at SUSECVE-2017-6829 at NVDCVE-2017-6830 at SUSECVE-2017-6830 at NVDCVE-2017-6831 at SUSECVE-2017-6831 at NVDCVE-2017-6832 at SUSECVE-2017-6832 at NVDCVE-2017-6833 at SUSECVE-2017-6833 at NVDCVE-2017-6834 at SUSECVE-2017-6834 at NVDCVE-2017-6835 at SUSECVE-2017-6835 at NVDCVE-2017-6836 at SUSECVE-2017-6836 at NVDCVE-2017-6837 at SUSECVE-2017-6837 at NVDCVE-2017-6838 at SUSECVE-2017-6838 at NVDCVE-2017-6839 at SUSECVE-2017-6839 at NVDcpe:/o:suse:sles:12:sp4augeas-1.2.0-17.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the augeas-1.2.0-17.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-0786 at SUSECVE-2012-0786 at NVDCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:sles:12:sp4autofs-5.0.9-28.3.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the autofs-5.0.9-28.3.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8169 at SUSECVE-2014-8169 at NVDcpe:/o:suse:sles:12:sp4automake-1.13.4-6.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the automake-1.13.4-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-4029 at SUSECVE-2009-4029 at NVDcpe:/o:suse:sles:12:sp4avahi-0.6.32-30.36 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the avahi-0.6.32-30.36 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0758 at SUSECVE-2009-0758 at NVDCVE-2010-2244 at SUSECVE-2010-2244 at NVDCVE-2011-1002 at SUSECVE-2011-1002 at NVDcpe:/o:suse:sles:12:sp4axis-1.4-290.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the axis-1.4-290.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-8032 at SUSECVE-2018-8032 at NVDcpe:/o:suse:sles:12:sp4bash-4.3-83.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the bash-4.3-83.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-2524 at SUSECVE-2014-2524 at NVDCVE-2014-6271 at SUSECVE-2014-6271 at NVDCVE-2014-6277 at SUSECVE-2014-6277 at NVDCVE-2014-6278 at SUSECVE-2014-6278 at NVDCVE-2014-7169 at SUSECVE-2014-7169 at NVDCVE-2014-7186 at SUSECVE-2014-7186 at NVDCVE-2014-7187 at SUSECVE-2014-7187 at NVDCVE-2016-0634 at SUSECVE-2016-0634 at NVDCVE-2016-7543 at SUSECVE-2016-7543 at NVDcpe:/o:suse:sles:12:sp4bind-9.11.2-1.24 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the bind-9.11.2-1.24 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0696 at SUSECVE-2009-0696 at NVDCVE-2009-4022 at SUSECVE-2009-4022 at NVDCVE-2010-3613 at SUSECVE-2010-3613 at NVDCVE-2010-3614 at SUSECVE-2010-3614 at NVDCVE-2010-3615 at SUSECVE-2010-3615 at NVDCVE-2011-0414 at SUSECVE-2011-0414 at NVDCVE-2011-1907 at SUSECVE-2011-1907 at NVDCVE-2011-1910 at SUSECVE-2011-1910 at NVDCVE-2011-2464 at SUSECVE-2011-2464 at NVDCVE-2011-4313 at SUSECVE-2011-4313 at NVDCVE-2012-1667 at SUSECVE-2012-1667 at NVDCVE-2012-3817 at SUSECVE-2012-3817 at NVDCVE-2012-3868 at SUSECVE-2012-3868 at NVDCVE-2012-4244 at SUSECVE-2012-4244 at NVDCVE-2012-5166 at SUSECVE-2012-5166 at NVDCVE-2012-5688 at SUSECVE-2012-5688 at NVDCVE-2012-5689 at SUSECVE-2012-5689 at NVDCVE-2013-2266 at SUSECVE-2013-2266 at NVDCVE-2013-4854 at SUSECVE-2013-4854 at NVDCVE-2014-0591 at SUSECVE-2014-0591 at NVDCVE-2014-8500 at SUSECVE-2014-8500 at NVDCVE-2015-1349 at SUSECVE-2015-1349 at NVDCVE-2015-4620 at SUSECVE-2015-4620 at NVDCVE-2015-5477 at SUSECVE-2015-5477 at NVDCVE-2015-5722 at SUSECVE-2015-5722 at NVDCVE-2015-8000 at SUSECVE-2015-8000 at NVDCVE-2015-8704 at SUSECVE-2015-8704 at NVDCVE-2016-1285 at SUSECVE-2016-1285 at NVDCVE-2016-1286 at SUSECVE-2016-1286 at NVDCVE-2016-2775 at SUSECVE-2016-2775 at NVDCVE-2016-2776 at SUSECVE-2016-2776 at NVDCVE-2016-6170 at SUSECVE-2016-6170 at NVDCVE-2016-8864 at SUSECVE-2016-8864 at NVDCVE-2016-9131 at SUSECVE-2016-9131 at NVDCVE-2016-9147 at SUSECVE-2016-9147 at NVDCVE-2016-9444 at SUSECVE-2016-9444 at NVDCVE-2017-3135 at SUSECVE-2017-3135 at NVDCVE-2017-3136 at SUSECVE-2017-3136 at NVDCVE-2017-3137 at SUSECVE-2017-3137 at NVDCVE-2017-3138 at SUSECVE-2017-3138 at NVDCVE-2017-3142 at SUSECVE-2017-3142 at NVDCVE-2017-3143 at SUSECVE-2017-3143 at NVDCVE-2017-3145 at SUSECVE-2017-3145 at NVDcpe:/o:suse:sles:12:sp4binutils-2.31-9.26.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the binutils-2.31-9.26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9939 at SUSECVE-2014-9939 at NVDCVE-2017-12448 at SUSECVE-2017-12448 at NVDCVE-2017-12450 at SUSECVE-2017-12450 at NVDCVE-2017-12452 at SUSECVE-2017-12452 at NVDCVE-2017-12453 at SUSECVE-2017-12453 at NVDCVE-2017-12454 at SUSECVE-2017-12454 at NVDCVE-2017-12456 at SUSECVE-2017-12456 at NVDCVE-2017-12799 at SUSECVE-2017-12799 at NVDCVE-2017-13757 at SUSECVE-2017-13757 at NVDCVE-2017-14128 at SUSECVE-2017-14128 at NVDCVE-2017-14129 at SUSECVE-2017-14129 at NVDCVE-2017-14130 at SUSECVE-2017-14130 at NVDCVE-2017-14333 at SUSECVE-2017-14333 at NVDCVE-2017-14529 at SUSECVE-2017-14529 at NVDCVE-2017-14729 at SUSECVE-2017-14729 at NVDCVE-2017-14745 at SUSECVE-2017-14745 at NVDCVE-2017-14974 at SUSECVE-2017-14974 at NVDCVE-2017-15938 at SUSECVE-2017-15938 at NVDCVE-2017-15939 at SUSECVE-2017-15939 at NVDCVE-2017-15996 at SUSECVE-2017-15996 at NVDCVE-2017-16826 at SUSECVE-2017-16826 at NVDCVE-2017-16827 at SUSECVE-2017-16827 at NVDCVE-2017-16828 at SUSECVE-2017-16828 at NVDCVE-2017-16829 at SUSECVE-2017-16829 at NVDCVE-2017-16830 at SUSECVE-2017-16830 at NVDCVE-2017-16831 at SUSECVE-2017-16831 at NVDCVE-2017-16832 at SUSECVE-2017-16832 at NVDCVE-2017-6965 at SUSECVE-2017-6965 at NVDCVE-2017-6966 at SUSECVE-2017-6966 at NVDCVE-2017-6969 at SUSECVE-2017-6969 at NVDCVE-2017-7209 at SUSECVE-2017-7209 at NVDCVE-2017-7210 at SUSECVE-2017-7210 at NVDCVE-2017-7223 at SUSECVE-2017-7223 at NVDCVE-2017-7224 at SUSECVE-2017-7224 at NVDCVE-2017-7225 at SUSECVE-2017-7225 at NVDCVE-2017-7226 at SUSECVE-2017-7226 at NVDCVE-2017-7299 at SUSECVE-2017-7299 at NVDCVE-2017-7300 at SUSECVE-2017-7300 at NVDCVE-2017-7301 at SUSECVE-2017-7301 at NVDCVE-2017-7302 at SUSECVE-2017-7302 at NVDCVE-2017-7303 at SUSECVE-2017-7303 at NVDCVE-2017-7304 at SUSECVE-2017-7304 at NVDCVE-2017-8392 at SUSECVE-2017-8392 at NVDCVE-2017-8393 at SUSECVE-2017-8393 at NVDCVE-2017-8394 at SUSECVE-2017-8394 at NVDCVE-2017-8396 at SUSECVE-2017-8396 at NVDCVE-2017-8421 at SUSECVE-2017-8421 at NVDCVE-2017-9746 at SUSECVE-2017-9746 at NVDCVE-2017-9747 at SUSECVE-2017-9747 at NVDCVE-2017-9748 at SUSECVE-2017-9748 at NVDCVE-2017-9750 at SUSECVE-2017-9750 at NVDCVE-2017-9755 at SUSECVE-2017-9755 at NVDCVE-2017-9756 at SUSECVE-2017-9756 at NVDCVE-2018-10372 at SUSECVE-2018-10372 at NVDCVE-2018-10373 at SUSECVE-2018-10373 at NVDCVE-2018-10534 at SUSECVE-2018-10534 at NVDCVE-2018-10535 at SUSECVE-2018-10535 at NVDCVE-2018-6323 at SUSECVE-2018-6323 at NVDCVE-2018-6543 at SUSECVE-2018-6543 at NVDCVE-2018-6759 at SUSECVE-2018-6759 at NVDCVE-2018-6872 at SUSECVE-2018-6872 at NVDCVE-2018-7208 at SUSECVE-2018-7208 at NVDCVE-2018-7568 at SUSECVE-2018-7568 at NVDCVE-2018-7569 at SUSECVE-2018-7569 at NVDCVE-2018-7570 at SUSECVE-2018-7570 at NVDCVE-2018-7642 at SUSECVE-2018-7642 at NVDCVE-2018-7643 at SUSECVE-2018-7643 at NVDCVE-2018-8945 at SUSECVE-2018-8945 at NVDcpe:/o:suse:sles:12:sp4bluez-5.13-5.4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the bluez-5.13-5.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-7837 at SUSECVE-2016-7837 at NVDCVE-2016-9800 at SUSECVE-2016-9800 at NVDCVE-2016-9804 at SUSECVE-2016-9804 at NVDCVE-2017-1000250 at SUSECVE-2017-1000250 at NVDcpe:/o:suse:sles:12:sp4busybox-1.21.1-3.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the busybox-1.21.1-3.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9645 at SUSECVE-2014-9645 at NVDcpe:/o:suse:sles:12:sp4bzip2-1.0.6-29.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the bzip2-1.0.6-29.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-0405 at SUSECVE-2010-0405 at NVDcpe:/o:suse:sles:12:sp4ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-7262 at SUSECVE-2018-7262 at NVDcpe:/o:suse:sles:12:sp4chrony-2.3-3.110 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the chrony-2.3-3.110 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4502 at SUSECVE-2012-4502 at NVDCVE-2012-4503 at SUSECVE-2012-4503 at NVDCVE-2014-0021 at SUSECVE-2014-0021 at NVDCVE-2016-1567 at SUSECVE-2016-1567 at NVDcpe:/o:suse:sles:12:sp4cifs-utils-6.5-9.3.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cifs-utils-6.5-9.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1886 at SUSECVE-2009-1886 at NVDCVE-2009-1888 at SUSECVE-2009-1888 at NVDCVE-2009-2813 at SUSECVE-2009-2813 at NVDCVE-2009-2906 at SUSECVE-2009-2906 at NVDCVE-2009-2948 at SUSECVE-2009-2948 at NVDCVE-2010-0547 at SUSECVE-2010-0547 at NVDCVE-2010-0728 at SUSECVE-2010-0728 at NVDCVE-2010-0787 at SUSECVE-2010-0787 at NVDCVE-2012-1586 at SUSECVE-2012-1586 at NVDcpe:/o:suse:sles:12:sp4clamav-0.100.2-33.18.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the clamav-0.100.2-33.18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-0405 at SUSECVE-2010-0405 at NVDCVE-2011-2721 at SUSECVE-2011-2721 at NVDCVE-2011-3627 at SUSECVE-2011-3627 at NVDCVE-2012-1457 at SUSECVE-2012-1457 at NVDCVE-2012-1458 at SUSECVE-2012-1458 at NVDCVE-2012-1459 at SUSECVE-2012-1459 at NVDCVE-2012-6706 at SUSECVE-2012-6706 at NVDCVE-2013-6497 at SUSECVE-2013-6497 at NVDCVE-2014-9050 at SUSECVE-2014-9050 at NVDCVE-2014-9328 at SUSECVE-2014-9328 at NVDCVE-2015-1461 at SUSECVE-2015-1461 at NVDCVE-2015-1462 at SUSECVE-2015-1462 at NVDCVE-2015-1463 at SUSECVE-2015-1463 at NVDCVE-2015-2170 at SUSECVE-2015-2170 at NVDCVE-2015-2221 at SUSECVE-2015-2221 at NVDCVE-2015-2222 at SUSECVE-2015-2222 at NVDCVE-2015-2305 at SUSECVE-2015-2305 at NVDCVE-2015-2668 at SUSECVE-2015-2668 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-12374 at SUSECVE-2017-12374 at NVDCVE-2017-12375 at SUSECVE-2017-12375 at NVDCVE-2017-12376 at SUSECVE-2017-12376 at NVDCVE-2017-12377 at SUSECVE-2017-12377 at NVDCVE-2017-12378 at SUSECVE-2017-12378 at NVDCVE-2017-12379 at SUSECVE-2017-12379 at NVDCVE-2017-12380 at SUSECVE-2017-12380 at NVDCVE-2017-6418 at SUSECVE-2017-6418 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2017-6420 at SUSECVE-2017-6420 at NVDCVE-2018-0202 at SUSECVE-2018-0202 at NVDCVE-2018-0360 at SUSECVE-2018-0360 at NVDCVE-2018-0361 at SUSECVE-2018-0361 at NVDCVE-2018-1000085 at SUSECVE-2018-1000085 at NVDCVE-2018-14680 at SUSECVE-2018-14680 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-15378 at SUSECVE-2018-15378 at NVDcpe:/o:suse:sles:12:sp4colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the colord-gtk-lang-0.1.26-6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-4349 at SUSECVE-2011-4349 at NVDcpe:/o:suse:sles:12:sp4coolkey-1.1.0-148.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the coolkey-1.1.0-148.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:sles:12:sp4coreutils-8.25-13.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the coreutils-8.25-13.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-0221 at SUSECVE-2013-0221 at NVDCVE-2013-0222 at SUSECVE-2013-0222 at NVDCVE-2013-0223 at SUSECVE-2013-0223 at NVDCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDcpe:/o:suse:sles:12:sp4cpio-2.11-36.3.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cpio-2.11-36.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-0624 at SUSECVE-2010-0624 at NVDCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDcpe:/o:suse:sles:12:sp4cpp48-4.8.5-31.17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cpp48-4.8.5-31.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-5044 at SUSECVE-2014-5044 at NVDCVE-2015-5276 at SUSECVE-2015-5276 at NVDCVE-2017-11671 at SUSECVE-2017-11671 at NVDcpe:/o:suse:sles:12:sp4cracklib-2.9.0-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cracklib-2.9.0-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:sles:12:sp4crash-7.2.1-2.19 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the crash-7.2.1-2.19 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-2524 at SUSECVE-2014-2524 at NVDcpe:/o:suse:sles:12:sp4cron-4.2-58.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cron-4.2-58.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-2607 at SUSECVE-2006-2607 at NVDCVE-2010-0424 at SUSECVE-2010-0424 at NVDcpe:/o:suse:sles:12:sp4ctags-5.8-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ctags-5.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-7204 at SUSECVE-2014-7204 at NVDcpe:/o:suse:sles:12:sp4cups-1.7.5-20.17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cups-1.7.5-20.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0163 at SUSECVE-2009-0163 at NVDCVE-2009-2820 at SUSECVE-2009-2820 at NVDCVE-2009-3553 at SUSECVE-2009-3553 at NVDCVE-2010-0393 at SUSECVE-2010-0393 at NVDCVE-2010-0540 at SUSECVE-2010-0540 at NVDCVE-2010-0542 at SUSECVE-2010-0542 at NVDCVE-2010-1748 at SUSECVE-2010-1748 at NVDCVE-2010-2941 at SUSECVE-2010-2941 at NVDCVE-2012-5519 at SUSECVE-2012-5519 at NVDCVE-2012-6094 at SUSECVE-2012-6094 at NVDCVE-2014-2856 at SUSECVE-2014-2856 at NVDCVE-2014-3537 at SUSECVE-2014-3537 at NVDCVE-2014-5029 at SUSECVE-2014-5029 at NVDCVE-2014-5030 at SUSECVE-2014-5030 at NVDCVE-2014-5031 at SUSECVE-2014-5031 at NVDCVE-2014-9679 at SUSECVE-2014-9679 at NVDCVE-2015-1158 at SUSECVE-2015-1158 at NVDCVE-2015-1159 at SUSECVE-2015-1159 at NVDCVE-2017-18190 at SUSECVE-2017-18190 at NVDCVE-2017-18248 at SUSECVE-2017-18248 at NVDCVE-2018-4180 at SUSECVE-2018-4180 at NVDCVE-2018-4181 at SUSECVE-2018-4181 at NVDCVE-2018-4182 at SUSECVE-2018-4182 at NVDCVE-2018-4183 at SUSECVE-2018-4183 at NVDcpe:/o:suse:sles:12:sp4cups-filters-1.0.58-19.2.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cups-filters-1.0.58-19.2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6473 at SUSECVE-2013-6473 at NVDCVE-2013-6474 at SUSECVE-2013-6474 at NVDCVE-2013-6475 at SUSECVE-2013-6475 at NVDCVE-2013-6476 at SUSECVE-2013-6476 at NVDCVE-2014-2707 at SUSECVE-2014-2707 at NVDCVE-2014-4336 at SUSECVE-2014-4336 at NVDCVE-2014-4337 at SUSECVE-2014-4337 at NVDCVE-2014-4338 at SUSECVE-2014-4338 at NVDCVE-2015-2265 at SUSECVE-2015-2265 at NVDCVE-2015-3258 at SUSECVE-2015-3258 at NVDCVE-2015-3279 at SUSECVE-2015-3279 at NVDCVE-2015-8327 at SUSECVE-2015-8327 at NVDCVE-2015-8560 at SUSECVE-2015-8560 at NVDcpe:/o:suse:sles:12:sp4cups-pk-helper-0.2.5-5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cups-pk-helper-0.2.5-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4510 at SUSECVE-2012-4510 at NVDcpe:/o:suse:sles:12:sp4curl-7.60.0-2.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the curl-7.60.0-2.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0037 at SUSECVE-2009-0037 at NVDCVE-2009-2417 at SUSECVE-2009-2417 at NVDCVE-2013-0249 at SUSECVE-2013-0249 at NVDCVE-2013-1944 at SUSECVE-2013-1944 at NVDCVE-2013-2174 at SUSECVE-2013-2174 at NVDCVE-2013-4545 at SUSECVE-2013-4545 at NVDCVE-2014-0015 at SUSECVE-2014-0015 at NVDCVE-2014-0138 at SUSECVE-2014-0138 at NVDCVE-2014-0139 at SUSECVE-2014-0139 at NVDCVE-2014-3613 at SUSECVE-2014-3613 at NVDCVE-2014-3620 at SUSECVE-2014-3620 at NVDCVE-2014-3707 at SUSECVE-2014-3707 at NVDCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-5419 at SUSECVE-2016-5419 at NVDCVE-2016-5420 at SUSECVE-2016-5420 at NVDCVE-2016-5421 at SUSECVE-2016-5421 at NVDCVE-2016-7141 at SUSECVE-2016-7141 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7407 at SUSECVE-2017-7407 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDcpe:/o:suse:sles:12:sp4cvs-1.12.12-182.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cvs-1.12.12-182.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-0804 at SUSECVE-2012-0804 at NVDCVE-2017-12836 at SUSECVE-2017-12836 at NVDcpe:/o:suse:sles:12:sp4cyrus-sasl-2.1.26-8.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the cyrus-sasl-2.1.26-8.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0688 at SUSECVE-2009-0688 at NVDcpe:/o:suse:sles:12:sp4davfs2-1.5.2-2.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the davfs2-1.5.2-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-4362 at SUSECVE-2014-4362 at NVDcpe:/o:suse:sles:12:sp4dbus-1-1.8.22-29.10.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dbus-1-1.8.22-29.10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-4352 at SUSECVE-2010-4352 at NVDCVE-2012-3524 at SUSECVE-2012-3524 at NVDCVE-2013-2168 at SUSECVE-2013-2168 at NVDCVE-2014-3477 at SUSECVE-2014-3477 at NVDCVE-2014-3532 at SUSECVE-2014-3532 at NVDCVE-2014-3533 at SUSECVE-2014-3533 at NVDCVE-2014-3635 at SUSECVE-2014-3635 at NVDCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3638 at SUSECVE-2014-3638 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDcpe:/o:suse:sles:12:sp4dbus-1-glib-0.100.2-3.58 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dbus-1-glib-0.100.2-3.58 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-1172 at SUSECVE-2010-1172 at NVDCVE-2013-0292 at SUSECVE-2013-0292 at NVDcpe:/o:suse:sles:12:sp4dhcp-4.3.3-10.14.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dhcp-4.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1892 at SUSECVE-2009-1892 at NVDCVE-2010-2156 at SUSECVE-2010-2156 at NVDCVE-2010-3611 at SUSECVE-2010-3611 at NVDCVE-2010-3616 at SUSECVE-2010-3616 at NVDCVE-2011-0413 at SUSECVE-2011-0413 at NVDCVE-2011-0997 at SUSECVE-2011-0997 at NVDCVE-2011-2748 at SUSECVE-2011-2748 at NVDCVE-2011-2749 at SUSECVE-2011-2749 at NVDCVE-2011-4539 at SUSECVE-2011-4539 at NVDCVE-2011-4868 at SUSECVE-2011-4868 at NVDCVE-2012-3570 at SUSECVE-2012-3570 at NVDCVE-2012-3571 at SUSECVE-2012-3571 at NVDCVE-2012-3954 at SUSECVE-2012-3954 at NVDCVE-2012-3955 at SUSECVE-2012-3955 at NVDCVE-2013-2266 at SUSECVE-2013-2266 at NVDCVE-2015-8605 at SUSECVE-2015-8605 at NVDCVE-2016-2774 at SUSECVE-2016-2774 at NVDCVE-2017-3144 at SUSECVE-2017-3144 at NVDCVE-2018-5732 at SUSECVE-2018-5732 at NVDCVE-2018-5733 at SUSECVE-2018-5733 at NVDcpe:/o:suse:sles:12:sp4dnsmasq-2.78-18.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dnsmasq-2.78-18.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDcpe:/o:suse:sles:12:sp4dosfstools-3.0.26-6.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dosfstools-3.0.26-6.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-8872 at SUSECVE-2015-8872 at NVDCVE-2016-4804 at SUSECVE-2016-4804 at NVDcpe:/o:suse:sles:12:sp4dovecot22-2.2.31-19.11.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dovecot22-2.2.31-19.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3430 at SUSECVE-2014-3430 at NVDCVE-2016-4983 at SUSECVE-2016-4983 at NVDCVE-2017-14461 at SUSECVE-2017-14461 at NVDCVE-2017-15130 at SUSECVE-2017-15130 at NVDCVE-2017-15132 at SUSECVE-2017-15132 at NVDCVE-2017-2669 at SUSECVE-2017-2669 at NVDcpe:/o:suse:sles:12:sp4dpdk-17.11.4-3.6 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dpdk-17.11.4-3.6 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-1059 at SUSECVE-2018-1059 at NVDcpe:/o:suse:sles:12:sp4dracut-044.1-9.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dracut-044.1-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4453 at SUSECVE-2012-4453 at NVDCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:sles:12:sp4dstat-0.7.3-1.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the dstat-0.7.3-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-3894 at SUSECVE-2009-3894 at NVDcpe:/o:suse:sles:12:sp4e2fsprogs-1.43.8-1.19 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the e2fsprogs-1.43.8-1.19 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDcpe:/o:suse:sles:12:sp4ecryptfs-utils-103-8.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ecryptfs-utils-103-8.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1831 at SUSECVE-2011-1831 at NVDCVE-2011-1832 at SUSECVE-2011-1832 at NVDCVE-2011-1833 at SUSECVE-2011-1833 at NVDCVE-2011-1834 at SUSECVE-2011-1834 at NVDCVE-2011-1835 at SUSECVE-2011-1835 at NVDCVE-2011-1836 at SUSECVE-2011-1836 at NVDCVE-2011-1837 at SUSECVE-2011-1837 at NVDCVE-2014-9687 at SUSECVE-2014-9687 at NVDCVE-2015-8946 at SUSECVE-2015-8946 at NVDCVE-2016-1572 at SUSECVE-2016-1572 at NVDCVE-2016-6224 at SUSECVE-2016-6224 at NVDcpe:/o:suse:sles:12:sp4elfutils-0.158-6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the elfutils-0.158-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-0172 at SUSECVE-2014-0172 at NVDCVE-2014-9447 at SUSECVE-2014-9447 at NVDcpe:/o:suse:sles:12:sp4emacs-24.3-25.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the emacs-24.3-25.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-0035 at SUSECVE-2012-0035 at NVDCVE-2014-3421 at SUSECVE-2014-3421 at NVDCVE-2014-3422 at SUSECVE-2014-3422 at NVDCVE-2014-3423 at SUSECVE-2014-3423 at NVDCVE-2014-3424 at SUSECVE-2014-3424 at NVDcpe:/o:suse:sles:12:sp4eog-3.20.4-7.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the eog-3.20.4-7.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-7447 at SUSECVE-2013-7447 at NVDCVE-2016-6855 at SUSECVE-2016-6855 at NVDcpe:/o:suse:sles:12:sp4evince-3.20.2-6.22.9 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the evince-3.20.2-6.22.9 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2640 at SUSECVE-2010-2640 at NVDCVE-2010-2641 at SUSECVE-2010-2641 at NVDCVE-2010-2642 at SUSECVE-2010-2642 at NVDCVE-2010-2643 at SUSECVE-2010-2643 at NVDCVE-2017-1000083 at SUSECVE-2017-1000083 at NVDcpe:/o:suse:sles:12:sp4expat-2.1.0-21.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the expat-2.1.0-21.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2625 at SUSECVE-2009-2625 at NVDCVE-2009-3560 at SUSECVE-2009-3560 at NVDCVE-2009-3720 at SUSECVE-2009-3720 at NVDCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-1147 at SUSECVE-2012-1147 at NVDCVE-2012-1148 at SUSECVE-2012-1148 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDcpe:/o:suse:sles:12:sp4fetchmail-6.3.26-12.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the fetchmail-6.3.26-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2666 at SUSECVE-2009-2666 at NVDCVE-2010-1167 at SUSECVE-2010-1167 at NVDCVE-2011-1947 at SUSECVE-2011-1947 at NVDCVE-2011-3389 at SUSECVE-2011-3389 at NVDCVE-2012-3482 at SUSECVE-2012-3482 at NVDcpe:/o:suse:sles:12:sp4file-5.22-10.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the file-5.22-10.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-1571 at SUSECVE-2012-1571 at NVDCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2014-9620 at SUSECVE-2014-9620 at NVDCVE-2014-9621 at SUSECVE-2014-9621 at NVDCVE-2014-9653 at SUSECVE-2014-9653 at NVDcpe:/o:suse:sles:12:sp4fontconfig-2.11.1-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the fontconfig-2.11.1-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-5384 at SUSECVE-2016-5384 at NVDcpe:/o:suse:sles:12:sp4freeradius-server-3.0.15-2.8.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the freeradius-server-3.0.15-2.8.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-3547 at SUSECVE-2012-3547 at NVDCVE-2014-2015 at SUSECVE-2014-2015 at NVDCVE-2015-4680 at SUSECVE-2015-4680 at NVDCVE-2015-8763 at SUSECVE-2015-8763 at NVDCVE-2017-10978 at SUSECVE-2017-10978 at NVDCVE-2017-10983 at SUSECVE-2017-10983 at NVDCVE-2017-10984 at SUSECVE-2017-10984 at NVDCVE-2017-10985 at SUSECVE-2017-10985 at NVDCVE-2017-10986 at SUSECVE-2017-10986 at NVDCVE-2017-10987 at SUSECVE-2017-10987 at NVDCVE-2017-10988 at SUSECVE-2017-10988 at NVDCVE-2017-9148 at SUSECVE-2017-9148 at NVDcpe:/o:suse:sles:12:sp4ft2demos-2.6.3-7.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ft2demos-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0946 at SUSECVE-2009-0946 at NVDCVE-2010-2497 at SUSECVE-2010-2497 at NVDCVE-2010-2805 at SUSECVE-2010-2805 at NVDCVE-2010-3053 at SUSECVE-2010-3053 at NVDCVE-2010-3054 at SUSECVE-2010-3054 at NVDCVE-2010-3311 at SUSECVE-2010-3311 at NVDCVE-2010-3814 at SUSECVE-2010-3814 at NVDCVE-2011-0226 at SUSECVE-2011-0226 at NVDCVE-2012-5668 at SUSECVE-2012-5668 at NVDCVE-2012-5669 at SUSECVE-2012-5669 at NVDCVE-2012-5670 at SUSECVE-2012-5670 at NVDCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDcpe:/o:suse:sles:12:sp4fuse-2.9.3-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the fuse-2.9.3-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:sles:12:sp4g3utils-1.1.36-58.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the g3utils-1.1.36-58.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-16741 at SUSECVE-2018-16741 at NVDCVE-2018-16742 at SUSECVE-2018-16742 at NVDCVE-2018-16743 at SUSECVE-2018-16743 at NVDCVE-2018-16744 at SUSECVE-2018-16744 at NVDCVE-2018-16745 at SUSECVE-2018-16745 at NVDcpe:/o:suse:sles:12:sp4gd-2.1.0-24.9.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gd-2.1.0-24.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-2497 at SUSECVE-2014-2497 at NVDCVE-2014-9709 at SUSECVE-2014-9709 at NVDCVE-2016-10166 at SUSECVE-2016-10166 at NVDCVE-2016-10167 at SUSECVE-2016-10167 at NVDCVE-2016-10168 at SUSECVE-2016-10168 at NVDCVE-2016-5116 at SUSECVE-2016-5116 at NVDCVE-2016-6128 at SUSECVE-2016-6128 at NVDCVE-2016-6132 at SUSECVE-2016-6132 at NVDCVE-2016-6161 at SUSECVE-2016-6161 at NVDCVE-2016-6207 at SUSECVE-2016-6207 at NVDCVE-2016-6214 at SUSECVE-2016-6214 at NVDCVE-2016-6905 at SUSECVE-2016-6905 at NVDCVE-2016-6906 at SUSECVE-2016-6906 at NVDCVE-2016-6911 at SUSECVE-2016-6911 at NVDCVE-2016-6912 at SUSECVE-2016-6912 at NVDCVE-2016-7568 at SUSECVE-2016-7568 at NVDCVE-2016-8670 at SUSECVE-2016-8670 at NVDCVE-2016-9317 at SUSECVE-2016-9317 at NVDCVE-2016-9933 at SUSECVE-2016-9933 at NVDCVE-2017-6362 at SUSECVE-2017-6362 at NVDCVE-2018-1000222 at SUSECVE-2018-1000222 at NVDCVE-2018-5711 at SUSECVE-2018-5711 at NVDcpe:/o:suse:sles:12:sp4gdk-pixbuf-lang-2.34.0-19.17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gdk-pixbuf-lang-2.34.0-19.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2485 at SUSECVE-2011-2485 at NVDCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-7552 at SUSECVE-2015-7552 at NVDCVE-2015-7673 at SUSECVE-2015-7673 at NVDCVE-2015-7674 at SUSECVE-2015-7674 at NVDCVE-2016-6352 at SUSECVE-2016-6352 at NVDCVE-2017-1000422 at SUSECVE-2017-1000422 at NVDCVE-2017-2862 at SUSECVE-2017-2862 at NVDCVE-2017-2870 at SUSECVE-2017-2870 at NVDCVE-2017-6312 at SUSECVE-2017-6312 at NVDCVE-2017-6313 at SUSECVE-2017-6313 at NVDCVE-2017-6314 at SUSECVE-2017-6314 at NVDcpe:/o:suse:sles:12:sp4gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3146 at SUSECVE-2011-3146 at NVDCVE-2013-1881 at SUSECVE-2013-1881 at NVDCVE-2017-11464 at SUSECVE-2017-11464 at NVDCVE-2018-1000041 at SUSECVE-2018-1000041 at NVDcpe:/o:suse:sles:12:sp4gdm-3.10.0.1-54.6.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gdm-3.10.0.1-54.6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1709 at SUSECVE-2011-1709 at NVDCVE-2018-14424 at SUSECVE-2018-14424 at NVDcpe:/o:suse:sles:12:sp4ghostscript-9.25-23.13.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ghostscript-9.25-23.13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-5653 at SUSECVE-2013-5653 at NVDCVE-2015-3228 at SUSECVE-2015-3228 at NVDCVE-2016-10217 at SUSECVE-2016-10217 at NVDCVE-2016-10218 at SUSECVE-2016-10218 at NVDCVE-2016-10219 at SUSECVE-2016-10219 at NVDCVE-2016-10220 at SUSECVE-2016-10220 at NVDCVE-2016-10317 at SUSECVE-2016-10317 at NVDCVE-2016-7976 at SUSECVE-2016-7976 at NVDCVE-2016-7977 at SUSECVE-2016-7977 at NVDCVE-2016-7978 at SUSECVE-2016-7978 at NVDCVE-2016-7979 at SUSECVE-2016-7979 at NVDCVE-2016-8602 at SUSECVE-2016-8602 at NVDCVE-2016-9601 at SUSECVE-2016-9601 at NVDCVE-2017-11714 at SUSECVE-2017-11714 at NVDCVE-2017-5951 at SUSECVE-2017-5951 at NVDCVE-2017-7207 at SUSECVE-2017-7207 at NVDCVE-2017-8291 at SUSECVE-2017-8291 at NVDCVE-2017-9216 at SUSECVE-2017-9216 at NVDCVE-2017-9612 at SUSECVE-2017-9612 at NVDCVE-2017-9726 at SUSECVE-2017-9726 at NVDCVE-2017-9727 at SUSECVE-2017-9727 at NVDCVE-2017-9739 at SUSECVE-2017-9739 at NVDCVE-2017-9835 at SUSECVE-2017-9835 at NVDCVE-2018-10194 at SUSECVE-2018-10194 at NVDCVE-2018-15908 at SUSECVE-2018-15908 at NVDCVE-2018-15909 at SUSECVE-2018-15909 at NVDCVE-2018-15910 at SUSECVE-2018-15910 at NVDCVE-2018-15911 at SUSECVE-2018-15911 at NVDCVE-2018-16509 at SUSECVE-2018-16509 at NVDCVE-2018-16510 at SUSECVE-2018-16510 at NVDCVE-2018-16511 at SUSECVE-2018-16511 at NVDCVE-2018-16513 at SUSECVE-2018-16513 at NVDCVE-2018-16539 at SUSECVE-2018-16539 at NVDCVE-2018-16540 at SUSECVE-2018-16540 at NVDCVE-2018-16541 at SUSECVE-2018-16541 at NVDCVE-2018-16542 at SUSECVE-2018-16542 at NVDCVE-2018-16543 at SUSECVE-2018-16543 at NVDCVE-2018-16585 at SUSECVE-2018-16585 at NVDCVE-2018-16802 at SUSECVE-2018-16802 at NVDcpe:/o:suse:sles:12:sp4giflib-progs-5.0.5-12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the giflib-progs-5.0.5-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-7555 at SUSECVE-2015-7555 at NVDCVE-2016-3977 at SUSECVE-2016-3977 at NVDcpe:/o:suse:sles:12:sp4git-core-2.12.3-27.14.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the git-core-2.12.3-27.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2186 at SUSECVE-2011-2186 at NVDCVE-2014-9390 at SUSECVE-2014-9390 at NVDCVE-2016-2315 at SUSECVE-2016-2315 at NVDCVE-2016-2324 at SUSECVE-2016-2324 at NVDCVE-2017-1000117 at SUSECVE-2017-1000117 at NVDCVE-2017-14867 at SUSECVE-2017-14867 at NVDCVE-2017-15298 at SUSECVE-2017-15298 at NVDCVE-2017-8386 at SUSECVE-2017-8386 at NVDCVE-2018-11233 at SUSECVE-2018-11233 at NVDCVE-2018-11235 at SUSECVE-2018-11235 at NVDcpe:/o:suse:sles:12:sp4glib2-lang-2.48.2-10.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the glib2-lang-2.48.2-10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-4316 at SUSECVE-2008-4316 at NVDCVE-2012-3524 at SUSECVE-2012-3524 at NVDcpe:/o:suse:sles:12:sp4glibc-2.22-15.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the glibc-2.22-15.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-5029 at SUSECVE-2009-5029 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2012-4412 at SUSECVE-2012-4412 at NVDCVE-2013-0242 at SUSECVE-2013-0242 at NVDCVE-2013-1914 at SUSECVE-2013-1914 at NVDCVE-2013-2207 at SUSECVE-2013-2207 at NVDCVE-2013-4237 at SUSECVE-2013-4237 at NVDCVE-2013-4332 at SUSECVE-2013-4332 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2013-7423 at SUSECVE-2013-7423 at NVDCVE-2014-0475 at SUSECVE-2014-0475 at NVDCVE-2014-4043 at SUSECVE-2014-4043 at NVDCVE-2014-5119 at SUSECVE-2014-5119 at NVDCVE-2014-6040 at SUSECVE-2014-6040 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2017-8804 at SUSECVE-2017-8804 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDcpe:/o:suse:sles:12:sp4gnome-keyring-3.20.0-28.3.18 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gnome-keyring-3.20.0-28.3.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-3466 at SUSECVE-2012-3466 at NVDcpe:/o:suse:sles:12:sp4gnome-settings-daemon-3.20.1-50.5.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gnome-settings-daemon-3.20.1-50.5.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-7300 at SUSECVE-2014-7300 at NVDcpe:/o:suse:sles:12:sp4gnome-shell-3.20.4-77.17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gnome-shell-3.20.4-77.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-4000 at SUSECVE-2010-4000 at NVDCVE-2017-8288 at SUSECVE-2017-8288 at NVDcpe:/o:suse:sles:12:sp4gnome-shell-search-provider-nautilus-3.20.3-23.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gnome-shell-search-provider-nautilus-3.20.3-23.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-14604 at SUSECVE-2017-14604 at NVDcpe:/o:suse:sles:12:sp4gnutls-3.3.27-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gnutls-3.3.27-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-4989 at SUSECVE-2008-4989 at NVDCVE-2011-4128 at SUSECVE-2011-4128 at NVDCVE-2012-0390 at SUSECVE-2012-0390 at NVDCVE-2012-1569 at SUSECVE-2012-1569 at NVDCVE-2012-1573 at SUSECVE-2012-1573 at NVDCVE-2014-0092 at SUSECVE-2014-0092 at NVDCVE-2014-1959 at SUSECVE-2014-1959 at NVDCVE-2014-3466 at SUSECVE-2014-3466 at NVDCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-0294 at SUSECVE-2015-0294 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-7444 at SUSECVE-2016-7444 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-10790 at SUSECVE-2017-10790 at NVDCVE-2017-5335 at SUSECVE-2017-5335 at NVDCVE-2017-5336 at SUSECVE-2017-5336 at NVDCVE-2017-5337 at SUSECVE-2017-5337 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDcpe:/o:suse:sles:12:sp4gpg2-2.0.24-9.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gpg2-2.0.24-9.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2547 at SUSECVE-2010-2547 at NVDCVE-2013-4351 at SUSECVE-2013-4351 at NVDCVE-2013-4402 at SUSECVE-2013-4402 at NVDCVE-2014-4617 at SUSECVE-2014-4617 at NVDCVE-2015-1606 at SUSECVE-2015-1606 at NVDCVE-2015-1607 at SUSECVE-2015-1607 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDcpe:/o:suse:sles:12:sp4gpgme-1.5.1-1.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gpgme-1.5.1-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3564 at SUSECVE-2014-3564 at NVDcpe:/o:suse:sles:12:sp4groff-1.22.2-5.287 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the groff-1.22.2-5.287 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-5044 at SUSECVE-2009-5044 at NVDCVE-2009-5080 at SUSECVE-2009-5080 at NVDCVE-2009-5081 at SUSECVE-2009-5081 at NVDcpe:/o:suse:sles:12:sp4grub2-2.02-11.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the grub2-2.02-11.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDcpe:/o:suse:sles:12:sp4gstreamer-1.8.3-9.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gstreamer-1.8.3-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-5838 at SUSECVE-2017-5838 at NVDcpe:/o:suse:sles:12:sp4gstreamer-plugins-bad-1.8.3-17.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gstreamer-plugins-bad-1.8.3-17.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-9445 at SUSECVE-2016-9445 at NVDCVE-2016-9446 at SUSECVE-2016-9446 at NVDCVE-2016-9809 at SUSECVE-2016-9809 at NVDCVE-2016-9812 at SUSECVE-2016-9812 at NVDCVE-2016-9813 at SUSECVE-2016-9813 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDcpe:/o:suse:sles:12:sp4gstreamer-plugins-base-1.8.3-12.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gstreamer-plugins-base-1.8.3-12.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-9811 at SUSECVE-2016-9811 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDcpe:/o:suse:sles:12:sp4gstreamer-plugins-good-1.8.3-15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gstreamer-plugins-good-1.8.3-15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2016-9634 at SUSECVE-2016-9634 at NVDCVE-2016-9635 at SUSECVE-2016-9635 at NVDCVE-2016-9636 at SUSECVE-2016-9636 at NVDCVE-2016-9807 at SUSECVE-2016-9807 at NVDCVE-2016-9808 at SUSECVE-2016-9808 at NVDCVE-2016-9810 at SUSECVE-2016-9810 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDcpe:/o:suse:sles:12:sp4gtk2-data-2.24.31-7.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gtk2-data-2.24.31-7.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-7447 at SUSECVE-2013-7447 at NVDcpe:/o:suse:sles:12:sp4guestfs-data-1.32.4-21.3.10 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the guestfs-data-1.32.4-21.3.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2124 at SUSECVE-2013-2124 at NVDCVE-2013-4419 at SUSECVE-2013-4419 at NVDcpe:/o:suse:sles:12:sp4guile-2.0.9-8.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the guile-2.0.9-8.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-8605 at SUSECVE-2016-8605 at NVDcpe:/o:suse:sles:12:sp4gv-3.7.4-1.36 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gv-3.7.4-1.36 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-3386 at SUSECVE-2012-3386 at NVDcpe:/o:suse:sles:12:sp4gvim-7.4.326-16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gvim-7.4.326-16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2016-1248 at SUSECVE-2016-1248 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDcpe:/o:suse:sles:12:sp4gzip-1.6-9.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the gzip-1.6-9.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2624 at SUSECVE-2009-2624 at NVDCVE-2010-0001 at SUSECVE-2010-0001 at NVDcpe:/o:suse:sles:12:sp4hardlink-1.0-6.38 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the hardlink-1.0-6.38 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3630 at SUSECVE-2011-3630 at NVDCVE-2011-3631 at SUSECVE-2011-3631 at NVDCVE-2011-3632 at SUSECVE-2011-3632 at NVDcpe:/o:suse:sles:12:sp4hplip-3.16.11-1.33 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the hplip-3.16.11-1.33 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2004-0801 at SUSECVE-2004-0801 at NVDCVE-2010-4267 at SUSECVE-2010-4267 at NVDCVE-2011-2697 at SUSECVE-2011-2697 at NVDCVE-2011-2722 at SUSECVE-2011-2722 at NVDCVE-2013-4325 at SUSECVE-2013-4325 at NVDCVE-2013-6402 at SUSECVE-2013-6402 at NVDCVE-2013-6427 at SUSECVE-2013-6427 at NVDCVE-2015-0839 at SUSECVE-2015-0839 at NVDcpe:/o:suse:sles:12:sp4hyper-v-7-7.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the hyper-v-7-7.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2669 at SUSECVE-2012-2669 at NVDCVE-2012-5532 at SUSECVE-2012-5532 at NVDcpe:/o:suse:sles:12:sp4ibus-chewing-1.4.14-4.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ibus-chewing-1.4.14-4.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4509 at SUSECVE-2013-4509 at NVDcpe:/o:suse:sles:12:sp4ipsec-tools-0.8.0-19.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ipsec-tools-0.8.0-19.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-4047 at SUSECVE-2015-4047 at NVDCVE-2016-10396 at SUSECVE-2016-10396 at NVDcpe:/o:suse:sles:12:sp4iputils-s20121221-2.17 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the iputils-s20121221-2.17 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2529 at SUSECVE-2010-2529 at NVDcpe:/o:suse:sles:12:sp4jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the jakarta-commons-fileupload-1.1.1-120.113 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2186 at SUSECVE-2013-2186 at NVDCVE-2014-0050 at SUSECVE-2014-0050 at NVDcpe:/o:suse:sles:12:sp4jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the jakarta-taglibs-standard-1.1.1-255.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-0254 at SUSECVE-2015-0254 at NVDcpe:/o:suse:sles:12:sp4java-1_7_0-openjdk-1.7.0.181-43.15.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the java-1_7_0-openjdk-1.7.0.181-43.15.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3563 at SUSECVE-2011-3563 at NVDCVE-2011-3571 at SUSECVE-2011-3571 at NVDCVE-2011-5035 at SUSECVE-2011-5035 at NVDCVE-2012-0497 at SUSECVE-2012-0497 at NVDCVE-2012-0501 at SUSECVE-2012-0501 at NVDCVE-2012-0502 at SUSECVE-2012-0502 at NVDCVE-2012-0503 at SUSECVE-2012-0503 at NVDCVE-2012-0505 at SUSECVE-2012-0505 at NVDCVE-2012-0506 at SUSECVE-2012-0506 at NVDCVE-2012-0547 at SUSECVE-2012-0547 at NVDCVE-2012-1682 at SUSECVE-2012-1682 at NVDCVE-2012-1711 at SUSECVE-2012-1711 at NVDCVE-2012-1713 at SUSECVE-2012-1713 at NVDCVE-2012-1716 at SUSECVE-2012-1716 at NVDCVE-2012-1717 at SUSECVE-2012-1717 at NVDCVE-2012-1718 at SUSECVE-2012-1718 at NVDCVE-2012-1719 at SUSECVE-2012-1719 at NVDCVE-2012-1723 at SUSECVE-2012-1723 at NVDCVE-2012-1724 at SUSECVE-2012-1724 at NVDCVE-2012-1725 at SUSECVE-2012-1725 at NVDCVE-2012-1726 at SUSECVE-2012-1726 at NVDCVE-2012-3136 at SUSECVE-2012-3136 at NVDCVE-2012-3174 at SUSECVE-2012-3174 at NVDCVE-2012-3216 at SUSECVE-2012-3216 at NVDCVE-2012-4416 at SUSECVE-2012-4416 at NVDCVE-2012-4681 at SUSECVE-2012-4681 at NVDCVE-2012-5068 at SUSECVE-2012-5068 at NVDCVE-2012-5069 at SUSECVE-2012-5069 at NVDCVE-2012-5070 at SUSECVE-2012-5070 at NVDCVE-2012-5071 at SUSECVE-2012-5071 at NVDCVE-2012-5072 at SUSECVE-2012-5072 at NVDCVE-2012-5073 at SUSECVE-2012-5073 at NVDCVE-2012-5074 at SUSECVE-2012-5074 at NVDCVE-2012-5075 at SUSECVE-2012-5075 at NVDCVE-2012-5076 at SUSECVE-2012-5076 at NVDCVE-2012-5077 at SUSECVE-2012-5077 at NVDCVE-2012-5079 at SUSECVE-2012-5079 at NVDCVE-2012-5081 at SUSECVE-2012-5081 at NVDCVE-2012-5084 at SUSECVE-2012-5084 at NVDCVE-2012-5085 at SUSECVE-2012-5085 at NVDCVE-2012-5086 at SUSECVE-2012-5086 at NVDCVE-2012-5087 at SUSECVE-2012-5087 at NVDCVE-2012-5088 at SUSECVE-2012-5088 at NVDCVE-2012-5089 at SUSECVE-2012-5089 at NVDCVE-2013-0169 at SUSECVE-2013-0169 at NVDCVE-2013-0401 at SUSECVE-2013-0401 at NVDCVE-2013-0422 at SUSECVE-2013-0422 at NVDCVE-2013-0424 at SUSECVE-2013-0424 at NVDCVE-2013-0425 at SUSECVE-2013-0425 at NVDCVE-2013-0426 at SUSECVE-2013-0426 at NVDCVE-2013-0427 at SUSECVE-2013-0427 at NVDCVE-2013-0428 at SUSECVE-2013-0428 at NVDCVE-2013-0429 at SUSECVE-2013-0429 at NVDCVE-2013-0431 at SUSECVE-2013-0431 at NVDCVE-2013-0432 at SUSECVE-2013-0432 at NVDCVE-2013-0433 at SUSECVE-2013-0433 at NVDCVE-2013-0434 at SUSECVE-2013-0434 at NVDCVE-2013-0435 at SUSECVE-2013-0435 at NVDCVE-2013-0440 at SUSECVE-2013-0440 at NVDCVE-2013-0441 at SUSECVE-2013-0441 at NVDCVE-2013-0442 at SUSECVE-2013-0442 at NVDCVE-2013-0443 at SUSECVE-2013-0443 at NVDCVE-2013-0444 at SUSECVE-2013-0444 at NVDCVE-2013-0450 at SUSECVE-2013-0450 at NVDCVE-2013-0809 at SUSECVE-2013-0809 at NVDCVE-2013-1475 at SUSECVE-2013-1475 at NVDCVE-2013-1476 at SUSECVE-2013-1476 at NVDCVE-2013-1478 at SUSECVE-2013-1478 at NVDCVE-2013-1480 at SUSECVE-2013-1480 at NVDCVE-2013-1484 at SUSECVE-2013-1484 at NVDCVE-2013-1485 at SUSECVE-2013-1485 at NVDCVE-2013-1486 at SUSECVE-2013-1486 at NVDCVE-2013-1488 at SUSECVE-2013-1488 at NVDCVE-2013-1493 at SUSECVE-2013-1493 at NVDCVE-2013-1500 at SUSECVE-2013-1500 at NVDCVE-2013-1518 at SUSECVE-2013-1518 at NVDCVE-2013-1537 at SUSECVE-2013-1537 at NVDCVE-2013-1557 at SUSECVE-2013-1557 at NVDCVE-2013-1569 at SUSECVE-2013-1569 at NVDCVE-2013-1571 at SUSECVE-2013-1571 at NVDCVE-2013-2383 at SUSECVE-2013-2383 at NVDCVE-2013-2384 at SUSECVE-2013-2384 at NVDCVE-2013-2407 at SUSECVE-2013-2407 at NVDCVE-2013-2412 at SUSECVE-2013-2412 at NVDCVE-2013-2415 at SUSECVE-2013-2415 at NVDCVE-2013-2417 at SUSECVE-2013-2417 at NVDCVE-2013-2419 at SUSECVE-2013-2419 at NVDCVE-2013-2420 at SUSECVE-2013-2420 at NVDCVE-2013-2421 at SUSECVE-2013-2421 at NVDCVE-2013-2422 at SUSECVE-2013-2422 at NVDCVE-2013-2423 at SUSECVE-2013-2423 at NVDCVE-2013-2424 at SUSECVE-2013-2424 at NVDCVE-2013-2426 at SUSECVE-2013-2426 at NVDCVE-2013-2429 at SUSECVE-2013-2429 at NVDCVE-2013-2430 at SUSECVE-2013-2430 at NVDCVE-2013-2431 at SUSECVE-2013-2431 at NVDCVE-2013-2436 at SUSECVE-2013-2436 at NVDCVE-2013-2443 at SUSECVE-2013-2443 at NVDCVE-2013-2444 at SUSECVE-2013-2444 at NVDCVE-2013-2445 at SUSECVE-2013-2445 at NVDCVE-2013-2446 at SUSECVE-2013-2446 at NVDCVE-2013-2447 at SUSECVE-2013-2447 at NVDCVE-2013-2448 at SUSECVE-2013-2448 at NVDCVE-2013-2449 at SUSECVE-2013-2449 at NVDCVE-2013-2450 at SUSECVE-2013-2450 at NVDCVE-2013-2451 at SUSECVE-2013-2451 at NVDCVE-2013-2452 at SUSECVE-2013-2452 at NVDCVE-2013-2453 at SUSECVE-2013-2453 at NVDCVE-2013-2454 at SUSECVE-2013-2454 at NVDCVE-2013-2455 at SUSECVE-2013-2455 at NVDCVE-2013-2456 at SUSECVE-2013-2456 at NVDCVE-2013-2457 at SUSECVE-2013-2457 at NVDCVE-2013-2458 at SUSECVE-2013-2458 at NVDCVE-2013-2459 at SUSECVE-2013-2459 at NVDCVE-2013-2460 at SUSECVE-2013-2460 at NVDCVE-2013-2461 at SUSECVE-2013-2461 at NVDCVE-2013-2463 at SUSECVE-2013-2463 at NVDCVE-2013-2465 at SUSECVE-2013-2465 at NVDCVE-2013-2469 at SUSECVE-2013-2469 at NVDCVE-2013-2470 at SUSECVE-2013-2470 at NVDCVE-2013-2471 at SUSECVE-2013-2471 at NVDCVE-2013-2472 at SUSECVE-2013-2472 at NVDCVE-2013-2473 at SUSECVE-2013-2473 at NVDCVE-2013-3829 at SUSECVE-2013-3829 at NVDCVE-2013-4002 at SUSECVE-2013-4002 at NVDCVE-2013-5772 at SUSECVE-2013-5772 at NVDCVE-2013-5774 at SUSECVE-2013-5774 at NVDCVE-2013-5778 at SUSECVE-2013-5778 at NVDCVE-2013-5780 at SUSECVE-2013-5780 at NVDCVE-2013-5782 at SUSECVE-2013-5782 at NVDCVE-2013-5783 at SUSECVE-2013-5783 at NVDCVE-2013-5784 at SUSECVE-2013-5784 at NVDCVE-2013-5790 at SUSECVE-2013-5790 at NVDCVE-2013-5797 at SUSECVE-2013-5797 at NVDCVE-2013-5800 at SUSECVE-2013-5800 at NVDCVE-2013-5802 at SUSECVE-2013-5802 at NVDCVE-2013-5803 at SUSECVE-2013-5803 at NVDCVE-2013-5804 at SUSECVE-2013-5804 at NVDCVE-2013-5805 at SUSECVE-2013-5805 at NVDCVE-2013-5806 at SUSECVE-2013-5806 at NVDCVE-2013-5809 at SUSECVE-2013-5809 at NVDCVE-2013-5814 at SUSECVE-2013-5814 at NVDCVE-2013-5817 at SUSECVE-2013-5817 at NVDCVE-2013-5820 at SUSECVE-2013-5820 at NVDCVE-2013-5823 at SUSECVE-2013-5823 at NVDCVE-2013-5825 at SUSECVE-2013-5825 at NVDCVE-2013-5829 at SUSECVE-2013-5829 at NVDCVE-2013-5830 at SUSECVE-2013-5830 at NVDCVE-2013-5840 at SUSECVE-2013-5840 at NVDCVE-2013-5842 at SUSECVE-2013-5842 at NVDCVE-2013-5849 at SUSECVE-2013-5849 at NVDCVE-2013-5850 at SUSECVE-2013-5850 at NVDCVE-2013-5851 at SUSECVE-2013-5851 at NVDCVE-2013-5878 at SUSECVE-2013-5878 at NVDCVE-2013-5884 at SUSECVE-2013-5884 at NVDCVE-2013-5893 at SUSECVE-2013-5893 at NVDCVE-2013-5896 at SUSECVE-2013-5896 at NVDCVE-2013-5907 at SUSECVE-2013-5907 at NVDCVE-2013-5910 at SUSECVE-2013-5910 at NVDCVE-2013-6629 at SUSECVE-2013-6629 at NVDCVE-2013-6954 at SUSECVE-2013-6954 at NVDCVE-2014-0368 at SUSECVE-2014-0368 at NVDCVE-2014-0373 at SUSECVE-2014-0373 at NVDCVE-2014-0376 at SUSECVE-2014-0376 at NVDCVE-2014-0408 at SUSECVE-2014-0408 at NVDCVE-2014-0411 at SUSECVE-2014-0411 at NVDCVE-2014-0416 at SUSECVE-2014-0416 at NVDCVE-2014-0422 at SUSECVE-2014-0422 at NVDCVE-2014-0423 at SUSECVE-2014-0423 at NVDCVE-2014-0428 at SUSECVE-2014-0428 at NVDCVE-2014-0429 at SUSECVE-2014-0429 at NVDCVE-2014-0446 at SUSECVE-2014-0446 at NVDCVE-2014-0451 at SUSECVE-2014-0451 at NVDCVE-2014-0452 at SUSECVE-2014-0452 at NVDCVE-2014-0453 at SUSECVE-2014-0453 at NVDCVE-2014-0454 at SUSECVE-2014-0454 at NVDCVE-2014-0455 at SUSECVE-2014-0455 at NVDCVE-2014-0456 at SUSECVE-2014-0456 at NVDCVE-2014-0457 at SUSECVE-2014-0457 at NVDCVE-2014-0458 at SUSECVE-2014-0458 at NVDCVE-2014-0459 at SUSECVE-2014-0459 at NVDCVE-2014-0460 at SUSECVE-2014-0460 at NVDCVE-2014-0461 at SUSECVE-2014-0461 at NVDCVE-2014-1876 at SUSECVE-2014-1876 at NVDCVE-2014-2397 at SUSECVE-2014-2397 at NVDCVE-2014-2398 at SUSECVE-2014-2398 at NVDCVE-2014-2402 at SUSECVE-2014-2402 at NVDCVE-2014-2403 at SUSECVE-2014-2403 at NVDCVE-2014-2412 at SUSECVE-2014-2412 at NVDCVE-2014-2413 at SUSECVE-2014-2413 at NVDCVE-2014-2414 at SUSECVE-2014-2414 at NVDCVE-2014-2421 at SUSECVE-2014-2421 at NVDCVE-2014-2423 at SUSECVE-2014-2423 at NVDCVE-2014-2427 at SUSECVE-2014-2427 at NVDCVE-2014-2483 at SUSECVE-2014-2483 at NVDCVE-2014-2490 at SUSECVE-2014-2490 at NVDCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2014-4209 at SUSECVE-2014-4209 at NVDCVE-2014-4216 at SUSECVE-2014-4216 at NVDCVE-2014-4218 at SUSECVE-2014-4218 at NVDCVE-2014-4219 at SUSECVE-2014-4219 at NVDCVE-2014-4221 at SUSECVE-2014-4221 at NVDCVE-2014-4223 at SUSECVE-2014-4223 at NVDCVE-2014-4244 at SUSECVE-2014-4244 at NVDCVE-2014-4252 at SUSECVE-2014-4252 at NVDCVE-2014-4262 at SUSECVE-2014-4262 at NVDCVE-2014-4263 at SUSECVE-2014-4263 at NVDCVE-2014-4264 at SUSECVE-2014-4264 at NVDCVE-2014-4266 at SUSECVE-2014-4266 at NVDCVE-2014-4268 at SUSECVE-2014-4268 at NVDCVE-2014-6457 at SUSECVE-2014-6457 at NVDCVE-2014-6502 at SUSECVE-2014-6502 at NVDCVE-2014-6504 at SUSECVE-2014-6504 at NVDCVE-2014-6506 at SUSECVE-2014-6506 at NVDCVE-2014-6511 at SUSECVE-2014-6511 at NVDCVE-2014-6512 at SUSECVE-2014-6512 at NVDCVE-2014-6513 at SUSECVE-2014-6513 at NVDCVE-2014-6517 at SUSECVE-2014-6517 at NVDCVE-2014-6519 at SUSECVE-2014-6519 at NVDCVE-2014-6531 at SUSECVE-2014-6531 at NVDCVE-2014-6558 at SUSECVE-2014-6558 at NVDCVE-2014-6585 at SUSECVE-2014-6585 at NVDCVE-2014-6587 at SUSECVE-2014-6587 at NVDCVE-2014-6591 at SUSECVE-2014-6591 at NVDCVE-2014-6593 at SUSECVE-2014-6593 at NVDCVE-2014-6601 at SUSECVE-2014-6601 at NVDCVE-2015-0383 at SUSECVE-2015-0383 at NVDCVE-2015-0395 at SUSECVE-2015-0395 at NVDCVE-2015-0400 at SUSECVE-2015-0400 at NVDCVE-2015-0407 at SUSECVE-2015-0407 at NVDCVE-2015-0408 at SUSECVE-2015-0408 at NVDCVE-2015-0410 at SUSECVE-2015-0410 at NVDCVE-2015-0412 at SUSECVE-2015-0412 at NVDCVE-2015-0460 at SUSECVE-2015-0460 at NVDCVE-2015-0469 at SUSECVE-2015-0469 at NVDCVE-2015-0477 at SUSECVE-2015-0477 at NVDCVE-2015-0478 at SUSECVE-2015-0478 at NVDCVE-2015-0480 at SUSECVE-2015-0480 at NVDCVE-2015-0488 at SUSECVE-2015-0488 at NVDCVE-2015-2590 at SUSECVE-2015-2590 at NVDCVE-2015-2601 at SUSECVE-2015-2601 at NVDCVE-2015-2613 at SUSECVE-2015-2613 at NVDCVE-2015-2621 at SUSECVE-2015-2621 at NVDCVE-2015-2625 at SUSECVE-2015-2625 at NVDCVE-2015-2628 at SUSECVE-2015-2628 at NVDCVE-2015-2632 at SUSECVE-2015-2632 at NVDCVE-2015-2808 at SUSECVE-2015-2808 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-4731 at SUSECVE-2015-4731 at NVDCVE-2015-4732 at SUSECVE-2015-4732 at NVDCVE-2015-4733 at SUSECVE-2015-4733 at NVDCVE-2015-4734 at SUSECVE-2015-4734 at NVDCVE-2015-4748 at SUSECVE-2015-4748 at NVDCVE-2015-4749 at SUSECVE-2015-4749 at NVDCVE-2015-4760 at SUSECVE-2015-4760 at NVDCVE-2015-4803 at SUSECVE-2015-4803 at NVDCVE-2015-4805 at SUSECVE-2015-4805 at NVDCVE-2015-4806 at SUSECVE-2015-4806 at NVDCVE-2015-4835 at SUSECVE-2015-4835 at NVDCVE-2015-4840 at SUSECVE-2015-4840 at NVDCVE-2015-4842 at SUSECVE-2015-4842 at NVDCVE-2015-4843 at SUSECVE-2015-4843 at NVDCVE-2015-4844 at SUSECVE-2015-4844 at NVDCVE-2015-4860 at SUSECVE-2015-4860 at NVDCVE-2015-4871 at SUSECVE-2015-4871 at NVDCVE-2015-4872 at SUSECVE-2015-4872 at NVDCVE-2015-4881 at SUSECVE-2015-4881 at NVDCVE-2015-4882 at SUSECVE-2015-4882 at NVDCVE-2015-4883 at SUSECVE-2015-4883 at NVDCVE-2015-4893 at SUSECVE-2015-4893 at NVDCVE-2015-4903 at SUSECVE-2015-4903 at NVDCVE-2015-4911 at SUSECVE-2015-4911 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2015-8472 at SUSECVE-2015-8472 at NVDCVE-2016-0402 at SUSECVE-2016-0402 at NVDCVE-2016-0448 at SUSECVE-2016-0448 at NVDCVE-2016-0466 at SUSECVE-2016-0466 at NVDCVE-2016-0483 at SUSECVE-2016-0483 at NVDCVE-2016-0494 at SUSECVE-2016-0494 at NVDCVE-2016-0636 at SUSECVE-2016-0636 at NVDCVE-2016-0686 at SUSECVE-2016-0686 at NVDCVE-2016-0687 at SUSECVE-2016-0687 at NVDCVE-2016-0695 at SUSECVE-2016-0695 at NVDCVE-2016-10165 at SUSECVE-2016-10165 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-3425 at SUSECVE-2016-3425 at NVDCVE-2016-3427 at SUSECVE-2016-3427 at NVDCVE-2016-3458 at SUSECVE-2016-3458 at NVDCVE-2016-3485 at SUSECVE-2016-3485 at NVDCVE-2016-3498 at SUSECVE-2016-3498 at NVDCVE-2016-3500 at SUSECVE-2016-3500 at NVDCVE-2016-3503 at SUSECVE-2016-3503 at NVDCVE-2016-3508 at SUSECVE-2016-3508 at NVDCVE-2016-3511 at SUSECVE-2016-3511 at NVDCVE-2016-3550 at SUSECVE-2016-3550 at NVDCVE-2016-3598 at SUSECVE-2016-3598 at NVDCVE-2016-3606 at SUSECVE-2016-3606 at NVDCVE-2016-3610 at SUSECVE-2016-3610 at NVDCVE-2016-5542 at SUSECVE-2016-5542 at NVDCVE-2016-5546 at SUSECVE-2016-5546 at NVDCVE-2016-5547 at SUSECVE-2016-5547 at NVDCVE-2016-5548 at SUSECVE-2016-5548 at NVDCVE-2016-5549 at SUSECVE-2016-5549 at NVDCVE-2016-5552 at SUSECVE-2016-5552 at NVDCVE-2016-5554 at SUSECVE-2016-5554 at NVDCVE-2016-5556 at SUSECVE-2016-5556 at NVDCVE-2016-5568 at SUSECVE-2016-5568 at NVDCVE-2016-5573 at SUSECVE-2016-5573 at NVDCVE-2016-5582 at SUSECVE-2016-5582 at NVDCVE-2016-5597 at SUSECVE-2016-5597 at NVDCVE-2016-9840 at SUSECVE-2016-9840 at NVDCVE-2016-9841 at SUSECVE-2016-9841 at NVDCVE-2016-9842 at SUSECVE-2016-9842 at NVDCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2017-10053 at SUSECVE-2017-10053 at NVDCVE-2017-10067 at SUSECVE-2017-10067 at NVDCVE-2017-10074 at SUSECVE-2017-10074 at NVDCVE-2017-10081 at SUSECVE-2017-10081 at NVDCVE-2017-10086 at SUSECVE-2017-10086 at NVDCVE-2017-10087 at SUSECVE-2017-10087 at NVDCVE-2017-10089 at SUSECVE-2017-10089 at NVDCVE-2017-10090 at SUSECVE-2017-10090 at NVDCVE-2017-10096 at SUSECVE-2017-10096 at NVDCVE-2017-10101 at SUSECVE-2017-10101 at NVDCVE-2017-10102 at SUSECVE-2017-10102 at NVDCVE-2017-10105 at SUSECVE-2017-10105 at NVDCVE-2017-10107 at SUSECVE-2017-10107 at NVDCVE-2017-10108 at SUSECVE-2017-10108 at NVDCVE-2017-10109 at SUSECVE-2017-10109 at NVDCVE-2017-10110 at SUSECVE-2017-10110 at NVDCVE-2017-10111 at SUSECVE-2017-10111 at NVDCVE-2017-10114 at SUSECVE-2017-10114 at NVDCVE-2017-10115 at SUSECVE-2017-10115 at NVDCVE-2017-10116 at SUSECVE-2017-10116 at NVDCVE-2017-10118 at SUSECVE-2017-10118 at NVDCVE-2017-10125 at SUSECVE-2017-10125 at NVDCVE-2017-10135 at SUSECVE-2017-10135 at NVDCVE-2017-10176 at SUSECVE-2017-10176 at NVDCVE-2017-10193 at SUSECVE-2017-10193 at NVDCVE-2017-10198 at SUSECVE-2017-10198 at NVDCVE-2017-10243 at SUSECVE-2017-10243 at NVDCVE-2017-10274 at SUSECVE-2017-10274 at NVDCVE-2017-10281 at SUSECVE-2017-10281 at NVDCVE-2017-10285 at SUSECVE-2017-10285 at NVDCVE-2017-10295 at SUSECVE-2017-10295 at NVDCVE-2017-10345 at SUSECVE-2017-10345 at NVDCVE-2017-10346 at SUSECVE-2017-10346 at NVDCVE-2017-10347 at SUSECVE-2017-10347 at NVDCVE-2017-10348 at SUSECVE-2017-10348 at NVDCVE-2017-10349 at SUSECVE-2017-10349 at NVDCVE-2017-10350 at SUSECVE-2017-10350 at NVDCVE-2017-10355 at SUSECVE-2017-10355 at NVDCVE-2017-10356 at SUSECVE-2017-10356 at NVDCVE-2017-10357 at SUSECVE-2017-10357 at NVDCVE-2017-10388 at SUSECVE-2017-10388 at NVDCVE-2017-3231 at SUSECVE-2017-3231 at NVDCVE-2017-3241 at SUSECVE-2017-3241 at NVDCVE-2017-3252 at SUSECVE-2017-3252 at NVDCVE-2017-3253 at SUSECVE-2017-3253 at NVDCVE-2017-3260 at SUSECVE-2017-3260 at NVDCVE-2017-3261 at SUSECVE-2017-3261 at NVDCVE-2017-3272 at SUSECVE-2017-3272 at NVDCVE-2017-3289 at SUSECVE-2017-3289 at NVDCVE-2017-3509 at SUSECVE-2017-3509 at NVDCVE-2017-3511 at SUSECVE-2017-3511 at NVDCVE-2017-3512 at SUSECVE-2017-3512 at NVDCVE-2017-3514 at SUSECVE-2017-3514 at NVDCVE-2017-3526 at SUSECVE-2017-3526 at NVDCVE-2017-3533 at SUSECVE-2017-3533 at NVDCVE-2017-3539 at SUSECVE-2017-3539 at NVDCVE-2017-3544 at SUSECVE-2017-3544 at NVDCVE-2018-2579 at SUSECVE-2018-2579 at NVDCVE-2018-2588 at SUSECVE-2018-2588 at NVDCVE-2018-2599 at SUSECVE-2018-2599 at NVDCVE-2018-2602 at SUSECVE-2018-2602 at NVDCVE-2018-2603 at SUSECVE-2018-2603 at NVDCVE-2018-2618 at SUSECVE-2018-2618 at NVDCVE-2018-2629 at SUSECVE-2018-2629 at NVDCVE-2018-2633 at SUSECVE-2018-2633 at NVDCVE-2018-2634 at SUSECVE-2018-2634 at NVDCVE-2018-2637 at SUSECVE-2018-2637 at NVDCVE-2018-2641 at SUSECVE-2018-2641 at NVDCVE-2018-2663 at SUSECVE-2018-2663 at NVDCVE-2018-2677 at SUSECVE-2018-2677 at NVDCVE-2018-2678 at SUSECVE-2018-2678 at NVDCVE-2018-2790 at SUSECVE-2018-2790 at NVDCVE-2018-2794 at SUSECVE-2018-2794 at NVDCVE-2018-2795 at SUSECVE-2018-2795 at NVDCVE-2018-2796 at SUSECVE-2018-2796 at NVDCVE-2018-2797 at SUSECVE-2018-2797 at NVDCVE-2018-2798 at SUSECVE-2018-2798 at NVDCVE-2018-2799 at SUSECVE-2018-2799 at NVDCVE-2018-2800 at SUSECVE-2018-2800 at NVDCVE-2018-2814 at SUSECVE-2018-2814 at NVDCVE-2018-2815 at SUSECVE-2018-2815 at NVDcpe:/o:suse:sles:12:sp4java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3065 at SUSECVE-2014-3065 at NVDCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2014-4288 at SUSECVE-2014-4288 at NVDCVE-2014-6456 at SUSECVE-2014-6456 at NVDCVE-2014-6457 at SUSECVE-2014-6457 at NVDCVE-2014-6458 at SUSECVE-2014-6458 at NVDCVE-2014-6466 at SUSECVE-2014-6466 at NVDCVE-2014-6476 at SUSECVE-2014-6476 at NVDCVE-2014-6492 at SUSECVE-2014-6492 at NVDCVE-2014-6493 at SUSECVE-2014-6493 at NVDCVE-2014-6502 at SUSECVE-2014-6502 at NVDCVE-2014-6503 at SUSECVE-2014-6503 at NVDCVE-2014-6506 at SUSECVE-2014-6506 at NVDCVE-2014-6511 at SUSECVE-2014-6511 at NVDCVE-2014-6512 at SUSECVE-2014-6512 at NVDCVE-2014-6513 at SUSECVE-2014-6513 at NVDCVE-2014-6515 at SUSECVE-2014-6515 at NVDCVE-2014-6527 at SUSECVE-2014-6527 at NVDCVE-2014-6531 at SUSECVE-2014-6531 at NVDCVE-2014-6532 at SUSECVE-2014-6532 at NVDCVE-2014-6558 at SUSECVE-2014-6558 at NVDCVE-2014-8891 at SUSECVE-2014-8891 at NVDCVE-2014-8892 at SUSECVE-2014-8892 at NVDCVE-2015-0138 at SUSECVE-2015-0138 at NVDCVE-2015-0192 at SUSECVE-2015-0192 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0458 at SUSECVE-2015-0458 at NVDCVE-2015-0459 at SUSECVE-2015-0459 at NVDCVE-2015-0469 at SUSECVE-2015-0469 at NVDCVE-2015-0477 at SUSECVE-2015-0477 at NVDCVE-2015-0478 at SUSECVE-2015-0478 at NVDCVE-2015-0480 at SUSECVE-2015-0480 at NVDCVE-2015-0488 at SUSECVE-2015-0488 at NVDCVE-2015-0491 at SUSECVE-2015-0491 at NVDCVE-2015-1914 at SUSECVE-2015-1914 at NVDCVE-2015-1931 at SUSECVE-2015-1931 at NVDCVE-2015-2590 at SUSECVE-2015-2590 at NVDCVE-2015-2601 at SUSECVE-2015-2601 at NVDCVE-2015-2613 at SUSECVE-2015-2613 at NVDCVE-2015-2619 at SUSECVE-2015-2619 at NVDCVE-2015-2621 at SUSECVE-2015-2621 at NVDCVE-2015-2625 at SUSECVE-2015-2625 at NVDCVE-2015-2632 at SUSECVE-2015-2632 at NVDCVE-2015-2637 at SUSECVE-2015-2637 at NVDCVE-2015-2638 at SUSECVE-2015-2638 at NVDCVE-2015-2664 at SUSECVE-2015-2664 at NVDCVE-2015-2808 at SUSECVE-2015-2808 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-4729 at SUSECVE-2015-4729 at NVDCVE-2015-4731 at SUSECVE-2015-4731 at NVDCVE-2015-4732 at SUSECVE-2015-4732 at NVDCVE-2015-4733 at SUSECVE-2015-4733 at NVDCVE-2015-4734 at SUSECVE-2015-4734 at NVDCVE-2015-4748 at SUSECVE-2015-4748 at NVDCVE-2015-4749 at SUSECVE-2015-4749 at NVDCVE-2015-4760 at SUSECVE-2015-4760 at NVDCVE-2015-4803 at SUSECVE-2015-4803 at NVDCVE-2015-4805 at SUSECVE-2015-4805 at NVDCVE-2015-4806 at SUSECVE-2015-4806 at NVDCVE-2015-4810 at SUSECVE-2015-4810 at NVDCVE-2015-4835 at SUSECVE-2015-4835 at NVDCVE-2015-4840 at SUSECVE-2015-4840 at NVDCVE-2015-4842 at SUSECVE-2015-4842 at NVDCVE-2015-4843 at SUSECVE-2015-4843 at NVDCVE-2015-4844 at SUSECVE-2015-4844 at NVDCVE-2015-4860 at SUSECVE-2015-4860 at NVDCVE-2015-4871 at SUSECVE-2015-4871 at NVDCVE-2015-4872 at SUSECVE-2015-4872 at NVDCVE-2015-4882 at SUSECVE-2015-4882 at NVDCVE-2015-4883 at SUSECVE-2015-4883 at NVDCVE-2015-4893 at SUSECVE-2015-4893 at NVDCVE-2015-4902 at SUSECVE-2015-4902 at NVDCVE-2015-4903 at SUSECVE-2015-4903 at NVDCVE-2015-4911 at SUSECVE-2015-4911 at NVDCVE-2015-5006 at SUSECVE-2015-5006 at NVDCVE-2015-5041 at SUSECVE-2015-5041 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2015-7981 at SUSECVE-2015-7981 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2015-8472 at SUSECVE-2015-8472 at NVDCVE-2015-8540 at SUSECVE-2015-8540 at NVDCVE-2016-0264 at SUSECVE-2016-0264 at NVDCVE-2016-0363 at SUSECVE-2016-0363 at NVDCVE-2016-0376 at SUSECVE-2016-0376 at NVDCVE-2016-0402 at SUSECVE-2016-0402 at NVDCVE-2016-0448 at SUSECVE-2016-0448 at NVDCVE-2016-0466 at SUSECVE-2016-0466 at NVDCVE-2016-0483 at SUSECVE-2016-0483 at NVDCVE-2016-0494 at SUSECVE-2016-0494 at NVDCVE-2016-0686 at SUSECVE-2016-0686 at NVDCVE-2016-0687 at SUSECVE-2016-0687 at NVDCVE-2016-10165 at SUSECVE-2016-10165 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-3422 at SUSECVE-2016-3422 at NVDCVE-2016-3426 at SUSECVE-2016-3426 at NVDCVE-2016-3427 at SUSECVE-2016-3427 at NVDCVE-2016-3443 at SUSECVE-2016-3443 at NVDCVE-2016-3449 at SUSECVE-2016-3449 at NVDCVE-2016-3485 at SUSECVE-2016-3485 at NVDCVE-2016-3511 at SUSECVE-2016-3511 at NVDCVE-2016-3598 at SUSECVE-2016-3598 at NVDCVE-2016-5542 at SUSECVE-2016-5542 at NVDCVE-2016-5554 at SUSECVE-2016-5554 at NVDCVE-2016-5556 at SUSECVE-2016-5556 at NVDCVE-2016-5568 at SUSECVE-2016-5568 at NVDCVE-2016-5573 at SUSECVE-2016-5573 at NVDCVE-2016-5597 at SUSECVE-2016-5597 at NVDCVE-2016-9840 at SUSECVE-2016-9840 at NVDCVE-2016-9841 at SUSECVE-2016-9841 at NVDCVE-2016-9842 at SUSECVE-2016-9842 at NVDCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2017-10053 at SUSECVE-2017-10053 at NVDCVE-2017-10067 at SUSECVE-2017-10067 at NVDCVE-2017-10074 at SUSECVE-2017-10074 at NVDCVE-2017-10081 at SUSECVE-2017-10081 at NVDCVE-2017-10087 at SUSECVE-2017-10087 at NVDCVE-2017-10089 at SUSECVE-2017-10089 at NVDCVE-2017-10090 at SUSECVE-2017-10090 at NVDCVE-2017-10096 at SUSECVE-2017-10096 at NVDCVE-2017-10101 at SUSECVE-2017-10101 at NVDCVE-2017-10102 at SUSECVE-2017-10102 at NVDCVE-2017-10105 at SUSECVE-2017-10105 at NVDCVE-2017-10107 at SUSECVE-2017-10107 at NVDCVE-2017-10108 at SUSECVE-2017-10108 at NVDCVE-2017-10109 at SUSECVE-2017-10109 at NVDCVE-2017-10110 at SUSECVE-2017-10110 at NVDCVE-2017-10111 at SUSECVE-2017-10111 at NVDCVE-2017-10115 at SUSECVE-2017-10115 at NVDCVE-2017-10116 at SUSECVE-2017-10116 at NVDCVE-2017-10125 at SUSECVE-2017-10125 at NVDCVE-2017-10243 at SUSECVE-2017-10243 at NVDCVE-2017-10281 at SUSECVE-2017-10281 at NVDCVE-2017-10285 at SUSECVE-2017-10285 at NVDCVE-2017-10293 at SUSECVE-2017-10293 at NVDCVE-2017-10295 at SUSECVE-2017-10295 at NVDCVE-2017-10345 at SUSECVE-2017-10345 at NVDCVE-2017-10346 at SUSECVE-2017-10346 at NVDCVE-2017-10347 at SUSECVE-2017-10347 at NVDCVE-2017-10348 at SUSECVE-2017-10348 at NVDCVE-2017-10349 at SUSECVE-2017-10349 at NVDCVE-2017-10350 at SUSECVE-2017-10350 at NVDCVE-2017-10355 at SUSECVE-2017-10355 at NVDCVE-2017-10356 at SUSECVE-2017-10356 at NVDCVE-2017-10357 at SUSECVE-2017-10357 at NVDCVE-2017-10388 at SUSECVE-2017-10388 at NVDCVE-2017-1289 at SUSECVE-2017-1289 at NVDCVE-2017-3509 at SUSECVE-2017-3509 at NVDCVE-2017-3511 at SUSECVE-2017-3511 at NVDCVE-2017-3512 at SUSECVE-2017-3512 at NVDCVE-2017-3514 at SUSECVE-2017-3514 at NVDCVE-2017-3533 at SUSECVE-2017-3533 at NVDCVE-2017-3539 at SUSECVE-2017-3539 at NVDCVE-2017-3544 at SUSECVE-2017-3544 at NVDCVE-2018-12539 at SUSECVE-2018-12539 at NVDCVE-2018-1417 at SUSECVE-2018-1417 at NVDCVE-2018-1517 at SUSECVE-2018-1517 at NVDCVE-2018-1656 at SUSECVE-2018-1656 at NVDCVE-2018-2579 at SUSECVE-2018-2579 at NVDCVE-2018-2582 at SUSECVE-2018-2582 at NVDCVE-2018-2588 at SUSECVE-2018-2588 at NVDCVE-2018-2599 at SUSECVE-2018-2599 at NVDCVE-2018-2602 at SUSECVE-2018-2602 at NVDCVE-2018-2603 at SUSECVE-2018-2603 at NVDCVE-2018-2618 at SUSECVE-2018-2618 at NVDCVE-2018-2633 at SUSECVE-2018-2633 at NVDCVE-2018-2634 at SUSECVE-2018-2634 at NVDCVE-2018-2637 at SUSECVE-2018-2637 at NVDCVE-2018-2641 at SUSECVE-2018-2641 at NVDCVE-2018-2657 at SUSECVE-2018-2657 at NVDCVE-2018-2663 at SUSECVE-2018-2663 at NVDCVE-2018-2677 at SUSECVE-2018-2677 at NVDCVE-2018-2678 at SUSECVE-2018-2678 at NVDCVE-2018-2783 at SUSECVE-2018-2783 at NVDCVE-2018-2790 at SUSECVE-2018-2790 at NVDCVE-2018-2794 at SUSECVE-2018-2794 at NVDCVE-2018-2795 at SUSECVE-2018-2795 at NVDCVE-2018-2796 at SUSECVE-2018-2796 at NVDCVE-2018-2797 at SUSECVE-2018-2797 at NVDCVE-2018-2798 at SUSECVE-2018-2798 at NVDCVE-2018-2799 at SUSECVE-2018-2799 at NVDCVE-2018-2800 at SUSECVE-2018-2800 at NVDCVE-2018-2814 at SUSECVE-2018-2814 at NVDCVE-2018-2940 at SUSECVE-2018-2940 at NVDCVE-2018-2952 at SUSECVE-2018-2952 at NVDCVE-2018-2973 at SUSECVE-2018-2973 at NVDcpe:/o:suse:sles:12:sp4java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3065 at SUSECVE-2014-3065 at NVDCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2014-4288 at SUSECVE-2014-4288 at NVDCVE-2014-6456 at SUSECVE-2014-6456 at NVDCVE-2014-6457 at SUSECVE-2014-6457 at NVDCVE-2014-6458 at SUSECVE-2014-6458 at NVDCVE-2014-6466 at SUSECVE-2014-6466 at NVDCVE-2014-6476 at SUSECVE-2014-6476 at NVDCVE-2014-6492 at SUSECVE-2014-6492 at NVDCVE-2014-6493 at SUSECVE-2014-6493 at NVDCVE-2014-6502 at SUSECVE-2014-6502 at NVDCVE-2014-6503 at SUSECVE-2014-6503 at NVDCVE-2014-6506 at SUSECVE-2014-6506 at NVDCVE-2014-6511 at SUSECVE-2014-6511 at NVDCVE-2014-6512 at SUSECVE-2014-6512 at NVDCVE-2014-6513 at SUSECVE-2014-6513 at NVDCVE-2014-6515 at SUSECVE-2014-6515 at NVDCVE-2014-6527 at SUSECVE-2014-6527 at NVDCVE-2014-6531 at SUSECVE-2014-6531 at NVDCVE-2014-6532 at SUSECVE-2014-6532 at NVDCVE-2014-6558 at SUSECVE-2014-6558 at NVDCVE-2014-8891 at SUSECVE-2014-8891 at NVDCVE-2014-8892 at SUSECVE-2014-8892 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0458 at SUSECVE-2015-0458 at NVDCVE-2015-0459 at SUSECVE-2015-0459 at NVDCVE-2015-0469 at SUSECVE-2015-0469 at NVDCVE-2015-0477 at SUSECVE-2015-0477 at NVDCVE-2015-0478 at SUSECVE-2015-0478 at NVDCVE-2015-0480 at SUSECVE-2015-0480 at NVDCVE-2015-0486 at SUSECVE-2015-0486 at NVDCVE-2015-0488 at SUSECVE-2015-0488 at NVDCVE-2015-0491 at SUSECVE-2015-0491 at NVDCVE-2015-1931 at SUSECVE-2015-1931 at NVDCVE-2015-2590 at SUSECVE-2015-2590 at NVDCVE-2015-2601 at SUSECVE-2015-2601 at NVDCVE-2015-2613 at SUSECVE-2015-2613 at NVDCVE-2015-2619 at SUSECVE-2015-2619 at NVDCVE-2015-2621 at SUSECVE-2015-2621 at NVDCVE-2015-2625 at SUSECVE-2015-2625 at NVDCVE-2015-2632 at SUSECVE-2015-2632 at NVDCVE-2015-2637 at SUSECVE-2015-2637 at NVDCVE-2015-2638 at SUSECVE-2015-2638 at NVDCVE-2015-2664 at SUSECVE-2015-2664 at NVDCVE-2015-2808 at SUSECVE-2015-2808 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-4729 at SUSECVE-2015-4729 at NVDCVE-2015-4731 at SUSECVE-2015-4731 at NVDCVE-2015-4732 at SUSECVE-2015-4732 at NVDCVE-2015-4733 at SUSECVE-2015-4733 at NVDCVE-2015-4734 at SUSECVE-2015-4734 at NVDCVE-2015-4748 at SUSECVE-2015-4748 at NVDCVE-2015-4749 at SUSECVE-2015-4749 at NVDCVE-2015-4760 at SUSECVE-2015-4760 at NVDCVE-2015-4803 at SUSECVE-2015-4803 at NVDCVE-2015-4805 at SUSECVE-2015-4805 at NVDCVE-2015-4806 at SUSECVE-2015-4806 at NVDCVE-2015-4810 at SUSECVE-2015-4810 at NVDCVE-2015-4835 at SUSECVE-2015-4835 at NVDCVE-2015-4840 at SUSECVE-2015-4840 at NVDCVE-2015-4842 at SUSECVE-2015-4842 at NVDCVE-2015-4843 at SUSECVE-2015-4843 at NVDCVE-2015-4844 at SUSECVE-2015-4844 at NVDCVE-2015-4860 at SUSECVE-2015-4860 at NVDCVE-2015-4871 at SUSECVE-2015-4871 at NVDCVE-2015-4872 at SUSECVE-2015-4872 at NVDCVE-2015-4882 at SUSECVE-2015-4882 at NVDCVE-2015-4883 at SUSECVE-2015-4883 at NVDCVE-2015-4893 at SUSECVE-2015-4893 at NVDCVE-2015-4902 at SUSECVE-2015-4902 at NVDCVE-2015-4903 at SUSECVE-2015-4903 at NVDCVE-2015-4911 at SUSECVE-2015-4911 at NVDCVE-2015-5006 at SUSECVE-2015-5006 at NVDCVE-2015-5041 at SUSECVE-2015-5041 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2015-8472 at SUSECVE-2015-8472 at NVDCVE-2016-0264 at SUSECVE-2016-0264 at NVDCVE-2016-0363 at SUSECVE-2016-0363 at NVDCVE-2016-0376 at SUSECVE-2016-0376 at NVDCVE-2016-0402 at SUSECVE-2016-0402 at NVDCVE-2016-0448 at SUSECVE-2016-0448 at NVDCVE-2016-0466 at SUSECVE-2016-0466 at NVDCVE-2016-0475 at SUSECVE-2016-0475 at NVDCVE-2016-0483 at SUSECVE-2016-0483 at NVDCVE-2016-0494 at SUSECVE-2016-0494 at NVDCVE-2016-0686 at SUSECVE-2016-0686 at NVDCVE-2016-0687 at SUSECVE-2016-0687 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-10165 at SUSECVE-2016-10165 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-3422 at SUSECVE-2016-3422 at NVDCVE-2016-3426 at SUSECVE-2016-3426 at NVDCVE-2016-3427 at SUSECVE-2016-3427 at NVDCVE-2016-3443 at SUSECVE-2016-3443 at NVDCVE-2016-3449 at SUSECVE-2016-3449 at NVDCVE-2016-3485 at SUSECVE-2016-3485 at NVDCVE-2016-3511 at SUSECVE-2016-3511 at NVDCVE-2016-3598 at SUSECVE-2016-3598 at NVDCVE-2016-5542 at SUSECVE-2016-5542 at NVDCVE-2016-5547 at SUSECVE-2016-5547 at NVDCVE-2016-5548 at SUSECVE-2016-5548 at NVDCVE-2016-5549 at SUSECVE-2016-5549 at NVDCVE-2016-5552 at SUSECVE-2016-5552 at NVDCVE-2016-5554 at SUSECVE-2016-5554 at NVDCVE-2016-5556 at SUSECVE-2016-5556 at NVDCVE-2016-5568 at SUSECVE-2016-5568 at NVDCVE-2016-5573 at SUSECVE-2016-5573 at NVDCVE-2016-5597 at SUSECVE-2016-5597 at NVDCVE-2016-9840 at SUSECVE-2016-9840 at NVDCVE-2016-9841 at SUSECVE-2016-9841 at NVDCVE-2016-9842 at SUSECVE-2016-9842 at NVDCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2017-10053 at SUSECVE-2017-10053 at NVDCVE-2017-10067 at SUSECVE-2017-10067 at NVDCVE-2017-10074 at SUSECVE-2017-10074 at NVDCVE-2017-10078 at SUSECVE-2017-10078 at NVDCVE-2017-10081 at SUSECVE-2017-10081 at NVDCVE-2017-10087 at SUSECVE-2017-10087 at NVDCVE-2017-10089 at SUSECVE-2017-10089 at NVDCVE-2017-10090 at SUSECVE-2017-10090 at NVDCVE-2017-10096 at SUSECVE-2017-10096 at NVDCVE-2017-10101 at SUSECVE-2017-10101 at NVDCVE-2017-10102 at SUSECVE-2017-10102 at NVDCVE-2017-10105 at SUSECVE-2017-10105 at NVDCVE-2017-10107 at SUSECVE-2017-10107 at NVDCVE-2017-10108 at SUSECVE-2017-10108 at NVDCVE-2017-10109 at SUSECVE-2017-10109 at NVDCVE-2017-10110 at SUSECVE-2017-10110 at NVDCVE-2017-10111 at SUSECVE-2017-10111 at NVDCVE-2017-10115 at SUSECVE-2017-10115 at NVDCVE-2017-10116 at SUSECVE-2017-10116 at NVDCVE-2017-10125 at SUSECVE-2017-10125 at NVDCVE-2017-10243 at SUSECVE-2017-10243 at NVDCVE-2017-10281 at SUSECVE-2017-10281 at NVDCVE-2017-10285 at SUSECVE-2017-10285 at NVDCVE-2017-10293 at SUSECVE-2017-10293 at NVDCVE-2017-10295 at SUSECVE-2017-10295 at NVDCVE-2017-10309 at SUSECVE-2017-10309 at NVDCVE-2017-10345 at SUSECVE-2017-10345 at NVDCVE-2017-10346 at SUSECVE-2017-10346 at NVDCVE-2017-10347 at SUSECVE-2017-10347 at NVDCVE-2017-10348 at SUSECVE-2017-10348 at NVDCVE-2017-10349 at SUSECVE-2017-10349 at NVDCVE-2017-10350 at SUSECVE-2017-10350 at NVDCVE-2017-10355 at SUSECVE-2017-10355 at NVDCVE-2017-10356 at SUSECVE-2017-10356 at NVDCVE-2017-10357 at SUSECVE-2017-10357 at NVDCVE-2017-10388 at SUSECVE-2017-10388 at NVDCVE-2017-1289 at SUSECVE-2017-1289 at NVDCVE-2017-3231 at SUSECVE-2017-3231 at NVDCVE-2017-3241 at SUSECVE-2017-3241 at NVDCVE-2017-3252 at SUSECVE-2017-3252 at NVDCVE-2017-3253 at SUSECVE-2017-3253 at NVDCVE-2017-3259 at SUSECVE-2017-3259 at NVDCVE-2017-3261 at SUSECVE-2017-3261 at NVDCVE-2017-3272 at SUSECVE-2017-3272 at NVDCVE-2017-3289 at SUSECVE-2017-3289 at NVDCVE-2017-3509 at SUSECVE-2017-3509 at NVDCVE-2017-3511 at SUSECVE-2017-3511 at NVDCVE-2017-3512 at SUSECVE-2017-3512 at NVDCVE-2017-3514 at SUSECVE-2017-3514 at NVDCVE-2017-3533 at SUSECVE-2017-3533 at NVDCVE-2017-3539 at SUSECVE-2017-3539 at NVDCVE-2017-3544 at SUSECVE-2017-3544 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2018-12539 at SUSECVE-2018-12539 at NVDCVE-2018-1417 at SUSECVE-2018-1417 at NVDCVE-2018-1517 at SUSECVE-2018-1517 at NVDCVE-2018-1656 at SUSECVE-2018-1656 at NVDCVE-2018-2579 at SUSECVE-2018-2579 at NVDCVE-2018-2582 at SUSECVE-2018-2582 at NVDCVE-2018-2588 at SUSECVE-2018-2588 at NVDCVE-2018-2599 at SUSECVE-2018-2599 at NVDCVE-2018-2602 at SUSECVE-2018-2602 at NVDCVE-2018-2603 at SUSECVE-2018-2603 at NVDCVE-2018-2618 at SUSECVE-2018-2618 at NVDCVE-2018-2633 at SUSECVE-2018-2633 at NVDCVE-2018-2634 at SUSECVE-2018-2634 at NVDCVE-2018-2637 at SUSECVE-2018-2637 at NVDCVE-2018-2638 at SUSECVE-2018-2638 at NVDCVE-2018-2639 at SUSECVE-2018-2639 at NVDCVE-2018-2641 at SUSECVE-2018-2641 at NVDCVE-2018-2663 at SUSECVE-2018-2663 at NVDCVE-2018-2677 at SUSECVE-2018-2677 at NVDCVE-2018-2678 at SUSECVE-2018-2678 at NVDCVE-2018-2783 at SUSECVE-2018-2783 at NVDCVE-2018-2790 at SUSECVE-2018-2790 at NVDCVE-2018-2794 at SUSECVE-2018-2794 at NVDCVE-2018-2795 at SUSECVE-2018-2795 at NVDCVE-2018-2796 at SUSECVE-2018-2796 at NVDCVE-2018-2797 at SUSECVE-2018-2797 at NVDCVE-2018-2798 at SUSECVE-2018-2798 at NVDCVE-2018-2799 at SUSECVE-2018-2799 at NVDCVE-2018-2800 at SUSECVE-2018-2800 at NVDCVE-2018-2814 at SUSECVE-2018-2814 at NVDCVE-2018-2825 at SUSECVE-2018-2825 at NVDCVE-2018-2826 at SUSECVE-2018-2826 at NVDCVE-2018-2940 at SUSECVE-2018-2940 at NVDCVE-2018-2952 at SUSECVE-2018-2952 at NVDCVE-2018-2964 at SUSECVE-2018-2964 at NVDCVE-2018-2973 at SUSECVE-2018-2973 at NVDcpe:/o:suse:sles:12:sp4java-1_8_0-openjdk-1.8.0.181-27.26.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.181-27.26.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-2590 at SUSECVE-2015-2590 at NVDCVE-2015-2597 at SUSECVE-2015-2597 at NVDCVE-2015-2601 at SUSECVE-2015-2601 at NVDCVE-2015-2613 at SUSECVE-2015-2613 at NVDCVE-2015-2619 at SUSECVE-2015-2619 at NVDCVE-2015-2621 at SUSECVE-2015-2621 at NVDCVE-2015-2625 at SUSECVE-2015-2625 at NVDCVE-2015-2627 at SUSECVE-2015-2627 at NVDCVE-2015-2628 at SUSECVE-2015-2628 at NVDCVE-2015-2632 at SUSECVE-2015-2632 at NVDCVE-2015-2637 at SUSECVE-2015-2637 at NVDCVE-2015-2638 at SUSECVE-2015-2638 at NVDCVE-2015-2659 at SUSECVE-2015-2659 at NVDCVE-2015-2664 at SUSECVE-2015-2664 at NVDCVE-2015-2808 at SUSECVE-2015-2808 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-4729 at SUSECVE-2015-4729 at NVDCVE-2015-4731 at SUSECVE-2015-4731 at NVDCVE-2015-4732 at SUSECVE-2015-4732 at NVDCVE-2015-4733 at SUSECVE-2015-4733 at NVDCVE-2015-4734 at SUSECVE-2015-4734 at NVDCVE-2015-4736 at SUSECVE-2015-4736 at NVDCVE-2015-4748 at SUSECVE-2015-4748 at NVDCVE-2015-4749 at SUSECVE-2015-4749 at NVDCVE-2015-4760 at SUSECVE-2015-4760 at NVDCVE-2015-4803 at SUSECVE-2015-4803 at NVDCVE-2015-4805 at SUSECVE-2015-4805 at NVDCVE-2015-4806 at SUSECVE-2015-4806 at NVDCVE-2015-4810 at SUSECVE-2015-4810 at NVDCVE-2015-4835 at SUSECVE-2015-4835 at NVDCVE-2015-4840 at SUSECVE-2015-4840 at NVDCVE-2015-4842 at SUSECVE-2015-4842 at NVDCVE-2015-4843 at SUSECVE-2015-4843 at NVDCVE-2015-4844 at SUSECVE-2015-4844 at NVDCVE-2015-4860 at SUSECVE-2015-4860 at NVDCVE-2015-4868 at SUSECVE-2015-4868 at NVDCVE-2015-4872 at SUSECVE-2015-4872 at NVDCVE-2015-4881 at SUSECVE-2015-4881 at NVDCVE-2015-4882 at SUSECVE-2015-4882 at NVDCVE-2015-4883 at SUSECVE-2015-4883 at NVDCVE-2015-4893 at SUSECVE-2015-4893 at NVDCVE-2015-4901 at SUSECVE-2015-4901 at NVDCVE-2015-4902 at SUSECVE-2015-4902 at NVDCVE-2015-4903 at SUSECVE-2015-4903 at NVDCVE-2015-4906 at SUSECVE-2015-4906 at NVDCVE-2015-4908 at SUSECVE-2015-4908 at NVDCVE-2015-4911 at SUSECVE-2015-4911 at NVDCVE-2015-4916 at SUSECVE-2015-4916 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-0402 at SUSECVE-2016-0402 at NVDCVE-2016-0448 at SUSECVE-2016-0448 at NVDCVE-2016-0466 at SUSECVE-2016-0466 at NVDCVE-2016-0475 at SUSECVE-2016-0475 at NVDCVE-2016-0483 at SUSECVE-2016-0483 at NVDCVE-2016-0494 at SUSECVE-2016-0494 at NVDCVE-2016-0636 at SUSECVE-2016-0636 at NVDCVE-2016-0686 at SUSECVE-2016-0686 at NVDCVE-2016-0687 at SUSECVE-2016-0687 at NVDCVE-2016-0695 at SUSECVE-2016-0695 at NVDCVE-2016-10165 at SUSECVE-2016-10165 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-3425 at SUSECVE-2016-3425 at NVDCVE-2016-3426 at SUSECVE-2016-3426 at NVDCVE-2016-3427 at SUSECVE-2016-3427 at NVDCVE-2016-3458 at SUSECVE-2016-3458 at NVDCVE-2016-3485 at SUSECVE-2016-3485 at NVDCVE-2016-3498 at SUSECVE-2016-3498 at NVDCVE-2016-3500 at SUSECVE-2016-3500 at NVDCVE-2016-3503 at SUSECVE-2016-3503 at NVDCVE-2016-3508 at SUSECVE-2016-3508 at NVDCVE-2016-3511 at SUSECVE-2016-3511 at NVDCVE-2016-3550 at SUSECVE-2016-3550 at NVDCVE-2016-3552 at SUSECVE-2016-3552 at NVDCVE-2016-3587 at SUSECVE-2016-3587 at NVDCVE-2016-3598 at SUSECVE-2016-3598 at NVDCVE-2016-3606 at SUSECVE-2016-3606 at NVDCVE-2016-3610 at SUSECVE-2016-3610 at NVDCVE-2016-5542 at SUSECVE-2016-5542 at NVDCVE-2016-5546 at SUSECVE-2016-5546 at NVDCVE-2016-5547 at SUSECVE-2016-5547 at NVDCVE-2016-5548 at SUSECVE-2016-5548 at NVDCVE-2016-5549 at SUSECVE-2016-5549 at NVDCVE-2016-5552 at SUSECVE-2016-5552 at NVDCVE-2016-5554 at SUSECVE-2016-5554 at NVDCVE-2016-5556 at SUSECVE-2016-5556 at NVDCVE-2016-5568 at SUSECVE-2016-5568 at NVDCVE-2016-5573 at SUSECVE-2016-5573 at NVDCVE-2016-5582 at SUSECVE-2016-5582 at NVDCVE-2016-5597 at SUSECVE-2016-5597 at NVDCVE-2016-9840 at SUSECVE-2016-9840 at NVDCVE-2016-9841 at SUSECVE-2016-9841 at NVDCVE-2016-9842 at SUSECVE-2016-9842 at NVDCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2017-10053 at SUSECVE-2017-10053 at NVDCVE-2017-10067 at SUSECVE-2017-10067 at NVDCVE-2017-10074 at SUSECVE-2017-10074 at NVDCVE-2017-10078 at SUSECVE-2017-10078 at NVDCVE-2017-10081 at SUSECVE-2017-10081 at NVDCVE-2017-10086 at SUSECVE-2017-10086 at NVDCVE-2017-10087 at SUSECVE-2017-10087 at NVDCVE-2017-10089 at SUSECVE-2017-10089 at NVDCVE-2017-10090 at SUSECVE-2017-10090 at NVDCVE-2017-10096 at SUSECVE-2017-10096 at NVDCVE-2017-10101 at SUSECVE-2017-10101 at NVDCVE-2017-10102 at SUSECVE-2017-10102 at NVDCVE-2017-10105 at SUSECVE-2017-10105 at NVDCVE-2017-10107 at SUSECVE-2017-10107 at NVDCVE-2017-10108 at SUSECVE-2017-10108 at NVDCVE-2017-10109 at SUSECVE-2017-10109 at NVDCVE-2017-10110 at SUSECVE-2017-10110 at NVDCVE-2017-10111 at SUSECVE-2017-10111 at NVDCVE-2017-10114 at SUSECVE-2017-10114 at NVDCVE-2017-10115 at SUSECVE-2017-10115 at NVDCVE-2017-10116 at SUSECVE-2017-10116 at NVDCVE-2017-10118 at SUSECVE-2017-10118 at NVDCVE-2017-10125 at SUSECVE-2017-10125 at NVDCVE-2017-10135 at SUSECVE-2017-10135 at NVDCVE-2017-10176 at SUSECVE-2017-10176 at NVDCVE-2017-10193 at SUSECVE-2017-10193 at NVDCVE-2017-10198 at SUSECVE-2017-10198 at NVDCVE-2017-10243 at SUSECVE-2017-10243 at NVDCVE-2017-10274 at SUSECVE-2017-10274 at NVDCVE-2017-10281 at SUSECVE-2017-10281 at NVDCVE-2017-10285 at SUSECVE-2017-10285 at NVDCVE-2017-10295 at SUSECVE-2017-10295 at NVDCVE-2017-10345 at SUSECVE-2017-10345 at NVDCVE-2017-10346 at SUSECVE-2017-10346 at NVDCVE-2017-10347 at SUSECVE-2017-10347 at NVDCVE-2017-10348 at SUSECVE-2017-10348 at NVDCVE-2017-10349 at SUSECVE-2017-10349 at NVDCVE-2017-10350 at SUSECVE-2017-10350 at NVDCVE-2017-10355 at SUSECVE-2017-10355 at NVDCVE-2017-10356 at SUSECVE-2017-10356 at NVDCVE-2017-10357 at SUSECVE-2017-10357 at NVDCVE-2017-10388 at SUSECVE-2017-10388 at NVDCVE-2017-3231 at SUSECVE-2017-3231 at NVDCVE-2017-3241 at SUSECVE-2017-3241 at NVDCVE-2017-3252 at SUSECVE-2017-3252 at NVDCVE-2017-3253 at SUSECVE-2017-3253 at NVDCVE-2017-3260 at SUSECVE-2017-3260 at NVDCVE-2017-3261 at SUSECVE-2017-3261 at NVDCVE-2017-3272 at SUSECVE-2017-3272 at NVDCVE-2017-3289 at SUSECVE-2017-3289 at NVDCVE-2017-3509 at SUSECVE-2017-3509 at NVDCVE-2017-3511 at SUSECVE-2017-3511 at NVDCVE-2017-3512 at SUSECVE-2017-3512 at NVDCVE-2017-3514 at SUSECVE-2017-3514 at NVDCVE-2017-3526 at SUSECVE-2017-3526 at NVDCVE-2017-3533 at SUSECVE-2017-3533 at NVDCVE-2017-3539 at SUSECVE-2017-3539 at NVDCVE-2017-3544 at SUSECVE-2017-3544 at NVDCVE-2018-2579 at SUSECVE-2018-2579 at NVDCVE-2018-2582 at SUSECVE-2018-2582 at NVDCVE-2018-2588 at SUSECVE-2018-2588 at NVDCVE-2018-2599 at SUSECVE-2018-2599 at NVDCVE-2018-2602 at SUSECVE-2018-2602 at NVDCVE-2018-2603 at SUSECVE-2018-2603 at NVDCVE-2018-2618 at SUSECVE-2018-2618 at NVDCVE-2018-2629 at SUSECVE-2018-2629 at NVDCVE-2018-2633 at SUSECVE-2018-2633 at NVDCVE-2018-2634 at SUSECVE-2018-2634 at NVDCVE-2018-2637 at SUSECVE-2018-2637 at NVDCVE-2018-2641 at SUSECVE-2018-2641 at NVDCVE-2018-2663 at SUSECVE-2018-2663 at NVDCVE-2018-2677 at SUSECVE-2018-2677 at NVDCVE-2018-2678 at SUSECVE-2018-2678 at NVDCVE-2018-2790 at SUSECVE-2018-2790 at NVDCVE-2018-2794 at SUSECVE-2018-2794 at NVDCVE-2018-2795 at SUSECVE-2018-2795 at NVDCVE-2018-2796 at SUSECVE-2018-2796 at NVDCVE-2018-2797 at SUSECVE-2018-2797 at NVDCVE-2018-2798 at SUSECVE-2018-2798 at NVDCVE-2018-2799 at SUSECVE-2018-2799 at NVDCVE-2018-2800 at SUSECVE-2018-2800 at NVDCVE-2018-2814 at SUSECVE-2018-2814 at NVDCVE-2018-2815 at SUSECVE-2018-2815 at NVDCVE-2018-2938 at SUSECVE-2018-2938 at NVDCVE-2018-2940 at SUSECVE-2018-2940 at NVDCVE-2018-2952 at SUSECVE-2018-2952 at NVDCVE-2018-2973 at SUSECVE-2018-2973 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDcpe:/o:suse:sles:12:sp4kbd-2.0.4-8.10.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the kbd-2.0.4-8.10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0460 at SUSECVE-2011-0460 at NVDcpe:/o:suse:sles:12:sp4kdump-0.8.16-9.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the kdump-0.8.16-9.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:sles:12:sp4kernel-default-4.12.14-94.41.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the kernel-default-4.12.14-94.41.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-3939 at SUSECVE-2009-3939 at NVDCVE-2009-4026 at SUSECVE-2009-4026 at NVDCVE-2009-4027 at SUSECVE-2009-4027 at NVDCVE-2009-4131 at SUSECVE-2009-4131 at NVDCVE-2009-4138 at SUSECVE-2009-4138 at NVDCVE-2009-4536 at SUSECVE-2009-4536 at NVDCVE-2009-4538 at SUSECVE-2009-4538 at NVDCVE-2010-1146 at SUSECVE-2010-1146 at NVDCVE-2010-1436 at SUSECVE-2010-1436 at NVDCVE-2010-1641 at SUSECVE-2010-1641 at NVDCVE-2010-2066 at SUSECVE-2010-2066 at NVDCVE-2010-2942 at SUSECVE-2010-2942 at NVDCVE-2010-2954 at SUSECVE-2010-2954 at NVDCVE-2010-2955 at SUSECVE-2010-2955 at NVDCVE-2010-3081 at SUSECVE-2010-3081 at NVDCVE-2010-3296 at SUSECVE-2010-3296 at NVDCVE-2010-3297 at SUSECVE-2010-3297 at NVDCVE-2010-3298 at SUSECVE-2010-3298 at NVDCVE-2010-3301 at SUSECVE-2010-3301 at NVDCVE-2010-3310 at SUSECVE-2010-3310 at NVDCVE-2011-0711 at SUSECVE-2011-0711 at NVDCVE-2011-0712 at SUSECVE-2011-0712 at NVDCVE-2011-1020 at SUSECVE-2011-1020 at NVDCVE-2011-1180 at SUSECVE-2011-1180 at NVDCVE-2011-1577 at SUSECVE-2011-1577 at NVDCVE-2011-1581 at SUSECVE-2011-1581 at NVDCVE-2011-2203 at SUSECVE-2011-2203 at NVDCVE-2011-4604 at SUSECVE-2011-4604 at NVDCVE-2012-0056 at SUSECVE-2012-0056 at NVDCVE-2012-3412 at SUSECVE-2012-3412 at NVDCVE-2012-3520 at SUSECVE-2012-3520 at NVDCVE-2013-0160 at SUSECVE-2013-0160 at NVDCVE-2013-0231 at SUSECVE-2013-0231 at NVDCVE-2013-0913 at SUSECVE-2013-0913 at NVDCVE-2013-2850 at SUSECVE-2013-2850 at NVDCVE-2014-0038 at SUSECVE-2014-0038 at NVDCVE-2014-0196 at SUSECVE-2014-0196 at NVDCVE-2014-0691 at SUSECVE-2014-0691 at NVDCVE-2014-8133 at SUSECVE-2014-8133 at NVDCVE-2015-1333 at SUSECVE-2015-1333 at NVDCVE-2015-7550 at SUSECVE-2015-7550 at NVDCVE-2015-7884 at SUSECVE-2015-7884 at NVDCVE-2015-7885 at SUSECVE-2015-7885 at NVDCVE-2015-8539 at SUSECVE-2015-8539 at NVDCVE-2015-8660 at SUSECVE-2015-8660 at NVDCVE-2016-0723 at SUSECVE-2016-0723 at NVDCVE-2016-0728 at SUSECVE-2016-0728 at NVDCVE-2016-1237 at SUSECVE-2016-1237 at NVDCVE-2016-1583 at SUSECVE-2016-1583 at NVDCVE-2016-2184 at SUSECVE-2016-2184 at NVDCVE-2016-2185 at SUSECVE-2016-2185 at NVDCVE-2016-2186 at SUSECVE-2016-2186 at NVDCVE-2016-2384 at SUSECVE-2016-2384 at NVDCVE-2016-3134 at SUSECVE-2016-3134 at NVDCVE-2016-3135 at SUSECVE-2016-3135 at NVDCVE-2016-3136 at SUSECVE-2016-3136 at NVDCVE-2016-3140 at SUSECVE-2016-3140 at NVDCVE-2016-3689 at SUSECVE-2016-3689 at NVDCVE-2016-3713 at SUSECVE-2016-3713 at NVDCVE-2016-4470 at SUSECVE-2016-4470 at NVDCVE-2016-4485 at SUSECVE-2016-4485 at NVDCVE-2016-4486 at SUSECVE-2016-4486 at NVDCVE-2016-4557 at SUSECVE-2016-4557 at NVDCVE-2016-4558 at SUSECVE-2016-4558 at NVDCVE-2016-4569 at SUSECVE-2016-4569 at NVDCVE-2016-4578 at SUSECVE-2016-4578 at NVDCVE-2016-4951 at SUSECVE-2016-4951 at NVDCVE-2016-4997 at SUSECVE-2016-4997 at NVDCVE-2016-4998 at SUSECVE-2016-4998 at NVDCVE-2016-5195 at SUSECVE-2016-5195 at NVDCVE-2016-5244 at SUSECVE-2016-5244 at NVDCVE-2016-5829 at SUSECVE-2016-5829 at NVDCVE-2016-6187 at SUSECVE-2016-6187 at NVDCVE-2016-6480 at SUSECVE-2016-6480 at NVDCVE-2016-6516 at SUSECVE-2016-6516 at NVDCVE-2016-6828 at SUSECVE-2016-6828 at NVDCVE-2016-7039 at SUSECVE-2016-7039 at NVDCVE-2016-7042 at SUSECVE-2016-7042 at NVDCVE-2016-7425 at SUSECVE-2016-7425 at NVDCVE-2016-7913 at SUSECVE-2016-7913 at NVDCVE-2016-8655 at SUSECVE-2016-8655 at NVDCVE-2016-9555 at SUSECVE-2016-9555 at NVDCVE-2016-9576 at SUSECVE-2016-9576 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-1000252 at SUSECVE-2017-1000252 at NVDCVE-2017-1000255 at SUSECVE-2017-1000255 at NVDCVE-2017-1000380 at SUSECVE-2017-1000380 at NVDCVE-2017-1000410 at SUSECVE-2017-1000410 at NVDCVE-2017-11473 at SUSECVE-2017-11473 at NVDCVE-2017-11600 at SUSECVE-2017-11600 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-12154 at SUSECVE-2017-12154 at NVDCVE-2017-12190 at SUSECVE-2017-12190 at NVDCVE-2017-12193 at SUSECVE-2017-12193 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13166 at SUSECVE-2017-13166 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-14489 at SUSECVE-2017-14489 at NVDCVE-2017-15115 at SUSECVE-2017-15115 at NVDCVE-2017-15127 at SUSECVE-2017-15127 at NVDCVE-2017-15128 at SUSECVE-2017-15128 at NVDCVE-2017-15129 at SUSECVE-2017-15129 at NVDCVE-2017-15265 at SUSECVE-2017-15265 at NVDCVE-2017-15537 at SUSECVE-2017-15537 at NVDCVE-2017-15649 at SUSECVE-2017-15649 at NVDCVE-2017-15951 at SUSECVE-2017-15951 at NVDCVE-2017-16525 at SUSECVE-2017-16525 at NVDCVE-2017-16527 at SUSECVE-2017-16527 at NVDCVE-2017-16528 at SUSECVE-2017-16528 at NVDCVE-2017-16529 at SUSECVE-2017-16529 at NVDCVE-2017-16531 at SUSECVE-2017-16531 at NVDCVE-2017-16534 at SUSECVE-2017-16534 at NVDCVE-2017-16535 at SUSECVE-2017-16535 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16538 at SUSECVE-2017-16538 at NVDCVE-2017-16644 at SUSECVE-2017-16644 at NVDCVE-2017-16645 at SUSECVE-2017-16645 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16647 at SUSECVE-2017-16647 at NVDCVE-2017-16649 at SUSECVE-2017-16649 at NVDCVE-2017-16650 at SUSECVE-2017-16650 at NVDCVE-2017-16911 at SUSECVE-2017-16911 at NVDCVE-2017-16912 at SUSECVE-2017-16912 at NVDCVE-2017-16913 at SUSECVE-2017-16913 at NVDCVE-2017-16914 at SUSECVE-2017-16914 at NVDCVE-2017-16939 at SUSECVE-2017-16939 at NVDCVE-2017-16994 at SUSECVE-2017-16994 at NVDCVE-2017-16995 at SUSECVE-2017-16995 at NVDCVE-2017-16996 at SUSECVE-2017-16996 at NVDCVE-2017-17052 at SUSECVE-2017-17052 at NVDCVE-2017-17448 at SUSECVE-2017-17448 at NVDCVE-2017-17449 at SUSECVE-2017-17449 at NVDCVE-2017-17450 at SUSECVE-2017-17450 at NVDCVE-2017-17558 at SUSECVE-2017-17558 at NVDCVE-2017-17712 at SUSECVE-2017-17712 at NVDCVE-2017-17741 at SUSECVE-2017-17741 at NVDCVE-2017-17805 at SUSECVE-2017-17805 at NVDCVE-2017-17806 at SUSECVE-2017-17806 at NVDCVE-2017-17852 at SUSECVE-2017-17852 at NVDCVE-2017-17853 at SUSECVE-2017-17853 at NVDCVE-2017-17854 at SUSECVE-2017-17854 at NVDCVE-2017-17855 at SUSECVE-2017-17855 at NVDCVE-2017-17856 at SUSECVE-2017-17856 at NVDCVE-2017-17857 at SUSECVE-2017-17857 at NVDCVE-2017-17862 at SUSECVE-2017-17862 at NVDCVE-2017-17864 at SUSECVE-2017-17864 at NVDCVE-2017-17975 at SUSECVE-2017-17975 at NVDCVE-2017-18075 at SUSECVE-2017-18075 at NVDCVE-2017-18202 at SUSECVE-2017-18202 at NVDCVE-2017-18203 at SUSECVE-2017-18203 at NVDCVE-2017-18204 at SUSECVE-2017-18204 at NVDCVE-2017-18208 at SUSECVE-2017-18208 at NVDCVE-2017-18344 at SUSECVE-2017-18344 at NVDCVE-2017-2636 at SUSECVE-2017-2636 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-5897 at SUSECVE-2017-5897 at NVDCVE-2017-5970 at SUSECVE-2017-5970 at NVDCVE-2017-5986 at SUSECVE-2017-5986 at NVDCVE-2017-6347 at SUSECVE-2017-6347 at NVDCVE-2017-6353 at SUSECVE-2017-6353 at NVDCVE-2017-7184 at SUSECVE-2017-7184 at NVDCVE-2017-7187 at SUSECVE-2017-7187 at NVDCVE-2017-7261 at SUSECVE-2017-7261 at NVDCVE-2017-7277 at SUSECVE-2017-7277 at NVDCVE-2017-7294 at SUSECVE-2017-7294 at NVDCVE-2017-7308 at SUSECVE-2017-7308 at NVDCVE-2017-7346 at SUSECVE-2017-7346 at NVDCVE-2017-7477 at SUSECVE-2017-7477 at NVDCVE-2017-7487 at SUSECVE-2017-7487 at NVDCVE-2017-7541 at SUSECVE-2017-7541 at NVDCVE-2017-7542 at SUSECVE-2017-7542 at NVDCVE-2017-8824 at SUSECVE-2017-8824 at NVDCVE-2017-8831 at SUSECVE-2017-8831 at NVDCVE-2017-8890 at SUSECVE-2017-8890 at NVDCVE-2017-9059 at SUSECVE-2017-9059 at NVDCVE-2017-9074 at SUSECVE-2017-9074 at NVDCVE-2017-9075 at SUSECVE-2017-9075 at NVDCVE-2017-9076 at SUSECVE-2017-9076 at NVDCVE-2017-9077 at SUSECVE-2017-9077 at NVDCVE-2017-9211 at SUSECVE-2017-9211 at NVDCVE-2017-9242 at SUSECVE-2017-9242 at NVDCVE-2018-1000004 at SUSECVE-2018-1000004 at NVDCVE-2018-1000028 at SUSECVE-2018-1000028 at NVDCVE-2018-1000200 at SUSECVE-2018-1000200 at NVDCVE-2018-1000204 at SUSECVE-2018-1000204 at NVDCVE-2018-10087 at SUSECVE-2018-10087 at NVDCVE-2018-10124 at SUSECVE-2018-10124 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-1065 at SUSECVE-2018-1065 at NVDCVE-2018-1068 at SUSECVE-2018-1068 at NVDCVE-2018-10853 at SUSECVE-2018-10853 at NVDCVE-2018-10902 at SUSECVE-2018-10902 at NVDCVE-2018-1091 at SUSECVE-2018-1091 at NVDCVE-2018-10938 at SUSECVE-2018-10938 at NVDCVE-2018-1094 at SUSECVE-2018-1094 at NVDCVE-2018-10940 at SUSECVE-2018-10940 at NVDCVE-2018-1108 at SUSECVE-2018-1108 at NVDCVE-2018-1118 at SUSECVE-2018-1118 at NVDCVE-2018-1120 at SUSECVE-2018-1120 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-1130 at SUSECVE-2018-1130 at NVDCVE-2018-12233 at SUSECVE-2018-12233 at NVDCVE-2018-12896 at SUSECVE-2018-12896 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-13093 at SUSECVE-2018-13093 at NVDCVE-2018-13094 at SUSECVE-2018-13094 at NVDCVE-2018-13095 at SUSECVE-2018-13095 at NVDCVE-2018-13405 at SUSECVE-2018-13405 at NVDCVE-2018-13406 at SUSECVE-2018-13406 at NVDCVE-2018-14613 at SUSECVE-2018-14613 at NVDCVE-2018-14617 at SUSECVE-2018-14617 at NVDCVE-2018-14633 at SUSECVE-2018-14633 at NVDCVE-2018-15572 at SUSECVE-2018-15572 at NVDCVE-2018-16658 at SUSECVE-2018-16658 at NVDCVE-2018-17182 at SUSECVE-2018-17182 at NVDCVE-2018-3620 at SUSECVE-2018-3620 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-5332 at SUSECVE-2018-5332 at NVDCVE-2018-5333 at SUSECVE-2018-5333 at NVDCVE-2018-5390 at SUSECVE-2018-5390 at NVDCVE-2018-5391 at SUSECVE-2018-5391 at NVDCVE-2018-5803 at SUSECVE-2018-5803 at NVDCVE-2018-5848 at SUSECVE-2018-5848 at NVDCVE-2018-6554 at SUSECVE-2018-6554 at NVDCVE-2018-6555 at SUSECVE-2018-6555 at NVDCVE-2018-6927 at SUSECVE-2018-6927 at NVDCVE-2018-7492 at SUSECVE-2018-7492 at NVDCVE-2018-7566 at SUSECVE-2018-7566 at NVDCVE-2018-7740 at SUSECVE-2018-7740 at NVDCVE-2018-8043 at SUSECVE-2018-8043 at NVDCVE-2018-8087 at SUSECVE-2018-8087 at NVDCVE-2018-8781 at SUSECVE-2018-8781 at NVDCVE-2018-8822 at SUSECVE-2018-8822 at NVDCVE-2018-9363 at SUSECVE-2018-9363 at NVDCVE-2018-9385 at SUSECVE-2018-9385 at NVDcpe:/o:suse:sles:12:sp4kernel-firmware-20180525-3.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the kernel-firmware-20180525-3.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDcpe:/o:suse:sles:12:sp4krb5-1.12.5-40.28.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the krb5-1.12.5-40.28.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2002-2443 at SUSECVE-2002-2443 at NVDCVE-2009-0844 at SUSECVE-2009-0844 at NVDCVE-2009-0845 at SUSECVE-2009-0845 at NVDCVE-2009-0846 at SUSECVE-2009-0846 at NVDCVE-2009-0847 at SUSECVE-2009-0847 at NVDCVE-2009-3295 at SUSECVE-2009-3295 at NVDCVE-2009-4212 at SUSECVE-2009-4212 at NVDCVE-2010-0283 at SUSECVE-2010-0283 at NVDCVE-2010-0628 at SUSECVE-2010-0628 at NVDCVE-2010-1320 at SUSECVE-2010-1320 at NVDCVE-2010-1321 at SUSECVE-2010-1321 at NVDCVE-2010-1322 at SUSECVE-2010-1322 at NVDCVE-2010-1323 at SUSECVE-2010-1323 at NVDCVE-2010-1324 at SUSECVE-2010-1324 at NVDCVE-2010-4020 at SUSECVE-2010-4020 at NVDCVE-2010-4021 at SUSECVE-2010-4021 at NVDCVE-2010-4022 at SUSECVE-2010-4022 at NVDCVE-2011-0281 at SUSECVE-2011-0281 at NVDCVE-2011-0282 at SUSECVE-2011-0282 at NVDCVE-2011-0284 at SUSECVE-2011-0284 at NVDCVE-2011-0285 at SUSECVE-2011-0285 at NVDCVE-2011-1527 at SUSECVE-2011-1527 at NVDCVE-2011-1528 at SUSECVE-2011-1528 at NVDCVE-2011-1529 at SUSECVE-2011-1529 at NVDCVE-2011-1530 at SUSECVE-2011-1530 at NVDCVE-2012-1012 at SUSECVE-2012-1012 at NVDCVE-2012-1013 at SUSECVE-2012-1013 at NVDCVE-2012-1016 at SUSECVE-2012-1016 at NVDCVE-2013-1415 at SUSECVE-2013-1415 at NVDCVE-2013-1417 at SUSECVE-2013-1417 at NVDCVE-2013-1418 at SUSECVE-2013-1418 at NVDCVE-2014-4341 at SUSECVE-2014-4341 at NVDCVE-2014-4342 at SUSECVE-2014-4342 at NVDCVE-2014-4343 at SUSECVE-2014-4343 at NVDCVE-2014-4344 at SUSECVE-2014-4344 at NVDCVE-2014-4345 at SUSECVE-2014-4345 at NVDCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2017-15088 at SUSECVE-2017-15088 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDcpe:/o:suse:sles:12:sp4krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the krb5-appl-clients-1.0.3-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1526 at SUSECVE-2011-1526 at NVDCVE-2011-4862 at SUSECVE-2011-4862 at NVDcpe:/o:suse:sles:12:sp4lcms2-2.7-9.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the lcms2-2.7-9.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-10165 at SUSECVE-2016-10165 at NVDCVE-2018-16435 at SUSECVE-2018-16435 at NVDcpe:/o:suse:sles:12:sp4lftp-4.7.4-3.3.20 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the lftp-4.7.4-3.3.20 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-0139 at SUSECVE-2014-0139 at NVDcpe:/o:suse:sles:12:sp4libFLAC++6-1.3.0-11.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libFLAC++6-1.3.0-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8962 at SUSECVE-2014-8962 at NVDCVE-2014-9028 at SUSECVE-2014-9028 at NVDcpe:/o:suse:sles:12:sp4libHX28-3.18-1.18 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libHX28-3.18-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2947 at SUSECVE-2010-2947 at NVDcpe:/o:suse:sles:12:sp4libICE6-1.0.8-12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libICE6-1.0.8-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-2626 at SUSECVE-2017-2626 at NVDcpe:/o:suse:sles:12:sp4libIlmImf-Imf_2_1-21-2.1.0-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libIlmImf-Imf_2_1-21-2.1.0-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1720 at SUSECVE-2009-1720 at NVDCVE-2009-1721 at SUSECVE-2009-1721 at NVDCVE-2017-12596 at SUSECVE-2017-12596 at NVDCVE-2017-9110 at SUSECVE-2017-9110 at NVDCVE-2017-9114 at SUSECVE-2017-9114 at NVDcpe:/o:suse:sles:12:sp4libMagickCore-6_Q16-1-6.8.8.1-71.85.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libMagickCore-6_Q16-1-6.8.8.1-71.85.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-0247 at SUSECVE-2012-0247 at NVDCVE-2012-0248 at SUSECVE-2012-0248 at NVDCVE-2012-1185 at SUSECVE-2012-1185 at NVDCVE-2012-1186 at SUSECVE-2012-1186 at NVDCVE-2014-8354 at SUSECVE-2014-8354 at NVDCVE-2014-8355 at SUSECVE-2014-8355 at NVDCVE-2014-8562 at SUSECVE-2014-8562 at NVDCVE-2014-8716 at SUSECVE-2014-8716 at NVDCVE-2014-9805 at SUSECVE-2014-9805 at NVDCVE-2014-9806 at SUSECVE-2014-9806 at NVDCVE-2014-9807 at SUSECVE-2014-9807 at NVDCVE-2014-9808 at SUSECVE-2014-9808 at NVDCVE-2014-9809 at SUSECVE-2014-9809 at NVDCVE-2014-9810 at SUSECVE-2014-9810 at NVDCVE-2014-9811 at SUSECVE-2014-9811 at NVDCVE-2014-9812 at SUSECVE-2014-9812 at NVDCVE-2014-9813 at SUSECVE-2014-9813 at NVDCVE-2014-9814 at SUSECVE-2014-9814 at NVDCVE-2014-9815 at SUSECVE-2014-9815 at NVDCVE-2014-9816 at SUSECVE-2014-9816 at NVDCVE-2014-9817 at SUSECVE-2014-9817 at NVDCVE-2014-9818 at SUSECVE-2014-9818 at NVDCVE-2014-9819 at SUSECVE-2014-9819 at NVDCVE-2014-9820 at SUSECVE-2014-9820 at NVDCVE-2014-9821 at SUSECVE-2014-9821 at NVDCVE-2014-9822 at SUSECVE-2014-9822 at NVDCVE-2014-9823 at SUSECVE-2014-9823 at NVDCVE-2014-9824 at SUSECVE-2014-9824 at NVDCVE-2014-9825 at SUSECVE-2014-9825 at NVDCVE-2014-9826 at SUSECVE-2014-9826 at NVDCVE-2014-9828 at SUSECVE-2014-9828 at NVDCVE-2014-9829 at SUSECVE-2014-9829 at NVDCVE-2014-9830 at SUSECVE-2014-9830 at NVDCVE-2014-9831 at SUSECVE-2014-9831 at NVDCVE-2014-9832 at SUSECVE-2014-9832 at NVDCVE-2014-9833 at SUSECVE-2014-9833 at NVDCVE-2014-9834 at SUSECVE-2014-9834 at NVDCVE-2014-9835 at SUSECVE-2014-9835 at NVDCVE-2014-9836 at SUSECVE-2014-9836 at NVDCVE-2014-9837 at SUSECVE-2014-9837 at NVDCVE-2014-9838 at SUSECVE-2014-9838 at NVDCVE-2014-9839 at SUSECVE-2014-9839 at NVDCVE-2014-9840 at SUSECVE-2014-9840 at NVDCVE-2014-9841 at SUSECVE-2014-9841 at NVDCVE-2014-9842 at SUSECVE-2014-9842 at NVDCVE-2014-9843 at SUSECVE-2014-9843 at NVDCVE-2014-9844 at SUSECVE-2014-9844 at NVDCVE-2014-9845 at SUSECVE-2014-9845 at NVDCVE-2014-9846 at SUSECVE-2014-9846 at NVDCVE-2014-9847 at SUSECVE-2014-9847 at NVDCVE-2014-9848 at SUSECVE-2014-9848 at NVDCVE-2014-9849 at SUSECVE-2014-9849 at NVDCVE-2014-9850 at SUSECVE-2014-9850 at NVDCVE-2014-9851 at SUSECVE-2014-9851 at NVDCVE-2014-9852 at SUSECVE-2014-9852 at NVDCVE-2014-9853 at SUSECVE-2014-9853 at NVDCVE-2014-9854 at SUSECVE-2014-9854 at NVDCVE-2014-9907 at SUSECVE-2014-9907 at NVDCVE-2015-8894 at SUSECVE-2015-8894 at NVDCVE-2015-8895 at SUSECVE-2015-8895 at NVDCVE-2015-8896 at SUSECVE-2015-8896 at NVDCVE-2015-8897 at SUSECVE-2015-8897 at NVDCVE-2015-8898 at SUSECVE-2015-8898 at NVDCVE-2015-8900 at SUSECVE-2015-8900 at NVDCVE-2015-8901 at SUSECVE-2015-8901 at NVDCVE-2015-8902 at SUSECVE-2015-8902 at NVDCVE-2015-8903 at SUSECVE-2015-8903 at NVDCVE-2015-8957 at SUSECVE-2015-8957 at NVDCVE-2015-8958 at SUSECVE-2015-8958 at NVDCVE-2015-8959 at SUSECVE-2015-8959 at NVDCVE-2016-10046 at SUSECVE-2016-10046 at NVDCVE-2016-10048 at SUSECVE-2016-10048 at NVDCVE-2016-10049 at SUSECVE-2016-10049 at NVDCVE-2016-10050 at SUSECVE-2016-10050 at NVDCVE-2016-10051 at SUSECVE-2016-10051 at NVDCVE-2016-10052 at SUSECVE-2016-10052 at NVDCVE-2016-10059 at SUSECVE-2016-10059 at NVDCVE-2016-10060 at SUSECVE-2016-10060 at NVDCVE-2016-10061 at SUSECVE-2016-10061 at NVDCVE-2016-10062 at SUSECVE-2016-10062 at NVDCVE-2016-10063 at SUSECVE-2016-10063 at NVDCVE-2016-10064 at SUSECVE-2016-10064 at NVDCVE-2016-10065 at SUSECVE-2016-10065 at NVDCVE-2016-10068 at SUSECVE-2016-10068 at NVDCVE-2016-10069 at SUSECVE-2016-10069 at NVDCVE-2016-10070 at SUSECVE-2016-10070 at NVDCVE-2016-10071 at SUSECVE-2016-10071 at NVDCVE-2016-10144 at SUSECVE-2016-10144 at NVDCVE-2016-10145 at SUSECVE-2016-10145 at NVDCVE-2016-10146 at SUSECVE-2016-10146 at NVDCVE-2016-3714 at SUSECVE-2016-3714 at NVDCVE-2016-3715 at SUSECVE-2016-3715 at NVDCVE-2016-3716 at SUSECVE-2016-3716 at NVDCVE-2016-3717 at SUSECVE-2016-3717 at NVDCVE-2016-3718 at SUSECVE-2016-3718 at NVDCVE-2016-4562 at SUSECVE-2016-4562 at NVDCVE-2016-4563 at SUSECVE-2016-4563 at NVDCVE-2016-4564 at SUSECVE-2016-4564 at NVDCVE-2016-5010 at SUSECVE-2016-5010 at NVDCVE-2016-5118 at SUSECVE-2016-5118 at NVDCVE-2016-5687 at SUSECVE-2016-5687 at NVDCVE-2016-5688 at SUSECVE-2016-5688 at NVDCVE-2016-5689 at SUSECVE-2016-5689 at NVDCVE-2016-5690 at SUSECVE-2016-5690 at NVDCVE-2016-5691 at SUSECVE-2016-5691 at NVDCVE-2016-5841 at SUSECVE-2016-5841 at NVDCVE-2016-5842 at SUSECVE-2016-5842 at NVDCVE-2016-6491 at SUSECVE-2016-6491 at NVDCVE-2016-6520 at SUSECVE-2016-6520 at NVDCVE-2016-6823 at SUSECVE-2016-6823 at NVDCVE-2016-7101 at SUSECVE-2016-7101 at NVDCVE-2016-7513 at SUSECVE-2016-7513 at NVDCVE-2016-7514 at SUSECVE-2016-7514 at NVDCVE-2016-7515 at SUSECVE-2016-7515 at NVDCVE-2016-7516 at SUSECVE-2016-7516 at NVDCVE-2016-7517 at SUSECVE-2016-7517 at NVDCVE-2016-7518 at SUSECVE-2016-7518 at NVDCVE-2016-7519 at SUSECVE-2016-7519 at NVDCVE-2016-7520 at SUSECVE-2016-7520 at NVDCVE-2016-7521 at SUSECVE-2016-7521 at NVDCVE-2016-7522 at SUSECVE-2016-7522 at NVDCVE-2016-7523 at SUSECVE-2016-7523 at NVDCVE-2016-7524 at SUSECVE-2016-7524 at NVDCVE-2016-7525 at SUSECVE-2016-7525 at NVDCVE-2016-7526 at SUSECVE-2016-7526 at NVDCVE-2016-7527 at SUSECVE-2016-7527 at NVDCVE-2016-7528 at SUSECVE-2016-7528 at NVDCVE-2016-7529 at SUSECVE-2016-7529 at NVDCVE-2016-7530 at SUSECVE-2016-7530 at NVDCVE-2016-7531 at SUSECVE-2016-7531 at NVDCVE-2016-7532 at SUSECVE-2016-7532 at NVDCVE-2016-7533 at SUSECVE-2016-7533 at NVDCVE-2016-7534 at SUSECVE-2016-7534 at NVDCVE-2016-7535 at SUSECVE-2016-7535 at NVDCVE-2016-7537 at SUSECVE-2016-7537 at NVDCVE-2016-7538 at SUSECVE-2016-7538 at NVDCVE-2016-7539 at SUSECVE-2016-7539 at NVDCVE-2016-7540 at SUSECVE-2016-7540 at NVDCVE-2016-7799 at SUSECVE-2016-7799 at NVDCVE-2016-7800 at SUSECVE-2016-7800 at NVDCVE-2016-7996 at SUSECVE-2016-7996 at NVDCVE-2016-7997 at SUSECVE-2016-7997 at NVDCVE-2016-8677 at SUSECVE-2016-8677 at NVDCVE-2016-8682 at SUSECVE-2016-8682 at NVDCVE-2016-8683 at SUSECVE-2016-8683 at NVDCVE-2016-8684 at SUSECVE-2016-8684 at NVDCVE-2016-8707 at SUSECVE-2016-8707 at NVDCVE-2016-8862 at SUSECVE-2016-8862 at NVDCVE-2016-8866 at SUSECVE-2016-8866 at NVDCVE-2016-9556 at SUSECVE-2016-9556 at NVDCVE-2016-9559 at SUSECVE-2016-9559 at NVDCVE-2016-9773 at SUSECVE-2016-9773 at NVDCVE-2017-1000445 at SUSECVE-2017-1000445 at NVDCVE-2017-1000476 at SUSECVE-2017-1000476 at NVDCVE-2017-10800 at SUSECVE-2017-10800 at NVDCVE-2017-10928 at SUSECVE-2017-10928 at NVDCVE-2017-10995 at SUSECVE-2017-10995 at NVDCVE-2017-11141 at SUSECVE-2017-11141 at NVDCVE-2017-11166 at SUSECVE-2017-11166 at NVDCVE-2017-11170 at SUSECVE-2017-11170 at NVDCVE-2017-11188 at SUSECVE-2017-11188 at NVDCVE-2017-11403 at SUSECVE-2017-11403 at NVDCVE-2017-11446 at SUSECVE-2017-11446 at NVDCVE-2017-11448 at SUSECVE-2017-11448 at NVDCVE-2017-11449 at SUSECVE-2017-11449 at NVDCVE-2017-11450 at SUSECVE-2017-11450 at NVDCVE-2017-11478 at SUSECVE-2017-11478 at NVDCVE-2017-11505 at SUSECVE-2017-11505 at NVDCVE-2017-11523 at SUSECVE-2017-11523 at NVDCVE-2017-11524 at SUSECVE-2017-11524 at NVDCVE-2017-11525 at SUSECVE-2017-11525 at NVDCVE-2017-11526 at SUSECVE-2017-11526 at NVDCVE-2017-11527 at SUSECVE-2017-11527 at NVDCVE-2017-11528 at SUSECVE-2017-11528 at NVDCVE-2017-11529 at SUSECVE-2017-11529 at NVDCVE-2017-11530 at SUSECVE-2017-11530 at NVDCVE-2017-11531 at SUSECVE-2017-11531 at NVDCVE-2017-11532 at SUSECVE-2017-11532 at NVDCVE-2017-11533 at SUSECVE-2017-11533 at NVDCVE-2017-11534 at SUSECVE-2017-11534 at NVDCVE-2017-11535 at SUSECVE-2017-11535 at NVDCVE-2017-11537 at SUSECVE-2017-11537 at NVDCVE-2017-11539 at SUSECVE-2017-11539 at NVDCVE-2017-11638 at SUSECVE-2017-11638 at NVDCVE-2017-11639 at SUSECVE-2017-11639 at NVDCVE-2017-11640 at SUSECVE-2017-11640 at NVDCVE-2017-11642 at SUSECVE-2017-11642 at NVDCVE-2017-11644 at SUSECVE-2017-11644 at NVDCVE-2017-11724 at SUSECVE-2017-11724 at NVDCVE-2017-11750 at SUSECVE-2017-11750 at NVDCVE-2017-11751 at SUSECVE-2017-11751 at NVDCVE-2017-11752 at SUSECVE-2017-11752 at NVDCVE-2017-12140 at SUSECVE-2017-12140 at NVDCVE-2017-12418 at SUSECVE-2017-12418 at NVDCVE-2017-12427 at SUSECVE-2017-12427 at NVDCVE-2017-12428 at SUSECVE-2017-12428 at NVDCVE-2017-12429 at SUSECVE-2017-12429 at NVDCVE-2017-12430 at SUSECVE-2017-12430 at NVDCVE-2017-12431 at SUSECVE-2017-12431 at NVDCVE-2017-12432 at SUSECVE-2017-12432 at NVDCVE-2017-12433 at SUSECVE-2017-12433 at NVDCVE-2017-12434 at SUSECVE-2017-12434 at NVDCVE-2017-12435 at SUSECVE-2017-12435 at NVDCVE-2017-12563 at SUSECVE-2017-12563 at NVDCVE-2017-12564 at SUSECVE-2017-12564 at NVDCVE-2017-12565 at SUSECVE-2017-12565 at NVDCVE-2017-12566 at SUSECVE-2017-12566 at NVDCVE-2017-12587 at SUSECVE-2017-12587 at NVDCVE-2017-12640 at SUSECVE-2017-12640 at NVDCVE-2017-12641 at SUSECVE-2017-12641 at NVDCVE-2017-12642 at SUSECVE-2017-12642 at NVDCVE-2017-12643 at SUSECVE-2017-12643 at NVDCVE-2017-12644 at SUSECVE-2017-12644 at NVDCVE-2017-12654 at SUSECVE-2017-12654 at NVDCVE-2017-12662 at SUSECVE-2017-12662 at NVDCVE-2017-12663 at SUSECVE-2017-12663 at NVDCVE-2017-12664 at SUSECVE-2017-12664 at NVDCVE-2017-12665 at SUSECVE-2017-12665 at NVDCVE-2017-12667 at SUSECVE-2017-12667 at NVDCVE-2017-12668 at SUSECVE-2017-12668 at NVDCVE-2017-12669 at SUSECVE-2017-12669 at NVDCVE-2017-12670 at SUSECVE-2017-12670 at NVDCVE-2017-12671 at SUSECVE-2017-12671 at NVDCVE-2017-12672 at SUSECVE-2017-12672 at NVDCVE-2017-12673 at SUSECVE-2017-12673 at NVDCVE-2017-12674 at SUSECVE-2017-12674 at NVDCVE-2017-12675 at SUSECVE-2017-12675 at NVDCVE-2017-12676 at SUSECVE-2017-12676 at NVDCVE-2017-12691 at SUSECVE-2017-12691 at NVDCVE-2017-12692 at SUSECVE-2017-12692 at NVDCVE-2017-12693 at SUSECVE-2017-12693 at NVDCVE-2017-12935 at SUSECVE-2017-12935 at NVDCVE-2017-12983 at SUSECVE-2017-12983 at NVDCVE-2017-13058 at SUSECVE-2017-13058 at NVDCVE-2017-13059 at SUSECVE-2017-13059 at NVDCVE-2017-13060 at SUSECVE-2017-13060 at NVDCVE-2017-13061 at SUSECVE-2017-13061 at NVDCVE-2017-13062 at SUSECVE-2017-13062 at NVDCVE-2017-13131 at SUSECVE-2017-13131 at NVDCVE-2017-13133 at SUSECVE-2017-13133 at NVDCVE-2017-13134 at SUSECVE-2017-13134 at NVDCVE-2017-13139 at SUSECVE-2017-13139 at NVDCVE-2017-13141 at SUSECVE-2017-13141 at NVDCVE-2017-13142 at SUSECVE-2017-13142 at NVDCVE-2017-13146 at SUSECVE-2017-13146 at NVDCVE-2017-13147 at SUSECVE-2017-13147 at NVDCVE-2017-13648 at SUSECVE-2017-13648 at NVDCVE-2017-13658 at SUSECVE-2017-13658 at NVDCVE-2017-13758 at SUSECVE-2017-13758 at NVDCVE-2017-13768 at SUSECVE-2017-13768 at NVDCVE-2017-13769 at SUSECVE-2017-13769 at NVDCVE-2017-14042 at SUSECVE-2017-14042 at NVDCVE-2017-14060 at SUSECVE-2017-14060 at NVDCVE-2017-14103 at SUSECVE-2017-14103 at NVDCVE-2017-14138 at SUSECVE-2017-14138 at NVDCVE-2017-14139 at SUSECVE-2017-14139 at NVDCVE-2017-14172 at SUSECVE-2017-14172 at NVDCVE-2017-14173 at SUSECVE-2017-14173 at NVDCVE-2017-14174 at SUSECVE-2017-14174 at NVDCVE-2017-14175 at SUSECVE-2017-14175 at NVDCVE-2017-14224 at SUSECVE-2017-14224 at NVDCVE-2017-14249 at SUSECVE-2017-14249 at NVDCVE-2017-14314 at SUSECVE-2017-14314 at NVDCVE-2017-14325 at SUSECVE-2017-14325 at NVDCVE-2017-14326 at SUSECVE-2017-14326 at NVDCVE-2017-14341 at SUSECVE-2017-14341 at NVDCVE-2017-14342 at SUSECVE-2017-14342 at NVDCVE-2017-14343 at SUSECVE-2017-14343 at NVDCVE-2017-14505 at SUSECVE-2017-14505 at NVDCVE-2017-14531 at SUSECVE-2017-14531 at NVDCVE-2017-14533 at SUSECVE-2017-14533 at NVDCVE-2017-14607 at SUSECVE-2017-14607 at NVDCVE-2017-14649 at SUSECVE-2017-14649 at NVDCVE-2017-14682 at SUSECVE-2017-14682 at NVDCVE-2017-14733 at SUSECVE-2017-14733 at NVDCVE-2017-14739 at SUSECVE-2017-14739 at NVDCVE-2017-14989 at SUSECVE-2017-14989 at NVDCVE-2017-14997 at SUSECVE-2017-14997 at NVDCVE-2017-15016 at SUSECVE-2017-15016 at NVDCVE-2017-15017 at SUSECVE-2017-15017 at NVDCVE-2017-15033 at SUSECVE-2017-15033 at NVDCVE-2017-15217 at SUSECVE-2017-15217 at NVDCVE-2017-15218 at SUSECVE-2017-15218 at NVDCVE-2017-15277 at SUSECVE-2017-15277 at NVDCVE-2017-15281 at SUSECVE-2017-15281 at NVDCVE-2017-15930 at SUSECVE-2017-15930 at NVDCVE-2017-16352 at SUSECVE-2017-16352 at NVDCVE-2017-16353 at SUSECVE-2017-16353 at NVDCVE-2017-16545 at SUSECVE-2017-16545 at NVDCVE-2017-16546 at SUSECVE-2017-16546 at NVDCVE-2017-16669 at SUSECVE-2017-16669 at NVDCVE-2017-17504 at SUSECVE-2017-17504 at NVDCVE-2017-17680 at SUSECVE-2017-17680 at NVDCVE-2017-17681 at SUSECVE-2017-17681 at NVDCVE-2017-17682 at SUSECVE-2017-17682 at NVDCVE-2017-17879 at SUSECVE-2017-17879 at NVDCVE-2017-17881 at SUSECVE-2017-17881 at NVDCVE-2017-17882 at SUSECVE-2017-17882 at NVDCVE-2017-17884 at SUSECVE-2017-17884 at NVDCVE-2017-17885 at SUSECVE-2017-17885 at NVDCVE-2017-17887 at SUSECVE-2017-17887 at NVDCVE-2017-17914 at SUSECVE-2017-17914 at NVDCVE-2017-17934 at SUSECVE-2017-17934 at NVDCVE-2017-18008 at SUSECVE-2017-18008 at NVDCVE-2017-18022 at SUSECVE-2017-18022 at NVDCVE-2017-18027 at SUSECVE-2017-18027 at NVDCVE-2017-18028 at SUSECVE-2017-18028 at NVDCVE-2017-18029 at SUSECVE-2017-18029 at NVDCVE-2017-18209 at SUSECVE-2017-18209 at NVDCVE-2017-18211 at SUSECVE-2017-18211 at NVDCVE-2017-18250 at SUSECVE-2017-18250 at NVDCVE-2017-18251 at SUSECVE-2017-18251 at NVDCVE-2017-18252 at SUSECVE-2017-18252 at NVDCVE-2017-18254 at SUSECVE-2017-18254 at NVDCVE-2017-18271 at SUSECVE-2017-18271 at NVDCVE-2017-5506 at SUSECVE-2017-5506 at NVDCVE-2017-5507 at SUSECVE-2017-5507 at NVDCVE-2017-5508 at SUSECVE-2017-5508 at NVDCVE-2017-5510 at SUSECVE-2017-5510 at NVDCVE-2017-5511 at SUSECVE-2017-5511 at NVDCVE-2017-6502 at SUSECVE-2017-6502 at NVDCVE-2017-7606 at SUSECVE-2017-7606 at NVDCVE-2017-7941 at SUSECVE-2017-7941 at NVDCVE-2017-7942 at SUSECVE-2017-7942 at NVDCVE-2017-7943 at SUSECVE-2017-7943 at NVDCVE-2017-8343 at SUSECVE-2017-8343 at NVDCVE-2017-8344 at SUSECVE-2017-8344 at NVDCVE-2017-8345 at SUSECVE-2017-8345 at NVDCVE-2017-8346 at SUSECVE-2017-8346 at NVDCVE-2017-8347 at SUSECVE-2017-8347 at NVDCVE-2017-8348 at SUSECVE-2017-8348 at NVDCVE-2017-8349 at SUSECVE-2017-8349 at NVDCVE-2017-8350 at SUSECVE-2017-8350 at NVDCVE-2017-8351 at SUSECVE-2017-8351 at NVDCVE-2017-8352 at SUSECVE-2017-8352 at NVDCVE-2017-8353 at SUSECVE-2017-8353 at NVDCVE-2017-8354 at SUSECVE-2017-8354 at NVDCVE-2017-8355 at SUSECVE-2017-8355 at NVDCVE-2017-8356 at SUSECVE-2017-8356 at NVDCVE-2017-8357 at SUSECVE-2017-8357 at NVDCVE-2017-8765 at SUSECVE-2017-8765 at NVDCVE-2017-8830 at SUSECVE-2017-8830 at NVDCVE-2017-9098 at SUSECVE-2017-9098 at NVDCVE-2017-9141 at SUSECVE-2017-9141 at NVDCVE-2017-9142 at SUSECVE-2017-9142 at NVDCVE-2017-9143 at SUSECVE-2017-9143 at NVDCVE-2017-9144 at SUSECVE-2017-9144 at NVDCVE-2017-9261 at SUSECVE-2017-9261 at NVDCVE-2017-9262 at SUSECVE-2017-9262 at NVDCVE-2017-9405 at SUSECVE-2017-9405 at NVDCVE-2017-9407 at SUSECVE-2017-9407 at NVDCVE-2017-9409 at SUSECVE-2017-9409 at NVDCVE-2017-9439 at SUSECVE-2017-9439 at NVDCVE-2017-9440 at SUSECVE-2017-9440 at NVDCVE-2017-9500 at SUSECVE-2017-9500 at NVDCVE-2017-9501 at SUSECVE-2017-9501 at NVDCVE-2018-10177 at SUSECVE-2018-10177 at NVDCVE-2018-10804 at SUSECVE-2018-10804 at NVDCVE-2018-10805 at SUSECVE-2018-10805 at NVDCVE-2018-11251 at SUSECVE-2018-11251 at NVDCVE-2018-11655 at SUSECVE-2018-11655 at NVDCVE-2018-11656 at SUSECVE-2018-11656 at NVDCVE-2018-12599 at SUSECVE-2018-12599 at NVDCVE-2018-12600 at SUSECVE-2018-12600 at NVDCVE-2018-14434 at SUSECVE-2018-14434 at NVDCVE-2018-14435 at SUSECVE-2018-14435 at NVDCVE-2018-14436 at SUSECVE-2018-14436 at NVDCVE-2018-14437 at SUSECVE-2018-14437 at NVDCVE-2018-16323 at SUSECVE-2018-16323 at NVDCVE-2018-16329 at SUSECVE-2018-16329 at NVDCVE-2018-16413 at SUSECVE-2018-16413 at NVDCVE-2018-16640 at SUSECVE-2018-16640 at NVDCVE-2018-16642 at SUSECVE-2018-16642 at NVDCVE-2018-16643 at SUSECVE-2018-16643 at NVDCVE-2018-16644 at SUSECVE-2018-16644 at NVDCVE-2018-16645 at SUSECVE-2018-16645 at NVDCVE-2018-16749 at SUSECVE-2018-16749 at NVDCVE-2018-16750 at SUSECVE-2018-16750 at NVDCVE-2018-17965 at SUSECVE-2018-17965 at NVDCVE-2018-17966 at SUSECVE-2018-17966 at NVDCVE-2018-18016 at SUSECVE-2018-18016 at NVDCVE-2018-18024 at SUSECVE-2018-18024 at NVDCVE-2018-5246 at SUSECVE-2018-5246 at NVDCVE-2018-5247 at SUSECVE-2018-5247 at NVDCVE-2018-5357 at SUSECVE-2018-5357 at NVDCVE-2018-5685 at SUSECVE-2018-5685 at NVDCVE-2018-6405 at SUSECVE-2018-6405 at NVDCVE-2018-7443 at SUSECVE-2018-7443 at NVDCVE-2018-7470 at SUSECVE-2018-7470 at NVDCVE-2018-8804 at SUSECVE-2018-8804 at NVDCVE-2018-8960 at SUSECVE-2018-8960 at NVDCVE-2018-9018 at SUSECVE-2018-9018 at NVDCVE-2018-9133 at SUSECVE-2018-9133 at NVDCVE-2018-9135 at SUSECVE-2018-9135 at NVDcpe:/o:suse:sles:12:sp4libQt5Concurrent5-5.6.2-6.12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libQt5Concurrent5-5.6.2-6.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-0295 at SUSECVE-2015-0295 at NVDCVE-2015-1858 at SUSECVE-2015-1858 at NVDCVE-2015-1859 at SUSECVE-2015-1859 at NVDCVE-2015-1860 at SUSECVE-2015-1860 at NVDcpe:/o:suse:sles:12:sp4libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libQt5WebKit5-5.6.2-1.31 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-8079 at SUSECVE-2015-8079 at NVDcpe:/o:suse:sles:12:sp4libSoundTouch0-1.7.1-5.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libSoundTouch0-1.7.1-5.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-1000223 at SUSECVE-2018-1000223 at NVDcpe:/o:suse:sles:12:sp4libX11-6-1.6.2-12.5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libX11-6-1.6.2-12.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1981 at SUSECVE-2013-1981 at NVDCVE-2013-1997 at SUSECVE-2013-1997 at NVDCVE-2013-2004 at SUSECVE-2013-2004 at NVDCVE-2016-7942 at SUSECVE-2016-7942 at NVDCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDcpe:/o:suse:sles:12:sp4libXRes1-1.0.7-3.53 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXRes1-1.0.7-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1988 at SUSECVE-2013-1988 at NVDcpe:/o:suse:sles:12:sp4libXcursor1-1.1.14-4.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXcursor1-1.1.14-4.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2003 at SUSECVE-2013-2003 at NVDCVE-2015-9262 at SUSECVE-2015-9262 at NVDCVE-2017-16612 at SUSECVE-2017-16612 at NVDcpe:/o:suse:sles:12:sp4libXdmcp6-1.1.1-12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXdmcp6-1.1.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-2625 at SUSECVE-2017-2625 at NVDcpe:/o:suse:sles:12:sp4libXext6-1.3.2-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXext6-1.3.2-4.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:sles:12:sp4libXfixes3-32bit-5.0.1-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXfixes3-32bit-5.0.1-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1983 at SUSECVE-2013-1983 at NVDCVE-2016-7944 at SUSECVE-2016-7944 at NVDcpe:/o:suse:sles:12:sp4libXfont1-1.5.1-11.3.12 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXfont1-1.5.1-11.3.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2895 at SUSECVE-2011-2895 at NVDCVE-2013-6462 at SUSECVE-2013-6462 at NVDCVE-2014-0209 at SUSECVE-2014-0209 at NVDCVE-2014-0210 at SUSECVE-2014-0210 at NVDCVE-2014-0211 at SUSECVE-2014-0211 at NVDCVE-2015-1802 at SUSECVE-2015-1802 at NVDCVE-2015-1803 at SUSECVE-2015-1803 at NVDCVE-2015-1804 at SUSECVE-2015-1804 at NVDCVE-2017-13720 at SUSECVE-2017-13720 at NVDCVE-2017-13722 at SUSECVE-2017-13722 at NVDcpe:/o:suse:sles:12:sp4libXfont2-2-2.0.3-1.19 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXfont2-2-2.0.3-1.19 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-16611 at SUSECVE-2017-16611 at NVDcpe:/o:suse:sles:12:sp4libXi6-1.7.4-17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXi6-1.7.4-17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1984 at SUSECVE-2013-1984 at NVDCVE-2013-1995 at SUSECVE-2013-1995 at NVDCVE-2013-1998 at SUSECVE-2013-1998 at NVDCVE-2016-7945 at SUSECVE-2016-7945 at NVDCVE-2016-7946 at SUSECVE-2016-7946 at NVDcpe:/o:suse:sles:12:sp4libXinerama1-1.1.3-3.54 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXinerama1-1.1.3-3.54 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1985 at SUSECVE-2013-1985 at NVDcpe:/o:suse:sles:12:sp4libXp6-1.0.2-3.57 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXp6-1.0.2-3.57 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2062 at SUSECVE-2013-2062 at NVDcpe:/o:suse:sles:12:sp4libXpm4-3.5.11-5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXpm4-3.5.11-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-10164 at SUSECVE-2016-10164 at NVDcpe:/o:suse:sles:12:sp4libXrandr2-1.5.0-6.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXrandr2-1.5.0-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1986 at SUSECVE-2013-1986 at NVDCVE-2016-7947 at SUSECVE-2016-7947 at NVDCVE-2016-7948 at SUSECVE-2016-7948 at NVDcpe:/o:suse:sles:12:sp4libXrender1-0.9.8-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXrender1-0.9.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDCVE-2016-7949 at SUSECVE-2016-7949 at NVDCVE-2016-7950 at SUSECVE-2016-7950 at NVDcpe:/o:suse:sles:12:sp4libXt6-1.1.4-3.57 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXt6-1.1.4-3.57 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2002 at SUSECVE-2013-2002 at NVDCVE-2013-2005 at SUSECVE-2013-2005 at NVDcpe:/o:suse:sles:12:sp4libXtst6-1.2.2-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXtst6-1.2.2-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2063 at SUSECVE-2013-2063 at NVDCVE-2016-7951 at SUSECVE-2016-7951 at NVDCVE-2016-7952 at SUSECVE-2016-7952 at NVDcpe:/o:suse:sles:12:sp4libXv1-1.0.10-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXv1-1.0.10-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:sles:12:sp4libXvMC1-1.0.8-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXvMC1-1.0.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1990 at SUSECVE-2013-1990 at NVDCVE-2013-1999 at SUSECVE-2013-1999 at NVDCVE-2016-7953 at SUSECVE-2016-7953 at NVDcpe:/o:suse:sles:12:sp4libXvnc1-1.6.0-18.23.72 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXvnc1-1.6.0-18.23.72 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-0011 at SUSECVE-2014-0011 at NVDCVE-2014-8240 at SUSECVE-2014-8240 at NVDCVE-2015-0255 at SUSECVE-2015-0255 at NVDcpe:/o:suse:sles:12:sp4libXxf86dga1-1.1.4-3.58 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXxf86dga1-1.1.4-3.58 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1991 at SUSECVE-2013-1991 at NVDCVE-2013-2000 at SUSECVE-2013-2000 at NVDcpe:/o:suse:sles:12:sp4libXxf86vm1-1.1.3-3.53 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libXxf86vm1-1.1.3-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2001 at SUSECVE-2013-2001 at NVDcpe:/o:suse:sles:12:sp4libapr-util1-1.5.3-2.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libapr-util1-1.5.3-2.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0023 at SUSECVE-2009-0023 at NVDCVE-2009-2412 at SUSECVE-2009-2412 at NVDCVE-2009-3560 at SUSECVE-2009-3560 at NVDCVE-2009-3720 at SUSECVE-2009-3720 at NVDCVE-2010-1623 at SUSECVE-2010-1623 at NVDCVE-2017-12618 at SUSECVE-2017-12618 at NVDcpe:/o:suse:sles:12:sp4libapr1-1.5.1-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libapr1-1.5.1-4.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2412 at SUSECVE-2009-2412 at NVDCVE-2011-0419 at SUSECVE-2011-0419 at NVDCVE-2011-1928 at SUSECVE-2011-1928 at NVDCVE-2017-12613 at SUSECVE-2017-12613 at NVDcpe:/o:suse:sles:12:sp4libarchive13-3.1.2-25.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libarchive13-3.1.2-25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-0211 at SUSECVE-2013-0211 at NVDCVE-2015-2304 at SUSECVE-2015-2304 at NVDCVE-2015-8915 at SUSECVE-2015-8915 at NVDCVE-2015-8916 at SUSECVE-2015-8916 at NVDCVE-2015-8918 at SUSECVE-2015-8918 at NVDCVE-2015-8919 at SUSECVE-2015-8919 at NVDCVE-2015-8920 at SUSECVE-2015-8920 at NVDCVE-2015-8921 at SUSECVE-2015-8921 at NVDCVE-2015-8922 at SUSECVE-2015-8922 at NVDCVE-2015-8923 at SUSECVE-2015-8923 at NVDCVE-2015-8924 at SUSECVE-2015-8924 at NVDCVE-2015-8925 at SUSECVE-2015-8925 at NVDCVE-2015-8926 at SUSECVE-2015-8926 at NVDCVE-2015-8928 at SUSECVE-2015-8928 at NVDCVE-2015-8929 at SUSECVE-2015-8929 at NVDCVE-2015-8930 at SUSECVE-2015-8930 at NVDCVE-2015-8931 at SUSECVE-2015-8931 at NVDCVE-2015-8932 at SUSECVE-2015-8932 at NVDCVE-2015-8933 at SUSECVE-2015-8933 at NVDCVE-2015-8934 at SUSECVE-2015-8934 at NVDCVE-2016-1541 at SUSECVE-2016-1541 at NVDCVE-2016-4300 at SUSECVE-2016-4300 at NVDCVE-2016-4301 at SUSECVE-2016-4301 at NVDCVE-2016-4302 at SUSECVE-2016-4302 at NVDCVE-2016-4809 at SUSECVE-2016-4809 at NVDCVE-2016-5418 at SUSECVE-2016-5418 at NVDCVE-2016-5844 at SUSECVE-2016-5844 at NVDCVE-2016-6250 at SUSECVE-2016-6250 at NVDCVE-2016-8687 at SUSECVE-2016-8687 at NVDCVE-2016-8688 at SUSECVE-2016-8688 at NVDCVE-2016-8689 at SUSECVE-2016-8689 at NVDcpe:/o:suse:sles:12:sp4libasan2-32bit-5.3.1+r233831-12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libasan2-32bit-5.3.1+r233831-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-5276 at SUSECVE-2015-5276 at NVDcpe:/o:suse:sles:12:sp4libass5-0.10.2-3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libass5-0.10.2-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-7969 at SUSECVE-2016-7969 at NVDCVE-2016-7972 at SUSECVE-2016-7972 at NVDcpe:/o:suse:sles:12:sp4libblkid1-2.29.2-7.14 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libblkid1-2.29.2-7.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-0157 at SUSECVE-2013-0157 at NVDCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2018-7738 at SUSECVE-2018-7738 at NVDcpe:/o:suse:sles:12:sp4libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libcairo-gobject2-1.15.2-25.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:sles:12:sp4libcares2-1.9.1-9.4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libcares2-1.9.1-9.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDcpe:/o:suse:sles:12:sp4libcdio14-0.90-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libcdio14-0.90-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-18201 at SUSECVE-2017-18201 at NVDcpe:/o:suse:sles:12:sp4libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1886 at SUSECVE-2009-1886 at NVDCVE-2009-1888 at SUSECVE-2009-1888 at NVDCVE-2009-2813 at SUSECVE-2009-2813 at NVDCVE-2009-2906 at SUSECVE-2009-2906 at NVDCVE-2009-2948 at SUSECVE-2009-2948 at NVDCVE-2010-0547 at SUSECVE-2010-0547 at NVDCVE-2010-0728 at SUSECVE-2010-0728 at NVDCVE-2010-0787 at SUSECVE-2010-0787 at NVDCVE-2010-0926 at SUSECVE-2010-0926 at NVDCVE-2010-1635 at SUSECVE-2010-1635 at NVDCVE-2010-1642 at SUSECVE-2010-1642 at NVDCVE-2010-2063 at SUSECVE-2010-2063 at NVDCVE-2010-3069 at SUSECVE-2010-3069 at NVDCVE-2011-0719 at SUSECVE-2011-0719 at NVDCVE-2011-2522 at SUSECVE-2011-2522 at NVDCVE-2011-2694 at SUSECVE-2011-2694 at NVDCVE-2012-0817 at SUSECVE-2012-0817 at NVDCVE-2012-0870 at SUSECVE-2012-0870 at NVDCVE-2012-1182 at SUSECVE-2012-1182 at NVDCVE-2012-2111 at SUSECVE-2012-2111 at NVDCVE-2012-6150 at SUSECVE-2012-6150 at NVDCVE-2013-0172 at SUSECVE-2013-0172 at NVDCVE-2013-0213 at SUSECVE-2013-0213 at NVDCVE-2013-0214 at SUSECVE-2013-0214 at NVDCVE-2013-0454 at SUSECVE-2013-0454 at NVDCVE-2013-1863 at SUSECVE-2013-1863 at NVDCVE-2013-4124 at SUSECVE-2013-4124 at NVDCVE-2013-4408 at SUSECVE-2013-4408 at NVDCVE-2013-4475 at SUSECVE-2013-4475 at NVDCVE-2013-4476 at SUSECVE-2013-4476 at NVDCVE-2013-4496 at SUSECVE-2013-4496 at NVDCVE-2013-6442 at SUSECVE-2013-6442 at NVDCVE-2014-0178 at SUSECVE-2014-0178 at NVDCVE-2014-0239 at SUSECVE-2014-0239 at NVDCVE-2014-0244 at SUSECVE-2014-0244 at NVDCVE-2014-3493 at SUSECVE-2014-3493 at NVDCVE-2014-3560 at SUSECVE-2014-3560 at NVDCVE-2014-8143 at SUSECVE-2014-8143 at NVDCVE-2015-0240 at SUSECVE-2015-0240 at NVDCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5252 at SUSECVE-2015-5252 at NVDCVE-2015-5296 at SUSECVE-2015-5296 at NVDCVE-2015-5299 at SUSECVE-2015-5299 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2015-5370 at SUSECVE-2015-5370 at NVDCVE-2015-7560 at SUSECVE-2015-7560 at NVDCVE-2015-8467 at SUSECVE-2015-8467 at NVDCVE-2015-8543 at SUSECVE-2015-8543 at NVDCVE-2016-0771 at SUSECVE-2016-0771 at NVDCVE-2016-2110 at SUSECVE-2016-2110 at NVDCVE-2016-2111 at SUSECVE-2016-2111 at NVDCVE-2016-2112 at SUSECVE-2016-2112 at NVDCVE-2016-2113 at SUSECVE-2016-2113 at NVDCVE-2016-2115 at SUSECVE-2016-2115 at NVDCVE-2016-2118 at SUSECVE-2016-2118 at NVDCVE-2016-2119 at SUSECVE-2016-2119 at NVDCVE-2016-2123 at SUSECVE-2016-2123 at NVDCVE-2016-2125 at SUSECVE-2016-2125 at NVDCVE-2016-2126 at SUSECVE-2016-2126 at NVDCVE-2017-11103 at SUSECVE-2017-11103 at NVDCVE-2017-12150 at SUSECVE-2017-12150 at NVDCVE-2017-12151 at SUSECVE-2017-12151 at NVDCVE-2017-12163 at SUSECVE-2017-12163 at NVDCVE-2017-14746 at SUSECVE-2017-14746 at NVDCVE-2017-15275 at SUSECVE-2017-15275 at NVDCVE-2017-2619 at SUSECVE-2017-2619 at NVDCVE-2017-7494 at SUSECVE-2017-7494 at NVDCVE-2018-1050 at SUSECVE-2018-1050 at NVDCVE-2018-1057 at SUSECVE-2018-1057 at NVDCVE-2018-10858 at SUSECVE-2018-10858 at NVDCVE-2018-10919 at SUSECVE-2018-10919 at NVDcpe:/o:suse:sles:12:sp4libdmx1-1.1.3-3.51 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libdmx1-1.1.3-3.51 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1992 at SUSECVE-2013-1992 at NVDcpe:/o:suse:sles:12:sp4libecpg6-10.5-1.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libecpg6-10.5-1.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2007-4772 at SUSECVE-2007-4772 at NVDCVE-2007-6600 at SUSECVE-2007-6600 at NVDCVE-2009-4034 at SUSECVE-2009-4034 at NVDCVE-2009-4136 at SUSECVE-2009-4136 at NVDCVE-2010-1169 at SUSECVE-2010-1169 at NVDCVE-2010-1170 at SUSECVE-2010-1170 at NVDCVE-2010-3433 at SUSECVE-2010-3433 at NVDCVE-2012-0866 at SUSECVE-2012-0866 at NVDCVE-2012-0867 at SUSECVE-2012-0867 at NVDCVE-2012-0868 at SUSECVE-2012-0868 at NVDCVE-2012-2143 at SUSECVE-2012-2143 at NVDCVE-2012-2655 at SUSECVE-2012-2655 at NVDCVE-2012-3488 at SUSECVE-2012-3488 at NVDCVE-2012-3489 at SUSECVE-2012-3489 at NVDCVE-2013-0255 at SUSECVE-2013-0255 at NVDCVE-2013-1899 at SUSECVE-2013-1899 at NVDCVE-2013-1900 at SUSECVE-2013-1900 at NVDCVE-2013-1901 at SUSECVE-2013-1901 at NVDCVE-2014-0060 at SUSECVE-2014-0060 at NVDCVE-2014-0061 at SUSECVE-2014-0061 at NVDCVE-2014-0062 at SUSECVE-2014-0062 at NVDCVE-2014-0063 at SUSECVE-2014-0063 at NVDCVE-2014-0064 at SUSECVE-2014-0064 at NVDCVE-2014-0065 at SUSECVE-2014-0065 at NVDCVE-2014-0066 at SUSECVE-2014-0066 at NVDCVE-2014-0067 at SUSECVE-2014-0067 at NVDCVE-2015-3165 at SUSECVE-2015-3165 at NVDCVE-2015-3166 at SUSECVE-2015-3166 at NVDCVE-2015-3167 at SUSECVE-2015-3167 at NVDCVE-2015-5288 at SUSECVE-2015-5288 at NVDCVE-2015-5289 at SUSECVE-2015-5289 at NVDCVE-2016-0766 at SUSECVE-2016-0766 at NVDCVE-2016-0773 at SUSECVE-2016-0773 at NVDCVE-2016-2193 at SUSECVE-2016-2193 at NVDCVE-2016-3065 at SUSECVE-2016-3065 at NVDCVE-2017-15098 at SUSECVE-2017-15098 at NVDCVE-2017-15099 at SUSECVE-2017-15099 at NVDCVE-2017-7484 at SUSECVE-2017-7484 at NVDCVE-2017-7485 at SUSECVE-2017-7485 at NVDCVE-2017-7486 at SUSECVE-2017-7486 at NVDCVE-2017-7546 at SUSECVE-2017-7546 at NVDCVE-2017-7547 at SUSECVE-2017-7547 at NVDCVE-2017-7548 at SUSECVE-2017-7548 at NVDCVE-2018-1053 at SUSECVE-2018-1053 at NVDCVE-2018-1058 at SUSECVE-2018-1058 at NVDCVE-2018-10915 at SUSECVE-2018-10915 at NVDCVE-2018-10925 at SUSECVE-2018-10925 at NVDCVE-2018-1115 at SUSECVE-2018-1115 at NVDcpe:/o:suse:sles:12:sp4libevent-2_0-5-2.0.21-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libevent-2_0-5-2.0.21-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDCVE-2016-10195 at SUSECVE-2016-10195 at NVDCVE-2016-10196 at SUSECVE-2016-10196 at NVDCVE-2016-10197 at SUSECVE-2016-10197 at NVDcpe:/o:suse:sles:12:sp4libexempi3-2.2.1-5.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libexempi3-2.2.1-5.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-18233 at SUSECVE-2017-18233 at NVDCVE-2017-18234 at SUSECVE-2017-18234 at NVDCVE-2017-18236 at SUSECVE-2017-18236 at NVDCVE-2017-18238 at SUSECVE-2017-18238 at NVDCVE-2018-7728 at SUSECVE-2018-7728 at NVDCVE-2018-7730 at SUSECVE-2018-7730 at NVDcpe:/o:suse:sles:12:sp4libexif12-0.6.21-8.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libexif12-0.6.21-8.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2812 at SUSECVE-2012-2812 at NVDCVE-2012-2813 at SUSECVE-2012-2813 at NVDCVE-2012-2814 at SUSECVE-2012-2814 at NVDCVE-2012-2836 at SUSECVE-2012-2836 at NVDCVE-2012-2837 at SUSECVE-2012-2837 at NVDCVE-2012-2840 at SUSECVE-2012-2840 at NVDCVE-2012-2841 at SUSECVE-2012-2841 at NVDCVE-2016-6328 at SUSECVE-2016-6328 at NVDCVE-2017-7544 at SUSECVE-2017-7544 at NVDcpe:/o:suse:sles:12:sp4libfreebl3-3.29.5-58.12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libfreebl3-3.29.5-58.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-3170 at SUSECVE-2010-3170 at NVDCVE-2011-3389 at SUSECVE-2011-3389 at NVDCVE-2011-3640 at SUSECVE-2011-3640 at NVDCVE-2013-0743 at SUSECVE-2013-0743 at NVDCVE-2013-0791 at SUSECVE-2013-0791 at NVDCVE-2013-1620 at SUSECVE-2013-1620 at NVDCVE-2013-1739 at SUSECVE-2013-1739 at NVDCVE-2013-1740 at SUSECVE-2013-1740 at NVDCVE-2013-5605 at SUSECVE-2013-5605 at NVDCVE-2014-1492 at SUSECVE-2014-1492 at NVDCVE-2014-1568 at SUSECVE-2014-1568 at NVDCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1938 at SUSECVE-2016-1938 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1978 at SUSECVE-2016-1978 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2016-5285 at SUSECVE-2016-5285 at NVDCVE-2016-8635 at SUSECVE-2016-8635 at NVDCVE-2016-9074 at SUSECVE-2016-9074 at NVDCVE-2016-9574 at SUSECVE-2016-9574 at NVDCVE-2017-7805 at SUSECVE-2017-7805 at NVDcpe:/o:suse:sles:12:sp4libfreetype6-2.6.3-7.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libfreetype6-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0946 at SUSECVE-2009-0946 at NVDCVE-2010-2497 at SUSECVE-2010-2497 at NVDCVE-2010-2805 at SUSECVE-2010-2805 at NVDCVE-2010-3053 at SUSECVE-2010-3053 at NVDCVE-2010-3054 at SUSECVE-2010-3054 at NVDCVE-2010-3311 at SUSECVE-2010-3311 at NVDCVE-2010-3814 at SUSECVE-2010-3814 at NVDCVE-2010-3855 at SUSECVE-2010-3855 at NVDCVE-2011-0226 at SUSECVE-2011-0226 at NVDCVE-2011-3256 at SUSECVE-2011-3256 at NVDCVE-2011-3439 at SUSECVE-2011-3439 at NVDCVE-2012-1126 at SUSECVE-2012-1126 at NVDCVE-2012-1127 at SUSECVE-2012-1127 at NVDCVE-2012-1128 at SUSECVE-2012-1128 at NVDCVE-2012-1129 at SUSECVE-2012-1129 at NVDCVE-2012-1130 at SUSECVE-2012-1130 at NVDCVE-2012-1131 at SUSECVE-2012-1131 at NVDCVE-2012-1132 at SUSECVE-2012-1132 at NVDCVE-2012-1133 at SUSECVE-2012-1133 at NVDCVE-2012-1134 at SUSECVE-2012-1134 at NVDCVE-2012-1135 at SUSECVE-2012-1135 at NVDCVE-2012-1136 at SUSECVE-2012-1136 at NVDCVE-2012-1137 at SUSECVE-2012-1137 at NVDCVE-2012-1138 at SUSECVE-2012-1138 at NVDCVE-2012-1139 at SUSECVE-2012-1139 at NVDCVE-2012-1140 at SUSECVE-2012-1140 at NVDCVE-2012-1141 at SUSECVE-2012-1141 at NVDCVE-2012-1142 at SUSECVE-2012-1142 at NVDCVE-2012-1143 at SUSECVE-2012-1143 at NVDCVE-2012-1144 at SUSECVE-2012-1144 at NVDCVE-2012-5668 at SUSECVE-2012-5668 at NVDCVE-2012-5669 at SUSECVE-2012-5669 at NVDCVE-2012-5670 at SUSECVE-2012-5670 at NVDCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-2241 at SUSECVE-2014-2241 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2016-10244 at SUSECVE-2016-10244 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDcpe:/o:suse:sles:12:sp4libgc1-7.2d-5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgc1-7.2d-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2673 at SUSECVE-2012-2673 at NVDCVE-2016-9427 at SUSECVE-2016-9427 at NVDcpe:/o:suse:sles:12:sp4libgcrypt20-1.6.1-16.61.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgcrypt20-1.6.1-16.61.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4242 at SUSECVE-2013-4242 at NVDCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDcpe:/o:suse:sles:12:sp4libgme0-0.6.0-5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgme0-0.6.0-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-9957 at SUSECVE-2016-9957 at NVDCVE-2016-9958 at SUSECVE-2016-9958 at NVDCVE-2016-9959 at SUSECVE-2016-9959 at NVDCVE-2016-9960 at SUSECVE-2016-9960 at NVDCVE-2016-9961 at SUSECVE-2016-9961 at NVDcpe:/o:suse:sles:12:sp4libgnomesu-2.0.0-353.6.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgnomesu-2.0.0-353.6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1946 at SUSECVE-2011-1946 at NVDcpe:/o:suse:sles:12:sp4libgoa-1_0-0-3.20.5-9.6 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgoa-1_0-0-3.20.5-9.6 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-0240 at SUSECVE-2013-0240 at NVDCVE-2013-1799 at SUSECVE-2013-1799 at NVDcpe:/o:suse:sles:12:sp4libgraphite2-3-1.3.1-10.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgraphite2-3-1.3.1-10.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2016-1523 at SUSECVE-2016-1523 at NVDCVE-2016-1526 at SUSECVE-2016-1526 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:sles:12:sp4libgssglue1-0.4-3.76 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgssglue1-0.4-3.76 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2709 at SUSECVE-2011-2709 at NVDcpe:/o:suse:sles:12:sp4libgypsy0-0.9-6.22 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libgypsy0-0.9-6.22 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0523 at SUSECVE-2011-0523 at NVDCVE-2011-0524 at SUSECVE-2011-0524 at NVDcpe:/o:suse:sles:12:sp4libhivex0-1.3.10-4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libhivex0-1.3.10-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9273 at SUSECVE-2014-9273 at NVDcpe:/o:suse:sles:12:sp4libhogweed2-2.7.1-12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libhogweed2-2.7.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDcpe:/o:suse:sles:12:sp4libical1-1.0.1-16.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libical1-1.0.1-16.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-5824 at SUSECVE-2016-5824 at NVDCVE-2016-5827 at SUSECVE-2016-5827 at NVDCVE-2016-9584 at SUSECVE-2016-9584 at NVDcpe:/o:suse:sles:12:sp4libicu-doc-52.1-8.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libicu-doc-52.1-8.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8146 at SUSECVE-2014-8146 at NVDCVE-2014-8147 at SUSECVE-2014-8147 at NVDCVE-2014-9654 at SUSECVE-2014-9654 at NVDCVE-2016-6293 at SUSECVE-2016-6293 at NVDCVE-2017-14952 at SUSECVE-2017-14952 at NVDCVE-2017-15422 at SUSECVE-2017-15422 at NVDCVE-2017-17484 at SUSECVE-2017-17484 at NVDCVE-2017-7867 at SUSECVE-2017-7867 at NVDCVE-2017-7868 at SUSECVE-2017-7868 at NVDcpe:/o:suse:sles:12:sp4libidn-tools-1.28-5.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libidn-tools-1.28-5.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2017-14062 at SUSECVE-2017-14062 at NVDcpe:/o:suse:sles:12:sp4libimobiledevice6-1.2.0-7.31 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libimobiledevice6-1.2.0-7.31 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2142 at SUSECVE-2013-2142 at NVDCVE-2016-5104 at SUSECVE-2016-5104 at NVDcpe:/o:suse:sles:12:sp4libipa_hbac0-1.16.1-2.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libipa_hbac0-1.16.1-2.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-4341 at SUSECVE-2010-4341 at NVDCVE-2011-1758 at SUSECVE-2011-1758 at NVDCVE-2013-0219 at SUSECVE-2013-0219 at NVDCVE-2013-0220 at SUSECVE-2013-0220 at NVDCVE-2013-0287 at SUSECVE-2013-0287 at NVDCVE-2017-12173 at SUSECVE-2017-12173 at NVDcpe:/o:suse:sles:12:sp4libjansson4-2.7-1.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjansson4-2.7-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:sles:12:sp4libjasper1-1.900.14-195.8.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjasper1-1.900.14-195.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-3522 at SUSECVE-2008-3522 at NVDCVE-2011-4516 at SUSECVE-2011-4516 at NVDCVE-2011-4517 at SUSECVE-2011-4517 at NVDCVE-2014-8137 at SUSECVE-2014-8137 at NVDCVE-2014-8138 at SUSECVE-2014-8138 at NVDCVE-2014-8157 at SUSECVE-2014-8157 at NVDCVE-2014-8158 at SUSECVE-2014-8158 at NVDCVE-2014-9029 at SUSECVE-2014-9029 at NVDCVE-2015-5203 at SUSECVE-2015-5203 at NVDCVE-2015-5221 at SUSECVE-2015-5221 at NVDCVE-2016-10251 at SUSECVE-2016-10251 at NVDCVE-2016-1577 at SUSECVE-2016-1577 at NVDCVE-2016-1867 at SUSECVE-2016-1867 at NVDCVE-2016-2089 at SUSECVE-2016-2089 at NVDCVE-2016-2116 at SUSECVE-2016-2116 at NVDCVE-2016-8654 at SUSECVE-2016-8654 at NVDCVE-2016-8690 at SUSECVE-2016-8690 at NVDCVE-2016-8691 at SUSECVE-2016-8691 at NVDCVE-2016-8692 at SUSECVE-2016-8692 at NVDCVE-2016-8693 at SUSECVE-2016-8693 at NVDCVE-2016-8880 at SUSECVE-2016-8880 at NVDCVE-2016-8881 at SUSECVE-2016-8881 at NVDCVE-2016-8882 at SUSECVE-2016-8882 at NVDCVE-2016-8883 at SUSECVE-2016-8883 at NVDCVE-2016-8884 at SUSECVE-2016-8884 at NVDCVE-2016-8885 at SUSECVE-2016-8885 at NVDCVE-2016-8886 at SUSECVE-2016-8886 at NVDCVE-2016-8887 at SUSECVE-2016-8887 at NVDCVE-2016-9262 at SUSECVE-2016-9262 at NVDCVE-2016-9388 at SUSECVE-2016-9388 at NVDCVE-2016-9389 at SUSECVE-2016-9389 at NVDCVE-2016-9390 at SUSECVE-2016-9390 at NVDCVE-2016-9391 at SUSECVE-2016-9391 at NVDCVE-2016-9392 at SUSECVE-2016-9392 at NVDCVE-2016-9393 at SUSECVE-2016-9393 at NVDCVE-2016-9394 at SUSECVE-2016-9394 at NVDCVE-2016-9395 at SUSECVE-2016-9395 at NVDCVE-2016-9398 at SUSECVE-2016-9398 at NVDCVE-2016-9560 at SUSECVE-2016-9560 at NVDCVE-2016-9583 at SUSECVE-2016-9583 at NVDCVE-2016-9591 at SUSECVE-2016-9591 at NVDCVE-2016-9600 at SUSECVE-2016-9600 at NVDCVE-2017-1000050 at SUSECVE-2017-1000050 at NVDCVE-2017-5498 at SUSECVE-2017-5498 at NVDCVE-2017-6850 at SUSECVE-2017-6850 at NVDCVE-2018-9055 at SUSECVE-2018-9055 at NVDcpe:/o:suse:sles:12:sp4libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjavascriptcoregtk-3_0-0-2.4.11-23.20 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-5112 at SUSECVE-2012-5112 at NVDCVE-2012-5133 at SUSECVE-2012-5133 at NVDCVE-2014-1344 at SUSECVE-2014-1344 at NVDCVE-2014-1384 at SUSECVE-2014-1384 at NVDCVE-2014-1385 at SUSECVE-2014-1385 at NVDCVE-2014-1386 at SUSECVE-2014-1386 at NVDCVE-2014-1387 at SUSECVE-2014-1387 at NVDCVE-2014-1388 at SUSECVE-2014-1388 at NVDCVE-2014-1389 at SUSECVE-2014-1389 at NVDCVE-2014-1390 at SUSECVE-2014-1390 at NVDCVE-2014-1748 at SUSECVE-2014-1748 at NVDCVE-2015-1071 at SUSECVE-2015-1071 at NVDCVE-2015-1076 at SUSECVE-2015-1076 at NVDCVE-2015-1081 at SUSECVE-2015-1081 at NVDCVE-2015-1083 at SUSECVE-2015-1083 at NVDCVE-2015-1120 at SUSECVE-2015-1120 at NVDCVE-2015-1122 at SUSECVE-2015-1122 at NVDCVE-2015-1127 at SUSECVE-2015-1127 at NVDCVE-2015-1153 at SUSECVE-2015-1153 at NVDCVE-2015-1155 at SUSECVE-2015-1155 at NVDCVE-2015-2330 at SUSECVE-2015-2330 at NVDCVE-2015-3658 at SUSECVE-2015-3658 at NVDCVE-2015-3659 at SUSECVE-2015-3659 at NVDCVE-2015-3727 at SUSECVE-2015-3727 at NVDCVE-2015-3731 at SUSECVE-2015-3731 at NVDCVE-2015-3741 at SUSECVE-2015-3741 at NVDCVE-2015-3743 at SUSECVE-2015-3743 at NVDCVE-2015-3745 at SUSECVE-2015-3745 at NVDCVE-2015-3747 at SUSECVE-2015-3747 at NVDCVE-2015-3748 at SUSECVE-2015-3748 at NVDCVE-2015-3749 at SUSECVE-2015-3749 at NVDCVE-2015-3752 at SUSECVE-2015-3752 at NVDCVE-2015-5788 at SUSECVE-2015-5788 at NVDCVE-2015-5794 at SUSECVE-2015-5794 at NVDCVE-2015-5801 at SUSECVE-2015-5801 at NVDCVE-2015-5809 at SUSECVE-2015-5809 at NVDCVE-2015-5822 at SUSECVE-2015-5822 at NVDCVE-2015-5928 at SUSECVE-2015-5928 at NVDcpe:/o:suse:sles:12:sp4libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-1856 at SUSECVE-2016-1856 at NVDCVE-2016-1857 at SUSECVE-2016-1857 at NVDCVE-2016-4590 at SUSECVE-2016-4590 at NVDCVE-2016-4591 at SUSECVE-2016-4591 at NVDCVE-2016-4622 at SUSECVE-2016-4622 at NVDCVE-2016-4624 at SUSECVE-2016-4624 at NVDCVE-2016-4692 at SUSECVE-2016-4692 at NVDCVE-2016-4743 at SUSECVE-2016-4743 at NVDCVE-2016-7586 at SUSECVE-2016-7586 at NVDCVE-2016-7587 at SUSECVE-2016-7587 at NVDCVE-2016-7589 at SUSECVE-2016-7589 at NVDCVE-2016-7592 at SUSECVE-2016-7592 at NVDCVE-2016-7598 at SUSECVE-2016-7598 at NVDCVE-2016-7599 at SUSECVE-2016-7599 at NVDCVE-2016-7610 at SUSECVE-2016-7610 at NVDCVE-2016-7623 at SUSECVE-2016-7623 at NVDCVE-2016-7632 at SUSECVE-2016-7632 at NVDCVE-2016-7635 at SUSECVE-2016-7635 at NVDCVE-2016-7639 at SUSECVE-2016-7639 at NVDCVE-2016-7641 at SUSECVE-2016-7641 at NVDCVE-2016-7645 at SUSECVE-2016-7645 at NVDCVE-2016-7652 at SUSECVE-2016-7652 at NVDCVE-2016-7654 at SUSECVE-2016-7654 at NVDCVE-2016-7656 at SUSECVE-2016-7656 at NVDCVE-2017-1000121 at SUSECVE-2017-1000121 at NVDCVE-2017-1000122 at SUSECVE-2017-1000122 at NVDCVE-2017-13788 at SUSECVE-2017-13788 at NVDCVE-2017-13798 at SUSECVE-2017-13798 at NVDCVE-2017-13803 at SUSECVE-2017-13803 at NVDCVE-2017-13856 at SUSECVE-2017-13856 at NVDCVE-2017-13866 at SUSECVE-2017-13866 at NVDCVE-2017-13870 at SUSECVE-2017-13870 at NVDCVE-2017-13884 at SUSECVE-2017-13884 at NVDCVE-2017-13885 at SUSECVE-2017-13885 at NVDCVE-2017-2350 at SUSECVE-2017-2350 at NVDCVE-2017-2354 at SUSECVE-2017-2354 at NVDCVE-2017-2355 at SUSECVE-2017-2355 at NVDCVE-2017-2356 at SUSECVE-2017-2356 at NVDCVE-2017-2362 at SUSECVE-2017-2362 at NVDCVE-2017-2363 at SUSECVE-2017-2363 at NVDCVE-2017-2364 at SUSECVE-2017-2364 at NVDCVE-2017-2365 at SUSECVE-2017-2365 at NVDCVE-2017-2366 at SUSECVE-2017-2366 at NVDCVE-2017-2369 at SUSECVE-2017-2369 at NVDCVE-2017-2371 at SUSECVE-2017-2371 at NVDCVE-2017-2373 at SUSECVE-2017-2373 at NVDCVE-2017-2496 at SUSECVE-2017-2496 at NVDCVE-2017-2510 at SUSECVE-2017-2510 at NVDCVE-2017-2538 at SUSECVE-2017-2538 at NVDCVE-2017-2539 at SUSECVE-2017-2539 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-7006 at SUSECVE-2017-7006 at NVDCVE-2017-7011 at SUSECVE-2017-7011 at NVDCVE-2017-7012 at SUSECVE-2017-7012 at NVDCVE-2017-7018 at SUSECVE-2017-7018 at NVDCVE-2017-7019 at SUSECVE-2017-7019 at NVDCVE-2017-7020 at SUSECVE-2017-7020 at NVDCVE-2017-7030 at SUSECVE-2017-7030 at NVDCVE-2017-7034 at SUSECVE-2017-7034 at NVDCVE-2017-7037 at SUSECVE-2017-7037 at NVDCVE-2017-7038 at SUSECVE-2017-7038 at NVDCVE-2017-7039 at SUSECVE-2017-7039 at NVDCVE-2017-7040 at SUSECVE-2017-7040 at NVDCVE-2017-7041 at SUSECVE-2017-7041 at NVDCVE-2017-7042 at SUSECVE-2017-7042 at NVDCVE-2017-7043 at SUSECVE-2017-7043 at NVDCVE-2017-7046 at SUSECVE-2017-7046 at NVDCVE-2017-7048 at SUSECVE-2017-7048 at NVDCVE-2017-7049 at SUSECVE-2017-7049 at NVDCVE-2017-7052 at SUSECVE-2017-7052 at NVDCVE-2017-7055 at SUSECVE-2017-7055 at NVDCVE-2017-7056 at SUSECVE-2017-7056 at NVDCVE-2017-7059 at SUSECVE-2017-7059 at NVDCVE-2017-7061 at SUSECVE-2017-7061 at NVDCVE-2017-7064 at SUSECVE-2017-7064 at NVDCVE-2017-7081 at SUSECVE-2017-7081 at NVDCVE-2017-7087 at SUSECVE-2017-7087 at NVDCVE-2017-7089 at SUSECVE-2017-7089 at NVDCVE-2017-7090 at SUSECVE-2017-7090 at NVDCVE-2017-7091 at SUSECVE-2017-7091 at NVDCVE-2017-7092 at SUSECVE-2017-7092 at NVDCVE-2017-7093 at SUSECVE-2017-7093 at NVDCVE-2017-7094 at SUSECVE-2017-7094 at NVDCVE-2017-7095 at SUSECVE-2017-7095 at NVDCVE-2017-7096 at SUSECVE-2017-7096 at NVDCVE-2017-7098 at SUSECVE-2017-7098 at NVDCVE-2017-7099 at SUSECVE-2017-7099 at NVDCVE-2017-7100 at SUSECVE-2017-7100 at NVDCVE-2017-7102 at SUSECVE-2017-7102 at NVDCVE-2017-7104 at SUSECVE-2017-7104 at NVDCVE-2017-7107 at SUSECVE-2017-7107 at NVDCVE-2017-7109 at SUSECVE-2017-7109 at NVDCVE-2017-7111 at SUSECVE-2017-7111 at NVDCVE-2017-7117 at SUSECVE-2017-7117 at NVDCVE-2017-7120 at SUSECVE-2017-7120 at NVDCVE-2017-7142 at SUSECVE-2017-7142 at NVDCVE-2017-7153 at SUSECVE-2017-7153 at NVDCVE-2017-7156 at SUSECVE-2017-7156 at NVDCVE-2017-7157 at SUSECVE-2017-7157 at NVDCVE-2017-7160 at SUSECVE-2017-7160 at NVDCVE-2017-7161 at SUSECVE-2017-7161 at NVDCVE-2017-7165 at SUSECVE-2017-7165 at NVDCVE-2018-11646 at SUSECVE-2018-11646 at NVDCVE-2018-11712 at SUSECVE-2018-11712 at NVDCVE-2018-11713 at SUSECVE-2018-11713 at NVDCVE-2018-12911 at SUSECVE-2018-12911 at NVDCVE-2018-4088 at SUSECVE-2018-4088 at NVDCVE-2018-4096 at SUSECVE-2018-4096 at NVDCVE-2018-4101 at SUSECVE-2018-4101 at NVDCVE-2018-4113 at SUSECVE-2018-4113 at NVDCVE-2018-4114 at SUSECVE-2018-4114 at NVDCVE-2018-4117 at SUSECVE-2018-4117 at NVDCVE-2018-4118 at SUSECVE-2018-4118 at NVDCVE-2018-4119 at SUSECVE-2018-4119 at NVDCVE-2018-4120 at SUSECVE-2018-4120 at NVDCVE-2018-4121 at SUSECVE-2018-4121 at NVDCVE-2018-4122 at SUSECVE-2018-4122 at NVDCVE-2018-4125 at SUSECVE-2018-4125 at NVDCVE-2018-4127 at SUSECVE-2018-4127 at NVDCVE-2018-4128 at SUSECVE-2018-4128 at NVDCVE-2018-4129 at SUSECVE-2018-4129 at NVDCVE-2018-4133 at SUSECVE-2018-4133 at NVDCVE-2018-4146 at SUSECVE-2018-4146 at NVDCVE-2018-4161 at SUSECVE-2018-4161 at NVDCVE-2018-4162 at SUSECVE-2018-4162 at NVDCVE-2018-4163 at SUSECVE-2018-4163 at NVDCVE-2018-4165 at SUSECVE-2018-4165 at NVDCVE-2018-4190 at SUSECVE-2018-4190 at NVDCVE-2018-4199 at SUSECVE-2018-4199 at NVDCVE-2018-4200 at SUSECVE-2018-4200 at NVDCVE-2018-4204 at SUSECVE-2018-4204 at NVDCVE-2018-4218 at SUSECVE-2018-4218 at NVDCVE-2018-4222 at SUSECVE-2018-4222 at NVDCVE-2018-4232 at SUSECVE-2018-4232 at NVDCVE-2018-4233 at SUSECVE-2018-4233 at NVDCVE-2018-4246 at SUSECVE-2018-4246 at NVDcpe:/o:suse:sles:12:sp4libjbig2-2.0-12.13 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjbig2-2.0-12.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6369 at SUSECVE-2013-6369 at NVDcpe:/o:suse:sles:12:sp4libjpeg-turbo-1.5.3-31.7.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjpeg-turbo-1.5.3-31.7.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDcpe:/o:suse:sles:12:sp4libjson-c2-0.11-2.15 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libjson-c2-0.11-2.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDcpe:/o:suse:sles:12:sp4libkde4-32bit-4.12.0-10.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libkde4-32bit-4.12.0-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-6354 at SUSECVE-2016-6354 at NVDCVE-2017-8422 at SUSECVE-2017-8422 at NVDcpe:/o:suse:sles:12:sp4libkpathsea6-6.2.0dev-22.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libkpathsea6-6.2.0dev-22.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-17407 at SUSECVE-2018-17407 at NVDcpe:/o:suse:sles:12:sp4libksba8-1.3.0-23.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libksba8-1.3.0-23.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDcpe:/o:suse:sles:12:sp4liblcms1-1.19-17.28 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the liblcms1-1.19-17.28 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0793 at SUSECVE-2009-0793 at NVDCVE-2013-4276 at SUSECVE-2013-4276 at NVDcpe:/o:suse:sles:12:sp4libldap-2_4-2-2.4.41-18.40.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libldap-2_4-2-2.4.41-18.40.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-9287 at SUSECVE-2017-9287 at NVDcpe:/o:suse:sles:12:sp4libldb1-1.1.29-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libldb1-1.1.29-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDcpe:/o:suse:sles:12:sp4liblouis-data-2.6.4-6.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the liblouis-data-2.6.4-6.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-13738 at SUSECVE-2017-13738 at NVDCVE-2017-13739 at SUSECVE-2017-13739 at NVDCVE-2017-13740 at SUSECVE-2017-13740 at NVDCVE-2017-13741 at SUSECVE-2017-13741 at NVDCVE-2017-13743 at SUSECVE-2017-13743 at NVDCVE-2017-13744 at SUSECVE-2017-13744 at NVDCVE-2018-11440 at SUSECVE-2018-11440 at NVDCVE-2018-11577 at SUSECVE-2018-11577 at NVDCVE-2018-11683 at SUSECVE-2018-11683 at NVDCVE-2018-11684 at SUSECVE-2018-11684 at NVDCVE-2018-11685 at SUSECVE-2018-11685 at NVDCVE-2018-12085 at SUSECVE-2018-12085 at NVDcpe:/o:suse:sles:12:sp4libltdl7-2.4.2-17.4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libltdl7-2.4.2-17.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-3736 at SUSECVE-2009-3736 at NVDcpe:/o:suse:sles:12:sp4liblua5_2-32bit-5.2.4-6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the liblua5_2-32bit-5.2.4-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-5461 at SUSECVE-2014-5461 at NVDcpe:/o:suse:sles:12:sp4liblzo2-2-2.08-1.13 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the liblzo2-2-2.08-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:sles:12:sp4libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmicrohttpd10-0.9.30-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-7038 at SUSECVE-2013-7038 at NVDCVE-2013-7039 at SUSECVE-2013-7039 at NVDcpe:/o:suse:sles:12:sp4libmms0-0.6.2-15.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmms0-0.6.2-15.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-2892 at SUSECVE-2014-2892 at NVDcpe:/o:suse:sles:12:sp4libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1761 at SUSECVE-2011-1761 at NVDCVE-2013-4233 at SUSECVE-2013-4233 at NVDCVE-2013-4234 at SUSECVE-2013-4234 at NVDcpe:/o:suse:sles:12:sp4libmpfr4-3.1.2-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmpfr4-3.1.2-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9474 at SUSECVE-2014-9474 at NVDcpe:/o:suse:sles:12:sp4libmspack0-0.4-14.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmspack0-0.4-14.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2800 at SUSECVE-2010-2800 at NVDCVE-2010-2801 at SUSECVE-2010-2801 at NVDCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2014-9732 at SUSECVE-2014-9732 at NVDCVE-2015-4467 at SUSECVE-2015-4467 at NVDCVE-2015-4468 at SUSECVE-2015-4468 at NVDCVE-2015-4469 at SUSECVE-2015-4469 at NVDCVE-2015-4470 at SUSECVE-2015-4470 at NVDCVE-2015-4471 at SUSECVE-2015-4471 at NVDCVE-2015-4472 at SUSECVE-2015-4472 at NVDcpe:/o:suse:sles:12:sp4libmusicbrainz4-2.1.5-27.79 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmusicbrainz4-2.1.5-27.79 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-4197 at SUSECVE-2006-4197 at NVDcpe:/o:suse:sles:12:sp4libmysqlclient18-10.0.35-1.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libmysqlclient18-10.0.35-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2007-5970 at SUSECVE-2007-5970 at NVDCVE-2008-7247 at SUSECVE-2008-7247 at NVDCVE-2009-4019 at SUSECVE-2009-4019 at NVDCVE-2009-4028 at SUSECVE-2009-4028 at NVDCVE-2009-4030 at SUSECVE-2009-4030 at NVDCVE-2010-5298 at SUSECVE-2010-5298 at NVDCVE-2012-5615 at SUSECVE-2012-5615 at NVDCVE-2013-1976 at SUSECVE-2013-1976 at NVDCVE-2014-0195 at SUSECVE-2014-0195 at NVDCVE-2014-0198 at SUSECVE-2014-0198 at NVDCVE-2014-0221 at SUSECVE-2014-0221 at NVDCVE-2014-0224 at SUSECVE-2014-0224 at NVDCVE-2014-2494 at SUSECVE-2014-2494 at NVDCVE-2014-3470 at SUSECVE-2014-3470 at NVDCVE-2014-4207 at SUSECVE-2014-4207 at NVDCVE-2014-4258 at SUSECVE-2014-4258 at NVDCVE-2014-4260 at SUSECVE-2014-4260 at NVDCVE-2014-4274 at SUSECVE-2014-4274 at NVDCVE-2014-4287 at SUSECVE-2014-4287 at NVDCVE-2014-6463 at SUSECVE-2014-6463 at NVDCVE-2014-6464 at SUSECVE-2014-6464 at NVDCVE-2014-6469 at SUSECVE-2014-6469 at NVDCVE-2014-6474 at SUSECVE-2014-6474 at NVDCVE-2014-6478 at SUSECVE-2014-6478 at NVDCVE-2014-6484 at SUSECVE-2014-6484 at NVDCVE-2014-6489 at SUSECVE-2014-6489 at NVDCVE-2014-6491 at SUSECVE-2014-6491 at NVDCVE-2014-6494 at SUSECVE-2014-6494 at NVDCVE-2014-6495 at SUSECVE-2014-6495 at NVDCVE-2014-6496 at SUSECVE-2014-6496 at NVDCVE-2014-6500 at SUSECVE-2014-6500 at NVDCVE-2014-6505 at SUSECVE-2014-6505 at NVDCVE-2014-6507 at SUSECVE-2014-6507 at NVDCVE-2014-6520 at SUSECVE-2014-6520 at NVDCVE-2014-6530 at SUSECVE-2014-6530 at NVDCVE-2014-6551 at SUSECVE-2014-6551 at NVDCVE-2014-6555 at SUSECVE-2014-6555 at NVDCVE-2014-6559 at SUSECVE-2014-6559 at NVDCVE-2014-6564 at SUSECVE-2014-6564 at NVDCVE-2014-6568 at SUSECVE-2014-6568 at NVDCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-0374 at SUSECVE-2015-0374 at NVDCVE-2015-0381 at SUSECVE-2015-0381 at NVDCVE-2015-0382 at SUSECVE-2015-0382 at NVDCVE-2015-0391 at SUSECVE-2015-0391 at NVDCVE-2015-0411 at SUSECVE-2015-0411 at NVDCVE-2015-0432 at SUSECVE-2015-0432 at NVDCVE-2015-0433 at SUSECVE-2015-0433 at NVDCVE-2015-0441 at SUSECVE-2015-0441 at NVDCVE-2015-0499 at SUSECVE-2015-0499 at NVDCVE-2015-0501 at SUSECVE-2015-0501 at NVDCVE-2015-0505 at SUSECVE-2015-0505 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-2568 at SUSECVE-2015-2568 at NVDCVE-2015-2571 at SUSECVE-2015-2571 at NVDCVE-2015-2573 at SUSECVE-2015-2573 at NVDCVE-2015-3152 at SUSECVE-2015-3152 at NVDCVE-2015-4792 at SUSECVE-2015-4792 at NVDCVE-2015-4802 at SUSECVE-2015-4802 at NVDCVE-2015-4807 at SUSECVE-2015-4807 at NVDCVE-2015-4815 at SUSECVE-2015-4815 at NVDCVE-2015-4826 at SUSECVE-2015-4826 at NVDCVE-2015-4830 at SUSECVE-2015-4830 at NVDCVE-2015-4836 at SUSECVE-2015-4836 at NVDCVE-2015-4858 at SUSECVE-2015-4858 at NVDCVE-2015-4861 at SUSECVE-2015-4861 at NVDCVE-2015-4870 at SUSECVE-2015-4870 at NVDCVE-2015-4913 at SUSECVE-2015-4913 at NVDCVE-2015-5969 at SUSECVE-2015-5969 at NVDCVE-2016-0505 at SUSECVE-2016-0505 at NVDCVE-2016-0546 at SUSECVE-2016-0546 at NVDCVE-2016-0596 at SUSECVE-2016-0596 at NVDCVE-2016-0597 at SUSECVE-2016-0597 at NVDCVE-2016-0598 at SUSECVE-2016-0598 at NVDCVE-2016-0600 at SUSECVE-2016-0600 at NVDCVE-2016-0606 at SUSECVE-2016-0606 at NVDCVE-2016-0608 at SUSECVE-2016-0608 at NVDCVE-2016-0609 at SUSECVE-2016-0609 at NVDCVE-2016-0616 at SUSECVE-2016-0616 at NVDCVE-2016-0640 at SUSECVE-2016-0640 at NVDCVE-2016-0641 at SUSECVE-2016-0641 at NVDCVE-2016-0642 at SUSECVE-2016-0642 at NVDCVE-2016-0643 at SUSECVE-2016-0643 at NVDCVE-2016-0644 at SUSECVE-2016-0644 at NVDCVE-2016-0646 at SUSECVE-2016-0646 at NVDCVE-2016-0647 at SUSECVE-2016-0647 at NVDCVE-2016-0648 at SUSECVE-2016-0648 at NVDCVE-2016-0649 at SUSECVE-2016-0649 at NVDCVE-2016-0650 at SUSECVE-2016-0650 at NVDCVE-2016-0651 at SUSECVE-2016-0651 at NVDCVE-2016-0655 at SUSECVE-2016-0655 at NVDCVE-2016-0666 at SUSECVE-2016-0666 at NVDCVE-2016-0668 at SUSECVE-2016-0668 at NVDCVE-2016-2047 at SUSECVE-2016-2047 at NVDCVE-2016-3477 at SUSECVE-2016-3477 at NVDCVE-2016-3492 at SUSECVE-2016-3492 at NVDCVE-2016-3521 at SUSECVE-2016-3521 at NVDCVE-2016-3615 at SUSECVE-2016-3615 at NVDCVE-2016-5440 at SUSECVE-2016-5440 at NVDCVE-2016-5584 at SUSECVE-2016-5584 at NVDCVE-2016-5624 at SUSECVE-2016-5624 at NVDCVE-2016-5626 at SUSECVE-2016-5626 at NVDCVE-2016-5629 at SUSECVE-2016-5629 at NVDCVE-2016-6662 at SUSECVE-2016-6662 at NVDCVE-2016-6663 at SUSECVE-2016-6663 at NVDCVE-2016-6664 at SUSECVE-2016-6664 at NVDCVE-2016-7440 at SUSECVE-2016-7440 at NVDCVE-2016-8283 at SUSECVE-2016-8283 at NVDCVE-2017-10268 at SUSECVE-2017-10268 at NVDCVE-2017-10378 at SUSECVE-2017-10378 at NVDCVE-2017-3238 at SUSECVE-2017-3238 at NVDCVE-2017-3243 at SUSECVE-2017-3243 at NVDCVE-2017-3244 at SUSECVE-2017-3244 at NVDCVE-2017-3257 at SUSECVE-2017-3257 at NVDCVE-2017-3258 at SUSECVE-2017-3258 at NVDCVE-2017-3265 at SUSECVE-2017-3265 at NVDCVE-2017-3291 at SUSECVE-2017-3291 at NVDCVE-2017-3302 at SUSECVE-2017-3302 at NVDCVE-2017-3308 at SUSECVE-2017-3308 at NVDCVE-2017-3309 at SUSECVE-2017-3309 at NVDCVE-2017-3312 at SUSECVE-2017-3312 at NVDCVE-2017-3313 at SUSECVE-2017-3313 at NVDCVE-2017-3317 at SUSECVE-2017-3317 at NVDCVE-2017-3318 at SUSECVE-2017-3318 at NVDCVE-2017-3453 at SUSECVE-2017-3453 at NVDCVE-2017-3456 at SUSECVE-2017-3456 at NVDCVE-2017-3464 at SUSECVE-2017-3464 at NVDCVE-2017-3636 at SUSECVE-2017-3636 at NVDCVE-2017-3641 at SUSECVE-2017-3641 at NVDCVE-2017-3653 at SUSECVE-2017-3653 at NVDCVE-2018-2562 at SUSECVE-2018-2562 at NVDCVE-2018-2612 at SUSECVE-2018-2612 at NVDCVE-2018-2622 at SUSECVE-2018-2622 at NVDCVE-2018-2640 at SUSECVE-2018-2640 at NVDCVE-2018-2665 at SUSECVE-2018-2665 at NVDCVE-2018-2668 at SUSECVE-2018-2668 at NVDCVE-2018-2755 at SUSECVE-2018-2755 at NVDCVE-2018-2761 at SUSECVE-2018-2761 at NVDCVE-2018-2766 at SUSECVE-2018-2766 at NVDCVE-2018-2767 at SUSECVE-2018-2767 at NVDCVE-2018-2771 at SUSECVE-2018-2771 at NVDCVE-2018-2781 at SUSECVE-2018-2781 at NVDCVE-2018-2782 at SUSECVE-2018-2782 at NVDCVE-2018-2784 at SUSECVE-2018-2784 at NVDCVE-2018-2787 at SUSECVE-2018-2787 at NVDCVE-2018-2813 at SUSECVE-2018-2813 at NVDCVE-2018-2817 at SUSECVE-2018-2817 at NVDCVE-2018-2819 at SUSECVE-2018-2819 at NVDcpe:/o:suse:sles:12:sp4libncurses5-32bit-5.9-58.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libncurses5-32bit-5.9-58.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-10684 at SUSECVE-2017-10684 at NVDCVE-2017-10685 at SUSECVE-2017-10685 at NVDCVE-2017-11112 at SUSECVE-2017-11112 at NVDCVE-2017-11113 at SUSECVE-2017-11113 at NVDCVE-2017-13728 at SUSECVE-2017-13728 at NVDCVE-2017-13729 at SUSECVE-2017-13729 at NVDCVE-2017-13730 at SUSECVE-2017-13730 at NVDCVE-2017-13731 at SUSECVE-2017-13731 at NVDCVE-2017-13732 at SUSECVE-2017-13732 at NVDCVE-2017-13733 at SUSECVE-2017-13733 at NVDCVE-2017-13734 at SUSECVE-2017-13734 at NVDcpe:/o:suse:sles:12:sp4libneon27-0.30.0-3.64 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libneon27-0.30.0-3.64 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2473 at SUSECVE-2009-2473 at NVDCVE-2009-2474 at SUSECVE-2009-2474 at NVDcpe:/o:suse:sles:12:sp4libnetpbm11-10.66.3-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libnetpbm11-10.66.3-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-6354 at SUSECVE-2016-6354 at NVDCVE-2017-2581 at SUSECVE-2017-2581 at NVDCVE-2017-2586 at SUSECVE-2017-2586 at NVDCVE-2017-2587 at SUSECVE-2017-2587 at NVDcpe:/o:suse:sles:12:sp4libnghttp2-14-1.7.1-1.84 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libnghttp2-14-1.7.1-1.84 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDcpe:/o:suse:sles:12:sp4libnm-glib-vpn1-1.0.12-13.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libnm-glib-vpn1-1.0.12-13.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDcpe:/o:suse:sles:12:sp4libopenjp2-7-2.1.0-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libopenjp2-7-2.1.0-4.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-1239 at SUSECVE-2015-1239 at NVDCVE-2015-8871 at SUSECVE-2015-8871 at NVDCVE-2016-10507 at SUSECVE-2016-10507 at NVDCVE-2016-7163 at SUSECVE-2016-7163 at NVDCVE-2016-7445 at SUSECVE-2016-7445 at NVDCVE-2016-8332 at SUSECVE-2016-8332 at NVDCVE-2016-9112 at SUSECVE-2016-9112 at NVDCVE-2016-9113 at SUSECVE-2016-9113 at NVDCVE-2016-9114 at SUSECVE-2016-9114 at NVDCVE-2016-9115 at SUSECVE-2016-9115 at NVDCVE-2016-9116 at SUSECVE-2016-9116 at NVDCVE-2016-9117 at SUSECVE-2016-9117 at NVDCVE-2016-9118 at SUSECVE-2016-9118 at NVDCVE-2016-9572 at SUSECVE-2016-9572 at NVDCVE-2016-9573 at SUSECVE-2016-9573 at NVDCVE-2016-9580 at SUSECVE-2016-9580 at NVDCVE-2016-9581 at SUSECVE-2016-9581 at NVDCVE-2017-14039 at SUSECVE-2017-14039 at NVDCVE-2017-14040 at SUSECVE-2017-14040 at NVDCVE-2017-14041 at SUSECVE-2017-14041 at NVDCVE-2017-14164 at SUSECVE-2017-14164 at NVDCVE-2017-17479 at SUSECVE-2017-17479 at NVDCVE-2017-17480 at SUSECVE-2017-17480 at NVDcpe:/o:suse:sles:12:sp4libopenssl-1_0_0-devel-1.0.2p-2.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2p-2.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-7250 at SUSECVE-2006-7250 at NVDCVE-2008-5077 at SUSECVE-2008-5077 at NVDCVE-2009-0590 at SUSECVE-2009-0590 at NVDCVE-2009-0591 at SUSECVE-2009-0591 at NVDCVE-2009-0789 at SUSECVE-2009-0789 at NVDCVE-2009-1377 at SUSECVE-2009-1377 at NVDCVE-2009-1378 at SUSECVE-2009-1378 at NVDCVE-2009-1379 at SUSECVE-2009-1379 at NVDCVE-2009-1386 at SUSECVE-2009-1386 at NVDCVE-2009-1387 at SUSECVE-2009-1387 at NVDCVE-2010-0740 at SUSECVE-2010-0740 at NVDCVE-2010-0742 at SUSECVE-2010-0742 at NVDCVE-2010-1633 at SUSECVE-2010-1633 at NVDCVE-2010-2939 at SUSECVE-2010-2939 at NVDCVE-2010-3864 at SUSECVE-2010-3864 at NVDCVE-2010-5298 at SUSECVE-2010-5298 at NVDCVE-2011-0014 at SUSECVE-2011-0014 at NVDCVE-2011-3207 at SUSECVE-2011-3207 at NVDCVE-2011-3210 at SUSECVE-2011-3210 at NVDCVE-2011-4108 at SUSECVE-2011-4108 at NVDCVE-2011-4576 at SUSECVE-2011-4576 at NVDCVE-2011-4577 at SUSECVE-2011-4577 at NVDCVE-2011-4619 at SUSECVE-2011-4619 at NVDCVE-2012-0027 at SUSECVE-2012-0027 at NVDCVE-2012-0050 at SUSECVE-2012-0050 at NVDCVE-2012-0884 at SUSECVE-2012-0884 at NVDCVE-2012-1165 at SUSECVE-2012-1165 at NVDCVE-2012-2110 at SUSECVE-2012-2110 at NVDCVE-2012-2686 at SUSECVE-2012-2686 at NVDCVE-2012-4929 at SUSECVE-2012-4929 at NVDCVE-2013-0166 at SUSECVE-2013-0166 at NVDCVE-2013-0169 at SUSECVE-2013-0169 at NVDCVE-2013-4353 at SUSECVE-2013-4353 at NVDCVE-2013-6449 at SUSECVE-2013-6449 at NVDCVE-2013-6450 at SUSECVE-2013-6450 at NVDCVE-2014-0076 at SUSECVE-2014-0076 at NVDCVE-2014-0160 at SUSECVE-2014-0160 at NVDCVE-2014-0195 at SUSECVE-2014-0195 at NVDCVE-2014-0198 at SUSECVE-2014-0198 at NVDCVE-2014-0221 at SUSECVE-2014-0221 at NVDCVE-2014-0224 at SUSECVE-2014-0224 at NVDCVE-2014-3470 at SUSECVE-2014-3470 at NVDCVE-2014-3505 at SUSECVE-2014-3505 at NVDCVE-2014-3506 at SUSECVE-2014-3506 at NVDCVE-2014-3507 at SUSECVE-2014-3507 at NVDCVE-2014-3508 at SUSECVE-2014-3508 at NVDCVE-2014-3509 at SUSECVE-2014-3509 at NVDCVE-2014-3510 at SUSECVE-2014-3510 at NVDCVE-2014-3511 at SUSECVE-2014-3511 at NVDCVE-2014-3512 at SUSECVE-2014-3512 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-5139 at SUSECVE-2014-5139 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2015-3216 at SUSECVE-2015-3216 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0799 at SUSECVE-2016-0799 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3737 at SUSECVE-2017-3737 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDcpe:/o:suse:sles:12:sp4libopenssl-devel-1.0.2p-1.13 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libopenssl-devel-1.0.2p-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-7250 at SUSECVE-2006-7250 at NVDCVE-2008-5077 at SUSECVE-2008-5077 at NVDCVE-2009-0590 at SUSECVE-2009-0590 at NVDCVE-2009-0591 at SUSECVE-2009-0591 at NVDCVE-2009-0789 at SUSECVE-2009-0789 at NVDCVE-2009-1377 at SUSECVE-2009-1377 at NVDCVE-2009-1378 at SUSECVE-2009-1378 at NVDCVE-2009-1379 at SUSECVE-2009-1379 at NVDCVE-2009-1386 at SUSECVE-2009-1386 at NVDCVE-2009-1387 at SUSECVE-2009-1387 at NVDCVE-2010-0740 at SUSECVE-2010-0740 at NVDCVE-2010-0742 at SUSECVE-2010-0742 at NVDCVE-2010-1633 at SUSECVE-2010-1633 at NVDCVE-2010-2939 at SUSECVE-2010-2939 at NVDCVE-2010-3864 at SUSECVE-2010-3864 at NVDCVE-2010-5298 at SUSECVE-2010-5298 at NVDCVE-2011-0014 at SUSECVE-2011-0014 at NVDCVE-2011-3207 at SUSECVE-2011-3207 at NVDCVE-2011-3210 at SUSECVE-2011-3210 at NVDCVE-2011-4108 at SUSECVE-2011-4108 at NVDCVE-2011-4576 at SUSECVE-2011-4576 at NVDCVE-2011-4577 at SUSECVE-2011-4577 at NVDCVE-2011-4619 at SUSECVE-2011-4619 at NVDCVE-2012-0027 at SUSECVE-2012-0027 at NVDCVE-2012-0050 at SUSECVE-2012-0050 at NVDCVE-2012-0884 at SUSECVE-2012-0884 at NVDCVE-2012-1165 at SUSECVE-2012-1165 at NVDCVE-2012-2110 at SUSECVE-2012-2110 at NVDCVE-2012-2686 at SUSECVE-2012-2686 at NVDCVE-2012-4929 at SUSECVE-2012-4929 at NVDCVE-2013-0166 at SUSECVE-2013-0166 at NVDCVE-2013-0169 at SUSECVE-2013-0169 at NVDCVE-2013-4353 at SUSECVE-2013-4353 at NVDCVE-2013-6449 at SUSECVE-2013-6449 at NVDCVE-2013-6450 at SUSECVE-2013-6450 at NVDCVE-2014-0076 at SUSECVE-2014-0076 at NVDCVE-2014-0160 at SUSECVE-2014-0160 at NVDCVE-2014-0195 at SUSECVE-2014-0195 at NVDCVE-2014-0198 at SUSECVE-2014-0198 at NVDCVE-2014-0221 at SUSECVE-2014-0221 at NVDCVE-2014-0224 at SUSECVE-2014-0224 at NVDCVE-2014-3470 at SUSECVE-2014-3470 at NVDCVE-2014-3505 at SUSECVE-2014-3505 at NVDCVE-2014-3506 at SUSECVE-2014-3506 at NVDCVE-2014-3507 at SUSECVE-2014-3507 at NVDCVE-2014-3508 at SUSECVE-2014-3508 at NVDCVE-2014-3509 at SUSECVE-2014-3509 at NVDCVE-2014-3510 at SUSECVE-2014-3510 at NVDCVE-2014-3511 at SUSECVE-2014-3511 at NVDCVE-2014-3512 at SUSECVE-2014-3512 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-5139 at SUSECVE-2014-5139 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:sles:12:sp4libopenssl1_1-1.1.1-1.9 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libopenssl1_1-1.1.1-1.9 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-7250 at SUSECVE-2006-7250 at NVDCVE-2008-5077 at SUSECVE-2008-5077 at NVDCVE-2009-0590 at SUSECVE-2009-0590 at NVDCVE-2009-0591 at SUSECVE-2009-0591 at NVDCVE-2009-0789 at SUSECVE-2009-0789 at NVDCVE-2009-1377 at SUSECVE-2009-1377 at NVDCVE-2009-1378 at SUSECVE-2009-1378 at NVDCVE-2009-1379 at SUSECVE-2009-1379 at NVDCVE-2009-1386 at SUSECVE-2009-1386 at NVDCVE-2009-1387 at SUSECVE-2009-1387 at NVDCVE-2010-0740 at SUSECVE-2010-0740 at NVDCVE-2010-0742 at SUSECVE-2010-0742 at NVDCVE-2010-1633 at SUSECVE-2010-1633 at NVDCVE-2010-2939 at SUSECVE-2010-2939 at NVDCVE-2010-3864 at SUSECVE-2010-3864 at NVDCVE-2010-5298 at SUSECVE-2010-5298 at NVDCVE-2011-0014 at SUSECVE-2011-0014 at NVDCVE-2011-3207 at SUSECVE-2011-3207 at NVDCVE-2011-3210 at SUSECVE-2011-3210 at NVDCVE-2011-4108 at SUSECVE-2011-4108 at NVDCVE-2011-4576 at SUSECVE-2011-4576 at NVDCVE-2011-4577 at SUSECVE-2011-4577 at NVDCVE-2011-4619 at SUSECVE-2011-4619 at NVDCVE-2012-0027 at SUSECVE-2012-0027 at NVDCVE-2012-0050 at SUSECVE-2012-0050 at NVDCVE-2012-0884 at SUSECVE-2012-0884 at NVDCVE-2012-1165 at SUSECVE-2012-1165 at NVDCVE-2012-2110 at SUSECVE-2012-2110 at NVDCVE-2012-2686 at SUSECVE-2012-2686 at NVDCVE-2012-4929 at SUSECVE-2012-4929 at NVDCVE-2013-0166 at SUSECVE-2013-0166 at NVDCVE-2013-0169 at SUSECVE-2013-0169 at NVDCVE-2013-4353 at SUSECVE-2013-4353 at NVDCVE-2013-6449 at SUSECVE-2013-6449 at NVDCVE-2013-6450 at SUSECVE-2013-6450 at NVDCVE-2014-0076 at SUSECVE-2014-0076 at NVDCVE-2014-0160 at SUSECVE-2014-0160 at NVDCVE-2014-0195 at SUSECVE-2014-0195 at NVDCVE-2014-0198 at SUSECVE-2014-0198 at NVDCVE-2014-0221 at SUSECVE-2014-0221 at NVDCVE-2014-0224 at SUSECVE-2014-0224 at NVDCVE-2014-3470 at SUSECVE-2014-3470 at NVDCVE-2014-3505 at SUSECVE-2014-3505 at NVDCVE-2014-3506 at SUSECVE-2014-3506 at NVDCVE-2014-3507 at SUSECVE-2014-3507 at NVDCVE-2014-3508 at SUSECVE-2014-3508 at NVDCVE-2014-3509 at SUSECVE-2014-3509 at NVDCVE-2014-3510 at SUSECVE-2014-3510 at NVDCVE-2014-3511 at SUSECVE-2014-3511 at NVDCVE-2014-3512 at SUSECVE-2014-3512 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-5139 at SUSECVE-2014-5139 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDcpe:/o:suse:sles:12:sp4libopenvswitch-2_8-0-2.8.4-3.36 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libopenvswitch-2_8-0-2.8.4-3.36 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-3449 at SUSECVE-2012-3449 at NVDcpe:/o:suse:sles:12:sp4libopus0-1.1-3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libopus0-1.1-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:sles:12:sp4libospf0-1.1.1-17.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libospf0-1.1.1-17.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-1674 at SUSECVE-2010-1674 at NVDCVE-2010-1675 at SUSECVE-2010-1675 at NVDCVE-2016-1245 at SUSECVE-2016-1245 at NVDCVE-2016-2342 at SUSECVE-2016-2342 at NVDCVE-2016-4049 at SUSECVE-2016-4049 at NVDCVE-2017-16227 at SUSECVE-2017-16227 at NVDCVE-2017-5495 at SUSECVE-2017-5495 at NVDcpe:/o:suse:sles:12:sp4libotr5-4.0.0-9.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libotr5-4.0.0-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-2851 at SUSECVE-2016-2851 at NVDcpe:/o:suse:sles:12:sp4libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpango-1_0-0-1.40.1-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0020 at SUSECVE-2011-0020 at NVDCVE-2011-0064 at SUSECVE-2011-0064 at NVDcpe:/o:suse:sles:12:sp4libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpcre1-32bit-8.39-8.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2327 at SUSECVE-2015-2327 at NVDCVE-2015-2328 at SUSECVE-2015-2328 at NVDCVE-2015-3210 at SUSECVE-2015-3210 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2015-5073 at SUSECVE-2015-5073 at NVDCVE-2015-8380 at SUSECVE-2015-8380 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDcpe:/o:suse:sles:12:sp4libpcsclite1-1.8.10-7.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpcsclite1-1.8.10-7.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-0407 at SUSECVE-2010-0407 at NVDCVE-2010-4531 at SUSECVE-2010-4531 at NVDCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:sles:12:sp4libplist3-1.12-20.3.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libplist3-1.12-20.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-5209 at SUSECVE-2017-5209 at NVDCVE-2017-5545 at SUSECVE-2017-5545 at NVDCVE-2017-5834 at SUSECVE-2017-5834 at NVDCVE-2017-5835 at SUSECVE-2017-5835 at NVDCVE-2017-5836 at SUSECVE-2017-5836 at NVDCVE-2017-6435 at SUSECVE-2017-6435 at NVDCVE-2017-6436 at SUSECVE-2017-6436 at NVDCVE-2017-6437 at SUSECVE-2017-6437 at NVDCVE-2017-6438 at SUSECVE-2017-6438 at NVDCVE-2017-6439 at SUSECVE-2017-6439 at NVDCVE-2017-6440 at SUSECVE-2017-6440 at NVDCVE-2017-7982 at SUSECVE-2017-7982 at NVDcpe:/o:suse:sles:12:sp4libpng12-0-1.2.50-19.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpng12-0-1.2.50-19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-1205 at SUSECVE-2010-1205 at NVDCVE-2011-2501 at SUSECVE-2011-2501 at NVDCVE-2011-3026 at SUSECVE-2011-3026 at NVDCVE-2011-3045 at SUSECVE-2011-3045 at NVDCVE-2011-3048 at SUSECVE-2011-3048 at NVDCVE-2012-3386 at SUSECVE-2012-3386 at NVDCVE-2013-7353 at SUSECVE-2013-7353 at NVDCVE-2013-7354 at SUSECVE-2013-7354 at NVDCVE-2015-7981 at SUSECVE-2015-7981 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2015-8540 at SUSECVE-2015-8540 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDcpe:/o:suse:sles:12:sp4libpng15-15-1.5.22-9.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpng15-15-1.5.22-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-1205 at SUSECVE-2010-1205 at NVDCVE-2011-2501 at SUSECVE-2011-2501 at NVDCVE-2011-2690 at SUSECVE-2011-2690 at NVDCVE-2011-2691 at SUSECVE-2011-2691 at NVDCVE-2011-2692 at SUSECVE-2011-2692 at NVDCVE-2011-3026 at SUSECVE-2011-3026 at NVDCVE-2011-3048 at SUSECVE-2011-3048 at NVDCVE-2011-3328 at SUSECVE-2011-3328 at NVDCVE-2011-3464 at SUSECVE-2011-3464 at NVDCVE-2012-3386 at SUSECVE-2012-3386 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2015-8540 at SUSECVE-2015-8540 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDcpe:/o:suse:sles:12:sp4libpng16-16-1.6.8-14.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpng16-16-1.6.8-14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-1205 at SUSECVE-2010-1205 at NVDCVE-2011-2501 at SUSECVE-2011-2501 at NVDCVE-2011-2690 at SUSECVE-2011-2690 at NVDCVE-2011-2691 at SUSECVE-2011-2691 at NVDCVE-2011-2692 at SUSECVE-2011-2692 at NVDCVE-2011-3328 at SUSECVE-2011-3328 at NVDCVE-2013-6954 at SUSECVE-2013-6954 at NVDCVE-2014-0333 at SUSECVE-2014-0333 at NVDCVE-2014-9495 at SUSECVE-2014-9495 at NVDCVE-2015-0973 at SUSECVE-2015-0973 at NVDCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDcpe:/o:suse:sles:12:sp4libpolkit0-0.113-5.12.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpolkit0-0.113-5.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-0750 at SUSECVE-2010-0750 at NVDCVE-2011-1485 at SUSECVE-2011-1485 at NVDCVE-2013-4288 at SUSECVE-2013-4288 at NVDCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDcpe:/o:suse:sles:12:sp4libpoppler-glib8-0.43.0-16.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpoppler-glib8-0.43.0-16.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0799 at SUSECVE-2009-0799 at NVDCVE-2009-0800 at SUSECVE-2009-0800 at NVDCVE-2009-1179 at SUSECVE-2009-1179 at NVDCVE-2009-1180 at SUSECVE-2009-1180 at NVDCVE-2009-1181 at SUSECVE-2009-1181 at NVDCVE-2009-1182 at SUSECVE-2009-1182 at NVDCVE-2009-1183 at SUSECVE-2009-1183 at NVDCVE-2009-1187 at SUSECVE-2009-1187 at NVDCVE-2009-1188 at SUSECVE-2009-1188 at NVDCVE-2009-3607 at SUSECVE-2009-3607 at NVDCVE-2009-3608 at SUSECVE-2009-3608 at NVDCVE-2013-1788 at SUSECVE-2013-1788 at NVDCVE-2013-1789 at SUSECVE-2013-1789 at NVDCVE-2013-1790 at SUSECVE-2013-1790 at NVDCVE-2013-4473 at SUSECVE-2013-4473 at NVDCVE-2013-4474 at SUSECVE-2013-4474 at NVDCVE-2017-1000456 at SUSECVE-2017-1000456 at NVDCVE-2017-14517 at SUSECVE-2017-14517 at NVDCVE-2017-14518 at SUSECVE-2017-14518 at NVDCVE-2017-14520 at SUSECVE-2017-14520 at NVDCVE-2017-14617 at SUSECVE-2017-14617 at NVDCVE-2017-14928 at SUSECVE-2017-14928 at NVDCVE-2017-14975 at SUSECVE-2017-14975 at NVDCVE-2017-14976 at SUSECVE-2017-14976 at NVDCVE-2017-14977 at SUSECVE-2017-14977 at NVDCVE-2017-15565 at SUSECVE-2017-15565 at NVDCVE-2017-7511 at SUSECVE-2017-7511 at NVDCVE-2017-7515 at SUSECVE-2017-7515 at NVDCVE-2017-9406 at SUSECVE-2017-9406 at NVDCVE-2017-9408 at SUSECVE-2017-9408 at NVDCVE-2017-9775 at SUSECVE-2017-9775 at NVDCVE-2017-9776 at SUSECVE-2017-9776 at NVDCVE-2017-9865 at SUSECVE-2017-9865 at NVDcpe:/o:suse:sles:12:sp4libprocps3-3.3.9-11.14.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libprocps3-3.3.9-11.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:sles:12:sp4libproxy1-0.4.13-16.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libproxy1-0.4.13-16.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4504 at SUSECVE-2012-4504 at NVDcpe:/o:suse:sles:12:sp4libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpulse-mainloop-glib0-32bit-5.0-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3970 at SUSECVE-2014-3970 at NVDcpe:/o:suse:sles:12:sp4libpython2_7-1_0-2.7.13-28.11.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpython2_7-1_0-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1521 at SUSECVE-2011-1521 at NVDCVE-2011-3389 at SUSECVE-2011-3389 at NVDCVE-2011-4944 at SUSECVE-2011-4944 at NVDCVE-2012-0845 at SUSECVE-2012-0845 at NVDCVE-2012-1150 at SUSECVE-2012-1150 at NVDCVE-2013-1752 at SUSECVE-2013-1752 at NVDCVE-2013-1753 at SUSECVE-2013-1753 at NVDCVE-2013-4238 at SUSECVE-2013-4238 at NVDCVE-2014-1912 at SUSECVE-2014-1912 at NVDCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2014-7185 at SUSECVE-2014-7185 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-1000158 at SUSECVE-2017-1000158 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000030 at SUSECVE-2018-1000030 at NVDcpe:/o:suse:sles:12:sp4libpython3_4m1_0-3.4.6-25.16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libpython3_4m1_0-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3389 at SUSECVE-2011-3389 at NVDCVE-2011-4944 at SUSECVE-2011-4944 at NVDCVE-2012-0845 at SUSECVE-2012-0845 at NVDCVE-2012-1150 at SUSECVE-2012-1150 at NVDCVE-2013-1752 at SUSECVE-2013-1752 at NVDCVE-2013-4238 at SUSECVE-2013-4238 at NVDCVE-2014-2667 at SUSECVE-2014-2667 at NVDCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDcpe:/o:suse:sles:12:sp4libqpdf18-7.1.1-3.3.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libqpdf18-7.1.1-3.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-11624 at SUSECVE-2017-11624 at NVDCVE-2017-11625 at SUSECVE-2017-11625 at NVDCVE-2017-11626 at SUSECVE-2017-11626 at NVDCVE-2017-11627 at SUSECVE-2017-11627 at NVDCVE-2017-12595 at SUSECVE-2017-12595 at NVDCVE-2017-9208 at SUSECVE-2017-9208 at NVDCVE-2017-9209 at SUSECVE-2017-9209 at NVDCVE-2017-9210 at SUSECVE-2017-9210 at NVDcpe:/o:suse:sles:12:sp4libqt4-32bit-4.8.7-8.8.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libqt4-32bit-4.8.7-8.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0945 at SUSECVE-2009-0945 at NVDCVE-2011-3193 at SUSECVE-2011-3193 at NVDCVE-2011-3922 at SUSECVE-2011-3922 at NVDCVE-2012-4929 at SUSECVE-2012-4929 at NVDCVE-2012-6093 at SUSECVE-2012-6093 at NVDCVE-2013-0254 at SUSECVE-2013-0254 at NVDCVE-2013-4549 at SUSECVE-2013-4549 at NVDCVE-2014-0190 at SUSECVE-2014-0190 at NVDCVE-2015-0295 at SUSECVE-2015-0295 at NVDCVE-2015-1858 at SUSECVE-2015-1858 at NVDCVE-2015-1859 at SUSECVE-2015-1859 at NVDCVE-2015-1860 at SUSECVE-2015-1860 at NVDCVE-2016-10040 at SUSECVE-2016-10040 at NVDcpe:/o:suse:sles:12:sp4libquicktime0-1.2.4-14.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libquicktime0-1.2.4-14.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-2399 at SUSECVE-2016-2399 at NVDCVE-2017-9122 at SUSECVE-2017-9122 at NVDCVE-2017-9123 at SUSECVE-2017-9123 at NVDCVE-2017-9124 at SUSECVE-2017-9124 at NVDCVE-2017-9125 at SUSECVE-2017-9125 at NVDCVE-2017-9126 at SUSECVE-2017-9126 at NVDCVE-2017-9127 at SUSECVE-2017-9127 at NVDCVE-2017-9128 at SUSECVE-2017-9128 at NVDcpe:/o:suse:sles:12:sp4libraptor2-0-2.0.10-3.63 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libraptor2-0-2.0.10-3.63 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-0037 at SUSECVE-2012-0037 at NVDcpe:/o:suse:sles:12:sp4librelp0-1.2.12-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the librelp0-1.2.12-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-1000140 at SUSECVE-2018-1000140 at NVDcpe:/o:suse:sles:12:sp4libruby2_1-2_1-2.1.9-18.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libruby2_1-2_1-2.1.9-18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2014-4975 at SUSECVE-2014-4975 at NVDCVE-2014-8080 at SUSECVE-2014-8080 at NVDCVE-2014-8090 at SUSECVE-2014-8090 at NVDCVE-2015-1855 at SUSECVE-2015-1855 at NVDCVE-2015-3900 at SUSECVE-2015-3900 at NVDCVE-2015-7551 at SUSECVE-2015-7551 at NVDCVE-2016-2339 at SUSECVE-2016-2339 at NVDcpe:/o:suse:sles:12:sp4libsaml8-2.5.5-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsaml8-2.5.5-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-16853 at SUSECVE-2017-16853 at NVDcpe:/o:suse:sles:12:sp4libshibsp-lite6-2.5.5-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libshibsp-lite6-2.5.5-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-16852 at SUSECVE-2017-16852 at NVDcpe:/o:suse:sles:12:sp4libsmi-0.4.8-18.55 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsmi-0.4.8-18.55 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2891 at SUSECVE-2010-2891 at NVDcpe:/o:suse:sles:12:sp4libsndfile1-1.0.25-36.16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsndfile1-1.0.25-36.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0186 at SUSECVE-2009-0186 at NVDCVE-2011-2696 at SUSECVE-2011-2696 at NVDCVE-2014-9496 at SUSECVE-2014-9496 at NVDCVE-2014-9756 at SUSECVE-2014-9756 at NVDCVE-2015-7805 at SUSECVE-2015-7805 at NVDCVE-2015-8075 at SUSECVE-2015-8075 at NVDCVE-2017-14245 at SUSECVE-2017-14245 at NVDCVE-2017-14246 at SUSECVE-2017-14246 at NVDCVE-2017-14634 at SUSECVE-2017-14634 at NVDCVE-2017-16942 at SUSECVE-2017-16942 at NVDCVE-2017-17456 at SUSECVE-2017-17456 at NVDCVE-2017-17457 at SUSECVE-2017-17457 at NVDCVE-2017-6892 at SUSECVE-2017-6892 at NVDCVE-2017-7585 at SUSECVE-2017-7585 at NVDCVE-2017-7586 at SUSECVE-2017-7586 at NVDCVE-2017-7741 at SUSECVE-2017-7741 at NVDCVE-2017-7742 at SUSECVE-2017-7742 at NVDCVE-2017-8361 at SUSECVE-2017-8361 at NVDCVE-2017-8362 at SUSECVE-2017-8362 at NVDCVE-2017-8363 at SUSECVE-2017-8363 at NVDCVE-2017-8365 at SUSECVE-2017-8365 at NVDCVE-2018-13139 at SUSECVE-2018-13139 at NVDcpe:/o:suse:sles:12:sp4libsnmp30-32bit-5.7.3-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsnmp30-32bit-5.7.3-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2141 at SUSECVE-2012-2141 at NVDCVE-2014-2284 at SUSECVE-2014-2284 at NVDCVE-2014-2285 at SUSECVE-2014-2285 at NVDCVE-2014-3565 at SUSECVE-2014-3565 at NVDCVE-2015-5621 at SUSECVE-2015-5621 at NVDCVE-2018-18065 at SUSECVE-2018-18065 at NVDcpe:/o:suse:sles:12:sp4libsoup-2_4-1-2.62.2-5.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsoup-2_4-1-2.62.2-5.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2054 at SUSECVE-2011-2054 at NVDCVE-2017-2885 at SUSECVE-2017-2885 at NVDCVE-2018-12910 at SUSECVE-2018-12910 at NVDcpe:/o:suse:sles:12:sp4libspice-client-glib-2_0-8-0.33-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libspice-client-glib-2_0-8-0.33-3.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4425 at SUSECVE-2012-4425 at NVDCVE-2017-12194 at SUSECVE-2017-12194 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDcpe:/o:suse:sles:12:sp4libspice-server1-0.12.8-6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libspice-server1-0.12.8-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2017-7506 at SUSECVE-2017-7506 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDcpe:/o:suse:sles:12:sp4libsqlite3-0-3.8.10.2-8.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsqlite3-0-3.8.10.2-8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-6153 at SUSECVE-2016-6153 at NVDcpe:/o:suse:sles:12:sp4libsrtp1-1.5.2-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsrtp1-1.5.2-3.2.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2139 at SUSECVE-2013-2139 at NVDcpe:/o:suse:sles:12:sp4libssh2-1-1.4.3-19.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libssh2-1-1.4.3-19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDcpe:/o:suse:sles:12:sp4libssh4-0.6.3-12.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libssh4-0.6.3-12.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4559 at SUSECVE-2012-4559 at NVDCVE-2012-4560 at SUSECVE-2012-4560 at NVDCVE-2012-4561 at SUSECVE-2012-4561 at NVDCVE-2013-0176 at SUSECVE-2013-0176 at NVDCVE-2014-0017 at SUSECVE-2014-0017 at NVDCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2016-0739 at SUSECVE-2016-0739 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDcpe:/o:suse:sles:12:sp4libsystemd0-228-150.49.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libsystemd0-228-150.49.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-1174 at SUSECVE-2012-1174 at NVDCVE-2013-4288 at SUSECVE-2013-4288 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2016-7795 at SUSECVE-2016-7795 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9217 at SUSECVE-2017-9217 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-1049 at SUSECVE-2018-1049 at NVDcpe:/o:suse:sles:12:sp4libtag1-1.9.1-1.218 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libtag1-1.9.1-1.218 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2396 at SUSECVE-2012-2396 at NVDcpe:/o:suse:sles:12:sp4libtasn1-4.9-3.5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libtasn1-4.9-3.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3467 at SUSECVE-2014-3467 at NVDCVE-2014-3468 at SUSECVE-2014-3468 at NVDCVE-2014-3469 at SUSECVE-2014-3469 at NVDCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDcpe:/o:suse:sles:12:sp4libtcnative-1-0-1.2.17-1.12 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libtcnative-1-0-1.2.17-1.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2017-15698 at SUSECVE-2017-15698 at NVDCVE-2018-8019 at SUSECVE-2018-8019 at NVDCVE-2018-8020 at SUSECVE-2018-8020 at NVDcpe:/o:suse:sles:12:sp4libthai-data-0.1.25-4.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libthai-data-0.1.25-4.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-4012 at SUSECVE-2009-4012 at NVDcpe:/o:suse:sles:12:sp4libtiff5-32bit-4.0.9-44.24.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libtiff5-32bit-4.0.9-44.24.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2285 at SUSECVE-2009-2285 at NVDCVE-2009-2347 at SUSECVE-2009-2347 at NVDCVE-2010-2065 at SUSECVE-2010-2065 at NVDCVE-2010-2067 at SUSECVE-2010-2067 at NVDCVE-2010-2233 at SUSECVE-2010-2233 at NVDCVE-2010-4665 at SUSECVE-2010-4665 at NVDCVE-2011-0192 at SUSECVE-2011-0192 at NVDCVE-2011-1167 at SUSECVE-2011-1167 at NVDCVE-2012-1173 at SUSECVE-2012-1173 at NVDCVE-2012-2113 at SUSECVE-2012-2113 at NVDCVE-2012-3401 at SUSECVE-2012-3401 at NVDCVE-2012-4564 at SUSECVE-2012-4564 at NVDCVE-2013-1960 at SUSECVE-2013-1960 at NVDCVE-2013-1961 at SUSECVE-2013-1961 at NVDCVE-2013-4231 at SUSECVE-2013-4231 at NVDCVE-2013-4232 at SUSECVE-2013-4232 at NVDCVE-2013-4243 at SUSECVE-2013-4243 at NVDCVE-2013-4244 at SUSECVE-2013-4244 at NVDCVE-2014-8127 at SUSECVE-2014-8127 at NVDCVE-2014-8128 at SUSECVE-2014-8128 at NVDCVE-2014-8129 at SUSECVE-2014-8129 at NVDCVE-2014-8130 at SUSECVE-2014-8130 at NVDCVE-2014-9655 at SUSECVE-2014-9655 at NVDCVE-2015-1547 at SUSECVE-2015-1547 at NVDCVE-2015-7554 at SUSECVE-2015-7554 at NVDCVE-2015-8665 at SUSECVE-2015-8665 at NVDCVE-2015-8683 at SUSECVE-2015-8683 at NVDCVE-2015-8781 at SUSECVE-2015-8781 at NVDCVE-2015-8782 at SUSECVE-2015-8782 at NVDCVE-2015-8783 at SUSECVE-2015-8783 at NVDCVE-2016-10095 at SUSECVE-2016-10095 at NVDCVE-2016-10266 at SUSECVE-2016-10266 at NVDCVE-2016-10267 at SUSECVE-2016-10267 at NVDCVE-2016-10268 at SUSECVE-2016-10268 at NVDCVE-2016-10269 at SUSECVE-2016-10269 at NVDCVE-2016-10270 at SUSECVE-2016-10270 at NVDCVE-2016-10271 at SUSECVE-2016-10271 at NVDCVE-2016-10272 at SUSECVE-2016-10272 at NVDCVE-2016-10371 at SUSECVE-2016-10371 at NVDCVE-2016-3186 at SUSECVE-2016-3186 at NVDCVE-2016-3622 at SUSECVE-2016-3622 at NVDCVE-2016-3623 at SUSECVE-2016-3623 at NVDCVE-2016-3632 at SUSECVE-2016-3632 at NVDCVE-2016-3658 at SUSECVE-2016-3658 at NVDCVE-2016-3945 at SUSECVE-2016-3945 at NVDCVE-2016-3990 at SUSECVE-2016-3990 at NVDCVE-2016-3991 at SUSECVE-2016-3991 at NVDCVE-2016-5314 at SUSECVE-2016-5314 at NVDCVE-2016-5316 at SUSECVE-2016-5316 at NVDCVE-2016-5317 at SUSECVE-2016-5317 at NVDCVE-2016-5318 at SUSECVE-2016-5318 at NVDCVE-2016-5319 at SUSECVE-2016-5319 at NVDCVE-2016-5320 at SUSECVE-2016-5320 at NVDCVE-2016-5321 at SUSECVE-2016-5321 at NVDCVE-2016-5323 at SUSECVE-2016-5323 at NVDCVE-2016-5652 at SUSECVE-2016-5652 at NVDCVE-2016-5875 at SUSECVE-2016-5875 at NVDCVE-2016-8331 at SUSECVE-2016-8331 at NVDCVE-2016-9273 at SUSECVE-2016-9273 at NVDCVE-2016-9297 at SUSECVE-2016-9297 at NVDCVE-2016-9448 at SUSECVE-2016-9448 at NVDCVE-2016-9453 at SUSECVE-2016-9453 at NVDCVE-2016-9538 at SUSECVE-2016-9538 at NVDCVE-2017-11613 at SUSECVE-2017-11613 at NVDCVE-2017-16232 at SUSECVE-2017-16232 at NVDCVE-2017-17942 at SUSECVE-2017-17942 at NVDCVE-2017-17973 at SUSECVE-2017-17973 at NVDCVE-2017-18013 at SUSECVE-2017-18013 at NVDCVE-2017-5225 at SUSECVE-2017-5225 at NVDCVE-2017-7592 at SUSECVE-2017-7592 at NVDCVE-2017-7593 at SUSECVE-2017-7593 at NVDCVE-2017-7594 at SUSECVE-2017-7594 at NVDCVE-2017-7595 at SUSECVE-2017-7595 at NVDCVE-2017-7596 at SUSECVE-2017-7596 at NVDCVE-2017-7597 at SUSECVE-2017-7597 at NVDCVE-2017-7598 at SUSECVE-2017-7598 at NVDCVE-2017-7599 at SUSECVE-2017-7599 at NVDCVE-2017-7600 at SUSECVE-2017-7600 at NVDCVE-2017-7601 at SUSECVE-2017-7601 at NVDCVE-2017-7602 at SUSECVE-2017-7602 at NVDCVE-2017-9403 at SUSECVE-2017-9403 at NVDCVE-2017-9404 at SUSECVE-2017-9404 at NVDCVE-2017-9935 at SUSECVE-2017-9935 at NVDCVE-2017-9936 at SUSECVE-2017-9936 at NVDCVE-2018-10779 at SUSECVE-2018-10779 at NVDCVE-2018-10963 at SUSECVE-2018-10963 at NVDCVE-2018-16335 at SUSECVE-2018-16335 at NVDCVE-2018-17100 at SUSECVE-2018-17100 at NVDCVE-2018-17101 at SUSECVE-2018-17101 at NVDCVE-2018-17795 at SUSECVE-2018-17795 at NVDCVE-2018-5784 at SUSECVE-2018-5784 at NVDCVE-2018-7456 at SUSECVE-2018-7456 at NVDCVE-2018-8905 at SUSECVE-2018-8905 at NVDcpe:/o:suse:sles:12:sp4libtirpc-netconfig-1.0.1-17.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libtirpc-netconfig-1.0.1-17.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:sles:12:sp4libudisks2-0-2.1.3-1.13 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libudisks2-0-2.1.3-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-0004 at SUSECVE-2014-0004 at NVDcpe:/o:suse:sles:12:sp4libupsclient1-2.7.1-1.30 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libupsclient1-2.7.1-1.30 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2944 at SUSECVE-2012-2944 at NVDcpe:/o:suse:sles:12:sp4libusbmuxd4-1.0.10-2.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libusbmuxd4-1.0.10-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-5104 at SUSECVE-2016-5104 at NVDcpe:/o:suse:sles:12:sp4libvdpau1-1.1.1-6.73 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvdpau1-1.1.1-6.73 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-5198 at SUSECVE-2015-5198 at NVDCVE-2015-5199 at SUSECVE-2015-5199 at NVDCVE-2015-5200 at SUSECVE-2015-5200 at NVDcpe:/o:suse:sles:12:sp4libvirglrenderer0-0.5.0-11.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvirglrenderer0-0.5.0-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-10163 at SUSECVE-2016-10163 at NVDCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5580 at SUSECVE-2017-5580 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5956 at SUSECVE-2017-5956 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6209 at SUSECVE-2017-6209 at NVDCVE-2017-6210 at SUSECVE-2017-6210 at NVDCVE-2017-6317 at SUSECVE-2017-6317 at NVDCVE-2017-6355 at SUSECVE-2017-6355 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDcpe:/o:suse:sles:12:sp4libvirt-4.0.0-6.13 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvirt-4.0.0-6.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2242 at SUSECVE-2010-2242 at NVDCVE-2011-1146 at SUSECVE-2011-1146 at NVDCVE-2011-2511 at SUSECVE-2011-2511 at NVDCVE-2011-4600 at SUSECVE-2011-4600 at NVDCVE-2012-3445 at SUSECVE-2012-3445 at NVDCVE-2013-0170 at SUSECVE-2013-0170 at NVDCVE-2013-1962 at SUSECVE-2013-1962 at NVDCVE-2013-2218 at SUSECVE-2013-2218 at NVDCVE-2013-2230 at SUSECVE-2013-2230 at NVDCVE-2013-4153 at SUSECVE-2013-4153 at NVDCVE-2013-4154 at SUSECVE-2013-4154 at NVDCVE-2013-4239 at SUSECVE-2013-4239 at NVDCVE-2013-4296 at SUSECVE-2013-4296 at NVDCVE-2013-4297 at SUSECVE-2013-4297 at NVDCVE-2013-4311 at SUSECVE-2013-4311 at NVDCVE-2013-4399 at SUSECVE-2013-4399 at NVDCVE-2013-4400 at SUSECVE-2013-4400 at NVDCVE-2013-4401 at SUSECVE-2013-4401 at NVDCVE-2013-6436 at SUSECVE-2013-6436 at NVDCVE-2013-6456 at SUSECVE-2013-6456 at NVDCVE-2013-6457 at SUSECVE-2013-6457 at NVDCVE-2013-6458 at SUSECVE-2013-6458 at NVDCVE-2014-0028 at SUSECVE-2014-0028 at NVDCVE-2014-0179 at SUSECVE-2014-0179 at NVDCVE-2014-1447 at SUSECVE-2014-1447 at NVDCVE-2014-3633 at SUSECVE-2014-3633 at NVDCVE-2014-3657 at SUSECVE-2014-3657 at NVDCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDcpe:/o:suse:sles:12:sp4libvmtools0-10.3.0-2.6 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvmtools0-10.3.0-2.6 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDcpe:/o:suse:sles:12:sp4libvncclient0-0.9.9-17.5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvncclient0-0.9.9-17.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-6051 at SUSECVE-2014-6051 at NVDCVE-2014-6052 at SUSECVE-2014-6052 at NVDCVE-2014-6053 at SUSECVE-2014-6053 at NVDCVE-2014-6054 at SUSECVE-2014-6054 at NVDCVE-2014-6055 at SUSECVE-2014-6055 at NVDCVE-2016-9941 at SUSECVE-2016-9941 at NVDCVE-2016-9942 at SUSECVE-2016-9942 at NVDCVE-2018-7225 at SUSECVE-2018-7225 at NVDcpe:/o:suse:sles:12:sp4libvorbis-doc-1.3.3-10.14.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvorbis-doc-1.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-1420 at SUSECVE-2008-1420 at NVDCVE-2009-3379 at SUSECVE-2009-3379 at NVDCVE-2012-0444 at SUSECVE-2012-0444 at NVDCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:sles:12:sp4libvpx1-1.3.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvpx1-1.3.0-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-13194 at SUSECVE-2017-13194 at NVDcpe:/o:suse:sles:12:sp4libvte9-0.28.2-19.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libvte9-0.28.2-19.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2738 at SUSECVE-2012-2738 at NVDcpe:/o:suse:sles:12:sp4libwavpack1-4.60.99-5.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libwavpack1-4.60.99-5.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-10169 at SUSECVE-2016-10169 at NVDCVE-2016-10170 at SUSECVE-2016-10170 at NVDCVE-2016-10171 at SUSECVE-2016-10171 at NVDCVE-2016-10172 at SUSECVE-2016-10172 at NVDcpe:/o:suse:sles:12:sp4libwireshark9-2.4.9-48.29.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libwireshark9-2.4.9-48.29.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1210 at SUSECVE-2009-1210 at NVDCVE-2009-1267 at SUSECVE-2009-1267 at NVDCVE-2009-1268 at SUSECVE-2009-1268 at NVDCVE-2009-1269 at SUSECVE-2009-1269 at NVDCVE-2009-3241 at SUSECVE-2009-3241 at NVDCVE-2009-3242 at SUSECVE-2009-3242 at NVDCVE-2009-3243 at SUSECVE-2009-3243 at NVDCVE-2010-1455 at SUSECVE-2010-1455 at NVDCVE-2010-2993 at SUSECVE-2010-2993 at NVDCVE-2010-3445 at SUSECVE-2010-3445 at NVDCVE-2010-4300 at SUSECVE-2010-4300 at NVDCVE-2010-4301 at SUSECVE-2010-4301 at NVDCVE-2010-4538 at SUSECVE-2010-4538 at NVDCVE-2011-0024 at SUSECVE-2011-0024 at NVDCVE-2011-0538 at SUSECVE-2011-0538 at NVDCVE-2011-0713 at SUSECVE-2011-0713 at NVDCVE-2011-1138 at SUSECVE-2011-1138 at NVDCVE-2011-1139 at SUSECVE-2011-1139 at NVDCVE-2011-1140 at SUSECVE-2011-1140 at NVDCVE-2011-1143 at SUSECVE-2011-1143 at NVDCVE-2011-1590 at SUSECVE-2011-1590 at NVDCVE-2011-1591 at SUSECVE-2011-1591 at NVDCVE-2011-1592 at SUSECVE-2011-1592 at NVDCVE-2011-1957 at SUSECVE-2011-1957 at NVDCVE-2011-1958 at SUSECVE-2011-1958 at NVDCVE-2011-1959 at SUSECVE-2011-1959 at NVDCVE-2011-2174 at SUSECVE-2011-2174 at NVDCVE-2011-2175 at SUSECVE-2011-2175 at NVDCVE-2011-2597 at SUSECVE-2011-2597 at NVDCVE-2011-2698 at SUSECVE-2011-2698 at NVDCVE-2011-3266 at SUSECVE-2011-3266 at NVDCVE-2011-3360 at SUSECVE-2011-3360 at NVDCVE-2011-3483 at SUSECVE-2011-3483 at NVDCVE-2012-2392 at SUSECVE-2012-2392 at NVDCVE-2012-2393 at SUSECVE-2012-2393 at NVDCVE-2012-2394 at SUSECVE-2012-2394 at NVDCVE-2012-3548 at SUSECVE-2012-3548 at NVDCVE-2012-4048 at SUSECVE-2012-4048 at NVDCVE-2012-4049 at SUSECVE-2012-4049 at NVDCVE-2012-4285 at SUSECVE-2012-4285 at NVDCVE-2012-4286 at SUSECVE-2012-4286 at NVDCVE-2012-4287 at SUSECVE-2012-4287 at NVDCVE-2012-4288 at SUSECVE-2012-4288 at NVDCVE-2012-4289 at SUSECVE-2012-4289 at NVDCVE-2012-4290 at SUSECVE-2012-4290 at NVDCVE-2012-4291 at SUSECVE-2012-4291 at NVDCVE-2012-4292 at SUSECVE-2012-4292 at NVDCVE-2012-4293 at SUSECVE-2012-4293 at NVDCVE-2012-4294 at SUSECVE-2012-4294 at NVDCVE-2012-4295 at SUSECVE-2012-4295 at NVDCVE-2012-4296 at SUSECVE-2012-4296 at NVDCVE-2012-4297 at SUSECVE-2012-4297 at NVDCVE-2012-4298 at SUSECVE-2012-4298 at NVDCVE-2012-5237 at SUSECVE-2012-5237 at NVDCVE-2012-5238 at SUSECVE-2012-5238 at NVDCVE-2012-5239 at SUSECVE-2012-5239 at NVDCVE-2012-5240 at SUSECVE-2012-5240 at NVDCVE-2012-5592 at SUSECVE-2012-5592 at NVDCVE-2012-5593 at SUSECVE-2012-5593 at NVDCVE-2012-5594 at SUSECVE-2012-5594 at NVDCVE-2012-5595 at SUSECVE-2012-5595 at NVDCVE-2012-5596 at SUSECVE-2012-5596 at NVDCVE-2012-5597 at SUSECVE-2012-5597 at NVDCVE-2012-5598 at SUSECVE-2012-5598 at NVDCVE-2012-5599 at SUSECVE-2012-5599 at NVDCVE-2012-5600 at SUSECVE-2012-5600 at NVDCVE-2012-5601 at SUSECVE-2012-5601 at NVDCVE-2012-5602 at SUSECVE-2012-5602 at NVDCVE-2013-1572 at SUSECVE-2013-1572 at NVDCVE-2013-1573 at SUSECVE-2013-1573 at NVDCVE-2013-1574 at SUSECVE-2013-1574 at NVDCVE-2013-1575 at SUSECVE-2013-1575 at NVDCVE-2013-1576 at SUSECVE-2013-1576 at NVDCVE-2013-1577 at SUSECVE-2013-1577 at NVDCVE-2013-1578 at SUSECVE-2013-1578 at NVDCVE-2013-1579 at SUSECVE-2013-1579 at NVDCVE-2013-1580 at SUSECVE-2013-1580 at NVDCVE-2013-1581 at SUSECVE-2013-1581 at NVDCVE-2013-1582 at SUSECVE-2013-1582 at NVDCVE-2013-1583 at SUSECVE-2013-1583 at NVDCVE-2013-1584 at SUSECVE-2013-1584 at NVDCVE-2013-1585 at SUSECVE-2013-1585 at NVDCVE-2013-1586 at SUSECVE-2013-1586 at NVDCVE-2013-1587 at SUSECVE-2013-1587 at NVDCVE-2013-1588 at SUSECVE-2013-1588 at NVDCVE-2013-1589 at SUSECVE-2013-1589 at NVDCVE-2013-1590 at SUSECVE-2013-1590 at NVDCVE-2013-2475 at SUSECVE-2013-2475 at NVDCVE-2013-2476 at SUSECVE-2013-2476 at NVDCVE-2013-2477 at SUSECVE-2013-2477 at NVDCVE-2013-2478 at SUSECVE-2013-2478 at NVDCVE-2013-2479 at SUSECVE-2013-2479 at NVDCVE-2013-2480 at SUSECVE-2013-2480 at NVDCVE-2013-2481 at SUSECVE-2013-2481 at NVDCVE-2013-2482 at SUSECVE-2013-2482 at NVDCVE-2013-2483 at SUSECVE-2013-2483 at NVDCVE-2013-2484 at SUSECVE-2013-2484 at NVDCVE-2013-2485 at SUSECVE-2013-2485 at NVDCVE-2013-2486 at SUSECVE-2013-2486 at NVDCVE-2013-2487 at SUSECVE-2013-2487 at NVDCVE-2013-2488 at SUSECVE-2013-2488 at NVDCVE-2013-3555 at SUSECVE-2013-3555 at NVDCVE-2013-3556 at SUSECVE-2013-3556 at NVDCVE-2013-3557 at SUSECVE-2013-3557 at NVDCVE-2013-3558 at SUSECVE-2013-3558 at NVDCVE-2013-3559 at SUSECVE-2013-3559 at NVDCVE-2013-3560 at SUSECVE-2013-3560 at NVDCVE-2013-3561 at SUSECVE-2013-3561 at NVDCVE-2013-3562 at SUSECVE-2013-3562 at NVDCVE-2013-4083 at SUSECVE-2013-4083 at NVDCVE-2013-4920 at SUSECVE-2013-4920 at NVDCVE-2013-4921 at SUSECVE-2013-4921 at NVDCVE-2013-4922 at SUSECVE-2013-4922 at NVDCVE-2013-4923 at SUSECVE-2013-4923 at NVDCVE-2013-4924 at SUSECVE-2013-4924 at NVDCVE-2013-4925 at SUSECVE-2013-4925 at NVDCVE-2013-4926 at SUSECVE-2013-4926 at NVDCVE-2013-4927 at SUSECVE-2013-4927 at NVDCVE-2013-4928 at SUSECVE-2013-4928 at NVDCVE-2013-4929 at SUSECVE-2013-4929 at NVDCVE-2013-4930 at SUSECVE-2013-4930 at NVDCVE-2013-4931 at SUSECVE-2013-4931 at NVDCVE-2013-4932 at SUSECVE-2013-4932 at NVDCVE-2013-4933 at SUSECVE-2013-4933 at NVDCVE-2013-4934 at SUSECVE-2013-4934 at NVDCVE-2013-4935 at SUSECVE-2013-4935 at NVDCVE-2013-4936 at SUSECVE-2013-4936 at NVDCVE-2013-5717 at SUSECVE-2013-5717 at NVDCVE-2013-5718 at SUSECVE-2013-5718 at NVDCVE-2013-5719 at SUSECVE-2013-5719 at NVDCVE-2013-5720 at SUSECVE-2013-5720 at NVDCVE-2013-5721 at SUSECVE-2013-5721 at NVDCVE-2013-5722 at SUSECVE-2013-5722 at NVDCVE-2013-6336 at SUSECVE-2013-6336 at NVDCVE-2013-6337 at SUSECVE-2013-6337 at NVDCVE-2013-6338 at SUSECVE-2013-6338 at NVDCVE-2013-6339 at SUSECVE-2013-6339 at NVDCVE-2013-6340 at SUSECVE-2013-6340 at NVDCVE-2013-7112 at SUSECVE-2013-7112 at NVDCVE-2013-7113 at SUSECVE-2013-7113 at NVDCVE-2013-7114 at SUSECVE-2013-7114 at NVDCVE-2014-2281 at SUSECVE-2014-2281 at NVDCVE-2014-2282 at SUSECVE-2014-2282 at NVDCVE-2014-2283 at SUSECVE-2014-2283 at NVDCVE-2014-2299 at SUSECVE-2014-2299 at NVDCVE-2014-2907 at SUSECVE-2014-2907 at NVDCVE-2014-4020 at SUSECVE-2014-4020 at NVDCVE-2014-5161 at SUSECVE-2014-5161 at NVDCVE-2014-5162 at SUSECVE-2014-5162 at NVDCVE-2014-5163 at SUSECVE-2014-5163 at NVDCVE-2014-5164 at SUSECVE-2014-5164 at NVDCVE-2014-5165 at SUSECVE-2014-5165 at NVDCVE-2015-0559 at SUSECVE-2015-0559 at NVDCVE-2015-0560 at SUSECVE-2015-0560 at NVDCVE-2015-0561 at SUSECVE-2015-0561 at NVDCVE-2015-0562 at SUSECVE-2015-0562 at NVDCVE-2015-0563 at SUSECVE-2015-0563 at NVDCVE-2015-0564 at SUSECVE-2015-0564 at NVDCVE-2015-2188 at SUSECVE-2015-2188 at NVDCVE-2015-2189 at SUSECVE-2015-2189 at NVDCVE-2015-2191 at SUSECVE-2015-2191 at NVDCVE-2015-3811 at SUSECVE-2015-3811 at NVDCVE-2015-3812 at SUSECVE-2015-3812 at NVDCVE-2015-3813 at SUSECVE-2015-3813 at NVDCVE-2015-3814 at SUSECVE-2015-3814 at NVDCVE-2015-7830 at SUSECVE-2015-7830 at NVDCVE-2015-8711 at SUSECVE-2015-8711 at NVDCVE-2015-8712 at SUSECVE-2015-8712 at NVDCVE-2015-8713 at SUSECVE-2015-8713 at NVDCVE-2015-8714 at SUSECVE-2015-8714 at NVDCVE-2015-8715 at SUSECVE-2015-8715 at NVDCVE-2015-8716 at SUSECVE-2015-8716 at NVDCVE-2015-8717 at SUSECVE-2015-8717 at NVDCVE-2015-8718 at SUSECVE-2015-8718 at NVDCVE-2015-8719 at SUSECVE-2015-8719 at NVDCVE-2015-8720 at SUSECVE-2015-8720 at NVDCVE-2015-8721 at SUSECVE-2015-8721 at NVDCVE-2015-8722 at SUSECVE-2015-8722 at NVDCVE-2015-8723 at SUSECVE-2015-8723 at NVDCVE-2015-8724 at SUSECVE-2015-8724 at NVDCVE-2015-8725 at SUSECVE-2015-8725 at NVDCVE-2015-8726 at SUSECVE-2015-8726 at NVDCVE-2015-8727 at SUSECVE-2015-8727 at NVDCVE-2015-8728 at SUSECVE-2015-8728 at NVDCVE-2015-8729 at SUSECVE-2015-8729 at NVDCVE-2015-8730 at SUSECVE-2015-8730 at NVDCVE-2015-8731 at SUSECVE-2015-8731 at NVDCVE-2015-8732 at SUSECVE-2015-8732 at NVDCVE-2015-8733 at SUSECVE-2015-8733 at NVDCVE-2016-2523 at SUSECVE-2016-2523 at NVDCVE-2016-2530 at SUSECVE-2016-2530 at NVDCVE-2016-2531 at SUSECVE-2016-2531 at NVDCVE-2016-2532 at SUSECVE-2016-2532 at NVDCVE-2016-5350 at SUSECVE-2016-5350 at NVDCVE-2016-5351 at SUSECVE-2016-5351 at NVDCVE-2016-5352 at SUSECVE-2016-5352 at NVDCVE-2016-5353 at SUSECVE-2016-5353 at NVDCVE-2016-5354 at SUSECVE-2016-5354 at NVDCVE-2016-5355 at SUSECVE-2016-5355 at NVDCVE-2016-5356 at SUSECVE-2016-5356 at NVDCVE-2016-5357 at SUSECVE-2016-5357 at NVDCVE-2016-5358 at SUSECVE-2016-5358 at NVDCVE-2016-5359 at SUSECVE-2016-5359 at NVDCVE-2016-6354 at SUSECVE-2016-6354 at NVDCVE-2016-6504 at SUSECVE-2016-6504 at NVDCVE-2016-6505 at SUSECVE-2016-6505 at NVDCVE-2016-6506 at SUSECVE-2016-6506 at NVDCVE-2016-6507 at SUSECVE-2016-6507 at NVDCVE-2016-6508 at SUSECVE-2016-6508 at NVDCVE-2016-6509 at SUSECVE-2016-6509 at NVDCVE-2016-6510 at SUSECVE-2016-6510 at NVDCVE-2016-6511 at SUSECVE-2016-6511 at NVDCVE-2016-7175 at SUSECVE-2016-7175 at NVDCVE-2016-7176 at SUSECVE-2016-7176 at NVDCVE-2016-7177 at SUSECVE-2016-7177 at NVDCVE-2016-7178 at SUSECVE-2016-7178 at NVDCVE-2016-7179 at SUSECVE-2016-7179 at NVDCVE-2016-7180 at SUSECVE-2016-7180 at NVDCVE-2016-9373 at SUSECVE-2016-9373 at NVDCVE-2016-9374 at SUSECVE-2016-9374 at NVDCVE-2016-9375 at SUSECVE-2016-9375 at NVDCVE-2016-9376 at SUSECVE-2016-9376 at NVDCVE-2017-11406 at SUSECVE-2017-11406 at NVDCVE-2017-11407 at SUSECVE-2017-11407 at NVDCVE-2017-11408 at SUSECVE-2017-11408 at NVDCVE-2017-11410 at SUSECVE-2017-11410 at NVDCVE-2017-11411 at SUSECVE-2017-11411 at NVDCVE-2017-13765 at SUSECVE-2017-13765 at NVDCVE-2017-13766 at SUSECVE-2017-13766 at NVDCVE-2017-13767 at SUSECVE-2017-13767 at NVDCVE-2017-15191 at SUSECVE-2017-15191 at NVDCVE-2017-15192 at SUSECVE-2017-15192 at NVDCVE-2017-15193 at SUSECVE-2017-15193 at NVDCVE-2017-17083 at SUSECVE-2017-17083 at NVDCVE-2017-17084 at SUSECVE-2017-17084 at NVDCVE-2017-17085 at SUSECVE-2017-17085 at NVDCVE-2017-17935 at SUSECVE-2017-17935 at NVDCVE-2017-17997 at SUSECVE-2017-17997 at NVDCVE-2017-5596 at SUSECVE-2017-5596 at NVDCVE-2017-5597 at SUSECVE-2017-5597 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-6014 at SUSECVE-2017-6014 at NVDCVE-2017-7700 at SUSECVE-2017-7700 at NVDCVE-2017-7701 at SUSECVE-2017-7701 at NVDCVE-2017-7702 at SUSECVE-2017-7702 at NVDCVE-2017-7703 at SUSECVE-2017-7703 at NVDCVE-2017-7704 at SUSECVE-2017-7704 at NVDCVE-2017-7705 at SUSECVE-2017-7705 at NVDCVE-2017-7745 at SUSECVE-2017-7745 at NVDCVE-2017-7746 at SUSECVE-2017-7746 at NVDCVE-2017-7747 at SUSECVE-2017-7747 at NVDCVE-2017-7748 at SUSECVE-2017-7748 at NVDCVE-2017-9343 at SUSECVE-2017-9343 at NVDCVE-2017-9344 at SUSECVE-2017-9344 at NVDCVE-2017-9345 at SUSECVE-2017-9345 at NVDCVE-2017-9346 at SUSECVE-2017-9346 at NVDCVE-2017-9347 at SUSECVE-2017-9347 at NVDCVE-2017-9348 at SUSECVE-2017-9348 at NVDCVE-2017-9349 at SUSECVE-2017-9349 at NVDCVE-2017-9350 at SUSECVE-2017-9350 at NVDCVE-2017-9351 at SUSECVE-2017-9351 at NVDCVE-2017-9352 at SUSECVE-2017-9352 at NVDCVE-2017-9353 at SUSECVE-2017-9353 at NVDCVE-2017-9354 at SUSECVE-2017-9354 at NVDCVE-2017-9617 at SUSECVE-2017-9617 at NVDCVE-2017-9766 at SUSECVE-2017-9766 at NVDCVE-2018-11354 at SUSECVE-2018-11354 at NVDCVE-2018-11355 at SUSECVE-2018-11355 at NVDCVE-2018-11356 at SUSECVE-2018-11356 at NVDCVE-2018-11357 at SUSECVE-2018-11357 at NVDCVE-2018-11358 at SUSECVE-2018-11358 at NVDCVE-2018-11359 at SUSECVE-2018-11359 at NVDCVE-2018-11360 at SUSECVE-2018-11360 at NVDCVE-2018-11361 at SUSECVE-2018-11361 at NVDCVE-2018-11362 at SUSECVE-2018-11362 at NVDCVE-2018-14339 at SUSECVE-2018-14339 at NVDCVE-2018-14340 at SUSECVE-2018-14340 at NVDCVE-2018-14341 at SUSECVE-2018-14341 at NVDCVE-2018-14342 at SUSECVE-2018-14342 at NVDCVE-2018-14343 at SUSECVE-2018-14343 at NVDCVE-2018-14344 at SUSECVE-2018-14344 at NVDCVE-2018-14367 at SUSECVE-2018-14367 at NVDCVE-2018-14368 at SUSECVE-2018-14368 at NVDCVE-2018-14369 at SUSECVE-2018-14369 at NVDCVE-2018-14370 at SUSECVE-2018-14370 at NVDCVE-2018-16056 at SUSECVE-2018-16056 at NVDCVE-2018-16057 at SUSECVE-2018-16057 at NVDCVE-2018-16058 at SUSECVE-2018-16058 at NVDCVE-2018-5334 at SUSECVE-2018-5334 at NVDCVE-2018-5335 at SUSECVE-2018-5335 at NVDCVE-2018-5336 at SUSECVE-2018-5336 at NVDCVE-2018-7320 at SUSECVE-2018-7320 at NVDCVE-2018-7321 at SUSECVE-2018-7321 at NVDCVE-2018-7322 at SUSECVE-2018-7322 at NVDCVE-2018-7323 at SUSECVE-2018-7323 at NVDCVE-2018-7324 at SUSECVE-2018-7324 at NVDCVE-2018-7325 at SUSECVE-2018-7325 at NVDCVE-2018-7326 at SUSECVE-2018-7326 at NVDCVE-2018-7327 at SUSECVE-2018-7327 at NVDCVE-2018-7328 at SUSECVE-2018-7328 at NVDCVE-2018-7329 at SUSECVE-2018-7329 at NVDCVE-2018-7330 at SUSECVE-2018-7330 at NVDCVE-2018-7331 at SUSECVE-2018-7331 at NVDCVE-2018-7332 at SUSECVE-2018-7332 at NVDCVE-2018-7333 at SUSECVE-2018-7333 at NVDCVE-2018-7334 at SUSECVE-2018-7334 at NVDCVE-2018-7335 at SUSECVE-2018-7335 at NVDCVE-2018-7336 at SUSECVE-2018-7336 at NVDCVE-2018-7337 at SUSECVE-2018-7337 at NVDCVE-2018-7417 at SUSECVE-2018-7417 at NVDCVE-2018-7418 at SUSECVE-2018-7418 at NVDCVE-2018-7419 at SUSECVE-2018-7419 at NVDCVE-2018-7420 at SUSECVE-2018-7420 at NVDCVE-2018-7421 at SUSECVE-2018-7421 at NVDCVE-2018-9256 at SUSECVE-2018-9256 at NVDCVE-2018-9259 at SUSECVE-2018-9259 at NVDCVE-2018-9260 at SUSECVE-2018-9260 at NVDCVE-2018-9261 at SUSECVE-2018-9261 at NVDCVE-2018-9262 at SUSECVE-2018-9262 at NVDCVE-2018-9263 at SUSECVE-2018-9263 at NVDCVE-2018-9264 at SUSECVE-2018-9264 at NVDCVE-2018-9265 at SUSECVE-2018-9265 at NVDCVE-2018-9266 at SUSECVE-2018-9266 at NVDCVE-2018-9267 at SUSECVE-2018-9267 at NVDCVE-2018-9268 at SUSECVE-2018-9268 at NVDCVE-2018-9269 at SUSECVE-2018-9269 at NVDCVE-2018-9270 at SUSECVE-2018-9270 at NVDCVE-2018-9271 at SUSECVE-2018-9271 at NVDCVE-2018-9272 at SUSECVE-2018-9272 at NVDCVE-2018-9273 at SUSECVE-2018-9273 at NVDCVE-2018-9274 at SUSECVE-2018-9274 at NVDcpe:/o:suse:sles:12:sp4libxcb-dri2-0-1.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libxcb-dri2-0-1.10-4.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2064 at SUSECVE-2013-2064 at NVDcpe:/o:suse:sles:12:sp4libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libxerces-c-3_1-3.1.1-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1885 at SUSECVE-2009-1885 at NVDCVE-2015-0252 at SUSECVE-2015-0252 at NVDCVE-2016-0729 at SUSECVE-2016-0729 at NVDCVE-2016-2099 at SUSECVE-2016-2099 at NVDCVE-2016-4463 at SUSECVE-2016-4463 at NVDcpe:/o:suse:sles:12:sp4libxml2-2-2.9.4-46.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libxml2-2-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-4225 at SUSECVE-2008-4225 at NVDCVE-2008-4226 at SUSECVE-2008-4226 at NVDCVE-2008-4409 at SUSECVE-2008-4409 at NVDCVE-2010-4494 at SUSECVE-2010-4494 at NVDCVE-2011-1944 at SUSECVE-2011-1944 at NVDCVE-2012-5134 at SUSECVE-2012-5134 at NVDCVE-2013-0338 at SUSECVE-2013-0338 at NVDCVE-2013-1969 at SUSECVE-2013-1969 at NVDCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8241 at SUSECVE-2015-8241 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2015-8317 at SUSECVE-2015-8317 at NVDCVE-2015-8710 at SUSECVE-2015-8710 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2016-5131 at SUSECVE-2016-5131 at NVDCVE-2016-9318 at SUSECVE-2016-9318 at NVDCVE-2016-9597 at SUSECVE-2016-9597 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-15412 at SUSECVE-2017-15412 at NVDCVE-2017-18258 at SUSECVE-2017-18258 at NVDCVE-2017-5130 at SUSECVE-2017-5130 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-7375 at SUSECVE-2017-7375 at NVDCVE-2017-7376 at SUSECVE-2017-7376 at NVDCVE-2017-8872 at SUSECVE-2017-8872 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2017-9050 at SUSECVE-2017-9050 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDcpe:/o:suse:sles:12:sp4libxmltooling6-1.5.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libxmltooling6-1.5.6-3.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-0486 at SUSECVE-2018-0486 at NVDCVE-2018-0489 at SUSECVE-2018-0489 at NVDcpe:/o:suse:sles:12:sp4libxslt-tools-1.1.28-16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libxslt-tools-1.1.28-16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDcpe:/o:suse:sles:12:sp4libyaml-0-2-0.1.6-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libyaml-0-2-0.1.6-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6393 at SUSECVE-2013-6393 at NVDCVE-2014-2525 at SUSECVE-2014-2525 at NVDCVE-2014-9130 at SUSECVE-2014-9130 at NVDcpe:/o:suse:sles:12:sp4libykcs11-1-1.5.0-3.16 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libykcs11-1-1.5.0-3.16 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-14779 at SUSECVE-2018-14779 at NVDCVE-2018-14780 at SUSECVE-2018-14780 at NVDcpe:/o:suse:sles:12:sp4libz1-1.2.11-1.27 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libz1-1.2.11-1.27 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDcpe:/o:suse:sles:12:sp4libzip2-0.11.1-13.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libzip2-0.11.1-13.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0421 at SUSECVE-2011-0421 at NVDCVE-2012-1162 at SUSECVE-2012-1162 at NVDCVE-2012-1163 at SUSECVE-2012-1163 at NVDCVE-2015-2331 at SUSECVE-2015-2331 at NVDCVE-2017-14107 at SUSECVE-2017-14107 at NVDcpe:/o:suse:sles:12:sp4libzypp-16.19.0-2.36.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the libzypp-16.19.0-2.36.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDcpe:/o:suse:sles:12:sp4logrotate-3.11.0-2.11.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the logrotate-3.11.0-2.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1098 at SUSECVE-2011-1098 at NVDCVE-2011-1154 at SUSECVE-2011-1154 at NVDCVE-2011-1155 at SUSECVE-2011-1155 at NVDcpe:/o:suse:sles:12:sp4logwatch-7.4.3-15.65 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the logwatch-7.4.3-15.65 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1018 at SUSECVE-2011-1018 at NVDcpe:/o:suse:sles:12:sp4mailman-2.1.17-1.18 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the mailman-2.1.17-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0707 at SUSECVE-2011-0707 at NVDcpe:/o:suse:sles:12:sp4mailx-12.5-28.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the mailx-12.5-28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2004-2771 at SUSECVE-2004-2771 at NVDCVE-2014-7844 at SUSECVE-2014-7844 at NVDcpe:/o:suse:sles:12:sp4mariadb-10.2.18-1.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the mariadb-10.2.18-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2007-5970 at SUSECVE-2007-5970 at NVDCVE-2008-7247 at SUSECVE-2008-7247 at NVDCVE-2009-4019 at SUSECVE-2009-4019 at NVDCVE-2009-4028 at SUSECVE-2009-4028 at NVDCVE-2009-4030 at SUSECVE-2009-4030 at NVDCVE-2010-5298 at SUSECVE-2010-5298 at NVDCVE-2012-5615 at SUSECVE-2012-5615 at NVDCVE-2013-1976 at SUSECVE-2013-1976 at NVDCVE-2014-0195 at SUSECVE-2014-0195 at NVDCVE-2014-0198 at SUSECVE-2014-0198 at NVDCVE-2014-0221 at SUSECVE-2014-0221 at NVDCVE-2014-0224 at SUSECVE-2014-0224 at NVDCVE-2014-2494 at SUSECVE-2014-2494 at NVDCVE-2014-3470 at SUSECVE-2014-3470 at NVDCVE-2014-4207 at SUSECVE-2014-4207 at NVDCVE-2014-4258 at SUSECVE-2014-4258 at NVDCVE-2014-4260 at SUSECVE-2014-4260 at NVDCVE-2014-4274 at SUSECVE-2014-4274 at NVDCVE-2014-4287 at SUSECVE-2014-4287 at NVDCVE-2014-6463 at SUSECVE-2014-6463 at NVDCVE-2014-6464 at SUSECVE-2014-6464 at NVDCVE-2014-6469 at SUSECVE-2014-6469 at NVDCVE-2014-6474 at SUSECVE-2014-6474 at NVDCVE-2014-6478 at SUSECVE-2014-6478 at NVDCVE-2014-6484 at SUSECVE-2014-6484 at NVDCVE-2014-6489 at SUSECVE-2014-6489 at NVDCVE-2014-6491 at SUSECVE-2014-6491 at NVDCVE-2014-6494 at SUSECVE-2014-6494 at NVDCVE-2014-6495 at SUSECVE-2014-6495 at NVDCVE-2014-6496 at SUSECVE-2014-6496 at NVDCVE-2014-6500 at SUSECVE-2014-6500 at NVDCVE-2014-6505 at SUSECVE-2014-6505 at NVDCVE-2014-6507 at SUSECVE-2014-6507 at NVDCVE-2014-6520 at SUSECVE-2014-6520 at NVDCVE-2014-6530 at SUSECVE-2014-6530 at NVDCVE-2014-6551 at SUSECVE-2014-6551 at NVDCVE-2014-6555 at SUSECVE-2014-6555 at NVDCVE-2014-6559 at SUSECVE-2014-6559 at NVDCVE-2014-6564 at SUSECVE-2014-6564 at NVDCVE-2014-6568 at SUSECVE-2014-6568 at NVDCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-0374 at SUSECVE-2015-0374 at NVDCVE-2015-0381 at SUSECVE-2015-0381 at NVDCVE-2015-0382 at SUSECVE-2015-0382 at NVDCVE-2015-0391 at SUSECVE-2015-0391 at NVDCVE-2015-0411 at SUSECVE-2015-0411 at NVDCVE-2015-0432 at SUSECVE-2015-0432 at NVDCVE-2015-0433 at SUSECVE-2015-0433 at NVDCVE-2015-0441 at SUSECVE-2015-0441 at NVDCVE-2015-0499 at SUSECVE-2015-0499 at NVDCVE-2015-0501 at SUSECVE-2015-0501 at NVDCVE-2015-0505 at SUSECVE-2015-0505 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-2568 at SUSECVE-2015-2568 at NVDCVE-2015-2571 at SUSECVE-2015-2571 at NVDCVE-2015-2573 at SUSECVE-2015-2573 at NVDCVE-2015-3152 at SUSECVE-2015-3152 at NVDCVE-2015-4792 at SUSECVE-2015-4792 at NVDCVE-2015-4802 at SUSECVE-2015-4802 at NVDCVE-2015-4807 at SUSECVE-2015-4807 at NVDCVE-2015-4815 at SUSECVE-2015-4815 at NVDCVE-2015-4826 at SUSECVE-2015-4826 at NVDCVE-2015-4830 at SUSECVE-2015-4830 at NVDCVE-2015-4836 at SUSECVE-2015-4836 at NVDCVE-2015-4858 at SUSECVE-2015-4858 at NVDCVE-2015-4861 at SUSECVE-2015-4861 at NVDCVE-2015-4870 at SUSECVE-2015-4870 at NVDCVE-2015-4913 at SUSECVE-2015-4913 at NVDCVE-2015-5969 at SUSECVE-2015-5969 at NVDCVE-2016-0505 at SUSECVE-2016-0505 at NVDCVE-2016-0546 at SUSECVE-2016-0546 at NVDCVE-2016-0596 at SUSECVE-2016-0596 at NVDCVE-2016-0597 at SUSECVE-2016-0597 at NVDCVE-2016-0598 at SUSECVE-2016-0598 at NVDCVE-2016-0600 at SUSECVE-2016-0600 at NVDCVE-2016-0606 at SUSECVE-2016-0606 at NVDCVE-2016-0608 at SUSECVE-2016-0608 at NVDCVE-2016-0609 at SUSECVE-2016-0609 at NVDCVE-2016-0616 at SUSECVE-2016-0616 at NVDCVE-2016-0640 at SUSECVE-2016-0640 at NVDCVE-2016-0641 at SUSECVE-2016-0641 at NVDCVE-2016-0642 at SUSECVE-2016-0642 at NVDCVE-2016-0643 at SUSECVE-2016-0643 at NVDCVE-2016-0644 at SUSECVE-2016-0644 at NVDCVE-2016-0646 at SUSECVE-2016-0646 at NVDCVE-2016-0647 at SUSECVE-2016-0647 at NVDCVE-2016-0648 at SUSECVE-2016-0648 at NVDCVE-2016-0649 at SUSECVE-2016-0649 at NVDCVE-2016-0650 at SUSECVE-2016-0650 at NVDCVE-2016-0651 at SUSECVE-2016-0651 at NVDCVE-2016-0655 at SUSECVE-2016-0655 at NVDCVE-2016-0666 at SUSECVE-2016-0666 at NVDCVE-2016-0668 at SUSECVE-2016-0668 at NVDCVE-2016-2047 at SUSECVE-2016-2047 at NVDCVE-2016-3477 at SUSECVE-2016-3477 at NVDCVE-2016-3492 at SUSECVE-2016-3492 at NVDCVE-2016-3521 at SUSECVE-2016-3521 at NVDCVE-2016-3615 at SUSECVE-2016-3615 at NVDCVE-2016-5440 at SUSECVE-2016-5440 at NVDCVE-2016-5584 at SUSECVE-2016-5584 at NVDCVE-2016-5624 at SUSECVE-2016-5624 at NVDCVE-2016-5626 at SUSECVE-2016-5626 at NVDCVE-2016-5629 at SUSECVE-2016-5629 at NVDCVE-2016-6662 at SUSECVE-2016-6662 at NVDCVE-2016-6663 at SUSECVE-2016-6663 at NVDCVE-2016-6664 at SUSECVE-2016-6664 at NVDCVE-2016-7440 at SUSECVE-2016-7440 at NVDCVE-2016-8283 at SUSECVE-2016-8283 at NVDCVE-2017-10268 at SUSECVE-2017-10268 at NVDCVE-2017-10320 at SUSECVE-2017-10320 at NVDCVE-2017-10365 at SUSECVE-2017-10365 at NVDCVE-2017-10378 at SUSECVE-2017-10378 at NVDCVE-2017-15365 at SUSECVE-2017-15365 at NVDCVE-2017-3238 at SUSECVE-2017-3238 at NVDCVE-2017-3243 at SUSECVE-2017-3243 at NVDCVE-2017-3244 at SUSECVE-2017-3244 at NVDCVE-2017-3257 at SUSECVE-2017-3257 at NVDCVE-2017-3258 at SUSECVE-2017-3258 at NVDCVE-2017-3265 at SUSECVE-2017-3265 at NVDCVE-2017-3291 at SUSECVE-2017-3291 at NVDCVE-2017-3302 at SUSECVE-2017-3302 at NVDCVE-2017-3308 at SUSECVE-2017-3308 at NVDCVE-2017-3309 at SUSECVE-2017-3309 at NVDCVE-2017-3312 at SUSECVE-2017-3312 at NVDCVE-2017-3313 at SUSECVE-2017-3313 at NVDCVE-2017-3317 at SUSECVE-2017-3317 at NVDCVE-2017-3318 at SUSECVE-2017-3318 at NVDCVE-2017-3453 at SUSECVE-2017-3453 at NVDCVE-2017-3456 at SUSECVE-2017-3456 at NVDCVE-2017-3464 at SUSECVE-2017-3464 at NVDCVE-2017-3636 at SUSECVE-2017-3636 at NVDCVE-2017-3641 at SUSECVE-2017-3641 at NVDCVE-2017-3653 at SUSECVE-2017-3653 at NVDCVE-2018-2562 at SUSECVE-2018-2562 at NVDCVE-2018-2612 at SUSECVE-2018-2612 at NVDCVE-2018-2622 at SUSECVE-2018-2622 at NVDCVE-2018-2640 at SUSECVE-2018-2640 at NVDCVE-2018-2665 at SUSECVE-2018-2665 at NVDCVE-2018-2668 at SUSECVE-2018-2668 at NVDCVE-2018-2755 at SUSECVE-2018-2755 at NVDCVE-2018-2759 at SUSECVE-2018-2759 at NVDCVE-2018-2761 at SUSECVE-2018-2761 at NVDCVE-2018-2766 at SUSECVE-2018-2766 at NVDCVE-2018-2767 at SUSECVE-2018-2767 at NVDCVE-2018-2771 at SUSECVE-2018-2771 at NVDCVE-2018-2777 at SUSECVE-2018-2777 at NVDCVE-2018-2781 at SUSECVE-2018-2781 at NVDCVE-2018-2782 at SUSECVE-2018-2782 at NVDCVE-2018-2784 at SUSECVE-2018-2784 at NVDCVE-2018-2786 at SUSECVE-2018-2786 at NVDCVE-2018-2787 at SUSECVE-2018-2787 at NVDCVE-2018-2810 at SUSECVE-2018-2810 at NVDCVE-2018-2813 at SUSECVE-2018-2813 at NVDCVE-2018-2817 at SUSECVE-2018-2817 at NVDCVE-2018-2819 at SUSECVE-2018-2819 at NVDCVE-2018-3058 at SUSECVE-2018-3058 at NVDCVE-2018-3060 at SUSECVE-2018-3060 at NVDCVE-2018-3063 at SUSECVE-2018-3063 at NVDCVE-2018-3064 at SUSECVE-2018-3064 at NVDCVE-2018-3066 at SUSECVE-2018-3066 at NVDcpe:/o:suse:sles:12:sp4memcached-1.4.39-4.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the memcached-1.4.39-4.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1494 at SUSECVE-2009-1494 at NVDCVE-2011-4971 at SUSECVE-2011-4971 at NVDCVE-2013-0179 at SUSECVE-2013-0179 at NVDCVE-2013-7239 at SUSECVE-2013-7239 at NVDCVE-2013-7290 at SUSECVE-2013-7290 at NVDCVE-2013-7291 at SUSECVE-2013-7291 at NVDCVE-2016-8704 at SUSECVE-2016-8704 at NVDCVE-2016-8705 at SUSECVE-2016-8705 at NVDCVE-2016-8706 at SUSECVE-2016-8706 at NVDCVE-2017-9951 at SUSECVE-2017-9951 at NVDCVE-2018-1000115 at SUSECVE-2018-1000115 at NVDcpe:/o:suse:sles:12:sp4minicom-2.7-3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the minicom-2.7-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-7467 at SUSECVE-2017-7467 at NVDcpe:/o:suse:sles:12:sp4mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-19.63 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2522 at SUSECVE-2010-2522 at NVDCVE-2010-2523 at SUSECVE-2010-2523 at NVDcpe:/o:suse:sles:12:sp4mozilla-nspr-32bit-4.13.1-18.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the mozilla-nspr-32bit-4.13.1-18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-1545 at SUSECVE-2014-1545 at NVDCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:sles:12:sp4mutt-1.10.1-55.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the mutt-1.10.1-55.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-0467 at SUSECVE-2014-0467 at NVDCVE-2014-9116 at SUSECVE-2014-9116 at NVDCVE-2018-14349 at SUSECVE-2018-14349 at NVDCVE-2018-14350 at SUSECVE-2018-14350 at NVDCVE-2018-14351 at SUSECVE-2018-14351 at NVDCVE-2018-14352 at SUSECVE-2018-14352 at NVDCVE-2018-14353 at SUSECVE-2018-14353 at NVDCVE-2018-14354 at SUSECVE-2018-14354 at NVDCVE-2018-14355 at SUSECVE-2018-14355 at NVDCVE-2018-14356 at SUSECVE-2018-14356 at NVDCVE-2018-14357 at SUSECVE-2018-14357 at NVDCVE-2018-14358 at SUSECVE-2018-14358 at NVDCVE-2018-14359 at SUSECVE-2018-14359 at NVDCVE-2018-14360 at SUSECVE-2018-14360 at NVDCVE-2018-14361 at SUSECVE-2018-14361 at NVDCVE-2018-14362 at SUSECVE-2018-14362 at NVDCVE-2018-14363 at SUSECVE-2018-14363 at NVDcpe:/o:suse:sles:12:sp4ntp-4.2.8p12-64.8.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ntp-4.2.8p12-64.8.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0159 at SUSECVE-2009-0159 at NVDCVE-2009-1252 at SUSECVE-2009-1252 at NVDCVE-2013-5211 at SUSECVE-2013-5211 at NVDCVE-2014-9293 at SUSECVE-2014-9293 at NVDCVE-2014-9294 at SUSECVE-2014-9294 at NVDCVE-2014-9295 at SUSECVE-2014-9295 at NVDCVE-2014-9296 at SUSECVE-2014-9296 at NVDCVE-2014-9297 at SUSECVE-2014-9297 at NVDCVE-2014-9298 at SUSECVE-2014-9298 at NVDCVE-2015-1798 at SUSECVE-2015-1798 at NVDCVE-2015-1799 at SUSECVE-2015-1799 at NVDCVE-2015-3405 at SUSECVE-2015-3405 at NVDCVE-2015-5219 at SUSECVE-2015-5219 at NVDCVE-2015-5300 at SUSECVE-2015-5300 at NVDCVE-2015-7691 at SUSECVE-2015-7691 at NVDCVE-2015-7692 at SUSECVE-2015-7692 at NVDCVE-2015-7701 at SUSECVE-2015-7701 at NVDCVE-2015-7702 at SUSECVE-2015-7702 at NVDCVE-2015-7703 at SUSECVE-2015-7703 at NVDCVE-2015-7704 at SUSECVE-2015-7704 at NVDCVE-2015-7705 at SUSECVE-2015-7705 at NVDCVE-2015-7848 at SUSECVE-2015-7848 at NVDCVE-2015-7849 at SUSECVE-2015-7849 at NVDCVE-2015-7850 at SUSECVE-2015-7850 at NVDCVE-2015-7851 at SUSECVE-2015-7851 at NVDCVE-2015-7852 at SUSECVE-2015-7852 at NVDCVE-2015-7853 at SUSECVE-2015-7853 at NVDCVE-2015-7854 at SUSECVE-2015-7854 at NVDCVE-2015-7855 at SUSECVE-2015-7855 at NVDCVE-2015-7871 at SUSECVE-2015-7871 at NVDCVE-2015-7973 at SUSECVE-2015-7973 at NVDCVE-2015-7974 at SUSECVE-2015-7974 at NVDCVE-2015-7975 at SUSECVE-2015-7975 at NVDCVE-2015-7976 at SUSECVE-2015-7976 at NVDCVE-2015-7977 at SUSECVE-2015-7977 at NVDCVE-2015-7978 at SUSECVE-2015-7978 at NVDCVE-2015-7979 at SUSECVE-2015-7979 at NVDCVE-2015-8138 at SUSECVE-2015-8138 at NVDCVE-2015-8139 at SUSECVE-2015-8139 at NVDCVE-2015-8140 at SUSECVE-2015-8140 at NVDCVE-2015-8158 at SUSECVE-2015-8158 at NVDCVE-2016-1547 at SUSECVE-2016-1547 at NVDCVE-2016-1548 at SUSECVE-2016-1548 at NVDCVE-2016-1549 at SUSECVE-2016-1549 at NVDCVE-2016-1550 at SUSECVE-2016-1550 at NVDCVE-2016-1551 at SUSECVE-2016-1551 at NVDCVE-2016-2516 at SUSECVE-2016-2516 at NVDCVE-2016-2517 at SUSECVE-2016-2517 at NVDCVE-2016-2518 at SUSECVE-2016-2518 at NVDCVE-2016-2519 at SUSECVE-2016-2519 at NVDCVE-2016-4953 at SUSECVE-2016-4953 at NVDCVE-2016-4954 at SUSECVE-2016-4954 at NVDCVE-2016-4955 at SUSECVE-2016-4955 at NVDCVE-2016-4956 at SUSECVE-2016-4956 at NVDCVE-2016-4957 at SUSECVE-2016-4957 at NVDCVE-2016-7426 at SUSECVE-2016-7426 at NVDCVE-2016-7427 at SUSECVE-2016-7427 at NVDCVE-2016-7428 at SUSECVE-2016-7428 at NVDCVE-2016-7429 at SUSECVE-2016-7429 at NVDCVE-2016-7431 at SUSECVE-2016-7431 at NVDCVE-2016-7433 at SUSECVE-2016-7433 at NVDCVE-2016-7434 at SUSECVE-2016-7434 at NVDCVE-2016-9042 at SUSECVE-2016-9042 at NVDCVE-2016-9310 at SUSECVE-2016-9310 at NVDCVE-2016-9311 at SUSECVE-2016-9311 at NVDCVE-2017-6451 at SUSECVE-2017-6451 at NVDCVE-2017-6458 at SUSECVE-2017-6458 at NVDCVE-2017-6460 at SUSECVE-2017-6460 at NVDCVE-2017-6462 at SUSECVE-2017-6462 at NVDCVE-2017-6463 at SUSECVE-2017-6463 at NVDCVE-2017-6464 at SUSECVE-2017-6464 at NVDCVE-2018-12327 at SUSECVE-2018-12327 at NVDCVE-2018-7170 at SUSECVE-2018-7170 at NVDCVE-2018-7182 at SUSECVE-2018-7182 at NVDCVE-2018-7183 at SUSECVE-2018-7183 at NVDCVE-2018-7184 at SUSECVE-2018-7184 at NVDCVE-2018-7185 at SUSECVE-2018-7185 at NVDcpe:/o:suse:sles:12:sp4opensc-0.13.0-1.107 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the opensc-0.13.0-1.107 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0368 at SUSECVE-2009-0368 at NVDCVE-2010-4523 at SUSECVE-2010-4523 at NVDcpe:/o:suse:sles:12:sp4openslp-2.0.0-18.17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the openslp-2.0.0-18.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-3609 at SUSECVE-2010-3609 at NVDCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-6354 at SUSECVE-2016-6354 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:sles:12:sp4openssh-7.2p2-74.25.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the openssh-7.2p2-74.25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-1483 at SUSECVE-2008-1483 at NVDCVE-2014-2653 at SUSECVE-2014-2653 at NVDCVE-2015-5352 at SUSECVE-2015-5352 at NVDCVE-2015-5600 at SUSECVE-2015-5600 at NVDCVE-2015-6563 at SUSECVE-2015-6563 at NVDCVE-2015-6564 at SUSECVE-2015-6564 at NVDCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-10708 at SUSECVE-2016-10708 at NVDCVE-2016-1908 at SUSECVE-2016-1908 at NVDCVE-2016-3115 at SUSECVE-2016-3115 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2017-15906 at SUSECVE-2017-15906 at NVDcpe:/o:suse:sles:12:sp4openvpn-2.3.8-16.20.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the openvpn-2.3.8-16.20.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8104 at SUSECVE-2014-8104 at NVDCVE-2016-6329 at SUSECVE-2016-6329 at NVDCVE-2017-12166 at SUSECVE-2017-12166 at NVDCVE-2017-7478 at SUSECVE-2017-7478 at NVDCVE-2017-7479 at SUSECVE-2017-7479 at NVDCVE-2017-7508 at SUSECVE-2017-7508 at NVDCVE-2017-7520 at SUSECVE-2017-7520 at NVDCVE-2017-7521 at SUSECVE-2017-7521 at NVDcpe:/o:suse:sles:12:sp4opie-2.4-724.56 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the opie-2.4-724.56 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2489 at SUSECVE-2011-2489 at NVDCVE-2011-2490 at SUSECVE-2011-2490 at NVDcpe:/o:suse:sles:12:sp4ovmf-2017+git1510945757.b2662641d5-2.18 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ovmf-2017+git1510945757.b2662641d5-2.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-0739 at SUSECVE-2018-0739 at NVDcpe:/o:suse:sles:12:sp4p7zip-9.20.1-7.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the p7zip-9.20.1-7.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-1038 at SUSECVE-2015-1038 at NVDCVE-2016-1372 at SUSECVE-2016-1372 at NVDCVE-2016-2335 at SUSECVE-2016-2335 at NVDCVE-2017-17969 at SUSECVE-2017-17969 at NVDcpe:/o:suse:sles:12:sp4pam-1.1.8-24.14.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pam-1.1.8-24.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-3430 at SUSECVE-2010-3430 at NVDCVE-2010-3431 at SUSECVE-2010-3431 at NVDCVE-2010-3853 at SUSECVE-2010-3853 at NVDCVE-2011-3148 at SUSECVE-2011-3148 at NVDCVE-2011-3149 at SUSECVE-2011-3149 at NVDCVE-2014-2583 at SUSECVE-2014-2583 at NVDCVE-2015-3238 at SUSECVE-2015-3238 at NVDcpe:/o:suse:sles:12:sp4pam-modules-12.1-23.12 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pam-modules-12.1-23.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3172 at SUSECVE-2011-3172 at NVDcpe:/o:suse:sles:12:sp4pam_krb5-2.4.4-4.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pam_krb5-2.4.4-4.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-3825 at SUSECVE-2008-3825 at NVDCVE-2009-1384 at SUSECVE-2009-1384 at NVDcpe:/o:suse:sles:12:sp4pam_ssh-2.0-1.39 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pam_ssh-2.0-1.39 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-1273 at SUSECVE-2009-1273 at NVDcpe:/o:suse:sles:12:sp4pam_yubico-2.26-1.25 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pam_yubico-2.26-1.25 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-9275 at SUSECVE-2018-9275 at NVDcpe:/o:suse:sles:12:sp4patch-2.7.5-8.5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the patch-2.7.5-8.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-4651 at SUSECVE-2010-4651 at NVDCVE-2015-1196 at SUSECVE-2015-1196 at NVDCVE-2015-1395 at SUSECVE-2015-1395 at NVDCVE-2015-1396 at SUSECVE-2015-1396 at NVDCVE-2016-10713 at SUSECVE-2016-10713 at NVDCVE-2018-1000156 at SUSECVE-2018-1000156 at NVDCVE-2018-6951 at SUSECVE-2018-6951 at NVDcpe:/o:suse:sles:12:sp4pcsc-ccid-1.4.25-4.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pcsc-ccid-1.4.25-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-4530 at SUSECVE-2010-4530 at NVDcpe:/o:suse:sles:12:sp4perl-32bit-5.18.2-12.17.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-32bit-5.18.2-12.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2761 at SUSECVE-2010-2761 at NVDCVE-2010-4410 at SUSECVE-2010-4410 at NVDCVE-2010-4411 at SUSECVE-2010-4411 at NVDCVE-2010-4777 at SUSECVE-2010-4777 at NVDCVE-2015-8853 at SUSECVE-2015-8853 at NVDCVE-2016-1238 at SUSECVE-2016-1238 at NVDCVE-2016-2381 at SUSECVE-2016-2381 at NVDCVE-2016-6185 at SUSECVE-2016-6185 at NVDCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2017-6512 at SUSECVE-2017-6512 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-6797 at SUSECVE-2018-6797 at NVDCVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:sles:12:sp4perl-Archive-Zip-1.34-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-Archive-Zip-1.34-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-10860 at SUSECVE-2018-10860 at NVDcpe:/o:suse:sles:12:sp4perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-Config-IniFiles-2.82-3.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2451 at SUSECVE-2012-2451 at NVDcpe:/o:suse:sles:12:sp4perl-DBD-mysql-4.021-12.5.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-DBD-mysql-4.021-12.5.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-1246 at SUSECVE-2016-1246 at NVDCVE-2016-1249 at SUSECVE-2016-1249 at NVDCVE-2016-1251 at SUSECVE-2016-1251 at NVDCVE-2017-10788 at SUSECVE-2017-10788 at NVDCVE-2017-10789 at SUSECVE-2017-10789 at NVDcpe:/o:suse:sles:12:sp4perl-HTML-Parser-3.71-1.145 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-HTML-Parser-3.71-1.145 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-3627 at SUSECVE-2009-3627 at NVDcpe:/o:suse:sles:12:sp4perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-LWP-Protocol-https-6.04-5.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3230 at SUSECVE-2014-3230 at NVDcpe:/o:suse:sles:12:sp4perl-Tk-804.031-3.76 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-Tk-804.031-3.76 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-4484 at SUSECVE-2006-4484 at NVDcpe:/o:suse:sles:12:sp4perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-XML-LibXML-2.0019-6.3.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-3451 at SUSECVE-2015-3451 at NVDCVE-2017-10672 at SUSECVE-2017-10672 at NVDcpe:/o:suse:sles:12:sp4perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the perl-YAML-LibYAML-0.38-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-1152 at SUSECVE-2012-1152 at NVDCVE-2013-6393 at SUSECVE-2013-6393 at NVDCVE-2014-2525 at SUSECVE-2014-2525 at NVDCVE-2014-9130 at SUSECVE-2014-9130 at NVDcpe:/o:suse:sles:12:sp4pigz-2.3-5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the pigz-2.3-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-1191 at SUSECVE-2015-1191 at NVDcpe:/o:suse:sles:12:sp4policycoreutils-2.5-10.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the policycoreutils-2.5-10.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:sles:12:sp4powerpc-utils-1.3.5-3.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the powerpc-utils-1.3.5-3.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:sles:12:sp4ppc64-diag-2.7.4-1.18 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ppc64-diag-2.7.4-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-4038 at SUSECVE-2014-4038 at NVDCVE-2014-4039 at SUSECVE-2014-4039 at NVDcpe:/o:suse:sles:12:sp4ppp-2.4.7-3.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ppp-2.4.7-3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3158 at SUSECVE-2014-3158 at NVDCVE-2015-3310 at SUSECVE-2015-3310 at NVDcpe:/o:suse:sles:12:sp4procmail-3.22-269.3.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the procmail-3.22-269.3.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:sles:12:sp4python-2.7.13-28.11.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-2.7.13-28.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4238 at SUSECVE-2013-4238 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-1000158 at SUSECVE-2017-1000158 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000030 at SUSECVE-2018-1000030 at NVDcpe:/o:suse:sles:12:sp4python-PyYAML-3.12-26.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-PyYAML-3.12-26.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9130 at SUSECVE-2014-9130 at NVDcpe:/o:suse:sles:12:sp4python-cupshelpers-1.5.7-7.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-cupshelpers-1.5.7-7.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-4405 at SUSECVE-2011-4405 at NVDcpe:/o:suse:sles:12:sp4python-doc-2.7.13-28.11.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-doc-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-1000158 at SUSECVE-2017-1000158 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000030 at SUSECVE-2018-1000030 at NVDcpe:/o:suse:sles:12:sp4python-imaging-1.1.7-21.15 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-imaging-1.1.7-21.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-1932 at SUSECVE-2014-1932 at NVDcpe:/o:suse:sles:12:sp4python-libxml2-2.9.4-46.15.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-libxml2-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-4225 at SUSECVE-2008-4225 at NVDCVE-2008-4226 at SUSECVE-2008-4226 at NVDCVE-2008-4409 at SUSECVE-2008-4409 at NVDCVE-2012-5134 at SUSECVE-2012-5134 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDcpe:/o:suse:sles:12:sp4python-pyOpenSSL-16.0.0-4.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-pyOpenSSL-16.0.0-4.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4314 at SUSECVE-2013-4314 at NVDcpe:/o:suse:sles:12:sp4python-pywbem-0.7.0-4.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-pywbem-0.7.0-4.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6418 at SUSECVE-2013-6418 at NVDcpe:/o:suse:sles:12:sp4python-requests-2.11.1-6.28.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python-requests-2.11.1-6.28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-1829 at SUSECVE-2014-1829 at NVDCVE-2014-1830 at SUSECVE-2014-1830 at NVDCVE-2015-2296 at SUSECVE-2015-2296 at NVDcpe:/o:suse:sles:12:sp4python3-3.4.6-25.16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python3-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4238 at SUSECVE-2013-4238 at NVDCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDcpe:/o:suse:sles:12:sp4python3-requests-2.7.0-2.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the python3-requests-2.7.0-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-1829 at SUSECVE-2014-1829 at NVDCVE-2014-1830 at SUSECVE-2014-1830 at NVDcpe:/o:suse:sles:12:sp4qemu-2.11.2-4.14 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the qemu-2.11.2-4.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-0928 at SUSECVE-2008-0928 at NVDCVE-2008-1945 at SUSECVE-2008-1945 at NVDCVE-2008-2382 at SUSECVE-2008-2382 at NVDCVE-2008-4539 at SUSECVE-2008-4539 at NVDCVE-2012-3515 at SUSECVE-2012-3515 at NVDCVE-2013-4148 at SUSECVE-2013-4148 at NVDCVE-2013-4149 at SUSECVE-2013-4149 at NVDCVE-2013-4150 at SUSECVE-2013-4150 at NVDCVE-2013-4151 at SUSECVE-2013-4151 at NVDCVE-2013-4526 at SUSECVE-2013-4526 at NVDCVE-2013-4527 at SUSECVE-2013-4527 at NVDCVE-2013-4529 at SUSECVE-2013-4529 at NVDCVE-2013-4530 at SUSECVE-2013-4530 at NVDCVE-2013-4531 at SUSECVE-2013-4531 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4535 at SUSECVE-2013-4535 at NVDCVE-2013-4536 at SUSECVE-2013-4536 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2013-4541 at SUSECVE-2013-4541 at NVDCVE-2013-4542 at SUSECVE-2013-4542 at NVDCVE-2013-4544 at SUSECVE-2013-4544 at NVDCVE-2013-6399 at SUSECVE-2013-6399 at NVDCVE-2014-0142 at SUSECVE-2014-0142 at NVDCVE-2014-0143 at SUSECVE-2014-0143 at NVDCVE-2014-0144 at SUSECVE-2014-0144 at NVDCVE-2014-0145 at SUSECVE-2014-0145 at NVDCVE-2014-0146 at SUSECVE-2014-0146 at NVDCVE-2014-0147 at SUSECVE-2014-0147 at NVDCVE-2014-0150 at SUSECVE-2014-0150 at NVDCVE-2014-0182 at SUSECVE-2014-0182 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-10911 at SUSECVE-2017-10911 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-12809 at SUSECVE-2017-12809 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15124 at SUSECVE-2017-15124 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-16845 at SUSECVE-2017-16845 at NVDCVE-2017-17381 at SUSECVE-2017-17381 at NVDCVE-2017-18043 at SUSECVE-2017-18043 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5683 at SUSECVE-2018-5683 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDcpe:/o:suse:sles:12:sp4radvd-1.9.7-2.12 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the radvd-1.9.7-2.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3602 at SUSECVE-2011-3602 at NVDcpe:/o:suse:sles:12:sp4res-signingkeys-3.0.38-52.26.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the res-signingkeys-3.0.38-52.26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3566 at SUSECVE-2014-3566 at NVDCVE-2018-12470 at SUSECVE-2018-12470 at NVDCVE-2018-12471 at SUSECVE-2018-12471 at NVDCVE-2018-12472 at SUSECVE-2018-12472 at NVDcpe:/o:suse:sles:12:sp4rpcbind-0.2.3-23.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rpcbind-0.2.3-23.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:sles:12:sp4rpm-32bit-4.11.2-16.16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rpm-32bit-4.11.2-16.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-6435 at SUSECVE-2013-6435 at NVDCVE-2014-8118 at SUSECVE-2014-8118 at NVDCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2017-7501 at SUSECVE-2017-7501 at NVDcpe:/o:suse:sles:12:sp4rrdtool-1.4.7-20.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rrdtool-1.4.7-20.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-2131 at SUSECVE-2013-2131 at NVDcpe:/o:suse:sles:12:sp4rsync-3.1.0-13.13.3 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rsync-3.1.0-13.13.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1097 at SUSECVE-2011-1097 at NVDCVE-2014-2855 at SUSECVE-2014-2855 at NVDCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2017-17433 at SUSECVE-2017-17433 at NVDCVE-2017-17434 at SUSECVE-2017-17434 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDcpe:/o:suse:sles:12:sp4rsyslog-8.24.0-3.16.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rsyslog-8.24.0-3.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3200 at SUSECVE-2011-3200 at NVDCVE-2013-4758 at SUSECVE-2013-4758 at NVDCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDCVE-2014-3634 at SUSECVE-2014-3634 at NVDCVE-2014-3683 at SUSECVE-2014-3683 at NVDCVE-2015-3243 at SUSECVE-2015-3243 at NVDcpe:/o:suse:sles:12:sp4rtkit-0.11_git201205151338-8.14 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rtkit-0.11_git201205151338-8.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4326 at SUSECVE-2013-4326 at NVDcpe:/o:suse:sles:12:sp4ruby-2.1-1.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ruby-2.1-1.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-4492 at SUSECVE-2009-4492 at NVDCVE-2010-0541 at SUSECVE-2010-0541 at NVDCVE-2011-1004 at SUSECVE-2011-1004 at NVDCVE-2011-1005 at SUSECVE-2011-1005 at NVDCVE-2011-4815 at SUSECVE-2011-4815 at NVDcpe:/o:suse:sles:12:sp4rzsz-0.12.21~rc-1001.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the rzsz-0.12.21~rc-1001.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2018-10195 at SUSECVE-2018-10195 at NVDcpe:/o:suse:sles:12:sp4sane-backends-1.0.24-3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the sane-backends-1.0.24-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-6318 at SUSECVE-2017-6318 at NVDcpe:/o:suse:sles:12:sp4sblim-sfcb-1.4.8-17.3.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the sblim-sfcb-1.4.8-17.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-5185 at SUSECVE-2015-5185 at NVDcpe:/o:suse:sles:12:sp4shadow-4.2.1-27.19.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the shadow-4.2.1-27.19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-6252 at SUSECVE-2016-6252 at NVDCVE-2017-12424 at SUSECVE-2017-12424 at NVDCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:sles:12:sp4shim-0.9-23.14 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the shim-0.9-23.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDcpe:/o:suse:sles:12:sp4socat-1.7.2.4-3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the socat-1.7.2.4-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-3571 at SUSECVE-2013-3571 at NVDCVE-2014-0019 at SUSECVE-2014-0019 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sles:12:sp4spice-vdagent-0.16.0-8.5.15 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the spice-vdagent-0.16.0-8.5.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-15108 at SUSECVE-2017-15108 at NVDcpe:/o:suse:sles:12:sp4squashfs-4.3-6.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the squashfs-4.3-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-4024 at SUSECVE-2012-4024 at NVDCVE-2012-4025 at SUSECVE-2012-4025 at NVDcpe:/o:suse:sles:12:sp4squid-3.5.21-26.9.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the squid-3.5.21-26.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-5643 at SUSECVE-2012-5643 at NVDCVE-2014-7141 at SUSECVE-2014-7141 at NVDCVE-2014-7142 at SUSECVE-2014-7142 at NVDCVE-2014-9749 at SUSECVE-2014-9749 at NVDCVE-2015-5400 at SUSECVE-2015-5400 at NVDCVE-2016-10002 at SUSECVE-2016-10002 at NVDCVE-2016-10003 at SUSECVE-2016-10003 at NVDCVE-2016-2390 at SUSECVE-2016-2390 at NVDCVE-2016-2569 at SUSECVE-2016-2569 at NVDCVE-2016-2570 at SUSECVE-2016-2570 at NVDCVE-2016-2571 at SUSECVE-2016-2571 at NVDCVE-2016-2572 at SUSECVE-2016-2572 at NVDCVE-2016-3947 at SUSECVE-2016-3947 at NVDCVE-2016-3948 at SUSECVE-2016-3948 at NVDCVE-2016-4051 at SUSECVE-2016-4051 at NVDCVE-2016-4052 at SUSECVE-2016-4052 at NVDCVE-2016-4053 at SUSECVE-2016-4053 at NVDCVE-2016-4054 at SUSECVE-2016-4054 at NVDCVE-2016-4553 at SUSECVE-2016-4553 at NVDCVE-2016-4554 at SUSECVE-2016-4554 at NVDCVE-2016-4555 at SUSECVE-2016-4555 at NVDCVE-2016-4556 at SUSECVE-2016-4556 at NVDCVE-2018-1000024 at SUSECVE-2018-1000024 at NVDCVE-2018-1000027 at SUSECVE-2018-1000027 at NVDCVE-2018-1172 at SUSECVE-2018-1172 at NVDcpe:/o:suse:sles:12:sp4squidGuard-1.4-30.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the squidGuard-1.4-30.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-3700 at SUSECVE-2009-3700 at NVDCVE-2009-3826 at SUSECVE-2009-3826 at NVDCVE-2015-8936 at SUSECVE-2015-8936 at NVDcpe:/o:suse:sles:12:sp4strongswan-5.1.3-26.5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the strongswan-5.1.3-26.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-0790 at SUSECVE-2009-0790 at NVDCVE-2012-2388 at SUSECVE-2012-2388 at NVDCVE-2013-2944 at SUSECVE-2013-2944 at NVDCVE-2013-5018 at SUSECVE-2013-5018 at NVDCVE-2013-6075 at SUSECVE-2013-6075 at NVDCVE-2013-6076 at SUSECVE-2013-6076 at NVDCVE-2014-2338 at SUSECVE-2014-2338 at NVDCVE-2014-9221 at SUSECVE-2014-9221 at NVDCVE-2015-4171 at SUSECVE-2015-4171 at NVDCVE-2015-8023 at SUSECVE-2015-8023 at NVDCVE-2017-11185 at SUSECVE-2017-11185 at NVDCVE-2017-9022 at SUSECVE-2017-9022 at NVDCVE-2017-9023 at SUSECVE-2017-9023 at NVDcpe:/o:suse:sles:12:sp4stunnel-5.00-4.3.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the stunnel-5.00-4.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1762 at SUSECVE-2013-1762 at NVDCVE-2014-0016 at SUSECVE-2014-0016 at NVDCVE-2015-3644 at SUSECVE-2015-3644 at NVDcpe:/o:suse:sles:12:sp4sudo-1.8.20p2-3.7.10 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the sudo-1.8.20p2-3.7.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-1163 at SUSECVE-2010-1163 at NVDCVE-2010-1646 at SUSECVE-2010-1646 at NVDCVE-2011-0010 at SUSECVE-2011-0010 at NVDCVE-2012-2337 at SUSECVE-2012-2337 at NVDCVE-2013-1775 at SUSECVE-2013-1775 at NVDCVE-2013-1776 at SUSECVE-2013-1776 at NVDCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDcpe:/o:suse:sles:12:sp4supportutils-3.0-95.18.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the supportutils-3.0-95.18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-1602 at SUSECVE-2016-1602 at NVDcpe:/o:suse:sles:12:sp4sysconfig-0.84.0-13.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the sysconfig-0.84.0-13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-4182 at SUSECVE-2011-4182 at NVDcpe:/o:suse:sles:12:sp4syslog-service-2.0-778.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the syslog-service-2.0-778.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3634 at SUSECVE-2014-3634 at NVDcpe:/o:suse:sles:12:sp4systemtap-3.0-15.13 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the systemtap-3.0-15.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2009-2911 at SUSECVE-2009-2911 at NVDCVE-2009-4273 at SUSECVE-2009-4273 at NVDCVE-2010-0411 at SUSECVE-2010-0411 at NVDCVE-2010-0412 at SUSECVE-2010-0412 at NVDcpe:/o:suse:sles:12:sp4sysvinit-tools-2.88+-99.15 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the sysvinit-tools-2.88+-99.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2483 at SUSECVE-2011-2483 at NVDcpe:/o:suse:sles:12:sp4tar-1.27.1-15.3.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the tar-1.27.1-15.3.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-0624 at SUSECVE-2010-0624 at NVDCVE-2016-6321 at SUSECVE-2016-6321 at NVDcpe:/o:suse:sles:12:sp4tboot-20170711_1.9.7-1.10 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the tboot-20170711_1.9.7-1.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-16837 at SUSECVE-2017-16837 at NVDcpe:/o:suse:sles:12:sp4tcpdump-4.9.2-14.5.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the tcpdump-4.9.2-14.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8767 at SUSECVE-2014-8767 at NVDCVE-2014-8768 at SUSECVE-2014-8768 at NVDCVE-2014-8769 at SUSECVE-2014-8769 at NVDCVE-2014-9140 at SUSECVE-2014-9140 at NVDCVE-2015-0261 at SUSECVE-2015-0261 at NVDCVE-2015-2153 at SUSECVE-2015-2153 at NVDCVE-2015-2154 at SUSECVE-2015-2154 at NVDCVE-2015-2155 at SUSECVE-2015-2155 at NVDCVE-2015-3138 at SUSECVE-2015-3138 at NVDCVE-2016-7922 at SUSECVE-2016-7922 at NVDCVE-2016-7923 at SUSECVE-2016-7923 at NVDCVE-2016-7924 at SUSECVE-2016-7924 at NVDCVE-2016-7925 at SUSECVE-2016-7925 at NVDCVE-2016-7926 at SUSECVE-2016-7926 at NVDCVE-2016-7927 at SUSECVE-2016-7927 at NVDCVE-2016-7928 at SUSECVE-2016-7928 at NVDCVE-2016-7929 at SUSECVE-2016-7929 at NVDCVE-2016-7930 at SUSECVE-2016-7930 at NVDCVE-2016-7931 at SUSECVE-2016-7931 at NVDCVE-2016-7932 at SUSECVE-2016-7932 at NVDCVE-2016-7933 at SUSECVE-2016-7933 at NVDCVE-2016-7934 at SUSECVE-2016-7934 at NVDCVE-2016-7935 at SUSECVE-2016-7935 at NVDCVE-2016-7936 at SUSECVE-2016-7936 at NVDCVE-2016-7937 at SUSECVE-2016-7937 at NVDCVE-2016-7938 at SUSECVE-2016-7938 at NVDCVE-2016-7939 at SUSECVE-2016-7939 at NVDCVE-2016-7940 at SUSECVE-2016-7940 at NVDCVE-2016-7973 at SUSECVE-2016-7973 at NVDCVE-2016-7974 at SUSECVE-2016-7974 at NVDCVE-2016-7975 at SUSECVE-2016-7975 at NVDCVE-2016-7983 at SUSECVE-2016-7983 at NVDCVE-2016-7984 at SUSECVE-2016-7984 at NVDCVE-2016-7985 at SUSECVE-2016-7985 at NVDCVE-2016-7986 at SUSECVE-2016-7986 at NVDCVE-2016-7992 at SUSECVE-2016-7992 at NVDCVE-2016-7993 at SUSECVE-2016-7993 at NVDCVE-2016-8574 at SUSECVE-2016-8574 at NVDCVE-2016-8575 at SUSECVE-2016-8575 at NVDCVE-2017-11108 at SUSECVE-2017-11108 at NVDCVE-2017-11541 at SUSECVE-2017-11541 at NVDCVE-2017-11542 at SUSECVE-2017-11542 at NVDCVE-2017-11543 at SUSECVE-2017-11543 at NVDCVE-2017-12893 at SUSECVE-2017-12893 at NVDCVE-2017-12894 at SUSECVE-2017-12894 at NVDCVE-2017-12895 at SUSECVE-2017-12895 at NVDCVE-2017-12896 at SUSECVE-2017-12896 at NVDCVE-2017-12897 at SUSECVE-2017-12897 at NVDCVE-2017-12898 at SUSECVE-2017-12898 at NVDCVE-2017-12899 at SUSECVE-2017-12899 at NVDCVE-2017-12900 at SUSECVE-2017-12900 at NVDCVE-2017-12901 at SUSECVE-2017-12901 at NVDCVE-2017-12902 at SUSECVE-2017-12902 at NVDCVE-2017-12985 at SUSECVE-2017-12985 at NVDCVE-2017-12986 at SUSECVE-2017-12986 at NVDCVE-2017-12987 at SUSECVE-2017-12987 at NVDCVE-2017-12988 at SUSECVE-2017-12988 at NVDCVE-2017-12989 at SUSECVE-2017-12989 at NVDCVE-2017-12990 at SUSECVE-2017-12990 at NVDCVE-2017-12991 at SUSECVE-2017-12991 at NVDCVE-2017-12992 at SUSECVE-2017-12992 at NVDCVE-2017-12993 at SUSECVE-2017-12993 at NVDCVE-2017-12994 at SUSECVE-2017-12994 at NVDCVE-2017-12995 at SUSECVE-2017-12995 at NVDCVE-2017-12996 at SUSECVE-2017-12996 at NVDCVE-2017-12997 at SUSECVE-2017-12997 at NVDCVE-2017-12998 at SUSECVE-2017-12998 at NVDCVE-2017-12999 at SUSECVE-2017-12999 at NVDCVE-2017-13000 at SUSECVE-2017-13000 at NVDCVE-2017-13001 at SUSECVE-2017-13001 at NVDCVE-2017-13002 at SUSECVE-2017-13002 at NVDCVE-2017-13003 at SUSECVE-2017-13003 at NVDCVE-2017-13004 at SUSECVE-2017-13004 at NVDCVE-2017-13005 at SUSECVE-2017-13005 at NVDCVE-2017-13006 at SUSECVE-2017-13006 at NVDCVE-2017-13007 at SUSECVE-2017-13007 at NVDCVE-2017-13008 at SUSECVE-2017-13008 at NVDCVE-2017-13009 at SUSECVE-2017-13009 at NVDCVE-2017-13010 at SUSECVE-2017-13010 at NVDCVE-2017-13011 at SUSECVE-2017-13011 at NVDCVE-2017-13012 at SUSECVE-2017-13012 at NVDCVE-2017-13013 at SUSECVE-2017-13013 at NVDCVE-2017-13014 at SUSECVE-2017-13014 at NVDCVE-2017-13015 at SUSECVE-2017-13015 at NVDCVE-2017-13016 at SUSECVE-2017-13016 at NVDCVE-2017-13017 at SUSECVE-2017-13017 at NVDCVE-2017-13018 at SUSECVE-2017-13018 at NVDCVE-2017-13019 at SUSECVE-2017-13019 at NVDCVE-2017-13020 at SUSECVE-2017-13020 at NVDCVE-2017-13021 at SUSECVE-2017-13021 at NVDCVE-2017-13022 at SUSECVE-2017-13022 at NVDCVE-2017-13023 at SUSECVE-2017-13023 at NVDCVE-2017-13024 at SUSECVE-2017-13024 at NVDCVE-2017-13025 at SUSECVE-2017-13025 at NVDCVE-2017-13026 at SUSECVE-2017-13026 at NVDCVE-2017-13027 at SUSECVE-2017-13027 at NVDCVE-2017-13028 at SUSECVE-2017-13028 at NVDCVE-2017-13029 at SUSECVE-2017-13029 at NVDCVE-2017-13030 at SUSECVE-2017-13030 at NVDCVE-2017-13031 at SUSECVE-2017-13031 at NVDCVE-2017-13032 at SUSECVE-2017-13032 at NVDCVE-2017-13033 at SUSECVE-2017-13033 at NVDCVE-2017-13034 at SUSECVE-2017-13034 at NVDCVE-2017-13035 at SUSECVE-2017-13035 at NVDCVE-2017-13036 at SUSECVE-2017-13036 at NVDCVE-2017-13037 at SUSECVE-2017-13037 at NVDCVE-2017-13038 at SUSECVE-2017-13038 at NVDCVE-2017-13039 at SUSECVE-2017-13039 at NVDCVE-2017-13040 at SUSECVE-2017-13040 at NVDCVE-2017-13041 at SUSECVE-2017-13041 at NVDCVE-2017-13042 at SUSECVE-2017-13042 at NVDCVE-2017-13043 at SUSECVE-2017-13043 at NVDCVE-2017-13044 at SUSECVE-2017-13044 at NVDCVE-2017-13045 at SUSECVE-2017-13045 at NVDCVE-2017-13046 at SUSECVE-2017-13046 at NVDCVE-2017-13047 at SUSECVE-2017-13047 at NVDCVE-2017-13048 at SUSECVE-2017-13048 at NVDCVE-2017-13049 at SUSECVE-2017-13049 at NVDCVE-2017-13050 at SUSECVE-2017-13050 at NVDCVE-2017-13051 at SUSECVE-2017-13051 at NVDCVE-2017-13052 at SUSECVE-2017-13052 at NVDCVE-2017-13053 at SUSECVE-2017-13053 at NVDCVE-2017-13054 at SUSECVE-2017-13054 at NVDCVE-2017-13055 at SUSECVE-2017-13055 at NVDCVE-2017-13687 at SUSECVE-2017-13687 at NVDCVE-2017-13688 at SUSECVE-2017-13688 at NVDCVE-2017-13689 at SUSECVE-2017-13689 at NVDCVE-2017-13690 at SUSECVE-2017-13690 at NVDCVE-2017-13725 at SUSECVE-2017-13725 at NVDCVE-2017-5202 at SUSECVE-2017-5202 at NVDCVE-2017-5203 at SUSECVE-2017-5203 at NVDCVE-2017-5204 at SUSECVE-2017-5204 at NVDCVE-2017-5205 at SUSECVE-2017-5205 at NVDCVE-2017-5341 at SUSECVE-2017-5341 at NVDCVE-2017-5342 at SUSECVE-2017-5342 at NVDCVE-2017-5482 at SUSECVE-2017-5482 at NVDCVE-2017-5483 at SUSECVE-2017-5483 at NVDCVE-2017-5484 at SUSECVE-2017-5484 at NVDCVE-2017-5485 at SUSECVE-2017-5485 at NVDCVE-2017-5486 at SUSECVE-2017-5486 at NVDcpe:/o:suse:sles:12:sp4tftp-5.2-11.6.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the tftp-5.2-11.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2199 at SUSECVE-2011-2199 at NVDcpe:/o:suse:sles:12:sp4tomcat-9.0.12-1.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the tomcat-9.0.12-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-1976 at SUSECVE-2013-1976 at NVDCVE-2014-0050 at SUSECVE-2014-0050 at NVDCVE-2015-5174 at SUSECVE-2015-5174 at NVDCVE-2015-5345 at SUSECVE-2015-5345 at NVDCVE-2015-5346 at SUSECVE-2015-5346 at NVDCVE-2015-5351 at SUSECVE-2015-5351 at NVDCVE-2016-0706 at SUSECVE-2016-0706 at NVDCVE-2016-0714 at SUSECVE-2016-0714 at NVDCVE-2016-0762 at SUSECVE-2016-0762 at NVDCVE-2016-0763 at SUSECVE-2016-0763 at NVDCVE-2016-3092 at SUSECVE-2016-3092 at NVDCVE-2016-5018 at SUSECVE-2016-5018 at NVDCVE-2016-6794 at SUSECVE-2016-6794 at NVDCVE-2016-6796 at SUSECVE-2016-6796 at NVDCVE-2016-6797 at SUSECVE-2016-6797 at NVDCVE-2016-6816 at SUSECVE-2016-6816 at NVDCVE-2016-8735 at SUSECVE-2016-8735 at NVDCVE-2016-8745 at SUSECVE-2016-8745 at NVDCVE-2017-12617 at SUSECVE-2017-12617 at NVDCVE-2017-15706 at SUSECVE-2017-15706 at NVDCVE-2017-5647 at SUSECVE-2017-5647 at NVDCVE-2017-5648 at SUSECVE-2017-5648 at NVDCVE-2017-5664 at SUSECVE-2017-5664 at NVDCVE-2017-7674 at SUSECVE-2017-7674 at NVDCVE-2018-11784 at SUSECVE-2018-11784 at NVDCVE-2018-1304 at SUSECVE-2018-1304 at NVDCVE-2018-1305 at SUSECVE-2018-1305 at NVDCVE-2018-1336 at SUSECVE-2018-1336 at NVDCVE-2018-8014 at SUSECVE-2018-8014 at NVDCVE-2018-8034 at SUSECVE-2018-8034 at NVDCVE-2018-8037 at SUSECVE-2018-8037 at NVDcpe:/o:suse:sles:12:sp4tpm2.0-tools-3.1.1-1.16 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the tpm2.0-tools-3.1.1-1.16 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-7524 at SUSECVE-2017-7524 at NVDcpe:/o:suse:sles:12:sp4transfig-3.2.5e-2.3.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the transfig-3.2.5e-2.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-16899 at SUSECVE-2017-16899 at NVDcpe:/o:suse:sles:12:sp4ucode-intel-20180807a-13.35.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the ucode-intel-20180807a-13.35.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDcpe:/o:suse:sles:12:sp4unixODBC-2.3.6-7.9.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the unixODBC-2.3.6-7.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1145 at SUSECVE-2011-1145 at NVDCVE-2018-7409 at SUSECVE-2018-7409 at NVDCVE-2018-7485 at SUSECVE-2018-7485 at NVDcpe:/o:suse:sles:12:sp4unrar-5.0.14-3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the unrar-5.0.14-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-6706 at SUSECVE-2012-6706 at NVDcpe:/o:suse:sles:12:sp4unzip-6.00-33.8.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the unzip-6.00-33.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-8139 at SUSECVE-2014-8139 at NVDCVE-2014-8140 at SUSECVE-2014-8140 at NVDCVE-2014-8141 at SUSECVE-2014-8141 at NVDCVE-2014-9636 at SUSECVE-2014-9636 at NVDCVE-2014-9913 at SUSECVE-2014-9913 at NVDCVE-2015-7696 at SUSECVE-2015-7696 at NVDCVE-2015-7697 at SUSECVE-2015-7697 at NVDCVE-2016-9844 at SUSECVE-2016-9844 at NVDCVE-2018-1000035 at SUSECVE-2018-1000035 at NVDcpe:/o:suse:sles:12:sp4update-alternatives-1.18.4-14.216 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the update-alternatives-1.18.4-14.216 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:sles:12:sp4vino-3.20.2-5.8 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the vino-3.20.2-5.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0904 at SUSECVE-2011-0904 at NVDCVE-2011-0905 at SUSECVE-2011-0905 at NVDCVE-2011-1164 at SUSECVE-2011-1164 at NVDcpe:/o:suse:sles:12:sp4vorbis-tools-1.4.0-26.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the vorbis-tools-1.4.0-26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2008-1686 at SUSECVE-2008-1686 at NVDCVE-2014-9638 at SUSECVE-2014-9638 at NVDCVE-2014-9639 at SUSECVE-2014-9639 at NVDCVE-2014-9640 at SUSECVE-2014-9640 at NVDCVE-2015-6749 at SUSECVE-2015-6749 at NVDcpe:/o:suse:sles:12:sp4vsftpd-3.0.2-40.11.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the vsftpd-3.0.2-40.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-1419 at SUSECVE-2015-1419 at NVDcpe:/o:suse:sles:12:sp4w3m-0.5.3.git20161120-160.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the w3m-0.5.3.git20161120-160.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2074 at SUSECVE-2010-2074 at NVDCVE-2012-4929 at SUSECVE-2012-4929 at NVDCVE-2016-9434 at SUSECVE-2016-9434 at NVDCVE-2016-9435 at SUSECVE-2016-9435 at NVDCVE-2016-9436 at SUSECVE-2016-9436 at NVDCVE-2016-9437 at SUSECVE-2016-9437 at NVDCVE-2016-9438 at SUSECVE-2016-9438 at NVDCVE-2016-9439 at SUSECVE-2016-9439 at NVDCVE-2016-9440 at SUSECVE-2016-9440 at NVDCVE-2016-9441 at SUSECVE-2016-9441 at NVDCVE-2016-9442 at SUSECVE-2016-9442 at NVDCVE-2016-9443 at SUSECVE-2016-9443 at NVDCVE-2016-9621 at SUSECVE-2016-9621 at NVDCVE-2016-9622 at SUSECVE-2016-9622 at NVDCVE-2016-9623 at SUSECVE-2016-9623 at NVDCVE-2016-9624 at SUSECVE-2016-9624 at NVDCVE-2016-9625 at SUSECVE-2016-9625 at NVDCVE-2016-9626 at SUSECVE-2016-9626 at NVDCVE-2016-9627 at SUSECVE-2016-9627 at NVDCVE-2016-9628 at SUSECVE-2016-9628 at NVDCVE-2016-9629 at SUSECVE-2016-9629 at NVDCVE-2016-9630 at SUSECVE-2016-9630 at NVDCVE-2016-9631 at SUSECVE-2016-9631 at NVDCVE-2016-9632 at SUSECVE-2016-9632 at NVDCVE-2016-9633 at SUSECVE-2016-9633 at NVDcpe:/o:suse:sles:12:sp4wget-1.14-21.7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the wget-1.14-21.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2252 at SUSECVE-2010-2252 at NVDCVE-2012-4929 at SUSECVE-2012-4929 at NVDCVE-2014-4877 at SUSECVE-2014-4877 at NVDCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2016-4971 at SUSECVE-2016-4971 at NVDCVE-2016-7098 at SUSECVE-2016-7098 at NVDCVE-2017-13089 at SUSECVE-2017-13089 at NVDCVE-2017-13090 at SUSECVE-2017-13090 at NVDCVE-2017-6508 at SUSECVE-2017-6508 at NVDCVE-2018-0494 at SUSECVE-2018-0494 at NVDcpe:/o:suse:sles:12:sp4wpa_supplicant-2.2-15.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the wpa_supplicant-2.2-15.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-0210 at SUSECVE-2015-0210 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-5130 at SUSECVE-2015-5130 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDcpe:/o:suse:sles:12:sp4xalan-j2-2.7.0-264.133 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xalan-j2-2.7.0-264.133 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-0107 at SUSECVE-2014-0107 at NVDcpe:/o:suse:sles:12:sp4xdg-utils-20140630-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xdg-utils-20140630-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-9622 at SUSECVE-2014-9622 at NVDCVE-2017-18266 at SUSECVE-2017-18266 at NVDcpe:/o:suse:sles:12:sp4xen-4.11.0_08-1.11 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xen-4.11.0_08-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-1898 at SUSECVE-2011-1898 at NVDCVE-2012-0029 at SUSECVE-2012-0029 at NVDCVE-2012-0217 at SUSECVE-2012-0217 at NVDCVE-2012-2625 at SUSECVE-2012-2625 at NVDCVE-2012-3432 at SUSECVE-2012-3432 at NVDCVE-2012-3433 at SUSECVE-2012-3433 at NVDCVE-2012-4411 at SUSECVE-2012-4411 at NVDCVE-2012-4535 at SUSECVE-2012-4535 at NVDCVE-2012-4536 at SUSECVE-2012-4536 at NVDCVE-2012-4537 at SUSECVE-2012-4537 at NVDCVE-2012-4538 at SUSECVE-2012-4538 at NVDCVE-2012-4539 at SUSECVE-2012-4539 at NVDCVE-2012-4544 at SUSECVE-2012-4544 at NVDCVE-2012-5510 at SUSECVE-2012-5510 at NVDCVE-2012-5511 at SUSECVE-2012-5511 at NVDCVE-2012-5513 at SUSECVE-2012-5513 at NVDCVE-2012-5514 at SUSECVE-2012-5514 at NVDCVE-2012-5515 at SUSECVE-2012-5515 at NVDCVE-2012-5525 at SUSECVE-2012-5525 at NVDCVE-2012-5634 at SUSECVE-2012-5634 at NVDCVE-2012-6075 at SUSECVE-2012-6075 at NVDCVE-2013-0151 at SUSECVE-2013-0151 at NVDCVE-2013-0152 at SUSECVE-2013-0152 at NVDCVE-2013-0153 at SUSECVE-2013-0153 at NVDCVE-2013-1442 at SUSECVE-2013-1442 at NVDCVE-2013-1917 at SUSECVE-2013-1917 at NVDCVE-2013-1918 at SUSECVE-2013-1918 at NVDCVE-2013-1919 at SUSECVE-2013-1919 at NVDCVE-2013-1922 at SUSECVE-2013-1922 at NVDCVE-2013-1952 at SUSECVE-2013-1952 at NVDCVE-2013-2007 at SUSECVE-2013-2007 at NVDCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4355 at SUSECVE-2013-4355 at NVDCVE-2013-4356 at SUSECVE-2013-4356 at NVDCVE-2013-4361 at SUSECVE-2013-4361 at NVDCVE-2013-4375 at SUSECVE-2013-4375 at NVDCVE-2013-4416 at SUSECVE-2013-4416 at NVDCVE-2013-4494 at SUSECVE-2013-4494 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2013-4551 at SUSECVE-2013-4551 at NVDCVE-2013-4553 at SUSECVE-2013-4553 at NVDCVE-2013-4554 at SUSECVE-2013-4554 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3124 at SUSECVE-2014-3124 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-5146 at SUSECVE-2014-5146 at NVDCVE-2014-5149 at SUSECVE-2014-5149 at NVDCVE-2014-6268 at SUSECVE-2014-6268 at NVDCVE-2014-7154 at SUSECVE-2014-7154 at NVDCVE-2014-7155 at SUSECVE-2014-7155 at NVDCVE-2014-7156 at SUSECVE-2014-7156 at NVDCVE-2014-7188 at SUSECVE-2014-7188 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-12855 at SUSECVE-2017-12855 at NVDCVE-2017-14316 at SUSECVE-2017-14316 at NVDCVE-2017-14317 at SUSECVE-2017-14317 at NVDCVE-2017-14318 at SUSECVE-2017-14318 at NVDCVE-2017-14319 at SUSECVE-2017-14319 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-15588 at SUSECVE-2017-15588 at NVDCVE-2017-15589 at SUSECVE-2017-15589 at NVDCVE-2017-15590 at SUSECVE-2017-15590 at NVDCVE-2017-15591 at SUSECVE-2017-15591 at NVDCVE-2017-15592 at SUSECVE-2017-15592 at NVDCVE-2017-15593 at SUSECVE-2017-15593 at NVDCVE-2017-15594 at SUSECVE-2017-15594 at NVDCVE-2017-15595 at SUSECVE-2017-15595 at NVDCVE-2017-15597 at SUSECVE-2017-15597 at NVDCVE-2017-17563 at SUSECVE-2017-17563 at NVDCVE-2017-17564 at SUSECVE-2017-17564 at NVDCVE-2017-17565 at SUSECVE-2017-17565 at NVDCVE-2017-17566 at SUSECVE-2017-17566 at NVDCVE-2017-18030 at SUSECVE-2017-18030 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5683 at SUSECVE-2018-5683 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDcpe:/o:suse:sles:12:sp4xf86-video-intel-2.99.917+git781.c8990575-1.27 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xf86-video-intel-2.99.917+git781.c8990575-1.27 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-4910 at SUSECVE-2014-4910 at NVDcpe:/o:suse:sles:12:sp4xfsprogs-4.15.0-1.12 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xfsprogs-4.15.0-1.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-2150 at SUSECVE-2012-2150 at NVDcpe:/o:suse:sles:12:sp4xinetd-2.3.15-8.8.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xinetd-2.3.15-8.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2012-0862 at SUSECVE-2012-0862 at NVDCVE-2013-4342 at SUSECVE-2013-4342 at NVDcpe:/o:suse:sles:12:sp4xlockmore-5.43-5.30 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xlockmore-5.43-5.30 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2013-4143 at SUSECVE-2013-4143 at NVDcpe:/o:suse:sles:12:sp4xorg-x11-7.6_1-14.17 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xorg-x11-7.6_1-14.17 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-0465 at SUSECVE-2011-0465 at NVDcpe:/o:suse:sles:12:sp4xorg-x11-libs-7.6-45.14 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xorg-x11-libs-7.6-45.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2895 at SUSECVE-2011-2895 at NVDcpe:/o:suse:sles:12:sp4xorg-x11-server-1.19.6-2.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xorg-x11-server-1.19.6-2.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2010-2240 at SUSECVE-2010-2240 at NVDCVE-2013-1940 at SUSECVE-2013-1940 at NVDCVE-2013-4396 at SUSECVE-2013-4396 at NVDCVE-2013-6424 at SUSECVE-2013-6424 at NVDCVE-2014-8091 at SUSECVE-2014-8091 at NVDCVE-2014-8092 at SUSECVE-2014-8092 at NVDCVE-2014-8093 at SUSECVE-2014-8093 at NVDCVE-2014-8094 at SUSECVE-2014-8094 at NVDCVE-2014-8095 at SUSECVE-2014-8095 at NVDCVE-2014-8096 at SUSECVE-2014-8096 at NVDCVE-2014-8097 at SUSECVE-2014-8097 at NVDCVE-2014-8098 at SUSECVE-2014-8098 at NVDCVE-2014-8099 at SUSECVE-2014-8099 at NVDCVE-2014-8100 at SUSECVE-2014-8100 at NVDCVE-2014-8101 at SUSECVE-2014-8101 at NVDCVE-2014-8102 at SUSECVE-2014-8102 at NVDCVE-2014-8103 at SUSECVE-2014-8103 at NVDCVE-2015-0255 at SUSECVE-2015-0255 at NVDCVE-2015-3164 at SUSECVE-2015-3164 at NVDCVE-2015-3418 at SUSECVE-2015-3418 at NVDCVE-2017-12176 at SUSECVE-2017-12176 at NVDCVE-2017-12183 at SUSECVE-2017-12183 at NVDCVE-2017-12187 at SUSECVE-2017-12187 at NVDCVE-2017-13721 at SUSECVE-2017-13721 at NVDCVE-2017-13723 at SUSECVE-2017-13723 at NVDCVE-2017-2624 at SUSECVE-2017-2624 at NVDCVE-2018-14665 at SUSECVE-2018-14665 at NVDcpe:/o:suse:sles:12:sp4xscreensaver-5.22-7.1 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the xscreensaver-5.22-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2015-8025 at SUSECVE-2015-8025 at NVDcpe:/o:suse:sles:12:sp4yast2-3.2.48-3.29.20 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the yast2-3.2.48-3.29.20 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-3177 at SUSECVE-2011-3177 at NVDcpe:/o:suse:sles:12:sp4yast2-core-3.3.1-1.7 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the yast2-core-3.3.1-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2011-2483 at SUSECVE-2011-2483 at NVDCVE-2011-3177 at SUSECVE-2011-3177 at NVDcpe:/o:suse:sles:12:sp4yast2-users-3.2.17-1.5 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the yast2-users-3.2.17-1.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2016-1601 at SUSECVE-2016-1601 at NVDcpe:/o:suse:sles:12:sp4yubikey-manager-0.6.0-1.27 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the yubikey-manager-0.6.0-1.27 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-15631 at SUSECVE-2017-15631 at NVDcpe:/o:suse:sles:12:sp4zoo-2.10-1020.56 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the zoo-2.10-1020.56 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2006-0855 at SUSECVE-2006-0855 at NVDCVE-2007-1669 at SUSECVE-2007-1669 at NVDcpe:/o:suse:sles:12:sp4zsh-5.0.5-6.7.2 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the zsh-5.0.5-6.7.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2014-10070 at SUSECVE-2014-10070 at NVDCVE-2014-10071 at SUSECVE-2014-10071 at NVDCVE-2014-10072 at SUSECVE-2014-10072 at NVDCVE-2016-10714 at SUSECVE-2016-10714 at NVDCVE-2017-18205 at SUSECVE-2017-18205 at NVDCVE-2018-1071 at SUSECVE-2018-1071 at NVDCVE-2018-1083 at SUSECVE-2018-1083 at NVDCVE-2018-7549 at SUSECVE-2018-7549 at NVDcpe:/o:suse:sles:12:sp4zypper-1.13.45-21.23.4 on GA media (Moderate)SUSE Linux Enterprise Server 12 SP4
These are all security issues fixed in the zypper-1.13.45-21.23.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:sles:12:sp4Security update for python-Django1 (Moderate)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issue:
Security issue fixed:
- CVE-2019-6975: Fixed memory exhaustion in django.utils.numberformat.format() (bsc#1124991).
ModerateSUSE bug 1124991CVE-2019-6975 at SUSECVE-2019-6975 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2019-12308: Fixed an improper validatation of the clickable 'Current URL' link in AdminURLFieldWidget
which could have allowed attackers to perform XSS attacks (bsc#1136468).
ModerateSUSE bug 1136468CVE-2019-12308 at SUSECVE-2019-12308 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana packages (Moderate)SUSE OpenStack Cloud 9
This update for ardana package fixes the following issues:
- Update to version 9.0+git.1560211997.7ac9792:
* Adds repository list parameter (bsc#1122825)
- Update to version 9.0+git.1557219331.457b6e7:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559292830.208d258:
* Convert number of workers to int (SOC-9418)
- Update to version 9.0+git.1557424689.2b085d5:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1556225774.492d42c:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220194.6a90deb:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219517.7b97993:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559039284.6fc1d47:
* Convert number of workers to int (SOC-9384)
- Update to version 9.0+git.1558583814.a96bada:
* Restrict rootwrap directories for cinder (bsc#1132542)
- Update to version 9.0+git.1557421539.521a486:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219553.d850ca4:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219586.7c96a6d:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219626.b190680:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560868957.42bcb70:
* MariaDB conf changes IPv6 (SOC-9089)
- Update to version 9.0+git.1559351643.a440414:
* Configure xinted mysqlchk to accept ipv6 (SOC-9369)
- Update to version 9.0+git.1557219651.3d4d2d5:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1554995553.23d9513:
* Configurable innodb flush options (SCRD-7496)
- Switch to new Gerrit Server
- Update to version 9.0+git.1558588538.9211022:
* Secure designate's rootwrap files (bsc#1132542)
- Update to version 9.0+git.1558549508.9bfa9e7:
* specify rootwrap config file in designate sudoer (bsc#1132542)
- Update to version 9.0+git.1557219686.0e71bf9:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559033522.5e5be1c:
* Convert number of workers to int (SOC-9381)
- Update to version 9.0+git.1557421456.f1e5016:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219717.fe1bde6:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559036788.b727b53:
* Convert number of workers to int (SOC-9382)
- Update to version 9.0+git.1557421526.a8c13bf:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219773.fe2f6aa:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219807.6036a8e:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220534.883f8c9:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1557189507.c786525:
* add external network to Ironic multi-tenancy input model (SCRD-8930)
- Update to version 9.0+git.1557189482.8931e67:
* add neutron_l3_agent plugin (SCRD-8929)
- Switch to new Gerrit Server
- Update to version 9.0+git.1556199488.bdf1cdc:
* SCRD-7471 Don't set external-name in ardana-ci models (SCRD-7471)
- Update to version 9.0+git.1559171053.476225c:
* Move keystone error url to locale bundle (SOC-3456)
* Add doc link to 503 error from Keystone (SOC-3456)
- Update to version 9.0+git.1558732415.467c8ab:
* Consolidate setCloseButtonDisabled
* Disable close button when playbook or action in progress
* Disable close button when playbook or action in progress
* Updated comments
* Fixed an issue for replacing controller page
* Prevent operations when replacing a server in progress (SCRD-8756)
- Update to version 9.0+git.1558726203.bae5a7d:
* Updated the message for full deployment (SOC-8879)
* Add SES integration into day0/2 (SoC-8555) (#342)
- Update to version 9.0+git.1557281300.f3e29e9:
* Use Lato font version 2.015 from latofonts.com (#349)
- Update to version 9.0+git.1556908018.7801990:
* Update documentation useful link (SCRD-8689)
* Open useful links in a new tab (SCRD-8910)
* Added prepare deployment/deploy capability to model config (SCRD-8879)
- Update to version 9.0+git.1560365077.17250c6:
* Sync up rootwrap filters with upstream (SOC-9500)
- Update to version 9.0+git.1557219834.53dbb0b:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559292289.b5ed172:
* Convert number of processes to int (SOC-9418)
- Update to version 9.0+git.1557421499.3e9fe25:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219888.c532b5e:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219914.6d7ebb5:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219960.226e32b:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Switch to new Gerrit Server
- Update to version 9.0+git.1556646861.58ce24f:
* update audit API map for Manila (SCRD-8747)
- Update to version 9.0+git.1557219995.cd49525:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1556731170.c8210e0:
* Rip out vertica related code (SCRD-9031)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220073.7e88cfa:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560214193.fc0378b:
* bind epmd.socket to ipv4 and ipv6 (SOC-8364)
- Update to version 9.0+git.1557220112.00d7117:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560464557.d2f6200:
* Remove the creation of /etc/neutron/rootwrap.conf (SOC-9472)
- Update to version 9.0+git.1560196282.28bbf67:
* Change how lbaasv2 rootwrap filters are installed (SOC-9457)
- Update to version 9.0+git.1560195873.c45568f:
* Rootwrap changes for supported L3-agent extensions (SOC-9459)
- Update to version 9.0+git.1559846163.ca22b06:
* Improve neutron service restart limit handling (SOC-8746)
- Update to version 9.0+git.1559031432.b99d89a:
* Convert number of workers to int (SOC-9379)
- Update to version 9.0+git.1558569689.36fbbd5:
* Tighten neutron sudoers to only execute rootwrap (bsc#1132542) (SOC-9031)
- Update to version 9.0+git.1557942331.3c74f81:
* Kill dhclient before restarting neutron-openvswitch-agent (SOC-9230)
- Update to version 9.0+git.1557421465.faf2c38:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557322578.4542665:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559869848.7a706df:
* Adding support for qemu-ovmf to ardana (SOC-8985)
- Update to version 9.0+git.1559823309.d3d23fe:
* Convert number of workers to int (SOC-9380)
- Update to version 9.0+git.1559234129.2fd63a9:
* SCRD-9031 Change permitted nova-rootwrap config file pattern (bsc#1132542)
- Update to version 9.0+git.1558549516.86e9f59:
* specify rootwrap config file in nova sudoer (bsc#1132542)
- Update to version 9.0+git.1554825274.040de21:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560519270.e0a2620:
* Tune bumpng anphora retries (SOC-9285)
- Update to version 9.0+git.1558549438.4ce3e83:
* Stop installing a sudoers root escalator (SCRD-9031)
- Update to version 9.0+git.1555319067.9e6f74e:
* Increase number of connect retries (SCRD-7496)
- Switch to new Gerrit Server
- Switch to new Gerrit Server
- Update to version 9.0+git.1555530925.206f1a8:
* Fix 'Add New Dashboard Card' button on Ops Console dashboard (SCRD-7697)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560269313.7ddaff2:
* Configure sysctl neigh.default.gc_thres for ipv6 (SOC-5771)
- Update to version 9.0+git.1559870350.2cde7ea:
* Remove '/32' from iptables tasks (SOC-9349)
- Update to version 9.0+git.1557219143.2fc9eb2:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560974342.47a5b12:
* Correctly handle HttpError during authentication (SOC-3456)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220501.ebd3011:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220247.e78d1c3:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559038506.cc119d9:
* Convert number of workers to int (SOC-9383)
- Update to version 9.0+git.1557421607.00a5fae:
* Update gerrit location (SCRD-9140)
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560949748.f0bd816:
* Blacklist test_delete_policies_while_tenant_attached_to_net (SOC-9235)
- Update to version 9.0+git.1560694157.69a4419:
* Blacklist some revert tests (SOC-9178)
- Update to version 9.0+git.1560529053.50e76bf:
* Blacklist some revert tests (SOC-9178)
- Update to version 9.0+git.1560517118.0aac5fd:
* Add configuration for manila-tempest-plugin (SOC-7496)
- Update to version 9.0+git.1560180804.42077a8:
* Revert Remove common failing tests from tempest runs (SOC-9366)
- Update to version 9.0+git.1559833566.10d972d:
* Fix lbaas tempest filter (SOC-7496)
- Update to version 9.0+git.1559139132.a92980b:
* Move some nova tests to serial (SOC-9366)
- Update to version 9.0+git.1558706119.27e844b:
* Remove comoonly failing tests from tempest runs (SOC-9366)
- Update to version 9.0+git.1557825747.1002f16:
* run neutron-lbaas tempest tests sequentially (SCRD-9176)
- Update to version 9.0+git.1557421599.43d2140:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1557335657.ab2f1b9:
* Disable TestVolumeBootPattern.test_volume_boot_pattern (SCRD-9015)
* Make --os-test-timeout configurable and increase default (SCRD-7496)
- Update to version 9.0+git.1556893395.1813ec1:
* Increase and make timeout values configurable (SCRD-7496)
* Configure tempest heat_plugin (SCRD-7496)
- Switch to new Gerrit Server
- Update to version 9.0+git.1556788546.313ff00:
* Enable additional features for cinder testing (SCRD-7496)
* Enable volume backed live migration tests (SCRD-7496)
- Update to version 9.0+git.1556788508.468dae0:
* Set admin project to cloud admin project (SCRD-7496)
- Update to version 9.0+git.1556728115.62a8427:
* Set cinder/glance admin on tempest roles (SCRD-7496)
- Update to version 9.0+git.1556721233.8750e33:
* Configure neutron tempest plugin (SCRD-7496)
- Update to version 9.0+git.1556721213.3c2f140:
* Update neutron api extensions list (SCRD-7496)
- Update to version 9.0+git.1556530821.e592de1:
* Update tempest test filters (SCRD-7496)
- Update to version 9.0+git.1557220381.5641a2e:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 1.0+git.1560518045.ad7dc6d:
* Patching node before bootstraping
- Update to version 6.0+git.1561125496.b7508480:
* IPv6: Export ip_version and handle the DHCP domain
- Update to version 6.0+git.1558489909.b45da865:
* ipv6: Update start-up.sh to be IPv6 compatible
- Update to version 6.0+git.1558002425.cc651aae:
* crowbar: Make potential output of reset_crowbar visible
- Update to version 6.0+git.1562154525.5e2983308:
* Crowbar: DomainName verification relaxed
- Update to version 6.0+git.1561729566.22019624e:
* upgrade: Mark correctly the set of nodes that was selected for upgrade
- Update to version 6.0+git.1561555935.31c4165cc:
* Use proper names for the Travis Tests (SOC-9565)
* Replace Danger with Gitlint (SOC-9565)
* Switch from Travis dist from Trusty to Xenial (SOC-9565)
- Update to version 6.0+git.1561381017.8aab650d0:
* network: Don't set datapath-ids on ovs-bridges anymore
- Update to version 6.0+git.1560962186.456663e42:
* crowbar: Save sync_mark attributes in databag
* dns: fix designate migration
- Update to version 6.0+git.1560522168.7a376b958:
* travis: pin sexp_processor to 4.12.0
* Allow restricted API access during upgrade
- Update to version 6.0+git.1559635691.42aa36659:
* deployer: Use dhcp on crowbar_register only when enable_pxe is set (bsc#1132654)
* network: Allow locking down the network config for nodes (bsc#1120657)
- Update to version 6.0+git.1558533504.0a5369b05:
* provisioner: enabled tuned profiles
- Update to version 6.0+git.1558029089.90c1cb545:
* crowbar: Add debug logging to restore API
* crowbar: Move crowbarrc mgmt into crowbar cookbook (SCRD-8330)
- Update to version 6.0+git.1557765503.660dd52c5:
* Ignore CVE-2019-11068 during Travis (SOC-9262)
- Update to version 6.0+git.1557210549.ec8c84852:
* Fix order of values in nodes piechart
- Update to version 6.0+git.1556186576.4d681c4ed:
* Update Lato font to version 2.015 (SCRD-8948)
- Update to version 6.0+git.1560951093.4af1ee5:
* Add timeout multiplier
* Make default sync_mark timeout configurable
- update suse-branding.patch (SOC-9297)
- Update to version 6.0+git.1562153583.4735fcf34:
* Sync Travis with crowbar-core (SOC-9565)
- Update to version 6.0+git.1561546411.c9b99ebbb:
* Make ovs of_inactivity_probe configurable from neutron barclamp
- Update to version 6.0+git.1561124272.c447b965b:
* Configurable timeout for Galera pre-sync
- Update to version 6.0+git.1560962133.cf99aa9eb:
* monasca: use string keys for attrs in migrations
- Update to version 6.0+git.1560502325.7de215873:
* nova: only create nonexistent cell1
* nova: reinstate old db sync ordering
- Update to version 6.0+git.1560353653.b92e4f9c1:
* designate: do not use pacemaker as all the services are stateless
* designate: allow worker on cluster.
- Update to version 6.0+git.1559857307.9cb8796a6:
* rabbitmq: Fix ACL of SSL key after uid/gid change
- Update to version 6.0+git.1559841020.dfbbc5be5:
* tempest: Disable Barbican validation of signed image (SOC-8578)
- Update to version 6.0+git.1559637225.141253d99:
* ironic: Add Redfish drivers by default
- Update to version 6.0+git.1559542941.26fe90143:
* ironic: Install deploy image with ironic
- Update to version 6.0+git.1559214145.66de78575:
* nova: Don't retry creating existing flavors
- Update to version 6.0+git.1558698448.10d30a50d:
* ironic: Use IP also in [swift] section
- Update to version 6.0+git.1558609537.4ebc9b31d:
* neutron: increase interval between checks to 30s
* neutron: remove .openrc creation from neutron cookbooks
* neutron: Don't restart l3-ha on .openrc change
- Update to version 6.0+git.1558326886.306598770:
* nova: Show stdout/stderr when 'openstack flavor list' fails
- Update to version 6.0+git.1558084779.634ff6e8a:
* neutron: Add 'insecure' to old cli calls
- Update to version 6.0+git.1557932150.575791c62:
* database: Make wsrep_provider_options configurable (fate#327745)
* horizon: Disable Ceph dashboard if not monitored (SOC-7573)
- Update to version 6.0+git.1557840648.637a6f7e6:
* monasca: Fix notification types initialisation
* monasca: Add openvswitch plugin (SCRD-7571)
* designate: do not install the keystone_authtoken on worker nodes
* monasca: Configure `delegate_authorized_roles`
- Update to version 6.0+git.1557734236.12a27293f:
* database: Raise and align promote/demote timeouts (bsc#1131791)
- Update to version 6.0+git.1557393769.797307d6f:
* neutron: use crm_resource restart for restarting neutron-l3-ha-service
- Update to version 6.0+git.1556267896.b86529796:
* neutron: restart neutron-ha-tool when the config file changes
- Update to version 6.0+git.1556220665.450d8de69:
* tempest: Enable BaremetalBasicOps test
- Update to version 9.20190621:
* Update after branching change
* Update operations-maintenance-update_maintenance.xml
* add scottwulf content
* address recommended changes
* change PTF deploy instructions (bsc#1128453)
- switch to maintenance/cloud_9 git branch
- Update to version 9.20190620:
* add designate barclamp (SCRD-8739)
- Update to version 9.20190613:
* Language update to copy-on-write
* model tab for day2 UI (SOC-8879) - replaces PR992
* Updated model tab for day2 UI (SOC-8879)
- Update to version 9.20190611:
* Fixing merge conflicts
* Fixing minor issue
* Fixing Tim's edits to the config file
* Adding Carl's edits
* updating versions and intro
* Adding comments from Walter Boring
* Fixes
* Fix broken build and comments
* Fix SES Integration chapter: SOC-9343
- Update to version 9.20190610:
* Triggering a re-build
* Fixing filename error
* Update install_caasp_heat_templates.xml
* Update installation-installation-ses_integration.xml
* Updating based on Carl's clarification
* Fix bsc#1131899
* Further CaaSP restructuring and removing outdated instructions
* Include instructions for registering CaaSP for MU's (SCRD-8793)
- Update to version 9.20190607:
* add OVSvApp, Nova proxy VM sizing (no bsc, no Jira)
* optipng deployment images (no bsc, no Jira)
* add nova-proxy description to ESXi and OVSvApp section (no bsc, no Jira)
- Update to version 9.20190605:
* move fernet token to supported Keystone feature
- Update to version 9.20190528:
* Remove docmanager section
* Reformat the file
* Feedback from csymons
* Crowbar POC initial version
- Update to version 9.20190522:
* Remove completely outdated Bugzilla association from Supplement Guide
* Remove upstream admin/user guides
- Update to version 9.20190521:
* add Network Security Group logging (SCRD-9124)
- Update to version 9.20190520:
* CLM - update MariaDB manually (bsc#1132852, SOC-9022)
* add instructions for updating MariaDB manually (bsc#1132852)
- Update to version 9.20190516:
* Fix command to create external network
* Remove sudo from commands in 'Setting Up Multiple External Networks'
- Update to version 9.20190515:
* Update README.adoc
- Update to version 9.20190514:
* Grammar fix
* README: Add super dummy docs how to build locally
* Document bootstrap galera cluster with a missing node (bsc#1132853)
* Remove authors.xml
* Refinements to CaaSP MU process
* Included changes requested by reviewers
* Instruct CaaS users to install Tiller component (SCRD-8793)
* Update install_caasp_heat_templates.xml
* Document more necessary CaaSP settings (SCRD-8793)
- Update to version 9.20190509:
* update boot from SAN and multipath configuration (SCRD-8942)
* remove outdated Swift instructions (SCRD-8941)
* replace SOC 8 with SOC 9 (no bsc)
* make Fernet token default (bsc#1134336)
- Update to version 9.20190508:
* increase VMs supported to 12000 (no bsc, no SCRD)
- Update to version 9.20190506:
* change repo location cloud8 to cloud9 Rocket Chat
* remove note re uefi, secure boot (bsc#1132832)
- Update to version 9.20190425:
* address requested changes
* change Monasca documentation (SCRD-7786)
* changes to RHEL Installation Guide requested by T.R. (no bsc#, no SCRD)
* adjust table structure and headings
* restructure console alarm table (SCRD-7710, bsc#1124170)
* restructure esx alarm table (SCRD-7710, bsc#1124170)
* restructure identity alarm table (SCRD-7710, bsc#1124170)
* restructure system alarms table (SCRD-7710, bsc#1124170)
* restructure networking table (SCRD-7710, bsc#1124170)
* restructure other alarms table (SCRD-7710, bsc#1124170)
* restructure telemetry table (SCRD-7710, bsc#1124170)
* restructure storage table (SCRD-7710, bsc#1124170)
* complete compute alarm table
- Update to version 9.20190424:
* update Manila component installation (SCRD-8940)
- Update to version 9.20190423:
* Update Day0 screenshots (SCRD-8976) (#951)
- Update to version 9.20190422:
* add cobbler deprecation notice (no bsc#, no SCRD)
* set up security rule before creating VM (SCRD-8947)
- Update to version 9.20190419:
* fix neutron ovsvapp commands (SCRD-8911)
- Add 0001-Use-strings-when-setting-X-Cache-header.patch
Fixes a problem with Twisted versions where headers values
must be strings, not bools.
- Update to version 0.0+git.1562242499.36b8b64 (bsc#1122053):
* Add optional systemd ready and watchdog support
* Drop unneeded check for 'conn'
* Reset last_query_response when the cache needs to be updated
* Drop unneeded 'conn' var initialization
* Move respone header generation to own function
* Use None as default result
* Drop opts.being_updated variable
* Use contextmanager for DB connection
* Refactor DB method to get WSREP local state
* Refactor method to get readonly DB status
* pep8: Fix E712 comparison to False should be 'if cond is False:'
* pep8: Fix E305 expected 2 blank lines after class or function def
* pep8: Fix E124 closing bracket does not match visual indentation
* pep8: Fix E251 unexpected spaces around keyword / parameter equals
* pep8: Fix E262 inline comment should start with '# '
* pep8: Fix E261 at least two spaces before inline comment
* pep8: Fix F841 local variable is assigned to but never used
* pep8: Fix E302 expected 2 blank lines, found 1
* pep8: Fix E265 block comment should start with '# '
* pep8: Fix E231 missing whitespace after ','
* pep8: Fix E999 SyntaxError: invalid syntax
* pep8: Fix F821 undefined name
* pep8: Fix E225 missing whitespace around operator
* pep8: Fix E221 multiple spaces before operator
* pep8: Fix F401 module imported but unused
* Add clustercheck to console_scripts
* Add basic test infrastructure and a first pep8 job
* Fix exception handling for pymysql exception
* Readd argparse usage
* Fix installation requirements
* Add read timeout to prevent connection hanging forever
* Exclude benchmark/ directory when creating sdist tarball
* Use argparse instead of optparse
* Add basic logging infrastructure
* Add a standard setup.py file
* Catch all query exceptions
* Switch to PyMySQL
- Drop pymysql.patch and readtimeout.patch. Both merged upstream.
- Use systemd service type=notify which is now supported upstream
- Use systemd watchdog which is now supported upstream
- Update to version 5.3.3 (CVE-2018-19039, bsc#1115960) :
* File Exfiltration vulnerability Security fix
- Update to version ceilometer-11.0.2.dev13:
* Update reno for stable/rocky
- Update to version ceilometer-11.0.2.dev12:
* [stable-only] Fix sphinx requirement
- Update to version ceilometer-11.0.2.dev10:
* tempest: Allow to configure tempest config
- Update to version ceilometer-11.0.2.dev8:
* Remove \_ceilometer\_check\_for\_storage check
* OpenDev Migration Patch
- Update to version ceilometer-11.0.2.dev6:
* Added snapshot delete event
* Fixes KeyError on volume create/delete
- Update to version ceilometer-11.0.2.dev13:
* Update reno for stable/rocky
- Update to version ceilometer-11.0.2.dev12:
* [stable-only] Fix sphinx requirement
- Update to version ceilometer-11.0.2.dev10:
* tempest: Allow to configure tempest config
- Update to version ceilometer-11.0.2.dev8:
* Remove \_ceilometer\_check\_for\_storage check
* OpenDev Migration Patch
- Update to version ceilometer-11.0.2.dev6:
* Added snapshot delete event
* Fixes KeyError on volume create/delete
- Update to version cinder-13.0.6.dev12:
* Create new image volume cache entry when cloning fails
- Update to version cinder-13.0.6.dev10:
* Fix python3 compatibility of rbd get\_fsid
- Update to version cinder-13.0.6.dev9:
* lvm: Only use initiators when comparing connector dicts
- Update to version cinder-13.0.6.dev7:
* Declare multiattach support for HPE MSA
- Update to version cinder-13.0.6.dev6:
* Fix 'connector=None' issue in Kaminario drivers
- Update to version cinder-13.0.6.dev5:
* NetApp: Return all iSCSI targets-portals
- Update to version cinder-13.0.6.dev4:
* Make sure we install cinder requirements during the correct tox phase
13.0.5
- Update to version cinder-13.0.5.dev27:
* Remove LOCI publishing from the post pipeline
* 3PAR: Provide an option duing creation of volume from snapshot
* OpenDev Migration Patch
* Tests: Fix up test\_volume notify tests
* Remove auth\_uri usage
* Tests: Fix up migrate notify tests
* Handle multiattach attribute when managing volumes
* Set right attach mode after migration
* Replace openstack.org git:// URLs with https://
* Check Volume Status on attahcment create/update
13.0.4
* NetApp SolidFire: Fix multi-attach volume deletion
* Fix Support Matrix - Pure does support Multiattach
* Fix Snapshot object metadata loading
* VNX: update sg in cache
* Restore VMAX unit test mock
* VMAX Driver - Fix for invalid device id length
* Raise the ImageTooBig exception when found it
* hpe 3par driver initialization failure
* Fix unexpected behavior in \_clone\_image\_volume
* VNX: Add constraints for async migration
* Handle drivers that do not support list manageable
* Fix wrong uuid recognized when create group
* Exclude disabled API versions from listing
* Tintri: Inherit tests from BaseDriverTestCase
* VMware: Fix revert-to-snapshot
* Fix api-ref title levels and index
* Fix group availability zone-backend host mismatch
* Fix version return incorrect when endpoint url end without /
* Fix for auth version change in Brcd HTTP
* VNX Driver: delete\_hba() instead of remove\_hba()
* Fix for HPE MSA 2050 login failures
13.0.3
* Avoid using 'truncate' on Windows
* Fix permissions with NFS-backed snapshots and backups
* Delete related encryption provider when a volume type is deleting
- Update to version cinder-13.0.6.dev12:
* Create new image volume cache entry when cloning fails
- Update to version cinder-13.0.6.dev10:
* Fix python3 compatibility of rbd get\_fsid
- Update to version cinder-13.0.6.dev9:
* lvm: Only use initiators when comparing connector dicts
- Update to version cinder-13.0.6.dev7:
* Declare multiattach support for HPE MSA
- Update to version cinder-13.0.6.dev6:
* Fix 'connector=None' issue in Kaminario drivers
- Update to version cinder-13.0.6.dev5:
* NetApp: Return all iSCSI targets-portals
- Update to version cinder-13.0.6.dev4:
* Make sure we install cinder requirements during the correct tox phase
13.0.5
- Update to version cinder-13.0.5.dev27:
* Remove LOCI publishing from the post pipeline
* 3PAR: Provide an option duing creation of volume from snapshot
* OpenDev Migration Patch
* Tests: Fix up test\_volume notify tests
* Remove auth\_uri usage
* Tests: Fix up migrate notify tests
* Handle multiattach attribute when managing volumes
* Set right attach mode after migration
* Replace openstack.org git:// URLs with https://
* Check Volume Status on attahcment create/update
13.0.4
* NetApp SolidFire: Fix multi-attach volume deletion
* Fix Support Matrix - Pure does support Multiattach
* Fix Snapshot object metadata loading
* VNX: update sg in cache
* Restore VMAX unit test mock
* VMAX Driver - Fix for invalid device id length
* Raise the ImageTooBig exception when found it
* hpe 3par driver initialization failure
* Fix unexpected behavior in \_clone\_image\_volume
* VNX: Add constraints for async migration
* Handle drivers that do not support list manageable
* Fix wrong uuid recognized when create group
* Exclude disabled API versions from listing
* Tintri: Inherit tests from BaseDriverTestCase
* VMware: Fix revert-to-snapshot
* Fix api-ref title levels and index
* Fix group availability zone-backend host mismatch
* Fix version return incorrect when endpoint url end without /
* Fix for auth version change in Brcd HTTP
* VNX Driver: delete\_hba() instead of remove\_hba()
* Fix for HPE MSA 2050 login failures
13.0.3
* Avoid using 'truncate' on Windows
* Fix permissions with NFS-backed snapshots and backups
* Delete related encryption provider when a volume type is deleting
- add dependency on nfs-utils
- Update to version horizon-14.0.4.dev4:
* Make project volume group table work even with volumev3 only env
- Update to version horizon-14.0.4.dev3:
* Complete angular translation extract pattern
14.0.3
* OpenDev Migration Patch
* Imported Translations from Zanata
- Update to version designate-7.0.1.dev20:
* Allow pdns4 backend to select tsigkey
- Update to version designate-7.0.1.dev18:
* Clean fix for bandit exclusions change
- Update to version designate-7.0.1.dev17:
* Fixing RabbitMQ gate timeouts
* Fix DBDeadLock error resulting into 500
- Update to version designate-7.0.1.dev13:
* Use branched version of neutron-tempest-plugin job
* OpenDev Migration Patch
- Update to version designate-7.0.1.dev20:
* Allow pdns4 backend to select tsigkey
- Update to version designate-7.0.1.dev18:
* Clean fix for bandit exclusions change
- Update to version designate-7.0.1.dev17:
* Fixing RabbitMQ gate timeouts
* Fix DBDeadLock error resulting into 500
- Update to version designate-7.0.1.dev13:
* Use branched version of neutron-tempest-plugin job
* OpenDev Migration Patch
- Update to version openstack-heat-11.0.3.dev5:
* Return None for attributes of sd with no actions
* Fix regression with SW deployments when region not configured
- Update to version openstack-heat-11.0.3.dev2:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
* OpenDev Migration Patch
11.0.2
- Update to version openstack-heat-11.0.3.dev5:
* Return None for attributes of sd with no actions
* Fix regression with SW deployments when region not configured
- Update to version openstack-heat-11.0.3.dev2:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
* OpenDev Migration Patch
11.0.2
- Update to version designate-dashboard-7.0.1.dev7:
* OpenDev Migration Patch
* Imported Translations from Zanata
- Update to latest spec from rpm-packaging
* Don't exclude python bytecode files in dashboards
* do not compress files during installation
* install settings file for heat-dashboard
- Update to version magnum-ui-5.0.2.dev9:
* Limit cluster update properties
* OpenDev Migration Patch
- Update to latest spec from rpm-packaging
* Don't exclude python bytecode files in dashboards
- Update to version ironic-11.1.4.dev2:
* Ansible module: fix configdrive partition creation step
- Update to version ironic-11.1.4.dev1:
11.1.3
* Place upper bound on python-dracclient version
- Update to version ironic-11.1.3.dev26:
* Update sphinx requirements
- Update to version ironic-11.1.3.dev25:
* Do not try to return mock as JSON in unit tests
* Ansible module fix: stream\_url
- Update to version ironic-11.1.3.dev22:
* Disable metadata\_csum when creating ext4 filesystems
- Update to version ironic-11.1.3.dev21:
* Fix pyghmi path
* OpenDev Migration Patch
* Reuse checksum calculation from oslo
- Update to version ironic-11.1.3.dev17:
* Ansible module: fix clean error handling
* Ansible module: fix partition\_configdrive.sh file
- Update to version ironic-11.1.4.dev2:
* Ansible module: fix configdrive partition creation step
- Update to version ironic-11.1.4.dev1:
11.1.3
* Place upper bound on python-dracclient version
- Update to version ironic-11.1.3.dev26:
* Update sphinx requirements
- Update to version ironic-11.1.3.dev25:
* Do not try to return mock as JSON in unit tests
* Ansible module fix: stream\_url
- Update to version ironic-11.1.3.dev22:
* Disable metadata\_csum when creating ext4 filesystems
- Update to version ironic-11.1.3.dev21:
* Fix pyghmi path
* OpenDev Migration Patch
* Reuse checksum calculation from oslo
- Update to version ironic-11.1.3.dev17:
* Ansible module: fix clean error handling
* Ansible module: fix partition\_configdrive.sh file
- Update to version ironic-python-agent-3.3.2.dev13:
* Bind mount /run into chroot when installing grub
* Ironic python agent does not extract correct available memory
- Update to version ironic-python-agent-3.3.2.dev9:
* Fix download upper constraints
- Update to version ironic-python-agent-3.3.2.dev7:
* Add more channel number for detecting BMC IP address
- Update to version ironic-python-agent-3.3.2.dev5:
* Fixes for building images with CoreOS
- Update to version ironic-python-agent-3.3.2.dev4:
* Fetch upper constraints from opendev.org
* OpenDev Migration Patch
- Update to version keystone-14.1.1.dev7:
* Blacklist bandit 1.6.0
* OpenDev Migration Patch
- Update to version keystone-14.1.1.dev5:
* Remove message about circular role inferences
- Update to version keystone-14.1.1.dev3:
* Delete shadow users when domain is deleted
- Update to version keystone-14.1.1.dev7:
* Blacklist bandit 1.6.0
* OpenDev Migration Patch
- Update to version keystone-14.1.1.dev5:
* Remove message about circular role inferences
- Update to version keystone-14.1.1.dev3:
* Delete shadow users when domain is deleted
* fix self-service credential APIs (bsc#1121530)
- Update to version magnum-7.1.1.dev24:
* Fix registry on k8s\_fedora\_atomic
- Update to version magnum-7.1.1.dev23:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
- Update to version magnum-7.1.1.dev22:
* Partial backport: Disable broken image building
* OpenDev Migration Patch
- Update to version magnum-7.1.1.dev24:
* Fix registry on k8s\_fedora\_atomic
- Update to version magnum-7.1.1.dev23:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
- Update to version magnum-7.1.1.dev22:
* Partial backport: Disable broken image building
* OpenDev Migration Patch
- Update to version manila-7.3.1.dev2:
* [CI] Add bindep.txt
* OpenDev Migration Patch
7.3.0
- Update to version manila-7.3.1.dev2:
* [CI] Add bindep.txt
* OpenDev Migration Patch
7.3.0
- Updated the openstack-monasca-agent-sudoers file (bsc#1132542)
- update to version 1.14.1~dev8
- Fix team and repository tags in README.rst
- update to version 1.14.1~dev7
- OpenDev Migration Patch
- Blacklist bandit and update sphinx requirement
- Fix loading of notification plugins
- Bug Fix: Parses notifier configuration options
- Update to version neutron-13.0.4.dev89:
* Treat networks shared by RBAC in same way as shared with all tenants
* Turn CIDR in query filter into proper subnet
- Update to version neutron-13.0.4.dev86:
* Prevent create port forwarding to port which has binding fip
- Update to version neutron-13.0.4.dev84:
* Release notes for dns\_domain behavioural changes
- Update to version neutron-13.0.4.dev83:
* DVR: on new port only send router update on port's host
- Update to version neutron-13.0.4.dev81:
* Reset MAC on unbinding direct-physical port
- Update to version neutron-13.0.4.dev79:
* Optimize the code that fixes the race condition of DHCP agent
- Update to version neutron-13.0.4.dev77:
* Switch to new engine facade for Route objects
* Revert 'Pass network's dns\_domain to dnsmasq conf'
- Update to version neutron-13.0.4.dev73:
* SRIOV agent: wait VFs initialization on embedded switch create
- Update to version neutron-13.0.4.dev72:
* Make OVS controller inactivity\_probe configurable
* improve dvr port update under large scale deployment
* Packets getting lost during SNAT with too many connections
* [DVR] Block ARP to dvr router's port instead of subnet's gateway
* Use list instead of six.viewkeys to avoid py2 to py3 problems
* Only store segmenthostmapping when enable segment plugin
* Wait to ipv6 accept\_ra be really changed by L3 agent
* Add port\_forwarding to devstack plugin
* Allow first address in an IPv6 subnet as valid unicast
* Show all SG rules belong to SG in group's details
* [DHCP] Don't resync network if same port is alredy in cache
* Remove rootwrap configuration from neutron-keepalived-state-change
* Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems
- Update to version neutron-13.0.4.dev50:
* Ensure dvr ha router gateway port binding host
- Update to version neutron-13.0.4.dev48:
* Async notify neutron-server for HA states
* Fix handling of network:shared field in policy module
* Fix creating policy rules from subattributes
* Keep HA ports info for HA router during entire lifecycle
* Don't count ports with inactive bindings as serviceable dvr ports
* Use dynamic lazy mode for fetching security group rules
- Update to version neutron-13.0.4.dev38:
* Revert iptables TCP checksum-fill code
- Update to version neutron-13.0.4.dev36:
* Get ports query: extract limit and use it only at the end
- Update to version neutron-13.0.4.dev34:
* Not process port forwarding if no snat functionality
* Move subnet postcommit out of transaction for bulk create
- Update to version neutron-13.0.4.dev30:
* Give some HA router case specific resources
- Update to version neutron-13.0.4.dev28:
* Check master/backup router status in DVR functional tests
- Update to version neutron-13.0.4.dev26:
* OpenDev Migration Patch
* Set HA failover bridges veth pair devices UP
- Update to version neutron-13.0.4.dev23:
* neutron.conf needs lock\_path set for router to operate This change is adding required configuration in neutron.conf to set the lock\_path parameter, which was missing in compute-install-ubuntu.rst
- Update to version neutron-13.0.4.dev21:
* Do not call update\_device\_list in large sets
- Update to version neutron-13.0.4.dev19:
* Avoid loading same service plugin more than once
* Add dependency for service plugin
* Prevent bind fip to port has port forwarding
* Make test service\_plugins override simple
* DVR: Correctly change MTU in fip namespace
- Update to version neutron-13.0.4.dev9:
* Choose random value for HA routes' vr\_id
13.0.3
* Set router\_id if floating IP has port\_forwardings
* Change default local ovs connection timeout
- Update to version neutron-13.0.4.dev89:
* Treat networks shared by RBAC in same way as shared with all tenants
* Turn CIDR in query filter into proper subnet
- Update to version neutron-13.0.4.dev86:
* Prevent create port forwarding to port which has binding fip
- Update to version neutron-13.0.4.dev84:
* Release notes for dns\_domain behavioural changes
- Update to version neutron-13.0.4.dev83:
* DVR: on new port only send router update on port's host
- Update to version neutron-13.0.4.dev81:
* Reset MAC on unbinding direct-physical port
- Update to version neutron-13.0.4.dev79:
* Optimize the code that fixes the race condition of DHCP agent
- Update to version neutron-13.0.4.dev77:
* Switch to new engine facade for Route objects
* Revert 'Pass network's dns\_domain to dnsmasq conf'
- Update to version neutron-13.0.4.dev73:
* SRIOV agent: wait VFs initialization on embedded switch create
- Update to version neutron-13.0.4.dev72:
* Make OVS controller inactivity\_probe configurable
* improve dvr port update under large scale deployment
* Packets getting lost during SNAT with too many connections
* [DVR] Block ARP to dvr router's port instead of subnet's gateway
* Use list instead of six.viewkeys to avoid py2 to py3 problems
* Only store segmenthostmapping when enable segment plugin
* Wait to ipv6 accept\_ra be really changed by L3 agent
* Add port\_forwarding to devstack plugin
* Allow first address in an IPv6 subnet as valid unicast
* Show all SG rules belong to SG in group's details
* [DHCP] Don't resync network if same port is alredy in cache
* Remove rootwrap configuration from neutron-keepalived-state-change
* Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems
- Update to version neutron-13.0.4.dev50:
* Ensure dvr ha router gateway port binding host
- Update to version neutron-13.0.4.dev48:
* Async notify neutron-server for HA states
* Fix handling of network:shared field in policy module
* Fix creating policy rules from subattributes
* Keep HA ports info for HA router during entire lifecycle
* Don't count ports with inactive bindings as serviceable dvr ports
* Use dynamic lazy mode for fetching security group rules
- Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860)
- Update to version neutron-13.0.4.dev38:
* Revert iptables TCP checksum-fill code
- Update to version neutron-13.0.4.dev36:
* Get ports query: extract limit and use it only at the end
- Update to version neutron-13.0.4.dev34:
* Not process port forwarding if no snat functionality
* Move subnet postcommit out of transaction for bulk create
- Update to version neutron-13.0.4.dev30:
* Give some HA router case specific resources
- Update to version neutron-13.0.4.dev28:
* Check master/backup router status in DVR functional tests
- Update to version neutron-13.0.4.dev26:
* OpenDev Migration Patch
* Set HA failover bridges veth pair devices UP
- Update to version neutron-13.0.4.dev23:
* neutron.conf needs lock\_path set for router to operate This change is adding required configuration in neutron.conf to set the lock\_path parameter, which was missing in compute-install-ubuntu.rst
- Update to version neutron-13.0.4.dev21:
* Do not call update\_device\_list in large sets
- Update to version neutron-13.0.4.dev19:
* Avoid loading same service plugin more than once
* Add dependency for service plugin
* Prevent bind fip to port has port forwarding
* Make test service\_plugins override simple
* DVR: Correctly change MTU in fip namespace
- Update to version neutron-13.0.4.dev9:
* Choose random value for HA routes' vr\_id
13.0.3
* Set router\_id if floating IP has port\_forwardings
* Change default local ovs connection timeout
* Fix KeyError in OVS firewall (bsc#1131712, CVE-2019-10876)
- Update to version neutron-fwaas-13.0.2.dev14:
* netfilter\_log: Correctly decode binary type prefix
* OpenDev Migration Patch
- Update to version neutron-fwaas-13.0.2.dev12:
* Fix the verification method before creating and updating the firewall rule
- Update to version neutron-fwaas-13.0.2.dev14:
* netfilter\_log: Correctly decode binary type prefix
* OpenDev Migration Patch
- Update to version neutron-fwaas-13.0.2.dev12:
* Fix the verification method before creating and updating the firewall rule
- Update to version group-based-policy-5.0.1.dev443:
* Fix the thread concurrency issue while calling gbp purge
* Workaround expunge failure for SubnetRoute in session identity\_map
- Update to version group-based-policy-5.0.1.dev440:
* [AIM] Fix handling of missing PortSecurityBinding
- Update to version group-based-policy-5.0.1.dev439:
* Pull the upper constraint file also from the opendev.org site
- Update to version group-based-policy-5.0.1.dev438:
* [AIM] Don't override loading of SG rules when validating
- Update to version group-based-policy-5.0.1.dev437:
* Enhance the log while getting the keystone notification
- Update to version group-based-policy-5.0.1.dev436:
* [AIM] Cleanup RPC implementations
* [AIM] Pass in limit=-1 to work around a Nova bug
* [AIM] Some enhancements
- Update to version group-based-policy-5.0.1.dev433:
* Fix CI again
* OpenDev Migration Patch
- Update to version group-based-policy-5.0.1.dev431:
* Re-enable unit tests and fix CI jobs
- Update to version neutron-lbaas-13.0.1.dev12:
* Fix memory leak in the haproxy provider driver
- Update to version neutron-lbaas-13.0.1.dev11:
* OpenDev Migration Patch
* Revert 'Updated 'create\_pool' method in plugin'
- Update to version neutron-lbaas-13.0.1.dev12:
* Fix memory leak in the haproxy provider driver
- Update to version neutron-lbaas-13.0.1.dev11:
* OpenDev Migration Patch
* Revert 'Updated 'create\_pool' method in plugin'
- Update to version neutron-vpnaas-13.0.2.dev4:
* Execute neutron-vpn-netns-wrapper with rootwrap\_config argument
* OpenDev Migration Patch
- Update to version neutron-vpnaas-13.0.2.dev4:
* Execute neutron-vpn-netns-wrapper with rootwrap\_config argument
* OpenDev Migration Patch
- Update to version nova-18.2.2.dev9:
* Init HostState.failed\_builds
* libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
- Update to version nova-18.2.2.dev5:
* Grab fresh power state info from the driver
- Update to version nova-18.2.2.dev3:
* libvirt: flatten rbd images when unshelving an instance
18.2.1
* Share snapshot image membership with instance owner
- Update to version nova-18.2.1.dev95:
* [ironic] Don't remove instance info twice in destroy
* docs: Don't version links to reno docs
* tox: Use basepython of python3.5
* Allow driver to properly unplug VIFs on destination on confirm resize
* Move get\_pci\_mapping\_for\_migration to MigrationContext
* Fixes multi-registry config in Quobyte driver
* Include all network devices in nova diagnostics
- Update to version nova-18.2.1.dev81:
* Fix live-migration when glance image deleted
- Update to version nova-18.2.1.dev79:
* Replace the invalid index of nova-rocky releasenote
* Workaround missing RequestSpec.instance\_group.uuid
* Add regression recreate test for bug 1830747
* [stable-only] Improve the reno for consoleauth upgrade check
* Restore connection\_info after live migration rollback
* libvirt: Do not reraise DiskNotFound exceptions during resize
* Stop logging traceback when skipping quiesce
* libvirt: Avoid using os-brick encryptors when device\_path isn't provided
- Update to version nova-18.2.1.dev63:
* Block swap volume on volumes with >1 rw attachment
- Update to version nova-18.2.1.dev62:
* Fix retry of instance\_update\_and\_get\_original
- Update to version nova-18.2.1.dev60:
* Fix assert methods in unit tests
* Skip \_exclude\_nested\_providers() if not nested
- Update to version nova-18.2.1.dev56:
* Pass on region when we don't have a valid ironic endpoint
- Update to version nova-18.2.1.dev54:
* Add functional confirm\_migration\_error test
* [stable-only] Delete allocations even if \_confirm\_resize raises (part 2)
- Update to version nova-18.2.1.dev50:
* xenapi/agent: Change openssl error handling
- Update to version nova-18.2.1.dev48:
* Use migration\_status during volume migrating and retyping
- Update to version nova-18.2.1.dev47:
* libvirt: Always disconnect volumes after libvirtError exceptions
* libvirt: Stop ignoring unknown libvirtError exceptions during volume attach
- Update to version nova-18.2.1.dev45:
* AZ list performance optimization: avoid double service list DB fetch
- Update to version nova-18.2.1.dev44:
* Create request spec, build request and mappings in one transaction
* Fix {min|max}\_version in ironic Adapter setup
- Update to version nova-18.2.1.dev41:
* Fix regression in glance client call
- Update to version nova-18.2.1.dev40:
* OpenDev Migration Patch
* libvirt: set device address tag only if setting disk unit
- Update to version nova-18.2.1.dev37:
* Update instance.availability\_zone on revertResize
* Add functional recreate test for bug 1819963
* Fix incomplete instance data returned after build failure
- Update to version nova-18.2.1.dev31:
* Delete allocations even if \_confirm\_resize raises
* Error out migration when confirm\_resize fails
* Don't warn on network-vif-unplugged event during live migration
* libvirt: disconnect volume when encryption fails
* Temporarily mutate migration object in finish\_revert\_resize
* Override the 'get' method in DriverBlockDevice class
- Update to version nova-18.2.1.dev19:
* Add missing libvirt exception during device detach
* Fix bug preventing forbidden traits from working
* Adding tests to demonstrate bug #1821824
- Update to version nova-18.2.2.dev9:
* Init HostState.failed\_builds
* libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
- Update to version nova-18.2.2.dev5:
* Grab fresh power state info from the driver
- Update to version nova-18.2.2.dev3:
* libvirt: flatten rbd images when unshelving an instance
18.2.1
* Share snapshot image membership with instance owner
- Update to version nova-18.2.1.dev95:
* [ironic] Don't remove instance info twice in destroy
* docs: Don't version links to reno docs
* tox: Use basepython of python3.5
* Allow driver to properly unplug VIFs on destination on confirm resize
* Move get\_pci\_mapping\_for\_migration to MigrationContext
* Fixes multi-registry config in Quobyte driver
* Include all network devices in nova diagnostics
- Update to version nova-18.2.1.dev81:
* Fix live-migration when glance image deleted
- Update to version nova-18.2.1.dev79:
* Replace the invalid index of nova-rocky releasenote
* Workaround missing RequestSpec.instance\_group.uuid
* Add regression recreate test for bug 1830747
* [stable-only] Improve the reno for consoleauth upgrade check
* Restore connection\_info after live migration rollback
* libvirt: Do not reraise DiskNotFound exceptions during resize
* Stop logging traceback when skipping quiesce
* libvirt: Avoid using os-brick encryptors when device\_path isn't provided
- Update to version nova-18.2.1.dev63:
* Block swap volume on volumes with >1 rw attachment
- Update to version nova-18.2.1.dev62:
* Fix retry of instance\_update\_and\_get\_original
- Update to version nova-18.2.1.dev60:
* Fix assert methods in unit tests
* Skip \_exclude\_nested\_providers() if not nested
- Update to version nova-18.2.1.dev56:
* Pass on region when we don't have a valid ironic endpoint
- Update to version nova-18.2.1.dev54:
* Add functional confirm\_migration\_error test
* [stable-only] Delete allocations even if \_confirm\_resize raises (part 2)
- Update to version nova-18.2.1.dev50:
* xenapi/agent: Change openssl error handling
- Update to version nova-18.2.1.dev48:
* Use migration\_status during volume migrating and retyping
- Update to version nova-18.2.1.dev47:
* libvirt: Always disconnect volumes after libvirtError exceptions
* libvirt: Stop ignoring unknown libvirtError exceptions during volume attach
- Update to version nova-18.2.1.dev45:
* AZ list performance optimization: avoid double service list DB fetch
- Update to version nova-18.2.1.dev44:
* Create request spec, build request and mappings in one transaction
* Fix {min|max}\_version in ironic Adapter setup
- Update to version nova-18.2.1.dev41:
* Fix regression in glance client call
- Update to version nova-18.2.1.dev40:
* OpenDev Migration Patch
* libvirt: set device address tag only if setting disk unit
- Update to version nova-18.2.1.dev37:
* Update instance.availability\_zone on revertResize
* Add functional recreate test for bug 1819963
* Fix incomplete instance data returned after build failure
- Update to version nova-18.2.1.dev31:
* Delete allocations even if \_confirm\_resize raises
* Error out migration when confirm\_resize fails
* Don't warn on network-vif-unplugged event during live migration
* libvirt: disconnect volume when encryption fails
* Temporarily mutate migration object in finish\_revert\_resize
* Override the 'get' method in DriverBlockDevice class
- Update to version nova-18.2.1.dev19:
* Add missing libvirt exception during device detach
* Fix bug preventing forbidden traits from working
* Adding tests to demonstrate bug #1821824
- Update to version octavia-3.1.2.dev2:
* Add bindep.txt for Octavia
- Update to version octavia-3.1.2.dev1:
* Fix allocate\_and\_associate DB deadlock
3.1.1
- Update to version octavia-3.1.1.dev8:
* Treat null admin\_state\_up as False
* Performance improvement for non-udp health checks
- Update to version octavia-3.1.1.dev5:
* Bandit test exclusions syntax change
- Update to version octavia-3.1.1.dev4:
* Fix IPv6 in Active/Standby topology on CentOS
- Update to version octavia-3.1.1.dev3:
* Fix listener API handling of None/null updates
* OpenDev Migration Patch
- Update to version octavia-3.1.1.dev1:
* Fix a lifecycle bug with child objects
3.1.0
- Update to version 9.0+git.1558039547.f0d0ddf:
* Fix validate ip version call (SOC-9301)
- Update to version 9.0+git.1557220468.f113719:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Add patch to toggle signed image validation (SCRD-8578)
- update to version 4.0.2
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Replace openstack.org git:// URLs with https://
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- import zuul job settings from project-config
- Raise API max version for Rocky updates
- Switch to new Gerrit Server
- removed 0001-pass-endpoint-interface-to-http-client.patch
- update to version 2.5.2
- Replace openstack.org git:// URLs with https://
- pass endpoint interface to http client
- Use endpoint_override in version negotiation
- Add back tarball
- added 0002-Skip-read-only-test-for-CIFS.patch
- added 0001-Fix-CIFS-access-for-non-multitenant-setup.patch
- update to version 1.24.2
- Fix get_base_url
- [CI] Fix logs for the functional test job
- Return is_default as a value instead of a function object
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Replace openstack.org git:// URLs with https://
- Don't quote {posargs} in tox.ini
- import zuul job settings from project-config
- update to version 2.5.7
- Fix FC case sensitive scanning
- update to version 4.40.2
- OpenDev Migration Patch
- exc_filters: fix deadlock detection for MariaDB/Galera cluster
- update to 2.8.4 (SOC-9280)
* Adding fix for nic\_capacity calculation
- Update to version 9.0.1562324636.e7046a3:
* Add the freezer service to config file and log file collection
* Change the dir from where the ardana model/config files are collected
ModerateSUSE bug 1115960SUSE bug 1120657SUSE bug 1121530SUSE bug 1122053SUSE bug 1122825SUSE bug 1124170SUSE bug 1128453SUSE bug 1131712SUSE bug 1131791SUSE bug 1131899SUSE bug 1132542SUSE bug 1132654SUSE bug 1132832SUSE bug 1132852SUSE bug 1132853SUSE bug 1132860SUSE bug 1134336CVE-2018-19039 at SUSECVE-2018-19039 at NVDCVE-2019-10876 at SUSECVE-2019-10876 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-requests (Moderate)SUSE OpenStack Cloud 9
This update for python-requests to version 2.20.1 fixes the following issues:
Security issue fixed:
- CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622).
ModerateSUSE bug 1111622CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Moderate)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issue:
Security issue fixed:
- CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed
attackers to perfrom CRLF attacks (bsc#1137825).
ModerateSUSE bug 1137825CVE-2019-12387 at SUSECVE-2019-12387 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar (Moderate)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues:
- Update to version 9.0+git.1566374020.301191f:
* Use raw image format when using SES backend on Nova (SOC-9285)
- Update to version 9.0+git.1563375514.31fa9a7:
* Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
- Update to version 9.0+git.1563192450.30e8f16:
* Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840)
- Update to version 9.0+git.1566251498.be02ca4:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565678764.c3a9b9f:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1562898832.1731f25:
* FIX broken symlink for policy.yaml.j2. (SOC-0000)
- Update to version 9.0+git.1559333871.40508f7:
* Allow system to bind to non local ipv6 addresses (SOC-9330)
- Update to version 9.0+git.1566336494.93967dd:
* Using python netaddr for ipv6 address comparison (SOC-9940)
- Update to version 9.0+git.1564409964.b7e4fc3:
* Don't use 'latest' with 'zypper' (SOC-9997)
- Update to version 9.0+git.1562182567.aef23e0:
* Format curl commands for ipv6 (SOC-9369)
- Update to version 9.0+git.1565680593.df7a432:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1566213657.69862ab:
* Add missing service plugin for l2gw (SOC-5837)
- Update to version 9.0+git.1563904379.31ff1e9:
* Add the NSX-T L2-Gateway Service definition (SOC-5837)
- Switch to new Gerrit Server
- Update to version 9.0+git.1566375806.f0b2333:
* Configure glance image_direct_url/multiple_locations (SOC-9285)
- Update to version 9.0+git.1565720518.c7fdca2:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1564491141.602fdf9:
* Default glance_default_store to rbd if SES enabled (SOC-8749)
- Update to version 9.0+git.1565721273.f44b8d7:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565891518.2a545a1:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565655129.ab3a58c:
* Removed None condition from rule (SOC-10003)
- Update to version 9.0+git.1564609155.033a963:
* Updated heat_policy.json permission to be 664 (SOC-9872)
- Update to version 9.0+git.1562848565.91e75b2:
* Include memcached in the minimal ardana-ci model (SOC-9800)
- Update to version 9.0+git.1566255088.3443670:
* Add server state column (SOC-9957)
- Update to version 9.0+git.1565218199.868c5d1:
* Add ipv6 support (SOC-9677) (#357)
- Update to version 9.0+git.1563912815.7090c20:
* Only show ses config upload option when ses is not configured (SOC-8555) (#356)
- Update to version 9.0+git.1565721987.ddc59c8:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565891593.cad6d1a:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1563911975.a7ed208:
* Ensure Member role is created during upgrade (SOC-9923)
- Update to version 9.0+git.1565761582.2dc823a:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565762005.016032a:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1566332665.ad894c0:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565691188.2309798:
* Use systemd for monasca-thresh (SOC-10145)
- Update to version 9.0+git.1565115025.148d092:
* Enable ipv6 on rabbitmq-server (SOC-9745)
- Update to version 9.0+git.1566251310.3a1e8f9:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1563989391.dfe3688:
* Let SDN services configure VPN and Firewall service providers (SOC-9935)
- Update to version 9.0+git.1561563389.90bfb06:
* Add dependent services to neutron services (SOC-8746)
- Update to version 9.0+git.1566332515.e232568:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565946239.023aefe:
* Set diskcachemode and disk discard when using RBD (SOC-10182)
- Update to version 9.0+git.1565715522.3fe67c6:
* fix Ironic endpoint override (SOC-10130)
- Update to version 9.0+git.1565366126.4993583:
* Make default/rpc_response_timeout configurable (SOC-9285)
- Update to version 9.0+git.1562762205.ce51d30:
* Resolves nova-novncproxy random status failures (SOC-9574)
- Update to version 9.0+git.1566206502.6c87b41:
* Use default values for amphora connection retries/timeout (SOC-9285)
- Update to version 9.0+git.1566251377.b1caeaa:
* adds ipv6 format to http/https urls (SOC-10063)
- Add ipaddr bower dependency (SOC-9679)
- Update to version 9.0+git.1565764394.545b573:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565380193.f006466:
* Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939)
- Update to version 9.0+git.1565265803.6a720d0:
* Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
- Update to version 9.0+git.1565150548.c475cb8:
* Configured logrotate user for ovs as 'root' (SOC-8139)
- Update to version 9.0+git.1563894224.943cbc2:
* Make the example repo url entry totally fictitious (SOC-6800)
- Update to version 9.0+git.1563383124.1d585e4:
* Add an global_filter entry to lvm.conf (bsc#1140512)
- Update to version 9.0+git.1562782235.67538c9:
* Configure ovs user for logrotate (SOC-8139)
- Update to version 9.0+git.1562371586.24a698a:
* Allow for use of --check in iptables command (SOC-9349)
- Update to version 9.0+git.1562170979.edc53b6:
* Don't set datapath-ids on ovs-bridges anymore (SOC-9239)
- Update to version 9.0+git.1564706915.edd44c4:
* Add ipv6 support (SOC-9677)
- Update to version 9.0+git.1563468620.5035cf8:
* Add support for ses integration (SOC-8555)
- Update to version 9.0+git.1563461311.16ea2df:
* Change url of upper-constraints file (SOC-9863)
- Update to version 9.0+git.1565962617.523149b:
* Add ses-status playbook (SOC-9902)
- Update to version 9.0+git.1565704258.123de3f:
* Update Swift endpoint during deploy (SOC-9303)
- Update to version 9.0+git.1565891872.73fc3c7:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565644472.644d5f6:
* Cloud 8 to 9 upgrade enhancements (SOC-10146)
- Update to version 9.0+git.1566471752.a3c5c9c:
* Delete existing run filter before deploying it (SOC-10287)
- Update to version 9.0+git.1565366961.33ad009:
* Run loadbalancer tests in parallel (SOC-9285)
- Update to version 9.0+git.1563203769.49124de:
* Blacklist failing shelve tests (SOC-9775)
- Update to version 9.0+git.1562783575.7e02c70:
* Blacklist failing shelve tests (SOC-9775)
- Update to version 6.0+git.1566321308.1de18b9a4:
* ohai: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566303970.2c7d83971:
* upgrade: restart nova services after upgrade
- Update to version 6.0+git.1565859218.525130340:
* upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164)
- Update to version 6.0+git.1565256572.49359f57b:
* ovs-pre-up: remove controller for admin bridge (SOC-10073)
- Update to version 6.0+git.1564996068.e7ccb0bae:
* batch: Fix get_proposal_json (SOC-9954)
- Update to version 6.0+git.1564738819.232375c6f:
* batch: Format crowbar batch error output (SOC-9954)
* repochecks errors for ses5-pool on SOC9
* dns: fix migration for designate
- Update to version 6.0+git.1564480387.a4b8c2ff7:
* batch: Format crowbar batch error output (SOC-9954)
- Update to version 6.0+git.1564406710.9273d5a17:
* travis: Whitelist CVE-2015-3448 (SOC-9911)
* travis: Use env variable for commit range (SOC-9911)
- Update to version 6.0+git.1564131651.98f426eae:
* monasca: add cleanup before upgrade (SOC-9482)
* bind9: Fix spelling error in template
- Update to version 6.0+git.1563950117.f6123bd8f:
* Cleanup clone_stateless_services leftovers (SOC-9842)
- Update to version 6.0+git.1562772809.4a470bec0:
* upgrade: update file names for 8 -> 9 (SOC-9029)
- Update to version 6.0+git.1562733958.204289d65:
* ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098)
- Update to version 6.0+git.1566406179.7549de2:
* corosync: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566404979.41279a88e:
* Designate: Update DB pools configuration (SOC-9767)
* horizon: Install designate plugin when configured (SOC-9695)
- Update to version 6.0+git.1566211690.54dcd56ba:
* ceilometer: Remove old ceilometer-api vhosts (SOC-9483)
- Update to version 6.0+git.1565968769.ae650697c:
* Octavia: Barclamp (SOC-6100)
- Update to version 6.0+git.1565739445.3fc6ef5e8:
* designate: Configure resource settings (SOC-9633)
- Update to version 6.0+git.1565713423.0dd3fbb3e:
* tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029)
- Update to version 6.0+git.1565081581.1e2cf5bd0:
* nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)
- Update to version 6.0+git.1564586397.a7203dba7:
* Add tempest filters based on services (SOC-9298)
* upgrade: Fix HA detection for keystone db_sync (SOC-9981)
- Update to version 6.0+git.1564498339.07f14a985:
* Fix magnum tempest tests (SOC-9298)
* Fix nova tempest tests (SOC-9298)
- Update to version 6.0+git.1564435128.cef47cc21:
* neutron: raise validation error if domain names dont end with a dot(.)
- Update to version 6.0+git.1564412715.c969e1e11:
* Fix barbican SSL support (SOC-9298)
- Update to version 6.0+git.1564039130.9ad11f213:
* designate: Use server node for VIP look ups (SOC-9631)
- add cirros-0.4.0-x86_64-disk.img (SOC-9298)
* the disk img is required to run the barbican tempest test
- Update to version 6.0+git.1563891318.d41ce2e75:
* Cleanup clone_stateless_services leftovers (SOC-9842)
- Update to version 6.0+git.1563439849.5c507bcdb:
* Fix tempest config for cinder using ceph as backenid (SOC-9298)
- Update to version 6.0+git.1562841293.9768602a2:
* swift: Sync HA nodes (SOC-9683)
- Update to version 6.0+git.1562684470.f5d361077:
* designate: Fix spelling error inside comments (SOC-6361)
- Update to version 6.0+git.1562599436.b4c63fc56:
* case-insensitive when lookup by name (SOC-9339)
- Update to version 6.0+git.1562319309.98a52a0a3:
* monasca: move Grafana DB creation
- Update to version 1.3.0+git.1563181545.65360af5:
* upgrade: Update repocheck keys
* Update texts for 8-9 upgrade (SOC-9689)
- Update to version 1.3.0+git.1562579063.5690a1bc:
* Pin gulp-angular-templatecache version
- Bumped package version to 1.3 to differentiate it from 8-9 version
- Udate to version 2.11.1.dev4
* Add Cassandra db support
* Bump the pom version to 1.3.0
* Remove cassandra.patch (merged upstream)
- Fix license
- Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common
- Update to version ceilometer-11.0.2.dev14:
* Fixing broken links
- Update to version ceilometer-11.0.2.dev14:
* Fixing broken links
- Update to version cinder-13.0.7.dev3:
* Prevent double-attachment race in attachment\_reserve
- Update to version cinder-13.0.7.dev1:
13.0.6
* Add OS-SCH-HNT in extensions list
- Update to version cinder-13.0.6.dev16:
* Revert 'Declare multiattach support for HPE MSA'
- Update to version cinder-13.0.6.dev14:
* Remove Sheepdog tests from zuul config
- Update to version cinder-13.0.6.dev13:
* [VNX] Fix test case issue
- Update to version cinder-13.0.7.dev3:
* Prevent double-attachment race in attachment\_reserve
- Update to version cinder-13.0.7.dev1:
13.0.6
* Add OS-SCH-HNT in extensions list
- Update to version cinder-13.0.6.dev16:
* Revert 'Declare multiattach support for HPE MSA'
- Update to version cinder-13.0.6.dev14:
* Remove Sheepdog tests from zuul config
- Update to version cinder-13.0.6.dev13:
* [VNX] Fix test case issue
* nimble: Fix missing ssl support (bsc#1027315)
- Update to version designate-7.0.1.dev21:
* Improve log message for better understanding
- Update to version designate-7.0.1.dev21:
* Improve log message for better understanding
- Update to version openstack-heat-11.0.3.dev19:
* Fix allowed address pair validation
- Update to version openstack-heat-11.0.3.dev18:
* Show an engine as down if service record is not updated twice
* Allow update of previously-replaced resources
* Do not perform the tenant stack limit check for admin user
- Update to version openstack-heat-11.0.3.dev12:
* Add entry\_point for oslo policy scripts
- Update to version openstack-heat-11.0.3.dev10:
* Don't resolve properties for OS::Heat::None resource
- Update to version openstack-heat-11.0.3.dev8:
* Add local bindep.txt and limit bandit version
* Retry on DB deadlock in event\_create()
- Update to version openstack-heat-11.0.3.dev19:
* Fix allowed address pair validation
- Update to version openstack-heat-11.0.3.dev18:
* Show an engine as down if service record is not updated twice
* Allow update of previously-replaced resources
* Do not perform the tenant stack limit check for admin user
- Update to version openstack-heat-11.0.3.dev12:
* Add entry\_point for oslo policy scripts
- Update to version openstack-heat-11.0.3.dev10:
* Don't resolve properties for OS::Heat::None resource
- Update to version openstack-heat-11.0.3.dev8:
* Add local bindep.txt and limit bandit version
* Retry on DB deadlock in event\_create()
- Do not exclude python bytecode files (see
https://review.opendev.org/#/c/666611 for details)
- Update to version neutron-lbaas-dashboard-5.0.1.dev7:
* Update tox.ini for new upper constraints strategy
* OpenDev Migration Patch
- Update to latest spec from rpm-packaging
* Don't exclude python bytecode files in dashboards
- Update to version ironic-11.1.4.dev9:
* Filter security group list on the ID's we expect
* Ansible module: fix deployment for private and/or shared images
- Update to version ironic-11.1.4.dev5:
* Ansible driver: fix deployment with serial specified as root device hint
* CI: stop using pyghmi from git master
- Update to version ironic-11.1.4.dev9:
* Filter security group list on the ID's we expect
* Ansible module: fix deployment for private and/or shared images
- Update to version ironic-11.1.4.dev5:
* Ansible driver: fix deployment with serial specified as root device hint
* CI: stop using pyghmi from git master
- Update to version ironic-python-agent-3.3.3.dev4:
* CI: stop using pyghmi from git master
- Update to version ironic-python-agent-3.3.3.dev3:
* Correct formatting of a warning when lshw cannot be run
- Update to version ironic-python-agent-3.3.3.dev1:
* Stop logging lshw output, collect it with other logs instead
3.3.2
- Update to version keystone-14.1.1.dev8:
* Revert 'Blacklist bandit 1.6.0'
- Update to version keystone-14.1.1.dev8:
* Revert 'Blacklist bandit 1.6.0'
- Update to version magnum-7.1.1.dev28:
* Revert 'support http/https proxy for discovery url'
* Use rocky heat-container-agent for stable/rocky
- Update to version magnum-7.1.1.dev28:
* Revert 'support http/https proxy for discovery url'
* Use rocky heat-container-agent for stable/rocky
- Update to version manila-7.3.1.dev3:
* Remove the redunant table from windows' editor
- Update to version manila-7.3.1.dev3:
* Remove the redunant table from windows' editor
- update to version 1.14.2~dev1
- [GateFix] Ignore false positive bandit B105 test failure
- update to version 1.12.1~dev9
- Update all columns in metrics on an update to refresh TTL
- update to version 1.12.1~dev7
- Widen exception catch for point parse failure
- update to version 1.12.1~dev6
- some points unable to parse
- OpenDev Migration Patch
- Rebased patches:
+ 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream)
- Update to version monasca-persister-1.12.1.dev9:
* Update all columns in metrics on an update to refresh TTL
* OpenDev Migration Patch
- Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch
- Update to version monasca-persister-1.12.1.dev4
* Java persister config: defaults and robustness
* Add Cassandra db support
- Remove java-persister-defaults.patch (merged upstream)
- Remove cassandra.patch (merged upstream)
- Add missing URLs for patches
- Updated to kit tarball built from 1.12.1.dev4
- Updated README.updating for current version
- Update to version neutron-13.0.5.dev22:
* Clear skb mark on encapsulating packets
* Stop OVS agent before starting it again
* Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings
* fix update port bug
- Update to version neutron-13.0.5.dev15:
* Check for agent restarted after checking for DVR port
- Update to version neutron-13.0.5.dev14:
* Retry trunk status updates failing with StaleDataError
- Update to version neutron-13.0.5.dev13:
* Don't crash ovs agent during reconfigure of phys bridges
- Update to version neutron-13.0.5.dev12:
* Use --bind-dynamic with dnsmasq instead of --bind-interfaces
* Yield control to other greenthreads while processing trusted ports
* Limit max ports per rpc for dhcp\_ready\_on\_ports()
- Update to version neutron-13.0.5.dev6:
* Ignore first local port update notification
- Update to version neutron-13.0.5.dev5:
* Add custom ethertype processing
13.0.4
- Update to version neutron-13.0.5.dev22:
* Clear skb mark on encapsulating packets
* Stop OVS agent before starting it again
* Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings
* fix update port bug
- Update to version neutron-13.0.5.dev15:
* Check for agent restarted after checking for DVR port
- Update to version neutron-13.0.5.dev14:
* Retry trunk status updates failing with StaleDataError
- Update to version neutron-13.0.5.dev13:
* Don't crash ovs agent during reconfigure of phys bridges
- Update to version neutron-13.0.5.dev12:
* Use --bind-dynamic with dnsmasq instead of --bind-interfaces
* Yield control to other greenthreads while processing trusted ports
* Limit max ports per rpc for dhcp\_ready\_on\_ports()
- Update to version neutron-13.0.5.dev6:
* Ignore first local port update notification
- Update to version neutron-13.0.5.dev5:
* Add custom ethertype processing
13.0.4
* When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729)
- Update to version group-based-policy-5.0.1.dev459:
* Tempest Scenario test for Connection Tracking
- Update to version group-based-policy-5.0.1.dev457:
* Adding icmp\_code and icmp\_type for SG rule
* A VM could be associated with multiple ports
* Optimize the extend\_router\_dict() call
- Update to version group-based-policy-5.0.1.dev451:
* [AIM] Enhance gbp-validate to detect routed subnet overlap
- Update to version group-based-policy-5.0.1.dev450:
* [AIM] Prevent overlapping CIDRs in routed VRF
* Disallow external subnets as router interfaces
- Update to version group-based-policy-5.0.1.dev448:
* Fix issues on sync\_state display on neutron based on AIM status
- Update to version group-based-policy-5.0.1.dev446:
* Send the port updates for the SNAT use case if needed
* Make DHCP provisioning blocks conditional
- Update to version neutron-lbaas-13.0.1.dev14:
* Update tox.ini for new upper constraints strategy
* Remove the release notes job from stable/rocky
- add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch
- Update to version neutron-lbaas-13.0.1.dev14:
* Update tox.ini for new upper constraints strategy
* Remove the release notes job from stable/rocky
* Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051)
- Update to version octavia-3.1.2.dev8:
* Add octavia-v2-dsvm jobs to the gate queue
- Update to version octavia-3.1.2.dev7:
* Fix for utils LB DM transformation function
- Update to version octavia-3.1.2.dev5:
* Update amphora-agent to report UDP listener health
- Update to version octavia-3.1.2.dev3:
* Update tox.ini for new upper constraints strategy
- Add patches fixing tempest cleanup removing all networks
https://bugs.launchpad.net/tempest/+bug/1812660
* 0001-Remove-deprecated-services-from-cleanup.patch
* 0002-Fix-tempest-cleanup.patch
* 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch
- Update to version 9.0+git.1566405927.c5c03d4:
* Adds ipv6 support to baremetal ServersValidator (SOC-9940)
- Update to version 9.0+git.1565384645.8fcf5db:
* Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939)
- Update to version 9.0+git.1564587526.5db9d5d:
* Flag forward:NORMAL on MANAGEMENT network group (SOC-9939)
- Update to version 9.0+git.1563384666.4c1a3e5:
* Bracketed ipv6 addresses for endpoint urls (SOC-9357)
- added 0001-Fix-volume-revert-to-snapshot-tests.patch
- update to version 2.5.3
- Do not try to use /v1/v1 when endpoint_override is used
- OpenDev Migration Patch
- added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch
- added 0001-Use-unicode-literals-in-test_metrics.patch
- update to version 3.16.2 (bsc#1144027, bsc#1144026)
- update to version 0.17.3
- OpenDev Migration Patch
- Replace openstack.org git:// URLs with https://
- Fixes for Unicode characters in python 2 requests
- Fix functional tests on stable/rocky
- Correct updating baremetal nodes by name or ID
- Support bare metal service error messages
- import zuul job settings from project-config
- Correct update operations for baremetal
- Add simple create/show/delete functional tests for all baremetal resources
- Add a simple baremetal functional job
- Pass microversion info through from Profile
- update to 2.8.4 (SOC-9280)
* Adding fix for nic\_capacity calculation
- Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676)
* python-python-engineio: An issue was discovered in
python-engineio through 3.8.2. There is a Cross-Site WebSocket
Hijacking (CSWSH) vulnerability that allows attackers to make
WebSocket connections to a server
- Switch to new Gerrit Server
- Switch to opendev as external projects are not longer synced to
github. As a result, there is also no automatic change log.
- Updated to 13.0.1~dev146 (d307746a5)
* NSX|V3 adminUtils: detect and clean orphaned section rules
* OpenDev Migration Patch
* Delete SG rules when deleting their remote group
* NSX|V3: Limit number of subnet static routes per backend
* NSX|V: Restrict creating conflicting address_pair in the same network
* NSX|V3: Add verification of num defined address pairs
* constrain rocky dependencies
* Update rocky .gitreview branch
* Handle multiple default SG creation in all plugins
* update tox for stable branch
* NSX|V3: remove redundent code in get_port/s
* NSX|V3: Change status code of SG failure
* NSX|V: enable allow_address_pairs upon request
* Revert 'NSX|V3: Simplify LBaaS implementation'
* NSX|V3: Fix LBaaS loadbalancer creation
* NSX|V: Init FWaaS callbacks only if enabled
* NSX|V3: Simplify LBaaS implementation
* Complete the init of the Neutron main process
* NSX|V3: Respect default keyword for physical_net
* NSX|V admin utils: Find and fix spoofguard policies mismatches
* TVD: Add start_rpc_listeners to the plugin
* Upgrade appdirs lower constraints
* NSX|V+V3: relax FWaaS validation
* Revert 'NSX|V3: Init FWaaS before spawn'
* NSX|V3: prevent user from changing the NSX internal SG
* Fix provider security group exception call
* NSX|V3+V: Handle fwaas policy removal
* NSX|V3: Create port bindings for dhcp ports
* NSX|V3: Fix LB error handling
* Fix security group broken code & tests
* [NSX-V] Ensure binding exists before assigning lswitch_id
* NSX|V: Fix update section header
* NSX|V3: Validate FWaaS cidrs
* Devstack: Delete old project before deciding how to get the new code
* NSX|V3: Init FWaaS before spawn
* Devstack: Fix failed of ml2 directory creation
* Devstack: Fix failed of ml2 directory creation
* Fix cffi lower constraints
* NSX|V3: Do not allow external subnets overlapping with uplink cidr
* Devstack: Fix ml2 config file creation for FWaaS-V2
* NSX|V3 Support expected codes for LB HM
* NSX|V3: Fix ipam to check subnets carefully
* NSX|V3 Fix provider nsx-net create
* NSX-T: Delete subnet in case of dhcp error
* Fix Octavia devstack instructions
* NSX|V3: Fix LB statistics getter
* NSX|V3: Add L2GW connection validation
* Devstack: Create ml2 config file for FWaaS-V2
* NSX|V3: Configure tier0 transit networks
* Use upper-constraints from stable/rocky
* fix lower constraints
* TVD: Add missing VPN driver api
* NSX|V3: FWaaS translate 0.0.0.0 to Any ip
* NSX|V use context reader for router driver
* NSX|V Fix AdminUtils get apis to use the right context
* TVD LBaaS: fix operational status api
* Use tenant context to get router GW network
* NSX-v3: Fix listener for pool not fetched anymore
* NSX-v3: Prevent comparison with None
* NSXv: use admin context for metadata port config
* NSX-v3: Fix LB HTTP/HTTPS monitor impl
* NSX|V Fix orphaned networks and bindings
* NSX|V3 Fix dhcp binding rollback
* NSX|V3: Fix FW(v2) status when deleting an illegal port
* Ensure NSX VS is always associated with NSX LBS
* NSX|V3: validate LBaaS NSX stats fields
* TVD verify loadbalancer project match the LB object project
* TVD: Do not crash in case the project is not found
* NSX|V3: Fix member fip error message
* NSX|V3: Restrict update of LB port with fixed IP
* NSX|V3 Add NO-NAT rules only for routers with enabled SNAT
* NSXv: Metadata should complete init
* TVD: Add LBaaS get_operating_status support
* NSX|V Fill VIF data for upgraded ports
* Devstack plugin: fetch Neutron only when needed
* NSX|V: Improve SG rule service creation
* NSX|V fix LBaaS operation status function params
* NSX|V3: Add LB status calls validations
* NSX|V3 remove lbaas import to allow the plugin to work without lbaas
* NSX|V Allow updating port security and mac learning together
* NSX|V3: Change external provider network error message
* NSX|V+V3: Prevent adding different projects routers to fwaas-V1
* NSX|V: Fix BGP plugin get operations
* NSX|V: Validate DVS Id when creating flat/vlan network
* NSX|V: Fix devstack cleanup for python 3
* NSX|V3: Check specific exception when deleting dhcp port
* NSX|V3 Validate rate-limit value in admin utilitiy
* NSX|V3 adminUtils: Use nsx plugin to get ports
* NSX|V3: Fail on unsupported QoS rules
* NSX|V3: VPN connection status update
* NSX-V3| Fix port MAC learning flag handling
* NSX|V3 update port revision on update_port response
* NSX|V: Avoid updating the default section at init
* NSX|V3: LBaaS operating status support
* NSX|V3: Fix external LB member create
* Devstack: Use the right python version in cleanup
* NSX|V: Fix host groups for DRS HA for AZ
* NSX|V Fix policy security group update
* NSX|V+V3 QoS rbac support
* NSX|V3 update port binding for callbacks notifications
* NSX|V3: Support new icmp codes and types
* NSX|V3: Make sure LB member is connected to the LB router
* NSX|V3: Prevent adding an external net as a router interface
* NSX|V: Shorten the L2 bridge edge name
* NSX|V3: Fix port binding update on new ports
- update to version 13.0.1~dev146
- Switch to opendev as external projects are not longer synced to
github. As a result, there is also no automatic change log.
- update to version 13.0.1~dev24 (ebaacab)
* updates for stable branch
* NSX|V3+P: Change max allowed host routes
* Adding the option to configure disabled mac profile
* OpenDev Migration Patch
* NSX|T: Backend parameter for max subnet static routes
* NSX|T: Add NSX limit of IP address association to port
* Fix nsgroup update to access the logging field safely
* Retry http requests on timeouts
* Added retries if API call fails due to MP cluster reconfig
* Fix check_manager_status to support older NSX versions
* Improve Cluster validation checks
* Add apis to get tier0 uplink cidrs and not just ips
* Support response status codes for LB HM
* Add manager status validation to validate connection
* Handle get_default_headers errors
* Update the max NS groups criteria tags number dynamically
* Fix multi-cluster connectivity
* Amend allowed ICMP types and codes in strict mode
* Fix cluster connectivity
* Fix the revision needed for security rules version
* New api for getting VPN session status
* New api for getting the LB virtual servers status
* NSX|V3: Support new icmp codes and types list-
- update to version 13.0.1~dev24
- Fix the Requires: format in spec file (bsc#1134232)
- 3.4.2
ModerateSUSE bug 1027315SUSE bug 1129729SUSE bug 1133719SUSE bug 1134232SUSE bug 1140512SUSE bug 1141676SUSE bug 1144026SUSE bug 1144027CVE-2015-3448 at SUSECVE-2015-3448 at NVDCVE-2017-17051 at SUSECVE-2017-17051 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-13611 at SUSECVE-2019-13611 at NVDCVE-2019-7164 at SUSECVE-2019-7164 at NVDCVE-2019-7548 at SUSECVE-2019-7548 at NVDCVE-2019-9735 at SUSECVE-2019-9735 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb, mariadb-connector-c (Important)SUSE OpenStack Cloud 9
This update for mariadb and mariadb-connector-c fixes the following issues:
mariadb:
- Update to version 10.2.25 (bsc#1136035)
- CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035).
- CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035).
- CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035).
- Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666).
- Adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response
and the pid in a process list as it can take some time till the process is terminated. Otherwise
it can lead to 'found left-over process' situation when regular mariadb is started (bsc#1143215).
mariadb-connector-c:
- Update to version 3.1.2 (bsc#1136035)
- Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088)
ImportantSUSE bug 1126088SUSE bug 1132666SUSE bug 1136035SUSE bug 1143215CVE-2019-2614 at SUSECVE-2019-2614 at NVDCVE-2019-2627 at SUSECVE-2019-2627 at NVDCVE-2019-2628 at SUSECVE-2019-2628 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Important)SUSE OpenStack Cloud 9
This update for python-Django1 to version 1.11.23 fixes the following issues:
- CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880).
- CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882).
- CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883).
- CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885).
- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
- CVE-2019-12308: Fixed a cross site scripting vulnerability in the AdminURLFieldWidget (bsc#1136468).
ImportantSUSE bug 1136468SUSE bug 1139945SUSE bug 1142880SUSE bug 1142882SUSE bug 1142883SUSE bug 1142885CVE-2019-12308 at SUSECVE-2019-12308 at NVDCVE-2019-12781 at SUSECVE-2019-12781 at NVDCVE-2019-14232 at SUSECVE-2019-14232 at NVDCVE-2019-14233 at SUSECVE-2019-14233 at NVDCVE-2019-14234 at SUSECVE-2019-14234 at NVDCVE-2019-14235 at SUSECVE-2019-14235 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-SQLAlchemy (Important)SUSE OpenStack Cloud 9
This update for python-SQLAlchemy fixes the following issues:
Security issues fixed:
- CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593).
- CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593).
ImportantSUSE bug 1124593CVE-2019-7164 at SUSECVE-2019-7164 at NVDCVE-2019-7548 at SUSECVE-2019-7548 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud 9
This update for python-urllib3 fixes the following issues:
Security issues fixed:
- CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
- CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
- CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).
ModerateSUSE bug 1129071SUSE bug 1132663SUSE bug 1132900CVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Werkzeug (Moderate)SUSE OpenStack Cloud 9
This update for python-Werkzeug fixes the following issues:
Security issue fixed:
- CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383).
ModerateSUSE bug 1145383CVE-2019-14806 at SUSECVE-2019-14806 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Moderate)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issues:
Security issue fixed:
- CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks (bsc#1138461).
ModerateSUSE bug 1138461CVE-2019-12855 at SUSECVE-2019-12855 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff (Moderate)SUSE OpenStack Cloud 9
This update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff contains the following fixes:
- 0004-add_ipv6_support_to_synchronize_action_plugin.patch
fixes: bsc#1145967
IPv6 addreses need to be wrapped when used in scp command
in the form scp user@[ipv6address]:port
SOC-10117
- Update to version 9.0+git.1568385829.54601ac:
* Enable Cloud9 parallelised upgrade workflow (SOC-10484)
- Update to version 9.0+git.1568379640.07c5144:
* Enable DB upgrade in ardana-update.yml (SOC-10094)
- Update to version 9.0+git.1567617871.4426809:
* Ensure tls-upgrade.yml called by ardana-update.yml (SOC-9942)
- Update to version 9.0+git.1566486136.e2f6b0f:
* Add deprecations cleanup support (SOC-10275)
- Update to version 9.0+git.1568150980.027f167:
* Enable auth_openidc Apache2 module (SOC-10509)
- Update to version 9.0+git.1568382922.6f2cea4:
* Use galera-upgrade.yml for update/upgrade workflow (SOC-10521)
- Update to version 9.0+git.1568830037.2eea267:
* Add missing DHCP options for NSX-T (SOC-5838)
- Update to version 9.0+git.1568307751.d68a198:
* Add NSX-T QoS service definition (SOC-10479)
- Update to version 9.0+git.1567606893.85b4d54:
* Add NSX-T LBaaS service definition (SOC-9900)
- Update to version 9.0+git.1567416354.e45fd54:
* Add missing policies for NSX-T (SOC-5831)
- Update to version 9.0+git.1567196895.2e056b5:
* Add NSX-T VPNaaS service definition (SOC-9935)
* Add NSX-T FWaaS service definition (SOC-9935)
- Update to version 9.0+git.1567196861.0ca4cc9:
* Add the NSX-T DNS service definition (SOC-9912)
- Update to version 9.0+git.1567196262.39a7dd0:
* Improvements over initial NSX-T support (SOC-5831)
- Update to version 9.0+git.1566918834.1b7a49a:
* Update policy json templates for vmware-nsx (SOC-10254)
- Update to version 9.0+git.1567000146.4569d10:
* Cloud 8to9 upgrade enhancements for glance (SOC-10043)
- Update to version 9.0+git.1566409257.eec6360:
* Add neutron-fwaas.json when neutron-l3-agent is deployed (SOC-10280)
- Update to version 9.0+git.1569535129.ca87ef0:
* Add support for running in Docker container (SOC-8524) (#350)
- Update to version 9.0+git.1567797529.273abf2:
* Use IPv6 validator on baremetal (SOC-10251)
- Update to version 9.0+git.1568835830.10c9689:
* Ensure Manila services don't auto start on reboot (SOC-10641)
- Update to version 9.0+git.1567695427.5974ab2:
* Stop existing mon-api services during upgrade (SOC-10470)
- Update to version 9.0+git.1568817582.a4813e2:
* Fix neutron-ovsvapp-agent status (SOC-10637)
- Update to version 9.0+git.1567606982.697a2bf:
* Let SDNs configure LB service provider (SOC-9900)
- Update to version 9.0+git.1567606981.c612be8:
* API extension paths separated by colon (SOC-10447)
- Update to version 9.0+git.1567000278.309171b:
* Neutron 8to9 upgrade workflow (SOC-10080)
- Update to version 9.0+git.1566503987.df6961f:
* Add policy.d/neutron-fwaas.json.j2 (SOC-10280)
- Update to version 9.0+git.1567630824.aa6dc2d:
* api_db sync needed before db_expand.yml (SOC-10023)
- Update to version 9.0+git.1567125466.9b151d6:
* Enable tls channel for vnc on compute VM (SOC-9942)
- Update to version 9.0+git.1566826931.741980f:
* Install libosinfo package (SOC-10295)
- Update to version 9.0+git.1568362662.7fba216:
* Make octavia heartbeat frequency options configurable (SOC-9285)
- Update to version 9.0+git.1566374458.f58d2bb:
* Include SES variables when configuring image (SOC-9285)
- Update to version 9.0+git.1566593422.813e56c:
* Update ip address validator (SOC-9679)
- Update to version 9.0+git.1567630791.5ca70a6:
* Revert Ansible 2.x compatibility change (SOC-10452)
- Update to version 9.0+git.1567553292.5991a87:
* Configured openvswitch logrotate user based on system settings (SOC-10282)
- Update to version 9.0+git.1569439941.6800991:
* Re-enable streaming of playbook logs (SOC-10720)
- Update to version 9.0+git.1569257240.456c4fc:
* Add condition to avoid case with no compute (SOC-10692)
- Update to version 9.0+git.1568075665.a627f71:
* Fix missing key error for c9 update (SOC-10476)
- Update to version 9.0+git.1567640139.61bbe4e:
* Add support for redhat compute (SOC-9942)
- Update to version 9.0+git.1567530252.4b0dc66:
* Generate vnc server cert on compute host (SOC-9942)
- Update to version 6.0+git.1569587091.3f083d63c:
* barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011)
* Revert 'batch: Use easy_merge for merging (SOC-10505)'
* batch: Use easy_merge for merging (SOC-10505)
- Update to version 6.0+git.1569357869.75e2690cc:
* Update input group to be more specific (SOC-10644)
- Update to version 6.0+git.1569231374.0fa522d5d:
* Revert 'batch: Use easy_merge for merging (SOC-10505)'
- Update to version 6.0+git.1568968829.f21efcf5e:
* batch: Use easy_merge for merging (SOC-10505)
- Update to version 6.0+git.1568744770.09e7a1fe1:
* upgrade: Fix pie chart colors on dashboard (SOC-10619)
- Update to version 6.0+git.1568201547.4dfc6ffec:
* gems: Update easy_diff to 1.0.0 (SOC-10505)
- Update to version 6.0+git.1567846948.0f169d133:
* upgrade: Reload nova services early (SOC-10273)
* upgrade: Update release name (trivial)
* upgrade: Upgrade compute services early (SOC-10273)
- Update to version 6.0+git.1567731275.6019e8f62:
* IPV6:Expose methods in chef NetworkHelper to crowbar_framework (SOC-6397)
- Update to version 6.0+git.1567694723.1a9df112d:
* Allow designate rndc for all nodes (SOC-10339)
- Update to version 6.0+git.1567599465.9b1ea2814:
* upgrade: dump Monasca, Grafana databases (SOC-9772)
- Update to version 6.0+git.1567195728.44b7cf1d0:
* Public ips for dns nodes when designate integration is in use (SOC-9635)
- Update to version 6.0+git.1567161357.ba5de8885:
* network: Check existing upper layers before bond setup (bsc#1120657)
* network: never plug two interface into the same ovs bridge (bsc#1120657)
* network: Avoid plugging the same interface to two ovs bridges (bsc#1120657)
* nic library: some helper for identifying base interface (bsc#1120657)
* network: Rework the vlan port replugging code (bsc#1120657)
* network: DRY out 'kill_nic_files' (noref)
* network: override sysctl netfilter param(SOC-6229)
- Update to version 6.0+git.1567094352.24e2a710d:
* upgrade: Re-run upgrade on non-compute nodes (SOC-10072)
- Update to version 6.0+git.1566808212.3e1e65b69:
* allow user to ask for FQDN as public hostname (SOC-9616)
- Update to version 6.0+git.1567673476.1342c3d:
* Fix typo in error message
- Update to version 6.0+git.1569805311.a94583476:
* Designate: Add dns_domain_ports config (SOC-10740)
- Update to version 6.0+git.1569429613.2b29fd9d6:
* horizon: add back horizon service reload (SOC-10191)
* helper:move config_for_role_exists from horizon to crowbar-openstack(SOC-10191)
* tempest: don't rely on service catalogue (SOC-10633)
- Update to version 6.0+git.1569343076.e8ca90fd9:
* enable LDAP chase_referrals configuration (SOC-7364)
- Update to version 6.0+git.1569255523.d14bb0d9d:
* nova: Don't autoselect nodes for Xen (continued) (bsc#1147144)
- Update to version 6.0+git.1569053948.d0e638900:
* Add pci passthrough filter (SOC-10624)
* glance: don't reuse sync mark names (SOC-10348)
* nova: Don't autoselect nodes for Xen (bsc#1147144)
* database: fix no-op migration 302 (SOC-10623)
* Fix Cloud 8 no-op migrations (SOC-10623)
- Update to version 6.0+git.1568986202.bae13ce05:
* designate: Fix the keys syntax error on migrations (SOC-10660)
- Update to version 6.0+git.1568968817.8df296f0c:
* upgrade: restore Monasca/Grafana DB (SOC-9772)
- Update to version 6.0+git.1568904766.a7e023933:
* Revert 'designate: Mark as user managed (SOC-10233)'
* nova: set default attribute for max_threads_per_process
* Add tempest filter for designate (SOC-10288)
* Allow setting ElasticSearch path.repo from Crowbar (SOC-10440, bsc#1148158)
- Update to version 6.0+git.1568735102.940794f57:
* Use source load balancing for OpenID Connect (SOC-10551)
- Update to version 6.0+git.1568676694.b4ebc087b:
* designate: Mark as user managed (SOC-10233)
* Octavia: Hide UI until complete (SOC-10550)
- Update to version 6.0+git.1568650755.8399d83e9:
* IPV6: Barclamp horizon make IPV6 compliant (SOC-6397)
- Update to version 6.0+git.1568325876.a82d6c3c6:
* designate: Correct missing variable (SOC-10549)
- Update to version 6.0+git.1568242913.38fe0574a:
* designate: cleanup producer HA deployment (SOC-9766)
- Update to version 6.0+git.1568130776.de1686df9:
* designate: No longer care about master/slave (SOC-10456)
* tempest: remove manila test from blacklist (SOC-9298)
* nova: raise neutron client timeout to 5 minutes
* neutron: Small cleanup to neutron_lbaas.conf template
* neutron-lbaas: remove loadbalancer/pool limit
- Update to version 6.0+git.1568004341.35d132726:
* Designate default Bind9 pool config (SOC-10339)
- Update to version 6.0+git.1567626408.bd1a24326:
* nova: Don't put nova-compute roles on monasca node (SOC-10373)
- Update to version 6.0+git.1567522813.05041a6eb:
* Fix OpenID migration (SOC-9616)
- Update to version 6.0+git.1567383972.eeae4cf86:
* designate: Update ns_records with all nameservers (SOC-9636)
- Update to version 6.0+git.1567095011.0d080dce4:
* support OpenID Connect WebSSO (SOC-9616)
- Update to version 6.0+git.1566925661.1e127bf66:
* designate: Deploy producer on a server node (SOC-9766)
- Update to version 6.0+git.1566851961.bda2f922c:
* database: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566629500.bbc0dd82f:
* rabbitmq: Turn off hipe compile
* designate: initialize email in default designate proposal
- Update to version 6.0+git.1566553393.e01147258:
* memcache: lookup memcached servers port only on local node (SOC-10173)
- Update to version 1.3.0+git.1568396400.0344a727:
* upgrade: Add missing precheck titles
- spec file change:
* alter permissions of /etc/grafana and /var/lib/grafana to 755
* alter owner of /etc/grafana/provisioning/dashboards tree to root:root
* this allows installing dashboards via rpms without these rpms depending on this rpm
- Update to version 6.2.5:
* release 6.2.5
* Panel: Fully escape html in drilldown links (was only sanitized before) (#17731)
* Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695)
* config: fix connstr for remote_cache (#17675)
* TablePanel: fix annotations display (#17646)
* middleware: fix Strict-Transport-Security header (#17644)
* Elasticsearch: Fix empty query request to send properly (#17488)
* release 6.2.4
* grafana-cli: Fix receiving flags via command line (#17617)
* HTTPServer: Fix X-XSS-Protection header formatting (#17620)
* release 6.2.3
* cli: grafana-cli should receive flags from the command line (#17606)
* AuthProxy: Optimistic lock pattern for remote cache Set (#17485)
* OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541)
* middleware: add security related HTTP(S) response headers (#17522)
* remote_cache: Fix redis (#17483)
* auth_proxy: non-negative cache TTL (#17495)
- Update to version 6.2.2:
* Security Fix: Prevent csv formula injection attack
* PluginConfig: Fixed plugin config page navigation when using subpath
* Explore: Update time range before running queries
* Perf: Fix slow dashboards ACL query
* Database: Initialize xorm with an empty schema for postgres
* CloudWatch: Avoid exception while accessing results
- Remove phantomjs dependency
* Modified: Makefile
- Update to version 6.2.1
* Bug Fixes
+ Auth Proxy: Resolve database is locked errors.
+ Database: Retry transaction if sqlite returns database is locked error.
+ Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value.
+ Singlestat: Fixes issue with value placement and line wraps.
+ Tech: Update jQuery to 3.4.1 to fix issue on iOS 10 based browers as well as Chrome 53.x.
* Features / Enhancements
+ CLI: Add command to migrate all datasources to use encrypted password fields.
+ Gauge/BarGauge: Improvements to auto value font size.
* Modified: README
- Update to version 6.2.0
* Bug Fixes
+ BarGauge: Fix for negative min values.
+ Gauge/BarGauge: Fix for issues editing min & max options.
+ Search: Make only folder name only open search with current folder filter.
+ AzureMonitor: Revert to clearing chained dropdowns.
+ Dashboard: Fixes blank dashboard after window resize with panel without title.
+ Dashboard: Fixes lazy loading & expanding collapsed rows on mobile.
+ Dashboard: Fixes scrolling issues for Edge browser.
+ Dashboard: Show refresh button in first kiosk(tv) mode.
+ Explore: Fix empty result from datasource should render logs container.
+ Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value.
+ Explore: Makes it possible to zoom in Explore/Loki/Graph without exception.
+ Gauge: Fixes orientation issue after switching from BarGauge to Gauge.
+ GettingStarted: Fixes layout issues in getting started panel.
+ InfluxDB: Fix HTTP method should default to GET.
+ Panels: Fixed alert icon position in panel header.
+ Panels: Fixes panel error tooltip not showing.
+ Plugins: Fix how datemath utils are exposed to plugins.
+ Singlestat: fixed centering issue for very small panels.
+ Search: Scroll issue in dashboard search in latest Chrome.
+ Docker: Prevent a permission denied error when writing files to the default provisioning directory.
+ Gauge: Adds background shade to gauge track and improves height usage.
+ RemoteCache: Avoid race condition in Set causing error on insert. .
+ Build: Fix bug where grafana didn't start after mysql on rpm packages.
+ CloudWatch: Fixes query order not affecting series ordering & color.
+ CloudWatch: Use default alias if there is no alias for metrics.
+ Config: Fixes bug where timeouts for alerting was not parsed correctly.
+ Elasticsearch: Fix view percentiles metric in table without date histogram.
+ Explore: Prevents histogram loading from killing Prometheus instance.
+ Graph: Allow override decimals to fully override.
+ Mixed Datasource: Fix error when one query is disabled.
+ Search: Fixes search limits and adds a page parameter.
+ Security: Responses from backend should not be cached.
* Breaking Changes
+ Plugins: Data source plugins that process hidden queries need to add a 'hiddenQueries: true' attribute in plugin.json.
+ Gauge Panel: The suffix / prefix options have been removed from the new Gauge Panel (introduced in v6.0). #16870.
* Features / Enhancements
+ Plugins: Support templated urls in plugin routes.
+ Packaging: New MSI windows installer package**.
+ Admin: Add more stats about roles.
+ Alert list panel: Support variables in filters.
+ Alerting: Adjust label for send on all alerts to default .
+ Alerting: Makes timeouts and retries configurable.
+ Alerting: No notification when going from no data to pending.
+ Alerting: Pushover alert, support for different sound for OK.
+ Auth: Enable retries and transaction for some db calls for auth tokens .
+ AzureMonitor: Adds support for multiple subscriptions per datasource.
+ Bar Gauge: New multi series enabled gauge like panel with horizontal and vertical layouts and 3 display modes.
+ Build: Upgrades to golang 1.12.4.
+ CloudWatch: Update AWS/IoT metric and dimensions.
+ Config: Show user-friendly error message instead of stack trace.
+ Dashboard: Enable filtering dashboards in search by current folder.
+ Dashboard: Lazy load out of view panels .
+ DataProxy: Restore Set-Cookie header after proxy request.
+ Datasources: Add pattern validation for time input on datasource config pages.
+ Elasticsearch: Add 7.x version support.
+ Explore: Adds reconnect for failing datasource.
+ Explore: Support user timezone.
+ InfluxDB: Add support for POST HTTP verb.
+ Loki: Search is now case insensitive.
+ OAuth: Update jwt regexp to include =.
+ Panels: No title will no longer make panel header take up space.
+ Prometheus: Adds tracing headers for Prometheus datasource.
+ Provisioning: Add API endpoint to reload provisioning configs.
+ Provisioning: Do not allow deletion of provisioned dashboards.
+ Provisioning: Interpolate env vars in provisioning files.
+ Security: Add new setting allow_embedding.
+ Security: Store datasource passwords encrypted in secureJsonData.
+ UX: Improve Grafana usage for smaller screens.
+ Units: Add angle units, Arc Minutes and Seconds.
- Update to version 6.1.6
* Security: Bump jQuery to 3.4.0
* Playlist: Fix loading dashboards by tag.
- Update to version 6.0.2:
* Fixed issue with alert links in alert list panel causing panel not found errors, fixes #15680
* Improved error handling when rendering dashboard panels, fixes #15913
* fix allow anonymous server bind for ldap search
* add nil/length check when delete old login attempts
* fix discord notifier so it doesn't crash when there are no image generated
* fix only users that can edit a dashboard should be able to update panel json
* move to new component to handle focus
* added state to not set focus on search every render
* Snapshots update
* Use app config directly in ButtonRow instead of passing datasources page URL via prop
* Update snapshots
* Fixed url of back button in datasource edit page, when root_url configured
* release: Bumped version
- Update to version 6.0.1:
* Bug Fixes:
+ utils: show string errors
+ Viewers with viewers_can_edit should be able to access /explore
+ log phantomjs output even if it timeout and include orgId when render alert
- Update to version 6.0.0:
* Breaking Changes:
+ Text Panel: The text panel does no longer by default allow unsantizied
HTML. This means that if you have text panels with scripts tags they will no
longer work as before. To enable unsafe javascript execution in text panels
enable the settings disable_sanitize_html under the section [panels] in your
Grafana ini file, or set env variable GF_PANELS_ABLE_SANITIZE_HTML=true.
+ Dashboard: Panel property minSpan replaced by maxPerRow. Dashboard
migration will automatically migrate all dashboard panels using the minSpan
property to the new maxPerRow property
+ Internal Metrics Edition has been added to the build_info metric. This will break any Graphite queries using this metric. Edition will be a new label for the Prometheus metric.
* New Features:
+ Alerting: Adds support for Google Hangouts Chat notifications
+ Elasticsearch: Support bucket script pipeline aggregations
+ Influxdb: Add support for time zone (tz) clause
+ Snapshots: Enable deletion of public snapshot
+ Provisioning: Provisioning support for alert notifiers
+ Explore: A whole new way to do ad-hoc metric queries and exploration. Split view in half and compare metrics & logs and much much more. Read more here
+ Auth: Replace remember me cookie solution for Grafana's builtin, LDAP and OAuth authentication with a solution based on short-lived tokens
+ AzureMonitor: Enable alerting by converting Azure Monitor API to Go
+ Explore A new query focused workflow for ad-hoc data exploration and troubleshooting.
+ Grafana Loki Integration with the new open source log aggregation system from Grafana Labs.
+ Gauge Panel A new standalone panel for gauges.
+ New Panel Editor UX improves panel editing and enables easy switching between different visualizations.
+ Google Stackdriver Datasource is out of beta and is officially released.
+ React Plugin support enables an easier way to build plugins.
+ Named Colors in our new improved color picker.
+ Removal of user session storage makes Grafana easier to deploy & improves security.
* Bug Fixes:
+ Metrics: Fixes broken usagestats metrics for /metrics
+ Dashboard: Fixes kiosk mode should have &kiosk appended to the url
+ Dashboard: Fixes kiosk=tv mode with autofitpanels should respect header
+ Image rendering: Fixed image rendering issue for dashboards with auto refresh,
+ Dashboard: Fix only users that can edit a dashboard should be able to update panel json.
+ LDAP: fix allow anonymous initial bind for ldap search.
+ UX: Fixed scrollbar not visible initially (only after manual scroll).
+ Datasource admin TestData
+ Dashboard: Fixed scrolling issue that caused scroll to be locked to bottom.
+ Explore: Viewers with viewers_can_edit should be able to access /explore.
+ Security fix: limit access to org admin and alerting pages.
+ Panel Edit minInterval changes did not persist
+ Teams: Fixed bug when getting teams for user.
+ Stackdriver: fix for float64 bounds for distribution metrics
+ Stackdriver: no reducers available for distribution type
+ Influxdb: Add support for alerting on InfluxDB queries that use the non_negative_difference function
+ Alerting: Fix percent_diff calculation when points are nulls
+ Alerting: Fixed handling of alert urls with true flags
+ Gauge: Fix issue with gauge requests being cancelled
+ Gauge: Accept decimal inputs for thresholds
+ UI: Fix error caused by named colors that are not part of named colors palette
+ Search: Bug pressing special regexp chars in input fields
+ Permissions: No need to have edit permissions to be able to 'Save as'
+ Search: Fix for issue with scrolling the 'tags filter' dropdown
+ Prometheus: Query for annotation always uses 60s step regardless of dashboard range
+ Annotations: Fix creating annotation when graph panel has ata points position the popup outside viewport
+ Piechart/Flot: Fixes multiple piechart instances with donut bug
+ plus many minor changes and fixes
- Update to version 5.4.3:
* Fixes:
+ Alerting Invalid frequency causes division by zero in alert scheduler
+ Dashboard Dashboard links do not update when time range changes
+ Limits Support more than 1000 datasources per org
+ Backend fix signed in user for orgId=0 result should return active org id
+ Provisioning Adds orgId to user dto for provisioned dashboards
- Update to version 5.4.2:
* Fixes:
+ Datasource admin: Fix for issue creating new data source when same name exists
+ OAuth: Fix for oauth auto login setting, can now be set using env variable
+ Dashboard search: Fix for searching tags in tags filter dropdown.
- Update to version 5.4.1:
* Fixes:
+ Stackdriver: Fixes issue with data proxy and Authorization header
+ Units: fixedUnit for Flow:l/min and mL/min
+ Logging: Fix for issue where data proxy logged a secret when debug logging was enabled, now redacted.
+ InfluxDB: Add support for alerting on InfluxDB queries that use the cumulative_sum function.
+ Plugins: Panel plugins should no receive the panel-initialized event again as usual.
+ Embedded Graphs: Iframe graph panels should now work as usual.
+ Postgres: Improve PostgreSQL Query Editor if using different Schemas,
+ Quotas: Fixed for updating org & user quotas.
+ Cloudwatch: Add the AWS/SES Cloudwatch metrics of BounceRate and ComplaintRate to auto complete list.
+ Dashboard Search: Fixed filtering by tag issues.
+ Graph: Fixed time region issues,
+ Graph: Fixed issue with series color picker popover being placed outside window.
- Update to version 5.4.0:
* Breaking Changes:
+ Postgres/MySQL/MSSQL datasources now per default uses max open connections = unlimited (earlier 10), max idle connections = 2 (earlier 10) and connection max lifetime = 4 hours (earlier unlimited).
* Features:
+ Alerting: Introduce alert debouncing with the FOR setting.
+ Alerting: Option to disable OK alert notifications
+ Postgres/MySQL/MSSQL: Adds support for configuration of max open/idle connections and connection max lifetime. Also, panels with multiple SQL queries will now be executed concurrently
+ MySQL: Graphical query builder
+ MySQL: Support connecting thru Unix socket for MySQL datasource
+ MSSQL: Add encrypt setting to allow configuration of how data sent between client and server are encrypted
+ Stackdriver: Not possible to authenticate using GCE metadata server
+ Teams: Team preferences (theme, home dashboard, timezone) support
+ Graph: Time regions support enabling highlight of weekdays and/or certain timespans
+ OAuth: Automatic redirect to sign-in with OAuth
+ Stackdriver: Template query editor
* Fixes:
+ Cloudwatch: Fix invalid time range causes segmentation fault
+ Cloudwatch: AWS/CodeBuild metrics and dimensions
+ MySQL: Fix $__timeFrom() and $__timeTo() should respect local time zone
+ Graph: Fix legend always visible even if configured to be hidden
+ Elasticsearch: Fix regression when using datasource version 6.0+ and alerting
- Update to version 5.3.4:
* minor bug fixes
- Fix patch novnc-1.0.0-fix-interpreter.patch
* Renamed to patch novnc-1.1.0-fix-interpreter.patch
- Update to 1.1.0:
Application:
* New translations for Russian, Korean, Czech and Chinese (traditional) languages
* Fixed an issue where you didn't get scrollbn your browser on Windows if
you had a touch screen.
* Added the Super/Windows key to the toolbar.
* Added an option to show a dot when there otherwise wouldn't be a visible
cursor.
* View drag is no longer available when in scaling mode.
Library:
* A large number of coding style changes has been made to make the code easier
to read and better to work with.
* Many keyboard issues has been fixed.
* Local cursor is now available on all platforms.
* Fixed a number of crashes related to clipboard.
* Fixed issues that occurred if data from the server was being received slowly.
* A problem has been fixed where the display module would incorrectly handle
high DPI systems causing scrollbars to show when they shouldn't.
- require python3-websockify for recent distros (bsc#1119737)
- Update to version cinder-13.0.7.dev16:
* Dell EMC SC: Handle the mappings of multiattached volume
- Update to version cinder-13.0.7.dev14:
* 3PAR: Add config for NSP single path attach
- Update to version cinder-13.0.7.dev12:
* Fix VolumeAttachment is not bound to a Session
* Fix ceph: only close rbd image after snapshot iteration is finished
- Update to version cinder-13.0.7.dev8:
* Fix NFS volume retype with migrate
- Update to version cinder-13.0.7.dev7:
* Remove experimental openSUSE 42.3 job
- Update to version cinder-13.0.7.dev5:
* Fixing 404's and broken links
- Update to version cinder-13.0.7.dev16:
* Dell EMC SC: Handle the mappings of multiattached volume
- Update to version cinder-13.0.7.dev14:
* 3PAR: Add config for NSP single path attach
- Update to version cinder-13.0.7.dev12:
* Fix VolumeAttachment is not bound to a Session
* Fix ceph: only close rbd image after snapshot iteration is finished
- Update to version cinder-13.0.7.dev8:
* Fix NFS volume retype with migrate
- Update to version cinder-13.0.7.dev7:
* Remove experimental openSUSE 42.3 job
- Update to version cinder-13.0.7.dev5:
* Fixing 404's and broken links
- Update to version horizon-14.0.4.dev11:
* Fix listing security groups when no rules
- Update to version horizon-14.0.4.dev9:
* Fix quoting in zuul for tempest plugins
* Allow creating ICMPV6 rules
- Update to version horizon-14.0.4.dev6:
* Ensure to call patch\_middleware\_get\_user() in api.test\_base
- Update to version horizon-14.0.4.dev5:
* Fixing broken links
- Update to version designate-7.0.1.dev22:
* Fixing 404 link
- Update to version designate-7.0.1.dev22:
* Fixing 404 link
- Update to version glance-17.0.1.dev30:
* Fix manpage building and remove glance-cache-manage
- Update to version glance-17.0.1.dev28:
* Fix doc build after removal of glance-cache-manage man page
- Update to version glance-17.0.1.dev26:
* Updating Ceph 404 URLs
- Update to version glance-17.0.1.dev24:
* Remove experimental openSUSE 42.3 job
* OpenDev Migration Patch
- Update to version glance-17.0.1.dev22:
* Failure in web-dowload kept image in importing state
* Replace openstack.org git:// URLs with https://
* Data remains in staging area if 'file' store is not enabled
* Removed glancecachemanage.rst and updated header.txt
- Update to version glance-17.0.1.dev30:
* Fix manpage building and remove glance-cache-manage
- Rebased patches:
+ 0001-Fix-manpage-building-and-remove-glance-cache-manage.patch dropped (merged upstream)
- Update to version glance-17.0.1.dev28:
* Fix doc build after removal of glance-cache-manage man page
- Update to version glance-17.0.v26:
* Updating Ceph 404 URLs
- Update to version glance-17.0.1.dev24:
* Remove experimental openSUSE 42.3 job
* OpenDev Migration Patch
- Add 0001-Drop-glance-cache-manage-entrypoint-from-setup.cfg.patch (SOC-6366)
This removes the broken entrypoint for /usr/bin/glance-cache-manage
The code behind the executable was already removed upstream
so the executable was not usable
- Update to version glance-17.0.1.dev22:
* Failure in web-dowload kept image in importing state
* Replace openstack.org git:// URLs with https://
* Data remains in staging area if 'file' store is not enabled
* Removed glancecachemanage.rst and updated header.txt
- Add 0001-Fix-manpage-building-and-remove-glance-cache-manage.patch
This fixes the manpage build which is needed after the removal
of glancecachemanage.rst by upstream
- Update to version openstack-heat-11.0.3.dev23:
* Add retries when loading keystone data and fetching endpoints
- Update to version openstack-heat-11.0.3.dev22:
* Use connect\_retries when creating clients
- Update to version openstack-heat-11.0.3.dev20:
* Add retry for sync\_point\_update\_input\_data
- Update to version openstack-heat-11.0.3.dev23:
* Add retries when loading keystone data and fetching endpoints
- Update to version openstack-heat-11.0.3.dev22:
* Use connect\_retries when creating clients
- Update to version openstack-heat-11.0.3.dev20:
* Add retry for sync\_point\_update\_input\_data
- Include heat_policy.json (bsc#1152032)
* Fixed the unexpected error in Horizon when Heat dashboard is enabed
- update to version 1.14.1~dev9
- Hide Graph Metric action of alarm when Grafana is not available
- OpenDev Migration Patch
- Update to version ironic-11.1.4.dev15:
* Fix typo in handling of exception FailedToGetIPAddressOnPort
- Update to version ironic-11.1.4.dev14:
* DRAC: Fix OOB introspection to use pxe\_enabled flag in idrac driver
* iLO firmware update fails with 'update\_firmware\_sum' clean step
- Update to version ironic-11.1.4.dev10:
* CI: remove quotation marks from TEMPEST\_PLUGINS variable
- Update to version ironic-11.1.4.dev15:
* Fix typo in handling of exception FailedToGetIPAddressOnPort
- Update to version ironic-11.1.4.dev14:
* DRAC: Fix OOB introspection to use pxe\_enabled flag in idrac driver
* iLO firmware update fails with 'update\_firmware\_sum' clean step
- Update to version ironic-11.1.4.dev10:
* CI: remove quotation marks from TEMPEST\_PLUGINS variable
- Update to version ironic-python-agent-3.3.3.dev5:
* Fix compatibility with Pint 0.5
- Update to version keystone-14.1.1.dev16:
* Fixing 404 URLs for Rocky
- Update to version keystone-14.1.1.dev15:
* Updating mapping rule link
- Update to version keystone-14.1.1.dev13:
* Fix python3 compatibility on LDAP search DN from id
* Fixing dn\_to\_id function for cases were id is not in the DN
- Update to version keystone-14.1.1.dev9:
* Remove experimental openSUSE 42.3 job
- Update to version keystone-14.1.1.dev16:
* Fixing 404 URLs for Rocky
- Update to version keystone-14.1.1.dev15:
* Updating mapping rule link
- Update to version keystone-14.1.1.dev13:
* Fix python3 compatibility on LDAP search DN from id
* Fixing dn\_to\_id function for cases were id is not in the DN
- Update to version keystone-14.1.1.dev9:
* Remove experimental openSUSE 42.3 job
- Update to version manila-7.3.1.dev6:
* Unmount NetApp active share after replica promote
- Update to version manila-7.3.1.dev4:
* Fixing broken links
- Updateon manila-7.3.1.dev6:
* Unmount NetApp active share after replica promote
- Update to version manila-7.3.1.dev4:
* Fixing broken links
- Update to version neutron-13.0.5.dev50:
* DVR: Cleanup ml2 dvr portbindings on migration
- Update to version neutron-13.0.5.dev49:
* Avoid unnecessary operation of ovsdb and flows
- Update to version neutron-13.0.5.dev48:
* Increase timeouts for OVSDB in functional tests
- Update to version neutron-13.0.5.dev46:
* Fix creation of vlan network with segmentation\_id set to 0
* Add info log about ready DHCP config for ports
- Update to version neutron-13.0.5.dev42:
* Check the namespace is ready in test\_mtu\_update tests
* Create \_mech\_context before delete to avoid race
- Update to version neutron-13.0.5.dev39:
* ML2 plugin: extract and postpone limit in port query
* Increase TestDhcpAgentHA.agent\_down\_time to 30 seconds
- Update to version neutron-13.0.5.dev35:
* Use created subnet in port generator in 'test\_port\_ip\_update\_revises'
- Update to version neutron-13.0.5.dev34:
* Increase number of retries in \_process\_trunk\_subport\_bindings
- Update to version neutron-13.0.5.dev33:
* Filter placement API endpoint by type too
- Update to version neutron-13.0.5.dev31:
* Remove experimental openSUSE 42.3 job
* Initialize phys bridges before setup\_rpc
* Populate binding levels when concurrent ops fail
* Make sure the port still in port map when prepare\_port\_filter
* [DVR] Add lock during creation of FIP agent gateway port
- Update to version neutron-13.0.5.dev50:
* DVR: Cleanup ml2 dvr portbindings on migration
- Update to version neutron-13.0.5.dev49:
* Avoid unnecessary operation of ovsdb and flows
- Update to version neutron-13.0.5.dev48:
* Increase timeouts for OVSDB in functional tests
- Update to version neutron-13.0.5.dev46:
* Fix creation of vlan network with segmentation\_id set to 0
* Add info log about ready DHCP config for ports
- Update to version neutron-13.0.5.dev42:
* Check the namespace is ready in test\_mtu\_update tests
* Create \_mech\_context before delete to avoid race
- Update to version neutron-13.0.5.dev39:
* ML2 plugin: extract and postpone limit in port query
* Increase TestDhcpAgentHA.agent\_down\_time to 30 seconds
- Update to version neutron-13.0.5.dev35:
* Use created subnet in port generator in 'test\_port\_ip\_update\_revises'
- Update to version neutron-13.0.5.dev34:
* Increase number of retries in \_process\_trunk\_subport\_bindings
- Update to version neutron-13.0.5.dev33:
* Filter placement API endpoint by type too
- Update to version neutron-13.0.5.dev31:
* Remove experimental openSUSE 42.3 job
* Initialize phys bridges before setup\_rpc
* Populate binding levels when concurrent ops fail
* Make sure the port still in port map when prepare\_port\_filter
* [DVR] Add lock during creation of FIP agent gateway port
- Update to version group-based-policy-5.0.1.dev472:
* [AIM] Fix HAIP RPC query
- Update to version group-based-policy-5.0.1.dev471:
* Fix implicit ICMPv6 Security Group Rules
- Update to version group-based-policy-5.0.1.dev470:
* Fixed snat port status to be ACTIVE and UP
- Update to version group-based-policy-5.0.1.dev468:
* Revert 'Make DHCP provisioning blocks conditional'
* Some refactoring regarding merge aim statuses
- Update to version group-based-policy-5.0.1.dev464:
* Verify aim\_epg exists before proceeding
- Update to version group-based-policy-5.0.1.dev462:
* Bulk extension support for
- Update to version group-based-policy-5.0.1.dev461:
* [AIM] Eliminate redundant router extension content
- Update to version group-based-policy-5.0.1.dev460:
* Fix for Commit 564905e49a0d418bc891f12b560e291a9fdc4acb 1. The method \_track\_connectivity returns nothing, so, self.track\_success is updated in the method itself
- Update to version nova-18.2.3.dev22:
* lxc: make use of filter python3 compatible
* Fix rebuild of baremetal instance when vm\_state is ERROR
* Fix wrong assertions in unit tests
* Fix 'has\_calls' method calls in unit tests
* Fix non-existent method of Mock
* Retrun 400 if invalid query parameters are specified
- Update to version nova-18.2.3.dev10:
* doc: Fix a broken reference link
- Update to version nova-18.2.3.dev9:
* Restore soft-deleted compute node with same uuid
* Add functional regression recreate test for bug 1839560
* rt: only map compute node if we created it
- Update to version nova-18.2.3.dev3:
* Remove experimental job on openSUSE 42.3
- Update to version nova-18.2.3.dev2:
* Fix misuse of nova.objects.base.obj\_equal\_prims
18.2.2
* Don't generate service UUID for deleted services
* Add 'path' query parameter to console access url
* Replace non-nova server fault message
* Avoid logging traceback when detach device not found
* Fix python3 compatibility of rbd get\_fsid
* Add functional regression test for bug 1778305
* Add functional recreate test for bug 1764556
* Cleanup when hitting MaxRetriesExceeded from no host\_available
* Add functional regression test for bug 1837955
* Revert '[libvirt] Filter hypervisor\_type by virt\_type'
* Avoid crashing while getting libvirt capabilities with unknown arch names
* libvirt: move checking CONF.my\_ip to init\_host()
* Revert resize: wait for events according to hybrid plug
* docs: Correct issues with 'openstack quota set' commands
* doc: Fix a parameter of NotificationPublisher
* Perf: Use dicts for ProviderTree roots
* Fix type error on call to mount device
* Drop source node allocations if finish\_resize fails
* Add functional recreate test for regression bug 1825537
* Stabilize unshelve notification sample tests
* Ignore hw\_vif\_type for direct, direct-physical vNIC types
* Fix double word hacking test
* Disable limit if affinity(anti)/same(different)host is requested
* Delete resource providers for all nodes when deleting compute service
- Update to version nova-18.2.3.dev22:
* lxc: make use of filter python3 compatible
* Fix rebuild of baremetal instance when vm\_state is ERROR
* Fix wrong assertions in unit tests
* Fix 'has\_calls' method calls in unit tests
* Fix non-existent method of Mock
* Retrun 400 if invalid query parameters are specified
- Update to version nova-18.2.3.dev10:
* doc: Fix a broken reference link
- Allow to attach more than 26 volumes (bsc#1118900)
* This is a forward port from SOC7
* Add 0001-Add-method-to-generate-device-names-universally.patch
* Add 0002-Raise-403-instead-of-500-error-from-attach-volume-AP.patch
* Add 0003-Add-configuration-of-maximum-disk-devices-to-attach.patch
- Update to version nova-18.2.3.dev9:
* Restore soft-deleted compute node with same uuid
* Add functional regression recreate test for bug 1839560
* rt: only map compute node if we created it
- Update to version nova-18.2.3.dev3:
* Remove experimental job on openSUSE 42.3
- Update to version nova-18.2.3.dev2:
* Fix misuse of nova.objects.base.obj\_equal\_prims
* Don't generate service UUID fed services
* Add 'path' query parameter to console access url
* Replace non-nova server fault message
* Avoid logging traceback when detach device not found
* Fix python3 compatibility of rbd get\_fsid
* Add functional regression test for bug 1778305
* Add functional recreate test for bug 1764556
* Cleanup when hitting MaxRetriesExceeded from no host\_available
* Add functional regression test for bug 1837955
* Revert '[libvirt] Filter hypervisor\_type by virt\_type'
* Avoid crashing while getting libvirt capabilities with unknown arch names
* libvirt: move checking CONF.my\_ip to init\_host()
* Revert resize: wait for events according to hybrid plug
* docs: Correct issues with 'openstack quota set' commands
* doc: Fix a parameter of NotificationPublisher
* Perf: Use dicts for ProviderTree roots
* Fix type error on call to mount device
* Drop source node allocations if finish\_resize fails
* Add functional recreate test for regression bug 1825537
* Stabilize unshelve notification sample tests
* Ignore hw\_vif\_type for direct, direct-physical vNIC types
* Fix double word hacking test
* Disable limit if affinity(anti)/same(different)host is requested
* Delete resource providers for all nodes when deleting compute service
- remove 0001-Skip-to-remove-resource-provider-if-compute-node-not.patch:
was only for an internal problem that we solved otherwise, and didn't
go upstream.
- Update to version octavia-3.1.2.dev45:
* Fix member API handling of None/null updates
- Update to version octavia-3.1.2.dev43:
* Validate server\_certs\_key\_passphrase is 32 chars
* Work around strptime threading issue
* Fix base (VRRP) port abandoned on revert
- Update to version octavia-3.1.2.dev38:
* Do not run non-voting jobs in gate
* Fix l7rule API handling of None updates
* Fix template that generates vrrp check script
* elements: add arch property for \`\`open-vm-tools\`\`
- Update to version octavia-3.1.2.dev30:
* Prevent UDP LBs to use different IP protocol versions in amphora driver
* Fixed down server issue after reloading keepalived
* Fixed pool and members status with UDP loadbalancers
* Add support for monitor\_{address,port} in UDP members
* Fix auto setup Barbican's ACL in the legacy driver
- Update to version octavia-3.1.2.dev20:
* Fix L7 repository create methods
- Update to version octavia-3.1.2.dev18:
* Add warning log if auth\_strategy is not keystone
- Update to version octavia-3.1.2.dev16:
* Add failover logging to show the amphora details
- Update to version octavia-3.1.2.dev14:
* Revert 'Use the infra pypi mirror for DIB'
- Update to version octavia-3.1.2.dev12:
* Use the infra pypi mirror for DIB
- Update to version octavia-3.1.2.dev10:
* only rollback DB when we have a connection to the DB
- Update to version octavia-3.1.2.dev9:
* worker: Re-add FailoverPreparationForAmphora
- Update to version sahara-9.0.2.dev12:
* Fixing broken links and removing outdated driver
* Fix requirements (bandit, sphinx)
* OpenDev Migration Patch
- Update to version sahara-9.0.2.dev12:
* Fixing broken links and removing outdated driver
* Fix requirements (bandit, sphinx)
* OpenDev Migration Patch
- Add 0001-Handle-path-query-parameter-for-test_novnc.patch
- update to version 1.12.1~dev19
- fix test failure with ironic client
- OpenDev Migration Patch
- pass default_config_dirs variable for config initialization.
- Update Dependencies. There are number of client packages that are
required by watcher ino function correctly. (SOC-4183)
- update to version 1.12.1~dev15
- Provide two arguments to exception's message
- Replace openstack.org git:// URLs with https://
- set watcherclient no voting
- Access to action's uuid by key
- make ceilometer client import optional
- add the systemd unit files for openstack-watcher-api,
openstack-watcher-applier, and openstack-watcher-decision-engine
- Update to version 9.0+git.1568955483.5f039e4:
* subnet/netmaks OR cidr are acceptable in baremetal input model (SOC-10615)
- added 0001-Remove-redundant-cleanups-in-test_volume_backup.patch
and 0001-GET-backup-before-asserting-volume_id-and-snapshot_id.patch
- Add missing dependency on python-six (bsc#1150895)
rubygem-easy_diff:
- updated to version 1.0.0
- Unmerge Arrays containing Hashes
- Handle duplicate values in arrays correctly
- updated to version 0.0.6
- Fix merging arrays of hashes
ModerateSUSE bug 1118900SUSE bug 1119737SUSE bug 1120657SUSE bug 1140267SUSE bug 1145967SUSE bug 1147144SUSE bug 1148158SUSE bug 1150895SUSE bug 1152032cpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging (Important)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging fixes the following issues:
Security issues fixed:
- CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back end (pdns, bsc#1129734).
- CVE-2019-15043: Added authentication to a few REST endpoints (Grafana, SOC-10357, bsc#1148383).
Non-security issues fixed:
- Update to version 9.0+git.1568821007.4e73730:
* Include manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609)
- Update to version 9.0+git.1569869028.8edfc22:
* Added command to minify the django compressed css files (SOC-10305)
- Update to version 9.0+git.1570035317.78077ac:
* support OpenID Connect WebSSO (SOC-10509)
- Update to version 9.0+git.1569444107.add6a40:
* Manila parallelised upgrade workflow enhancements (SOC-10609)
- Update to version 9.0+git.1571328680.3a89cb8:
* Add neutron-common role dependencies (SOC-10875)
- Update to version 6.0+git.1571412352.8da4d261f:
* upgrade: Reload repo config in repochecks (SOC-10718)
- Update to version 6.0+git.1571210108.12bd2ffa3:
* crowbar: Give more time for reboot for physical hardware reboots
- Update to version 6.0+git.1570004730.b56b8983b:
* Revert 'Use block-migration when needed' (SOC-10133)
- Update to version 6.0+git.1569911671.d44b0035c:
* Designate: Don't add the admin node to the public network (SOC-10658)
- Update to version 6.0+git.1572264221.3826a58b8:
* Octavia: account for long ops in HA deployments (SOC-9894)
* Octavia: use correct IP addresses for listening (SOC-9894)
* Octavia: fix subnet creation race condition (SOC-9894)
* Updated copyright notices (SOC-9894)
* Octavia: Follow up patch addressing comments from last PR (SOC-9894)
- Update to version 6.0+git.1571986150.c5b827b7a:
* Fix the migration that tried to access Array as a Hash (SOC-10896)
- Update to version 6.0+git.1571731423.957dcfecd:
* mysql: fix WSREP sync race (SOC-10717)
- Update to version 6.0+git.1571660392.997fee49d:
* mysql: stop service for mysql_install_db (SOC-10717)
- Update to version 6.0+git.1571241502.2f673d0a9:
* rabbitmq: fix migration 200 (SOC-10623)
* Changes to integrate with ACI 4.1 and new packages (SOC-10403)
- Update to version 6.0+git.1570143515.9b1546ed3:
* No rndc key if no public DNS server (SOC-10835)
- Update to version 6.0+git.1570048281.815e06ff3:
* create watcher barclamp (SOC-4183)
- Update to version 6.0+git.1569942913.15b24bec5:
* monasca: Fix restore condition (SOC-9772)
* database: really fix migration 102 (SOC-10717)
- Update to version 6.0+git.1569823669.91f267e96:
* Designate: Filter out the admin node (SOC-10658)
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
- Update to version cinder-13.0.8.dev8:
* Extend timeout for database migration tests
13.0.7
* Add context to cloning snapshots in remotefs driver
- Update to version cinder-13.0.7.dev22:
* Add retry to LVM deactivation
* Fix DetachedInstanceError for VolumeAttachment
* Don't allow retype to encrypted+multiattach type
- Update to version cinder-13.0.8.dev8:
* Extend timeout for database migration tests
13.0.7
* Add context to cloning snapshots in remotefs driver
- Update to version cinder-13.0.7.dev22:
* Add retry to LVM deactivation
* Fix DetachedInstanceError for VolumeAttachment
* Don't allow retype to encrypted+multiattach type
- Update to version horizon-14.0.5.dev1:
* Fix aes-xts key length in Horizon Admin Guide / Manage Volumes
14.0.4
- Add python-csscompressor as a requirement
* python-csscompressor will be used to minify compressed css files
- Update to version horizon-14.0.4.dev17:
* Remove the check which causes plugin's quotas update failure
- Update to version horizon-14.0.4.dev16:
* Add Allowed Address Pair/Delete buttons are only visible to admin
- Update to version horizon-14.0.4.dev14:
* Updated max-width to be dynamic for .member class
- Update to version horizon-14.0.4.dev13:
* Avoid forced logout when 403 error encountered
- Update to version manila-ui-2.16.2.dev2:
* Updated to get quotas data for Modify Quotas dialog Share tab
* OpenDev Migration Patch
2.16.1
- Update to version keystone-14.1.1.dev26:
* Make system tokens work with domain-specific drivers
- Update to version keystone-14.1.1.dev24:
* Add test case for expanding implied roles in system tokens
- Update to version keystone-14.1.1.dev22:
* Add retry for DBDeadlock in credential delete
- Update to version keystone-14.1.1.dev20:
* Import LDAP job into project
* Update broken links to dogpile.cache docs
- Update to version keystone-14.1.1.dev26:
* Make system tokens work with domain-specific drivers
- Update to version keystone-14.1.1.dev24:
* Add test case for expanding implied roles in system tokens
- Update to version keystone-14.1.1.dev22:
* Add retry for DBDeadlock in credential delete
- Update to version keystone-14.1.1.dev20:
* Import LDAP job into project
* Update broken links to dogpile.cache docs
- Update to version manila-7.3.1.dev15:
* Fix [Unity] verification and convert mgmt ipv6
- Update to version manila-7.3.1.dev14:
* Adding documentation for User Messages in Manila Documentation
- Update to version manila-7.3.1.dev12:
* [NetApp] Allow extension/shrinking of NetApp replicated share
- Update to version manila-7.3.1.dev11:
* Fix pagination does not speed up queries bug
- Update to version manila-7.3.1.dev9:
* Remove backend spec from share type while creating replica
- Update to version manila-7.3.1.dev8:
* Check NetApp SnapRestore license for pools
- Update to version manila-7.3.1.dev7:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
- Update to version manila-7.3.1.dev15:
* Fix [Unity] verification and convert mgmt ipv6
- Update to version manila-7.3.1.dev14:
* Adding documentation for User Messages in Manila Documentation
- Update to version manila-7.3.1.dev12:
* [NetApp] Allow extension/shrinking of NetApp replicated share
- Update to version manila-7.3.1.dev11:
* Fix pagination does not speed up queries bug
- Update to version manila-7.3.1.dev9:
* Remove backend spec from share type while creating replica
- Update to version manila-7.3.1.dev8:
* Check NetApp SnapRestore license for pools
- Update to version manila-7.3.1.dev7:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
- Update to version neutron-13.0.6.dev3:
* Add radvd\_user config option
* Fix mismatch of tags in dnsmasq options
13.0.5
- Update to version neutron-13.0.5.dev55:
* Handle ports assigned to routers without routerports
- Update to version neutron-13.0.5.dev54:
* fixed\_configured=True when Add/Remove port IPs
- Update to version neutron-13.0.5.dev53:
* raise priority of dead vlan drop
* OVS flows for custom ethertypes must be on EGRESS
- Update to version neutron-13.0.6.dev3:
* Add radvd\_user config option
* Fix mismatch of tags in dnsmasq options
13.0.5
- Update to version neutron-13.0.5.dev55:
* Handle ports assigned to routers without routerports
- Update to version neutron-13.0.5.dev54:
* fixed\_configured=True when Add/Remove port IPs
- Update to version neutron-13.0.5.dev53:
* raise priority of dead vlan drop
* OVS flows for custom ethertypes must be on EGRESS
- Update to version neutron-fwaas-13.0.3.dev2:
* Fix AttributeError with third-party L3 service plugins
- Update to version neutron-fwaas-13.0.3.dev1:
* FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host
13.0.2
- Update to version neutron-fwaas-13.0.3.dev2:
* Fix AttributeError with third-party L3 service plugins
- Update to version neutron-fwaas-13.0.3.dev1:
* FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host
13.0.2
- Update to version neutron-lbaas-13.0.1.dev15:
* Fix lb stats model
- Update to version neutron-lbaas-13.0.1.dev15:
* Fix lb stats model
- Update to version nova-18.2.4.dev18:
* Error out interrupted builds
* Functional reproduce for bug 1833581
* Prevent init\_host test to interfere with other tests
* Add functional test for resize crash compute restart revert
* cleanup evacuated instances not on hypervisor
- Update to version nova-18.2.4.dev8:
* Fix unit of hw\_rng:rate\_period
* Fix exception translation when creating volume
* Skip test\_parallel\_evacuate\_with\_server\_group until fixed
* Handle get\_host\_availability\_zone error during reschedule
* Noop CantStartEngineError in targets\_cell if API DB not configured
- Update to version nova-18.2.4.dev1:
* Stop sending bad values from libosinfo to libvirt
18.2.3
- Update to version nova-18.2.3.dev25:
* Add useful error log when \_determine\_version\_cap raises DBNotAllowed
- Update to version nova-18.2.3.dev23:
* Reduce scope of 'path' query parameter to noVNC consoles
- Update to version nova-18.2.4.dev18:
* Error out interrupted builds
* Functional reproduce for bug 1833581
* Prevent init\_host test to interfere with other tests
* Add functional test for resize crash compute restart revert
* cleanup evacuated instances not on hypervisor
- Update to version nova-18.2.4.dev8:
* Fix unit of hw\_rng:rate\_period
* Fix exception translation when creating volume
* Skip test\_parallel\_evacuate\_with\_server\_group until fixed
* Handle get\_host\_availability\_zone error during reschedule
* Noop CantStartEngineError in targets\_cell if API DB not configured
- Update to version nova-18.2.4.dev1:
* Stop sending bad values from libosinfo to libvirt
18.2.3
- Update to version nova-18.2.3.dev25:
* Add useful error log when \_determine\_version\_cap raises DBNotAllowed
- Update to version nova-18.2.3.dev23:
* Reduce scope of 'path' query parameter to noVNC consoles
- Move tempest tests into the python-octavia package (SOC-9455)
- Update to version octavia-3.2.1.dev1:
3.2.0
* loadbalancer vip-network-id IP availability check
- Update to version octavia-3.1.2.dev46:
* Fix urgent amphora two-way auth security bug
Update image to 0.1.1 to include latest changes in openstack-octavia:
- Update to include version octavia-3.2.1.dev1:
* loadbalancer vip-network-id IP availability check
* Fix urgent amphora two-way auth security bug
* Fix member API handling of None/null updates
* Validate server\_certs\_key\_passphrase is 32 chars
* Work around strptime threading issue
* Fix base (VRRP) port abandoned on revert
* Do not run non-voting jobs in gate
* Fix l7rule API handling of None updates
* Fix template that generates vrrp check script
* elements: add arch property for \`\`open-vm-tools\`\`
* Prevent UDP LBs to use different IP protocol versions in amphora driver
* Fixed down server issue after reloading keepalived
* Fixed pool and members status with UDP loadbalancers
* Add support for monitor\_{address,port} in UDP members
* Fix auto setup Barbican's ACL in the legacy driver
* Fix L7 repository create methods
* Add warning log if auth\_strategy is not keystone
* Add failover logging to show the amphora details
* Revert 'Use the infra pypi mirror for DIB'
* Use the infra pypi mirror for DIB
* only rollback DB when we have a connection to the DB
* Add octavia-v2-dsvm jobs to the gate queue
* Fix for utils LB DM transformation function
* Update amphora-agent to report UDP listener health
* Update tox.ini for new upper constraints strategy
* Add bindep.txt for Octavia
* Fix allocate\_and\_associate DB deadlock
* Treat null admin\_state\_up as False
* Performance improvement for non-udp health checks
* Bandit test exclusions syntax change
* Fix IPv6 in Active/Standby topology on CentOS
* Fix listener API handling of None/null updates
* OpenDev Migration Patch
* Fix a lifecycle bug with child objects
* Fix the amphora base port coming up
* Fix setting of VIP QoS policy
* Fix VIP plugging on CentOS-based amphorae
* Fix possible state machine hole in failover
* Add missing import octavia/opts.py
* Fix the loss of access to barbican secrets
* Fix initialization of Barbican client
* Replace openstack.org git:// URLs with https://
* Fix prefix for vip\_ipv6
* Fix ifup failures on member interfaces with IPv6
* Adds server\_certs\_key\_passphrase to octavia.conf
* Fix LB failover when in ERROR
* Resolve amphora agent read timeout issue
* Fix performance of housekeeping DB clean up
* Encrypt certs and keys
* Enable debug for Octavia services in grenade job
* Fix oslo messaging connection leakage
* Simplify keepalived lvsquery parsing for UDP
* Fix functional tests under Python >= 3.6
* Fix check redirect pool for creating a fully populated load balancer
* Fix missing print format error
- Remove superfluous octavia-db-manage invocation from service
file
- Incorporate the patch from
https://review.openstack.org/#/c/541811/9.
- Update to 4.1.8
* #7604: Correctly interpret an empty AXFR response to an IXFR query,
* #7610: Fix replying from ANY address for non-standard port,
* #7609: Fix rectify for ENT records in narrow zones,
* #7607: Do not compress the root,
* #7608: Fix dot stripping in `setcontent()`,
* #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
* #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
* #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”,
* #7509: Plug `mysql_thread_init` memory leak,
* #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.
* Prevent more than one CNAME/SOA record in the same RRset
- Update to 1.11.24:
* Fixed crash of KeyTransform() for JSONField and HStoreField when using
on expressions with params (#30672).
- update to version 5.2.1
- Update .gitreview for stable/rocky
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- OpenDev Migration Patch
- Remove tox_install.sh
- import zuul job settings from project-config
- Skip the services with no endpoints when parsing service catalog
- update to version 1.6.1
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- OpenDev Migration Patch
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- Make sure we always requests JSON responses
- update to version 2.5.8
- FC: Ignore some HBAs from map for single WWNN
- OpenDev Migration Patch
- Improve iSCSI device detection speed
- update to version 1.30.4
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Fix memcache pool client in monkey-patched environments
- OpenDev Migration Patch
- Pass `flush_on_reconnect` to memcache pooled backend
- update to version 8.1.4
- Replace openstack.org git:// URLs with https://
- Cap Bandit below 1.6.0 and update Sphinx requirement
- Retry to declare a queue after internal error
- Add release note for amqp library TLS/SSL error
- Fix switch connection destination when a rabbitmq cluster node disappear
- Mark telemetry tests nv and remove from gate
- OpenDev Migration Patch
- Issue blocking ACK for RPC requests from the consumer thread
- fix typos
ImportantSUSE bug 1129734SUSE bug 1148383CVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2019-3871 at SUSECVE-2019-3871 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-ecdsa (Moderate)SUSE OpenStack Cloud 9
This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:
- CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
- CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).
ModerateSUSE bug 1153165SUSE bug 1154217CVE-2019-14853 at SUSECVE-2019-14853 at NVDCVE-2019-14859 at SUSECVE-2019-14859 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud (Moderate)SUSE OpenStack Cloud 9
This update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud fixes the following issues:
Security fix for openstack-octavia:
- CVE-2019-17134: Fixed an issue where Octavia Amphora-Agent not requiring Client-Certificate (bsc#1153304).
Security fix for python-psutil:
- CVE-2019-18874: Fixed a double-free vulnerability occured during converting system data into a
Python object (bsc#1155089).
- Update to version 9.0+git.1572311426.a6dc2fd:
* Align Crowbar and Ardana MariaDB configs (SOC-10094)
- Update to version 9.0+git.1573069087.15ffd1c:
* enable debug and insecure_debug on demand (SOC-10934)
- Update to version 9.0+git.1572019823.6650494:
* Correctly setup ardana_notify_... fact (SOC-10902)
- Update to version 9.0+git.1572618171.4460843:
* Update gerrit FQDN in .gitreview (SOC-9140)
- Update to version 6.0+git.1573825081.b1caf60f1:
* Update the testsuite for new upgrade method (SOC-10761)
* upgrade: cold start nova before live migration (SOC-10761)
- Update to version 6.0+git.1573131992.3c660b413:
* [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942)
- Update to version 6.0+git.1573051151.3495e0e94:
* Allow enabling bpdu-forwarding on OVS bridges (SOC-9172)
- Update to version 6.0+git.1573754820.dd036ef77:
* neutron: use octavia-api admin VIP URI for lbaasv2 (SOC-10906)
* octavia: handle certificate ownership in barclamp (SOC-10906)
* octavia: add SSL support to octavia-api (SOC-10906)
- Update to version 6.0+git.1573174019.9965ae9b8:
* designate: change default configuration (SOC-10899)
- Update to version 6.0+git.1572855359.8efafea01:
* Make sure the input file with ssh key exists (SOC-10133)
- Update to version 6.0+git.1572636244.e12406629:
* Change order of Octavia to 102 (SOC-10289)
- Update to version 6.0+git.1572470261.49c0affe1:
* designate: move keystone resource lookup to convergence (SOC-10887)
- Update to version 1.3.0+git.1572871359.50fc6087:
* Add title for XEN compute nodes precheck (SOC-10495)
- Update to version barbican-7.0.1.dev21:
* Fix duplicate paths in secret hrefs
* Fix the bug of pep8 and building api-guide
* OpenDev Migration Patch
- Update to version barbican-7.0.1.dev21:
* Fix duplicate paths in secret hrefs
* Fix the bug of pep8 and building api-guide
* OpenDev Migration Patch
- remove 0001-Fix-duplicate-paths-in-secret-hrefs.patch as it had landed upstream
- Replace openstack.org git:// URLs with https://
- Update to version keystone-14.1.1.dev28:
* Allows to use application credentials through group membership
- Update to version keystone-14.1.1.dev28:
* Allows to use application credentials through group membership
- Update to version neutron-13.0.6.dev8:
* Retry creating iptables managers and adding metering rules
- Update to version neutron-13.0.6.dev6:
* Increase timeout when waiting for dnsmasq enablement
- Update to version neutron-13.0.6.dev4:
* Log OVS firewall conjunction creation
- Update to version neutron-13.0.6.dev8:
* Retry creating iptables managers and adding metering rules
- Update to version neutron-13.0.6.dev6:
* Increase timeout when waiting for dnsmasq enablement
- Update to version neutron-13.0.6.dev4:
* Log OVS firewall conjunction creation
- Update to version group-based-policy-5.0.1.dev476:
* Provide a control knob to use the internal EP interface
* Send port notifications when host\_route is getting updated
- Update to version group-based-policy-5.0.1.dev473:
* Fix pep8 failures seen on submitted patches
- Update to version neutron-lbaas-13.0.1.dev16:
* 'lbaas delete l7 rule' Parameter Passing Error
- Update to version neutron-lbaas-13.0.1.dev16:
* 'lbaas delete l7 rule' Parameter Passing Error
- Update to version nova-18.2.4.dev22:
* Revert 'openstack server create' to 'nova boot' in nova docs
* doc: fix and clarify --block-device usage in user docs
- Update to version nova-18.2.4.dev20:
* Avoid error 500 on shelve task\_state race
- Update to version nova-18.2.4.dev19:
* libvirt: Ignore volume exceptions during post\_live\_migration
- Update to version nova-18.2.4.dev22:
* Revert 'openstack server create' to 'nova boot' in nova docs
* doc: fix and clarify --block-device usage in user docs
- Update to version nova-18.2.4.dev20:
* Avoid error 500 on shelve task\_state race
- Update to version nova-18.2.4.dev19:
* libvirt: Ignore volume exceptions during post\_live\_migration
- Update to version octavia-3.2.1.dev3:
* Improve the error message for bad pkcs12 bundles
- Update to version octavia-3.2.1.dev2:
* ipvsadm '--exact' arg to ensure outputs are ints
- Update to version sahara-9.0.2.dev14:
* Fixing image creation
* Check MariaDB installation
- Update to version sahara-9.0.2.dev14:
* Fixing image creation
* Check MariaDB installation
- Update to version 9.20191025:
* support OpenID Connect (SOC-10510)
ModerateSUSE bug 1153304SUSE bug 1155942SUSE bug 1156525CVE-2019-17134 at SUSECVE-2019-17134 at NVDCVE-2019-18874 at SUSECVE-2019-18874 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for haproxy (Important)SUSE OpenStack Cloud 9
This update for haproxy fixes the following issues:
- CVE-2019-18277: Fixed HTTP smuggling in messages with transfer-encoding header missing the 'chunked' value (bsc#1154980).
ImportantSUSE bug 1154980CVE-2019-18277 at SUSECVE-2019-18277 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb to version 10.2.29 fixes the following issues:
MariaDB was updated to 10.2.29 (bsc#1156669)
Security issues fixed:
- CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service
- CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service
- CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service
or data corruption
- CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service
or data corruption
ModerateSUSE bug 1156669CVE-2019-2737 at SUSECVE-2019-2737 at NVDCVE-2019-2739 at SUSECVE-2019-2739 at NVDCVE-2019-2740 at SUSECVE-2019-2740 at NVDCVE-2019-2758 at SUSECVE-2019-2758 at NVDCVE-2019-2805 at SUSECVE-2019-2805 at NVDCVE-2019-2938 at SUSECVE-2019-2938 at NVDCVE-2019-2974 at SUSECVE-2019-2974 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper (Moderate)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper contains the following fixes:
Security fixes for memcached:
- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() (bsc#1149110).
- CVE-2019-11596: Fixed a denial of service when parsing crafted lru command messages in process_lru_comma() (bsc#1133817).
Security fixes for zookeeper:
- CVE-2019-0201: Fixed a information disclosure vulnerability related to getACL() (bsc#1135773).
Changes in rubygem-crowbar-client:
- Update to 3.9.2
- Enable SES commands in Cloud8 (SOC-11122)
Changes in rubygem-puma:
- Add CVE-2020-5247.patch (bsc#1165402)
'Fixes a problem where we were not splitting newlines in headers
according to Rack spec'
The patch is reduced compared to the upstream version, which was
patching also the parts that are not implemented in our old Puma
version. This applies to unit test as well.
Changes in ardana-ansible:
- Update to version 9.0+git.1587034359.a12678b:
* Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223)
- Update to version 9.0+git.1586793433.f7bbf1b:
* Ensure rabbitmq-server not running during dist-upgrade (SOC-11083)
- Update to version 9.0+git.1586521995.f709c73:
* Upgrade packages before _osconfig-upgrade.yml (SOC-11149)
- Update to version 9.0+git.1584135277.f4d488a:
* Serialise the _ardana-update-base.yml zypper actions (SOC-11083)
- Update to version 9.0+git.1583518616.d4eb33f:
* Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)
Changes in ardana-barbican:
- Update to version 9.0+git.1583953599.cd723bb:
* monitor ardana-node-cert (SOC-10873)
Changes in ardana-cluster:
- Update to version 9.0+git.1585653734.c1fe3b2:
* Use bool filter to ensure valid boolean evaluation (SOC-11192)
Changes in ardana-db:
- Update to version 9.0+git.1586543314.6b6aa20:
* Improve boostrap error handling (SOC-11207)
- Update to version 9.0+git.1583946648.0892bab:
* monitor MySQL TLS certificate (SOC-10873)
- Update to version 9.0+git.1583527362.d9e9436:
* fix mysql output and root password update (SOC-11152)
Changes in ardana-designate:
- Update to version 9.0+git.1583445435.4bd1793:
* Designate zone/pool to worker/producer migration (SOC-10095)
Changes in ardana-input-model:
- Update to version 9.0+git.1584632190.9541c56:
* add port neutron security extension to CI models (SOC-11027)
Changes in ardana-logging:
- Update to version 9.0+git.1585929695.f35b591:
* Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593)
Changes in ardana-monasca:
- Update to version 9.0+git.1586769889.d43d736:
* Retry systemctl status for auto-restarting services (SOC-11210)
- Update to version 9.0+git.1583359379.b92a013:
* Add certificate file check alarm (SOC-10873)
Changes in ardana-mq:
- Update to version 9.0+git.1586350749.a463fd2:
* Actually fail if sync HA queues retries exceeded (SOC-11083)
- Update to version 9.0+git.1583428243.c1a72a8:
* monitor RabbitMQ TLS certificate (SOC-10873)
Changes in ardana-neutron:
- Update to version 9.0+git.1587667603.507fb50:
* Add network.target 'After' option (bsc#1169770)
- Update to version 9.0+git.1584635234.e7e6b08:
* Add symlink for neutron-fwaas.json.j2 (bsc#1166290)
Changes in ardana-octavia:
- Update to version 9.0+git.1587486004.8e99c6b:
* Perform Neutron to Octavia migrate (SOC-11207)
- Update to version 9.0+git.1584737314.873b84c:
* Reconfigure monitor if needed (SOC-10873)
- Update to version 9.0+git.1584682274.4693189:
* fix Octavia client cert redeploy (SOC-10873)
- Update to version 9.0+git.1584392355.7368ea3:
* monitor Octavia client certificate (SOC-10873)
Changes in ardana-osconfig:
- Update to version 9.0+git.1586546715.dbd07ab:
* Ensure ovs_user and ovs_group defined (SOC-11149)
Changes in ardana-tempest:
- Update to version 9.0+git.1587398456.b31cc4a:
* Revert: Remove blacklisted octavia test(SOC-11027)
- Update to version 9.0+git.1586901636.089de51:
* Manila: Skip additional manila tests due to Ardana policy (SOC-11211)
- Update to version 9.0+git.1586875796.43d9039:
* Remove blacklisted octavia test(SOC-11027)
- Update to version 9.0+git.1586350084.01a56ee:
* Manila: Skip ShareNetworksTest due to Ardana policy (SOC-11211)
- Update to version 9.0+git.1585746746.8f38be7:
* Remove deprecated neutron extension from tempest (bsc#1124708)
- Update to version 9.0+git.1582537125.359622b:
* Enable port-security feature in tempest(SOC-11027)
Changes in ardana-tls:
- Update to version 9.0+git.1586301209.c9413b4:
* Simplify VNC cert deployment (SOC-9742)
Changes in crowbar-core:
- Update to version 6.0+git.1587558898.313bb9fd3:
* upgrade: Restart nova services at the end of disruptive upgrade (SOC-11202)
- Update to version 6.0+git.1586175344.480d46e76:
* Revert: Add lb-mgmt-net to network.json (SOC-10904)
- Update to version 6.0+git.1585339930.336361e4c:
* Add lb-mgmt-net to network.json (SOC-10904)
- Update to version 6.0+git.1585229942.1ddd6e742:
* upgrade: Point to config dir instead of config file (SOC-11171)
* upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)
- Update to version 6.0+git.1584974229.c5a263be6:
* Update the default value of OS version (trivial)
* Ignore CVE-2020-5267 in CI (bsc#1167240)
* Ignore CVE-2020-10663 in CI (bsc#1167244)
* upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)
- Update to version 6.0+git.1584564132.03cfcb5d0:
* Remove comment that's no longer relevant (trivial)
* Move role_to_proposal method from model to controller (trivial)
* upgrade: proper check for remote elements (trivial)
* Remove FIXME proposals that won't be fixed (trivial)
* Drop unused suggestion (trivial)
* Drop obsolete code (trivial)
- Update to version 6.0+git.1583841628.7a9cacf85:
* Ignore CVE-2020-8130 in CI (bsc#1164804)
* Ignore CVE-2020-5247 (bsc#1165402)
* Ignore CVE-2020-7595 in CI (bsc#1161517)
* ses: Make SES UI safe for unknown options (trivial)
* ses: Use cinder user for nova (SOC-5269)
- Update to version 6.0+git.1583502199.abec5c91e:
* upgrade: Raise the timeout for nodes evacuation (trivial)
Changes in crowbar-ha:
- Update to version 6.0+git.1586256059.e6f67e1:
* Hide libvirt STONITH option from the UI (bsc#1084739)
- Update to version 6.0+git.1585316150.ee52acc:
* add ssl termination on haproxy (bsc#1149535)
Changes in crowbar-openstack:
- Update to version 6.0+git.1587753188.da39e44a7:
* tempest: retry openstack commands (SOC-11238)
- Update to version 6.0+git.1587560956.475ebae91:
* nova: Hide setup_shared_instance_storage (SOC-11225)
- Update to version 6.0+git.1587110382.e00bbeeb8:
* octavia: remove mgmt_net from UI (SOC-10904)
- Update to version 6.0+git.1586351116.5977d44ce:
* neutron: fix neutron cli to use internal endpoint (bsc#1168512)
- Update to version 6.0+git.1586249148.97e221138:
* neutron: don't add physnets for non-enabled networks (SOC-11204)
* octavia: move management network creation to octavia barclamp (SOC-10904)
* octavia: move amphora changes check to worker recipe
* octavia: use octavia network for health monitors (SOC-10904)
* octavia: rework emanagement network config (SOC-10904)
- Update to version 6.0+git.1585653227.5004f0a1f:
* Disable 'OpenStack RC File (identity API v2)' in horizon (bsc#1163444)
- Update to version 6.0+git.1585444839.ec56032ca:
* Revert 'Octavia: Hide UI until complete (SOC-10550)'
- Update to version 6.0+git.1585282212.df338c7f6:
* Add lb-mgmt-net for Octavia (SOC-10904)
- Update to version 6.0+git.1585237884.e441a435b:
* fix travis CI to handle reverted commits properly (SOC-11180)
- Update to version 6.0+git.1585143832.fa2fd2714:
* nova: Populate cinder SES settings early (SOC-11179)
- Update to version 6.0+git.1585068621.f53f95864:
* tempest: blacklist shelve tests when using RBD ephemeral (SOC-11176)
* tempest: disable block migration when using RBD (SOC-11176)
- Update to version 6.0+git.1584967542.06b4f7cda:
* magnum: Populate SSL configuration (SOC-9849)
* magnum: Add SSL support (SOC-9849)
- Update to version 6.0+git.1584603207.1dc71c848:
* nova: Drop redundant disk_cachemodes (trivial)
* nova: Add option to disable ephemeral on ceph (SOC-5269)
- Update to version 6.0+git.1584540693.0d3b72090:
* keystone: fix keystone node lookup (SOC-11333, bsc#1164838)
* keystone: Register SES RadosGW endpoints (SOC-5270)
* heat: Increase heat_register syncmark timeout (SOC-11103)
* heat: Simplify domain registration code (SOC-11103)
- Update to version 6.0+git.1584437931.10aebd310:
* nova: Setup CEPH secrets later (SOC-11141)
- Update to version 6.0+git.1584347033.7472a6925:
* nova: Enable ephemeral volumes on SES (SOC-5269)
Changes in memcached:
- version update to 1.5.17
* bugfixes
fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)
extstore: fix indentation
add error handling when calling dup function
add unlock when item_cachedump malloc failed
extstore: emulate pread(v) for macOS
fix off-by-one in logger to allow CAS commands to be logged.
use strdup for explicitly configured slab sizes
move mem_requested from slabs.c to items.c (internal cleanup)
* new features
add server address to the 'stats conns' output
log client connection id with fetchers and mutations
Add a handler for seccomp crashes
- version update to 1.5.16
* bugfixes
When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.
- version update to 1.5.15
* bugfixes
Speed up incr/decr by replacing snprintf.
Use correct buffer size for internal URI encoding.
change some links from http to https
Fix small memory leak in testapp.c.
free window_global in slab_automove_extstore.c
remove inline_ascii_response option
-Y [filename] for ascii authentication mode
fix: idle-timeout wasn't compatible with binprot
* features
-Y [authfile] enables an authentication mode for ASCII protocol.
- modified patches
% memcached-autofoo.patch (refreshed)
- version update to 1.5.14
* update -h output for -I (max item size)
* fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)
* fix compile error on centos7
* extstore: error adjusting page_size after ext_path
* extstore: fix segfault if page_count is too high.
* close delete + incr item survival race bug
* memcached-tool dump fix loss of exp value
* Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly
* Experimental TLS support.
* Basic implementation of TLS for memcached.
* Improve Get And Touch documentation
* fix INCR/DECR refcount leak for invalid items
- modified patches
% memcached-autofoo.patch (refreshed)
Changes in openstack-ceilometer:
- Update to version ceilometer-11.1.1.dev5:
* [stable-only] Cap stestr for python 2
- Update to version ceilometer-11.1.1.dev3:
11.1.0
* Add availability\_zone attribute to gnocchi instance resources
* Set instance\_type\_id in event traits to be a string
* Fix name of option group removed in Rocky
Changes in openstack-ceilometer:
- Update to version ceilometer-11.1.1.dev5:
* [stable-only] Cap stestr for python 2
- Update to version ceilometer-11.1.1.dev3:
11.1.0
* Add availability\_zone attribute to gnocchi instance resources
* Set instance\_type\_id in event traits to be a string
* Fix name of option group removed in Rocky
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev9:
* PowerMax Driver - Legacy volume not found
* NEC driver: fix an undefined variable
- Update to version cinder-13.0.10.dev6:
* RBD: fix volume reference handling in clone logic
- Update to version cinder-13.0.10.dev4:
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
- Update to version cinder-13.0.10.dev3:
* ChunkedBackupDriver: Freeing memory on restore
- Update to version cinder-13.0.10.dev1:
* Don't quote {posargs} in tox.ini
13.0.9
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev9:
* PowerMax Driver - Legacy volume not found
* NEC driver: fix an undefined variable
- Update to version cinder-13.0.10.dev6:
* RBD: fix volume reference handling in clone logic
- Update to version cinder-13.0.10.dev4:
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
- Update to version cinder-13.0.10.dev3:
* ChunkedBackupDriver: Freeing memory on restore
- Update to version cinder-13.0.10.dev1:
* Don't quote {posargs} in tox.ini
13.0.9
Changes in openstack-designate:
- Update to version designate-7.0.1.dev25:
* Clean up zone locking
Changes in openstack-designate:
- Update to version designate-7.0.1.dev25:
* Clean up zone locking
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev35:
* Ignore Not Found when deleting Keystone role assignment
* Handle OS::Mistral::Workflow resource replacement properly
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev35:
* Ignore Not Found when deleting Keystone role assignment
* Handle OS::Mistral::Workflow resource replacement properly
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev3:
* Make deploy step failure logging indicate the error
11.1.4
- Update to version ironic-11.1.4.dev26:
* Remove rocky grenade jobs
* tell reno to ignore the kilo branch
* [stable] consume virtualbmc from pip packages
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev3:
* Make deploy step failure logging indicate the error
11.1.4
- Update to version ironic-11.1.4.dev26:
* Remove rocky grenade jobs
* tell reno to ignore the kilo branch
* [stable] consume virtualbmc from pip packages
Changes in openstack-ironic-image:
- Add haveged package (bsc#1137622)
It is needed to ensure there's enough entroy available to perform
the iSCSI operations.
Changes in openstack-manila:
- Update to version manila-7.4.2.dev4:
* Increase MANILA\_SERVICE\_VM\_FLAVOR\_DISK
- Update to version manila-7.4.2.dev3:
* If only .pyc exist, the extension API will be disabled
- Update to version manila-7.4.2.dev2:
* Enforce policy checks for share export locations
- Update to version manila-7.4.2.dev1:
* [stable-only] Pin neutron-tempest-plugin to 0.9.0
7.4.1
- Update to version manila-7.4.1.dev2:
* share\_networks: enable project\_only API only
* Fix over-quota exception of snapshot creation
7.4.0
- Update to version manila-7.4.1.dev1:
* Fix over-quota exception of snapshot creation
7.4.0
Changes in openstack-manila:
- Update to version manila-7.4.2.dev4:
* Increase MANILA\_SERVICE\_VM\_FLAVOR\_DISK
- Update to version manila-7.4.2.dev3:
* If only .pyc exist, the extension API will be disabled
- Update to version manila-7.4.2.dev2:
* Enforce policy checks for share export locations
- Update to version manila-7.4.2.dev1:
* [stable-only] Pin neutron-tempest-plugin to 0.9.0
7.4.1
- Rebased patches:
+ cve-2020-9543-stable-rocky.patch dropped (merged upstream)
- Update to version manila-7.4.1.dev2:
* share\_networks: enable project\_only API only
* Fix over-quota exception of snapshot creation
7.4.0
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev28:
* Prioritize port create and update ready messages
- Update to version neutron-13.0.8.dev26:
* Support iproute2 4.15 in l3\_tc\_lib
- Update to version neutron-13.0.8.dev24:
* Add trunk subports to be one of dvr serviced device owners
- Update to version neutron-13.0.8.dev22:
* Filter by owner SGs when retrieving the SG rules
* Delay HA router transition from 'backup' to 'master'
* Increase waiting time for network rescheduling
* Check dnsmasq process is active when spawned
* Wait before deleting trunk bridges for DPDK vhu
* [DVR] Don't populate unbound ports in router's ARP cache
* Optimize DVR related port DB query
- Update to version neutron-13.0.8.dev9:
* Add bulk IP address assignment to ipam driver
- Update to version neutron-13.0.8.dev7:
* Add accepted egress direct flow
- Update to version neutron-13.0.8.dev6:
* Add VLAN type conntrack direct flow
- Update to version neutron-13.0.8.dev4:
* Use rally-openstack 1.7.0 for stable/rocky
- Update to version neutron-13.0.8.dev3:
* Remove extra header fields in proxied metadata requests
* Ensure that default SG exists during list of SG rules API call
13.0.7
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev28:
* Prioritize port create and update ready messages
- Update to version neutron-13.0.8.dev26:
* Support iproute2 4.15 in l3\_tc\_lib
- Update to version neutron-13.0.8.dev24:
* Add trunk subports to be one of dvr serviced device owners
- Update to version neutron-13.0.8.dev22:
* Filter by owner SGs when retrieving the SG rules
* Delay HA router transition from 'backup' to 'master'
* Increase waiting time for network rescheduling
* Check dnsmasq process is active when spawned
* Wait before deleting trunk bridges for DPDK vhu
* [DVR] Don't populate unbound ports in router's ARP cache
* Optimize DVR related port DB query
- Update to version neutron-13.0.8.dev9:
* Add bulk IP address assignment to ipam driver
- Update to version neutron-13.0.8.dev7:
* Add accepted egress direct flow
- Update to version neutron-13.0.8.dev6:
* Add VLAN type conntrack direct flow
- Update to version neutron-13.0.8.dev4:
* Use rally-openstack 1.7.0 for stable/rocky
- Update to version neutron-13.0.8.dev3:
* Remove extra header fields in proxied metadata requests
* Ensure that default SG exists during list of SG rules API call
13.0.7
Changes in openstack-nova:
- Update to version nova-18.3.1.dev17:
* Unplug VIFs as part of cleanup of networks
- Update to version nova-18.3.1.dev16:
* Functional test for UnexpectedDeletingTaskStateError
- Update to version nova-18.3.1.dev15:
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* Replace ansible --sudo with --become in live\_migration/hooks scripts
- Update to version nova-18.3.1.dev11:
* Fix os-keypairs pagination links
- Update to version nova-18.3.1.dev9:
* Enhance service restart in functional env
* Fix hypervisors paginted collection\_name
* Avoid circular reference during serialization
- Update to version nova-18.3.1.dev4:
* Remove global state from the FakeDriver
- Update to version nova-18.3.1.dev3:
* Add retry\_on\_deadlock to migration\_update DB API
* libvirt: Ignore DiskNotFound during update\_available\_resource
18.3.0
Changes in openstack-nova:
- Update to version nova-18.3.1.dev17:
* Unplug VIFs as part of cleanup of networks
- Update to version nova-18.3.1.dev16:
* Functional test for UnexpectedDeletingTaskStateError
- Update to version nova-18.3.1.dev15:
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* Replace ansible --sudo with --become in live\_migration/hooks scripts
- Update to version nova-18.3.1.dev11:
* Fix os-keypairs pagination links
- Update to version nova-18.3.1.dev9:
* Enhance service restart in functional env
* Fix hypervisors paginted collection\_name
* Avoid circular reference during serialization
- Update to version nova-18.3.1.dev4:
* Remove global state from the FakeDriver
- Update to version nova-18.3.1.dev3:
* Add retry\_on\_deadlock to migration\_update DB API
* libvirt: Ignore DiskNotFound during update\_available\_resource
18.3.0
Changes in openstack-octavia:
- Update to version octavia-3.2.3.dev2:
* Pick stale amphora randomly
- Update to version octavia-3.2.3.dev1:
* Remove the barbican 'Grant access' from cookbook
3.2.2
- Add patch 0001-HTTPS-HMs-need-the-same-validation-path-as-HTTP.patch (bsc#1165723)
https://review.opendev.org/#/c/710161/
Change-Id: I2fd51664336dca51f134b3fccd3e8c936b809839
Changes in openstack-octavia-amphora-image:
- Update image to 0.1.3 to include latest changes
Changes in python-cinderclient:
- update to version 4.0.3
- Add missed 'Server ID' output in attachment-list
Changes in python-glanceclient:
- update to version 2.13.2
- OpenDev Migration Patch
Changes in python-ironic-lib:
- update to version 2.14.3
- Use last digit to determine paritition naming scheme
- Erase expected GPT locations in metadata wipe
- Rescan after making partition changes
Changes in python-ironicclient:
- update to version 2.5.4
- fix session cert arguments
Changes in python-keystonemiddleware:
- update to version 5.2.2
- Make tests pass in 2022
- Make sure audit middleware use own context
Changes in python-manila-tempest-plugin:
- added 0002-Fix-export-locations-tests.patch
Changes in python-novaclient:
- update to version 11.0.1
- Add test for console-log and docs for bug 1746534
- Use SHA256 instead of MD5 in completion cache
- Improve the description of optional arguments
- Revert 'Fix crashing console-log'
- Fix up userdata argument to rebuild.
- OpenDev Migration Patch
- Stop silently ignoring invalid 'nova boot --hint' options
- Add missing options in CLI reference
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- Replace openstack.org git:// URLs with https://
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Follow up 'Fix up userdata argument to rebuild'
Changes in python-octaviaclient:
- update to version 1.6.2
- Fix long CLI error messages
- Update tox.ini for new upper constraints strategy
Changes in python-openstackclient:
- update to version 3.16.3
- Fix bug in endpoint group deletion
- OpenDev Migration Patch
- Fix: Restore output 'VolumeBackupsRestore' object is not iterable
- Stable branch combination fix
- Add --name-lookup-one-by-one option to server list
- Fix BFV server list handling with --name-lookup-one-by-one
- Fix compute service set handling for 2.53+
- Don't display router's is_ha and is_distributed attributes always
- Document 2.53 behavior for compute service list/delete
- Remove str() when setting network objects names
Changes in python-os-brick:
- update to version 2.5.10
- Check path alive before get scsi wwn
- Skip cryptsetup password quality checking
- iscsi: Add _get_device_link retry when waiting for /dev/disk/by-id/ to populate
- linuxscsi: Stop waiting for multipath devices during extend_volume
- Handle None value 'inititator_target_map'
- Fix FC scan too broad
- Ignore pep8 W503/W504
Changes in python-oslo.config:
- update to version 6.4.2
- Use constraints when building docs
- Ensure option groups don't change during logging
- OpenDev Migration Patch
Changes in python-oslo.rootwrap:
- update to version 5.14.2
- Run rootwrap with lower fd ulimit by default
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
Changes in python-oslo.utils:
- update to version 3.36.5
- import zuul job settings from project-config
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Make mask_dict_password case insensitive and add new patterns
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- Make mask_password case insensitive, and add new patterns
- Mask encryption_key_id
Changes in python-swiftclient:
- update to version 3.6.1
- OpenDev Migration Patch
- Fix SLO re-upload
- Update .gitreview for stable/rocky
- Changelog for 3.6.1
- import zuul job settings from project-config
- Fix up stable gate
- Use Swift's in-tree DSVM test
Changes in python-watcherclient:
- update to version 2.1.1
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- import zuul job settings from project-config
- Replace openstack.org git:// URLs with https://
- fix watcher actionplan show command
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20200319:
* Update release notes to indicate Designate support has shipped
Changes in zookeeper:
- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch
This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201
Should not allow to read ACL when not authorized to read node
(bsc#1135773)
ModerateSUSE bug 1084739SUSE bug 1124708SUSE bug 1133817SUSE bug 1135773SUSE bug 1137622SUSE bug 1149110SUSE bug 1149535SUSE bug 1163444SUSE bug 1164838SUSE bug 1165402SUSE bug 1165723SUSE bug 1166290SUSE bug 1168512SUSE bug 1168593SUSE bug 1169770CVE-2019-0201 at SUSECVE-2019-0201 at NVDCVE-2019-11596 at SUSECVE-2019-11596 at NVDCVE-2019-15026 at SUSECVE-2019-15026 at NVDCVE-2020-5247 at SUSECVE-2020-5247 at NVDCVE-2020-9543 at SUSECVE-2020-9543 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
mariadb was updated to version 10.2.32 (bsc#1171550)
- CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server.
Release notes and changelog:
- https://mariadb.com/kb/en/library/mariadb-10232-release-notes
- https://mariadb.com/kb/en/library/mariadb-10232-changelog
- Update to 10.2.32 GA [bsc#1171550]
ModerateSUSE bug 1171550CVE-2020-13249 at SUSECVE-2020-13249 at NVDCVE-2020-2752 at SUSECVE-2020-2752 at NVDCVE-2020-2760 at SUSECVE-2020-2760 at NVDCVE-2020-2812 at SUSECVE-2020-2812 at NVDCVE-2020-2814 at SUSECVE-2020-2814 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nspr, mozilla-nss (Important)SUSE OpenStack Cloud 9
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53.1
- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
- Fixed an issue where Firefox tab was crashing (bsc#1170908).
Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
ImportantSUSE bug 1159819SUSE bug 1168669SUSE bug 1169746SUSE bug 1170908SUSE bug 1171978SUSE bug 1173022CVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).
- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).
- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).
- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).
ImportantSUSE bug 1173376SUSE bug 1173377SUSE bug 1173378SUSE bug 1173380CVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues:
Security issues fixed:
- CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576).
- CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).
- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576).
- CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576).
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576).
- CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576).
- CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576).
- CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576).
- CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576).
- CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576).
- CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).
- CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).
- FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).
Non-security issues fixed:
- Fixed interaction with freetype6 (bsc#1173613).
ImportantSUSE bug 1167231SUSE bug 1173576SUSE bug 1173613CVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12415 at SUSECVE-2020-12415 at NVDCVE-2020-12416 at SUSECVE-2020-12416 at NVDCVE-2020-12417 at SUSECVE-2020-12417 at NVDCVE-2020-12418 at SUSECVE-2020-12418 at NVDCVE-2020-12419 at SUSECVE-2020-12419 at NVDCVE-2020-12420 at SUSECVE-2020-12420 at NVDCVE-2020-12421 at SUSECVE-2020-12421 at NVDCVE-2020-12422 at SUSECVE-2020-12422 at NVDCVE-2020-12423 at SUSECVE-2020-12423 at NVDCVE-2020-12424 at SUSECVE-2020-12424 at NVDCVE-2020-12425 at SUSECVE-2020-12425 at NVDCVE-2020-12426 at SUSECVE-2020-12426 at NVDCVE-2020-6813 at SUSECVE-2020-6813 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-ipaddress (Important)SUSE OpenStack Cloud 9
This update for python-ipaddress fixes the following issues:
- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing
CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions
in IPv4Interface and IPv6Interface could lead to DOS.
ImportantSUSE bug 1173274CVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for squid (Important)SUSE OpenStack Cloud 9
This update for squid fixes the following issues:
- CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling
attack (CVE-2020-15049, bsc#1173455)
ImportantSUSE bug 1173455CVE-2020-15049 at SUSECVE-2020-15049 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
Tomcat was updated to 9.0.36 See changelog at
- CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU
usage for several seconds making potentially the server unresponsive (bsc#1173389).
ImportantSUSE bug 1173389CVE-2020-11996 at SUSECVE-2020-11996 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for SUSE Manager Client Tools (Moderate)SUSE OpenStack Cloud 9
This update fixes the following issues:
cobbler:
- Calculate relative path for kernel and inited when generating
grub entry (bsc#1170231)
Added: fix-grub2-entry-paths.diff
- Fix os-release version detection for SUSE
Modified: sles15.patch
- Jinja2 template library fix (bsc#1141661)
- Removes string replace for textmode fix (bsc#1134195)
golang-github-prometheus-node_exporter:
- Update to 0.18.1
* [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345
* [BUGFIX] Fix rollover bug in mountstats collector #1364
* Renamed interface label to device in netclass collector for consistency with
* other network metrics #1224
* The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248
* The labels for the network_up metric have changed, see issue #1236
* Bonding collector now uses mii_status instead of operstatus #1124
* Several systemd metrics have been turned off by default to improve performance #1254
* These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds
* The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255
* [CHANGE] Bonding state uses mii_status #1124
* [CHANGE] Add a limit to the number of in-flight requests #1166
* [CHANGE] Renamed interface label to device in netclass collector #1224
* [CHANGE] Add separate cpufreq and scaling metrics #1248
* [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254
* [CHANGE] Expand systemd collector blacklist #1255
* [CHANGE] Split cpufreq metrics into a separate collector #1253
* [FEATURE] Add a flag to disable exporter metrics #1148
* [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197
* [FEATURE] Add uname collector for FreeBSD #1239
* [FEATURE] Add diskstats collector for OpenBSD #1250
* [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174
* [FEATURE] Add perf exporter for Linux #1274
* [ENHANCEMENT] Add Infiniband counters #1120
* [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143
* [ENHANCEMENT] Move network_up labels into new metric network_info #1236
* [ENHANCEMENT] Use 64-bit counters for Darwin netstat
* [BUGFIX] Add fallback for missing /proc/1/mounts #1172
* [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326
- Add network-online (Wants and After) dependency to systemd unit bsc#1143913
golang-github-prometheus-prometheus:
- Update change log and spec file
+ Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS.
+ Rebase and update patches for version 2.18.0
+ Changed:
* 0002-Default-settings.patch Changed
- Update to 2.18.0
+ Features
* Tracing: Added experimental Jaeger support #7148
+ Changes
* Federation: Only use local TSDB for federation (ignore remote read). #7096
* Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094
+ Enhancements
* TSDB: Significantly reduce WAL size kept around after a block cut. #7098
* Discovery: Add `architecture` meta label for EC2. #7000
+ Bug fixes
* UI: Fixed wrong MinTime reported by /status. #7182
* React UI: Fixed multiselect legend on OSX. #6880
* Remote Write: Fixed blocked resharding edge case. #7122
* Remote Write: Fixed remote write not updating on relabel configs change. #7073
- Changes from 2.17.2
+ Bug fixes
* Federation: Register federation metrics #7081
* PromQL: Fix panic in parser error handling #7132
* Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138
* TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135
* TSDB: Make isolation more robust to panics in web handlers #7129 #7136
- Changes from 2.17.1
+ Bug fixes
* TSDB: Fix query performance regression that increased memory and CPU usage #7051
- Changes from 2.17.0
+ Features
* TSDB: Support isolation #6841
* This release implements isolation in TSDB. API queries and recording rules are
guaranteed to only see full scrapes and full recording rules. This comes with a
certain overhead in resource usage. Depending on the situation, there might be
some increase in memory usage, CPU usage, or query latency.
+ Enhancements
* PromQL: Allow more keywords as metric names #6933
* React UI: Add normalization of localhost URLs in targets page #6794
* Remote read: Read from remote storage concurrently #6770
* Rules: Mark deleted rule series as stale after a reload #6745
* Scrape: Log scrape append failures as debug rather than warn #6852
* TSDB: Improve query performance for queries that partially hit the head #6676
* Consul SD: Expose service health as meta label #5313
* EC2 SD: Expose EC2 instance lifecycle as meta label #6914
* Kubernetes SD: Expose service type as meta label for K8s service role #6684
* Kubernetes SD: Expose label_selector and field_selector #6807
* Openstack SD: Expose hypervisor id as meta label #6962
+ Bug fixes
* PromQL: Do not escape HTML-like chars in query log #6834 #6795
* React UI: Fix data table matrix values #6896
* React UI: Fix new targets page not loading when using non-ASCII characters #6892
* Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018
* Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998
* Scrape: Prevent removal of metric names upon relabeling #6891
* Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986
* Scrape: Fix crash when reloads are separated by two scrape intervals #7011
- Changes from 2.16.0
+ Features
* React UI: Support local timezone on /graph #6692
* PromQL: add absent_over_time query function #6490
* Adding optional logging of queries to their own file #6520
+ Enhancements
* React UI: Add support for rules page and 'Xs ago' duration displays #6503
* React UI: alerts page, replace filtering togglers tabs with checkboxes #6543
* TSDB: Export metric for WAL write errors #6647
* TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651
* PromQL: Refactoring in parser errors to improve error messages #6634
* PromQL: Support trailing commas in grouping opts #6480
* Scrape: Reduce memory usage on reloads by reusing scrape cache #6670
* Scrape: Add metrics to track bytes and entries in the metadata cache #6675
* promtool: Add support for line-column numbers for invalid rules output #6533
* Avoid restarting rule groups when it is unnecessary #6450
+ Bug fixes
* React UI: Send cookies on fetch() on older browsers #6553
* React UI: adopt grafana flot fix for stacked graphs #6603
* React UI: broken graph page browser history so that back button works as expected #6659
* TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616
* TSDB: return an error on ingesting series with duplicate labels #6664
* PromQL: Fix unary operator precedence #6579
* PromQL: Respect query.timeout even when we reach query.max-concurrency #6712
* PromQL: Fix string and parentheses handling in engine, which affected React UI #6612
* PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493
* Scrape: Validate that OpenMetrics input ends with `# EOF` #6505
* Remote read: return the correct error if configs can't be marshal'd to JSON #6622
* Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673
* Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511
* Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693
- Changes from 2.15.2
+ Bug fixes
* TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564
* TSDB: Fixed block compaction issues on Windows. #6547
- Changes from 2.15.1
+ Bug fixes
* TSDB: Fixed race on concurrent queries against same data. #6512
- Changes from 2.15.0
+ Features
* API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442
+ Changes
* Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393
* Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043
+ Enhancements
* TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461
* TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475
* TSDB: Improve replay latency. #6230
* TSDB: WAL size is now used for size based retention calculation. #5886
* Remote read: Added query grouping and range hints to the remote read request #6401
* Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344
* promql: Improved PromQL parser performance. #6356
* React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements.
* promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065
+ Bug fixes
* Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455
* Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378
* Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469
* API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303
- Changes from 2.14.0
+ Features
* API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243
* React UI: implement the new experimental React based UI. #5694 and many more
* Can be found by under `/new`.
* Not all pages are implemented yet.
* Status: Cardinality statistics added to the Runtime & Build Information page. #6125
+ Enhancements
* Remote write: fix delays in remote write after a compaction. #6021
* UI: Alerts can be filtered by state. #5758
+ Bug fixes
* Ensure warnings from the API are escaped. #6279
* API: lifecycle endpoints return 403 when not enabled. #6057
* Build: Fix Solaris build. #6149
* Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270
* Remote write: restore use of deduplicating logger in remote write. #6113
* Remote write: do not reshard when unable to send samples. #6111
* Service discovery: errors are no longer logged on context cancellation. #6116, #6133
* UI: handle null response from API properly. #6071
- Changes from 2.13.1
+ Bug fixes
* Fix panic in ARM builds of Prometheus. #6110
* promql: fix potential panic in the query logger. #6094
* Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145
- Changes from 2.13.0
+ Enhancements
* Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254
* Include the tsdb tool in builds. #6089
* Service discovery: add new node address types for kubernetes. #5902
* UI: show warnings if query have returned some warnings. #5964
* Remote write: reduce memory usage of the series cache. #5849
* Remote read: use remote read streaming to reduce memory usage. #5703
* Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787
* Promtool: show the warnings during label query. #5924
* Promtool: improve error messages when parsing bad rules. #5965
* Promtool: more promlint rules. #5515
+ Bug fixes
* UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098
* Promtool: fix recording inconsistency due to duplicate labels. #6026
* UI: fixes service-discovery view when accessed from unhealthy targets. #5915
* Metrics format: OpenMetrics parser crashes on short input. #5939
* UI: avoid truncated Y-axis values. #6014
- Changes from 2.12.0
+ Features
* Track currently active PromQL queries in a log file. #5794
* Enable and provide binaries for `mips64` / `mips64le` architectures. #5792
+ Enhancements
* Improve responsiveness of targets web UI and API endpoint. #5740
* Improve remote write desired shards calculation. #5763
* Flush TSDB pages more precisely. tsdb#660
* Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667
* Add logging during TSDB WAL replay on startup. tsdb#662
* Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627
+ Bug fixes
* Check for duplicate label names in remote read. #5829
* Mark deleted rules' series as stale on next evaluation. #5759
* Fix JavaScript error when showing warning about out-of-sync server time. #5833
* Fix `promtool test rules` panic when providing empty `exp_labels`. #5774
* Only check last directory when discovering checkpoint number. #5756
* Fix error propagation in WAL watcher helper functions. #5741
* Correctly handle empty labels from alert templates. #5845
- Update Uyuni/SUSE Manager service discovery patch
+ Modified 0003-Add-Uyuni-service-discovery.patch:
+ Adapt service discovery to the new Uyuni API endpoints
+ Modified spec file: force golang 1.12 to fix build issues in SLE15SP2
- Update to Prometheus 2.11.2
grafana:
- Update to version 7.0.3
* Features / Enhancements
- Stats: include all fields. #24829, @ryantxu
- Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff
* Bug fixes
- Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian
- Configuration: Fix env var override of sections containing hyphen. #25178, @marefr
- Dashboard: Get panels in collapsed rows. #25079, @peterholmberg
- Do not show alerts tab when alerting is disabled. #25285, @dprokop
- Jaeger: fixes cascader option label duration value. #25129, @Estrax
- Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo
- Update to version 7.0.2
* Bug fixes
- Security: Urgent security patch release to fix CVE-2020-13379
- Update to version 7.0.1
* Features / Enhancements
- Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney
- Download CSV: Add date and time formatting. #24992, @ryantxu
- Table: Make last cell value visible when right aligned. #24921, @peterholmberg
- TablePanel: Adding sort order persistance. #24705, @torkelo
- Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg
- Transformations: Allow custom number input for binary operations. #24752, @ryantxu
* Bug fixes
- Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani
- Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani
- Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark
- DataLinks: Bring back variables interpolation in title. #24970, @dprokop
- Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney
- Explore/Table: Keep existing field types if possible. #24944, @kaydelaney
- Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova
- Explore: fix undo in query editor. #24797, @zoltanbedi
- Explore: fix word break in type head info. #25014, @zoltanbedi
- Graph: Legend decimals now work as expected. #24931, @torkelo
- LoginPage: Fix hover color for service buttons. #25009, @tskarhed
- LogsPanel: Fix scrollbar. #24850, @ivanahuckova
- MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo
- Organize transformer: Use display name in field order comparer. #24984, @dprokop
- Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark
- PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop
- PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo
- PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark
- PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark
- PanelMenu: Make menu disappear on button press. #25015, @tskarhed
- Postgres: Fix add button. #25087, @phemmer
- Prometheus: Fix recording rules expansion. #24977, @ivanahuckova
- Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian
- Update to version 7.0.0
* Breaking changes
- Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin.
- Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds.
- Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10.
- Datasource/Loki: Support for deprecated Loki endpoints has been removed.
- Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information.
- @grafana/ui: Forms migration notice, see @grafana/ui changelog
- @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog
+ Deprecation warnings
- Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059
- The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins.
* Features / Enhancements
- Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr
- Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal
- Loki: Allow multiple derived fields with the same name. #24437, @aocenas
- Orgs: Add future deprecation notice. #24502, @torkelo
* Bug Fixes
- @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi
- Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark
- Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop
- Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo
- Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn
- Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo
- Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg
- Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop
- Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet
- Data source: Fixes async mount errors. #24579, @Estrax
- Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1
- Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova
- Explore: Fix rendering of react query editors. #24593, @ivanahuckova
- Explore: Fixes loading more logs in logs context view. #24135, @Estrax
- Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo
- Graphite: Makes query annotations work again. #24556, @hugohaggmark
- Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney
- Logs: Fix total bytes process calculation. #24691, @davkal
- Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet
- Plugins: Fix manifest validation. #24573, @aknuds1
- Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist
- Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed
- Search: Save folder expanded state. #24496, @Clarity-89
- Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss
- Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo
- Table: Fixed persisting column resize for time series fields. #24505, @torkelo
- Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark
- Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn
- Transformations: Make transform dropdowns not cropped. #24615, @dprokop
- Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark
- Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark
- Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark
- Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark
- Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas
- SAML: Switch from email to login for user login attribute mapping (Enterprise)
- Update Makefile and spec file
* Remove phantomJS patch from Makefile
* Fix multiline strings in Makefile
* Exclude s390 from SLE12 builds, golang 1.14 is not built for s390
- Add instructions for patching the Grafana javascript frontend.
- BuildRequires golang(API) instead of go metapackage version range
* BuildRequires: golang(API) >= 1.14 from
BuildRequires: ( go >= 1.14 with go < 1.15 )
- Update to version 6.7.3
- This version fixes bsc#1170557 and its corresponding CVE-2020-12245
- Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin
- Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark
- AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken
- Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg
- Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan
- DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo
- Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh
- Security: Fix annotation popup XSS vulnerability. #23813, @torkelo
- Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1
- TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo
- Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark
- Update to version 6.7.2:
(see installed changelog for the full list of changes)
- BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo
- Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop
- DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn
- Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn
- Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo
- Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo
- Plugins: Expose promiseToDigest. #23249, @torkelo
- Reporting (Enterprise): Fixes issue updating a report created by someone else
- Update to 6.7.1:
(see installed changelog for the full list of changes)
Bug Fixes
- Azure: Fixed dropdowns not showing current value. #22914, @torkelo
- BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark
- Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo
- Reporting: fixes migrations compatibility with mysql (Enterprise)
- Reporting: Reduce default concurrency limit to 4 (Enterprise)
- Update to 6.7.0:
(see installed changelog for the full list of changes)
Bug Fixes
- AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo
- BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark
- Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo
- Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo
- Rich History: UX adjustments and fixes. #22729, @ivanahuckova
- Update to 6.7.0-beta1:
Breaking changes
- Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked.
- Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338
- Notice about changes in backendSrv for plugin authors
In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv.
Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI.
To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv.
Bug Fixes
API: Fix redirect issues. #22285, @papagian
Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1
Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal
Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal
Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek
BackendSrv: Fixes POST body for form data. gmark
CloudWatch: Credentials cache invalidation fix. #22473, @sunker
CloudWatch: Expand alias variables when query yields no result. #22695, @sunker
Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk
Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing
Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d
Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo
StatPanel: Fixes base color is being used for null values .
#22646, @torkelo
- Update to version 6.6.2:
(see installed changelog for the full list of changes)
- Update to version 6.6.1:
(see installed changelog for the full list of changes)
- Update to version 6.6.0:
(see installed changelog for the full list of changes)
- Update to version 6.5.3:
(see installed changelog for the full list of changes)
- Update to version 6.5.2:
(see installed changelog for the full list of changes)
- Update to version 6.5.1:
(see installed changelog for the full list of changes)
- Update to version 6.5.0
(see installed changelog for the full list of changes)
- Update to version 6.4.5:
* Create version 6.4.5
* CloudWatch: Fix high CPU load (#20579)
- Add obs-service-go_modules to download required modules into vendor.tar.gz
- Adjusted spec file to use vendor.tar.gz
- Adjusted Makefile to work with new filenames
- BuildRequire go1.14
- Update to version 6.4.4:
* DataLinks: Fix blur issues. #19883, @aocenas
* Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson
* LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen
* LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson
* Singlestat: Fix no data / null value mapping . #19951, @ryantxu
- Revert the spec file and make script
- Remove PhantomJS dependency
- Update to 6.4.3
* Bug Fixes
- Alerting: All notification channels should send even if one fails to send. #19807, @jan25
- AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas
- ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal
- DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop
- DataLinks: Fix url field not releasing focus. #19804, @aocenas
- Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas
- Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark
- Singlestat: Fixed issue with mapping null to text. #19689, @torkelo
- @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop
- @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang
- Update to 6.4.2
* Bug Fixes
- CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron
- Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark
- Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo
- Graph: Switching to series mode should re-render graph. #19623, @torkelo
- Loki: Fix autocomplete on label values. #19579, @aocenas
- Loki: Removes live option for logs panel. #19533, @davkal
- Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha
- Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark
- sted keys in YAML provisioning caused a server crash, #19547
- ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise)
- Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise).
- Changes from 6.4.0
* Features / Enhancements
- Build: Upgrade go to 1.12.10. #19499, @marefr
- DataLinks: Suggestions menu improvements. #19396, @dprokop
- Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova
- Explore: Update broken link to logql docs. #19510, @ivanahuckova
- Logs: Adds Logs Panel as a visualization. #19504, @davkal
* Bug Fixes
- CLI: Fix version selection for plugin install. #19498, @aocenas
- Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo
- Changes from 6.4.0 Beta 2
* Features / Enhancements
- Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker
- Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr
- Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo
- grafana/toolkit: Add plugin creation task. #19207, @dprokop
* Bug Fixes
- Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark
- Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm
- Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz
- Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu
- MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr
- Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh
- MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr
- MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr
- MySQL: Limit datasource error details returned from the backend. #19373, @marefr
- Changes from 6.4.0 Beta 1
* Features / Enhancements
- API: Readonly datasources should not be created via the API. #19006, @papagian
- Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar
- Annotations: Add annotations support to Loki. #18949, @aocenas
- Annotations: Use a single row to represent a region. #17673, @ryantxu
- Auth: Allow inviting existing users when login form is disabled. #19048, @548017
- Azure Monitor: Add support for cross resource queries. #19115, @sunker
- CLI: Allow installing custom binary plugins. #17551, @aocenas
- Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark
- Dashboard: Reuse query results between panels . #16660, @ryantxu
- Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod
- DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu
- DataLinks: Enable access to labels & field names. #18918, @torkelo
- DataLinks: Enable multiple data links per panel. #18434, @dprokop
- Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech
- Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery
- Explore: Add throttling when doing live queries. #19085, @aocenas
- Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney
- Explore: Reduce default time range to last hour. #18212, @davkal
- Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu
- Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal
- Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian
- InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code
- LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh
- Ldap: Add ldap debug page. #18759, @peterholmberg
- Loki: Remove prefetching of default label values. #18213, @davkal
- Metrics: Add failed alert notifications metric. #18089, @koorgoo
- OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon
- OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin
- Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh
- Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati
- Plugins: better warning when plugins fail to load. #18671, @ryantxu
- Postgres: Add support for scram sha 256 authentication. #18397, @nonamef
- RemoteCache: Support SSL with Redis. #18511, @kylebrandt
- SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu
- Stackdriver: Add extra alignment period options. #18909, @sunker
- Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon
- Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar
* Bug Fixes
- Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian
- Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt
- Alerting: fix response popover prompt when add notification channels. #18967, @lzdw
- CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger
- Explore: Fix auto completion on label values for Loki. #18988, @aocenas
- Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark
- Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark
- MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold
- MSSQL: Fix memory leak when debug enabled. #19049, @briangann
- Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt
- TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark
* Breaking changes
+ Annotations
There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented
using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details.
+ Docker
Grafana is now using Alpine 3.10 as docker base image.
+ HTTP API
- GET /api/alert-notifications now requires at least editor access.
New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user.
- GET /api/alert-notifiers now requires at least editor access
- GET /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
- GET /api/annotations no longer returns regionId property.
- POST /api/annotations no longer supports isRegion property.
- PUT /api/annotations/:id no longer supports isRegion property.
- PATCH /api/annotations/:id no longer supports isRegion property.
- DELETE /api/annotations/region/:id has been removed.
* Deprecation notes
+ PhantomJS
- PhantomJS, which is used for rendering images of dashboards and panels,
is deprecated and will be removed in a future Grafana release.
A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use.
Please consider migrating from PhantomJS to the Grafana Image Renderer plugin.
- Changes from 6.3.6
* Features / Enhancements
- Metrics: Adds setting for turning off total stats metrics. #19142, @marefr
* Bug Fixes
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney
- Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors.
- Add missing directories provisioning/datasources and provisioning/notifiers
and sample.yaml as described in packaging/rpm/control from upstream.
Missing directories are shown in logfiles.
- Version 6.3.5
* Upgrades
+ Build: Upgrade to go 1.12.9.
* Bug Fixes
+ Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties.
+ Editor: Fixes issue where only entire lines were being copied.
+ Explore: Fixes query field layout in splitted view for Safari browsers.
+ LDAP: multildap + ldap integration.
+ Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds.
+ Prometheus: Prevents panel editor crash when switching to Prometheus datasource.
+ Prometheus: Changes brace-insertion behavior to be less annoying.
- Version 6.3.4
* Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use.
- Version 6.3.3
* Bug Fixes
+ Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1
+ Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3
+ DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1
+ DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1
+ DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1
+ Explore: Fix loading error for empty queries. #18488 1, @davkal
+ Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2
+ Graphite: Avoid glob of single-value array variables . #18420, @gotjosh
+ Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3
+ Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2
+ TimeSeries: Assume values are all numbers. #18540 4, @ryantxu
- Version 6.3.2
* Bug Fixes
+ Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12
- Version 6.3.1
* Bug Fixes
+ PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2
- Version 6.3.0
* Features / Enhancements
+ OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3
+ Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh
+ Build grafana images consistently. #18224 12, @hassanfarid
+ Docs: SAML. #18069 11, @gotjosh
+ Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas
+ TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2
+ Alerting: Add tags to alert rules. #10989 13, @Thib17 1
+ Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng
+ Alerting: Improve alert rule testing. #16286 2, @marefr
+ Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25
+ Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1
+ Auth: Allow expiration of API keys. #17678, @papagian 3
+ Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1
+ Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1
+ AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1
+ CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu
+ Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu
+ Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax
+ Data links. #17267 11, @torkelo 2
+ Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1
+ Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr
+ Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3
+ Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2
+ Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2
+ Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2
+ Explore: Allow switching between metrics and logs . #16959 2, @marefr
+ Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3
+ Explore: Display log lines context . #17097, @dprokop 1
+ Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr
+ Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2
+ Explore: Support for new LogQL filtering syntax. #16674 4, @davkal
+ Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3
+ Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1
+ Graph: Added new fill gradient option. #17528 3, @torkelo 2
+ GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1
+ InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3
+ Logging: Login and Logout actions (#17760). #17883 1, @ATTron
+ Logging: Move log package to pkg/infra. #17023, @zhulongcheng
+ Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1
+ MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd
+ MySQL: Add support for periodically reloading client certs. #14892, @tpetr
+ Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu
+ Prometheus: Take timezone into account for step alignment. #17477, @fxmiii
+ Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246
+ Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA
+ Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis
+ Refresh picker: Handle empty intervals. #17585 1, @dehrax
+ Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr
+ Snapshot: use given key and deleteKey. #16876, @zhulongcheng
+ Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev
+ Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad
+ Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway
+ Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin
* Bug Fixes
+ PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax
+ OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3
+ cli: fix for recognizing when in dev mode… #18334, @xlson
+ DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2
+ Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2
+ PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson
+ TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2
+ Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2
+ remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke
+ AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax
+ CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr
+ Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr
+ Explore: Fix browsing back to dashboard panel. #17061, @jschill
+ Explore: Fix filter by series level in logs graph. #17798, @marefr
+ Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr
+ Explore: Fix selection/copy of log lines. #17121, @marefr
+ Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas
+ Frontend: Fix for Json tree component not working. #17608, @srid12
+ Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2
+ Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2
+ Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3
+ HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25
+ InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki
+ Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess
+ Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi
+ SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri
- Make phantomjs dependency configurable
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
mgr-cfg:
- Remove commented code in test files
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Add mgr manpage links
mgr-custom-info:
- Bump version to 4.1.0 (bsc#1154940)
mgr-daemon:
- Bump version to 4.1.0 (bsc#1154940)
- Fix systemd timer configuration on SLE12 (bsc#1142038)
mgr-osad:
- Separate osa-dispatcher and jabberd so it can be disabled independently
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Move /usr/share/rhn/config-defaults to uyuni-base-common
- Require uyuni-base-common for /etc/rhn (for osa-dispatcher)
- Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-push:
- Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
mgr-virtualization:
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Fix mgr-virtualization timer
rhnlib:
- Fix building
- Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)
- Bump version to 4.1.0 (bsc#1154940)
- Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)
spacecmd:
- Only report real error, not result (bsc#1171687)
- Use defined return values for spacecmd methods so scripts can
check for failure (bsc#1171687)
- Disable globbing for api subcommand to allow wildcards in filter
settings (bsc#1163871)
- Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
- Bump version to 4.1.0 (bsc#1154940)
- Prevent error when piping stdout in Python 2 (bsc#1153090)
- Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277)
- Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
- Add unit test for schedule, errata, user, utils, misc, configchannel
and kickstart modules
- Multiple minor bugfixes alongside the unit tests
- Bugfix: referenced variable before assignment.
- Add unit test for report, package, org, repo and group
spacewalk-client-tools:
- Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921)
- Spell correctly 'successful' and 'successfully'
- Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)
- Replace spacewalk-usix with uyuni-common-libs
- Return a non-zero exit status on errors in rhn_check
- Bump version to 4.1.0 (bsc#1154940)
- Make a explicit requirement to systemd for spacewalk-client-tools
when rhnsd timer is installed
spacewalk-koan:
- Bump version to 4.1.0 (bsc#1154940)
- Require commands we use in merge-rd.sh
spacewalk-oscap:
- Bump version to 4.1.0 (bsc#1154940)
spacewalk-remote-utils:
- Update spacewalk-create-channel with RHEL 7.7 channel definitions
- Bump version to 4.1.0 (bsc#1154940)
supportutils-plugin-susemanager-client:
- Bump version to 4.1.0 (bsc#1154940)
suseRegisterInfo:
- SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310)
- Bump version to 4.1.0 (bsc#1154940)
zypp-plugin-spacewalk:
- Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462)
ModerateSUSE bug 1113160SUSE bug 1134195SUSE bug 1138822SUSE bug 1141661SUSE bug 1142038SUSE bug 1143913SUSE bug 1148177SUSE bug 1153090SUSE bug 1153277SUSE bug 1154940SUSE bug 1154968SUSE bug 1155372SUSE bug 1163871SUSE bug 1165921SUSE bug 1168310SUSE bug 1170231SUSE bug 1170557SUSE bug 1171687SUSE bug 1172462CVE-2019-10215 at SUSECVE-2019-10215 at NVDCVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2020-12245 at SUSECVE-2020-12245 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xrdp (Important)SUSE OpenStack Cloud 9
This update for xrdp fixes the following issues:
- Security fixes (bsc#1173580, CVE-2020-4044):
+ Add patches:
* xrdp-cve-2020-4044-fix-0.patch
* xrdp-cve-2020-4044-fix-1.patch
+ Rebase SLE patch:
* xrdp-fate318398-change-expired-password.patch
- Update patch:
+ xrdp-Allow-sessions-with-32-bpp.patch.patch
ImportantSUSE bug 1173580CVE-2020-4044 at SUSECVE-2020-4044 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
ImportantSUSE bug 1174117SUSE bug 1174121CVE-2020-13934 at SUSECVE-2020-13934 at NVDCVE-2020-13935 at SUSECVE-2020-13935 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mailman (Important)SUSE OpenStack Cloud 9
This update for mailman fixes the following issues:
- CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369).
ImportantSUSE bug 1173369CVE-2020-15011 at SUSECVE-2020-15011 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Moderate)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160).
ModerateSUSE bug 1173160CVE-2020-10745 at SUSECVE-2020-10745 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.3 (bsc#1173998):
+ Enable kinetic scrolling with async scrolling.
+ Fix web process hangs on large GitHub pages.
+ Bubblewrap sandbox should not attempt to bind empty paths.
+ Fix threading issues in the media player.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805,
CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,
CVE-2020-13753.
ImportantSUSE bug 1173998CVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9806 at SUSECVE-2020-9806 at NVDCVE-2020-9807 at SUSECVE-2020-9807 at NVDCVE-2020-9843 at SUSECVE-2020-9843 at NVDCVE-2020-9850 at SUSECVE-2020-9850 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for grub2 (Important)SUSE OpenStack Cloud 9
This update for grub2 fixes the following issues:
- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
(bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)
- Use overflow checking primitives where the arithmetic expression for buffer
allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur
- Use gcc-9 compiler for overflow check builtins
- Backport gcc-9 build fixes
ImportantSUSE bug 1168994SUSE bug 1173812SUSE bug 1174463SUSE bug 1174570CVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ghostscript (Important)SUSE OpenStack Cloud 9
This update for ghostscript fixes the following issues:
- fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout)
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
(bsc#1174415)
ImportantSUSE bug 1174415CVE-2020-15900 at SUSECVE-2020-15900 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Moderate)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.1.0 ESR
* Fixed: Various stability, functionality, and security fixes (bsc#1174538)
* CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514: WebRTC data channel leaks internal address to peer
* CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653: Bypassing iframe sandbox when allowing popups
* CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656: Type confusion for special arguments in IonMonkey
* CVE-2020-15658: Overriding file type when saving to disk
* CVE-2020-15657: DLL hijacking due to incorrect loading path
* CVE-2020-15654: Custom cursor can overlay user interface
* CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
ModerateSUSE bug 1173948SUSE bug 1174538CVE-2020-15652 at SUSECVE-2020-15652 at NVDCVE-2020-15653 at SUSECVE-2020-15653 at NVDCVE-2020-15654 at SUSECVE-2020-15654 at NVDCVE-2020-15655 at SUSECVE-2020-15655 at NVDCVE-2020-15656 at SUSECVE-2020-15656 at NVDCVE-2020-15657 at SUSECVE-2020-15657 at NVDCVE-2020-15658 at SUSECVE-2020-15658 at NVDCVE-2020-15659 at SUSECVE-2020-15659 at NVDCVE-2020-6463 at SUSECVE-2020-6463 at NVDCVE-2020-6514 at SUSECVE-2020-6514 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libX11 (Important)SUSE OpenStack Cloud 9
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628)
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
- CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
- CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
- CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
- CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).
- CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).
- CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
- CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
- CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
- CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
- CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783).
- CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781).
- CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
- CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775).
- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458).
The following non-security bugs were fixed:
- ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510).
- ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
- bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
- block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
- block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673).
- block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
- block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)).
- btrfs: always wait on ordered extents at fsync time (bsc#1171761).
- btrfs: clean up the left over logged_list usage (bsc#1171761).
- btrfs: do not zero f_bavail if we have available space (bsc#1168081).
- btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
- btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761).
- btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761).
- btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761).
- btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
- btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761).
- btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761).
- btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
- btrfs: remove no longer used logged range variables when logging extents (bsc#1171761).
- btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761).
- btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
- btrfs: remove the logged extents infrastructure (bsc#1171761).
- btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761).
- btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
- CDC-ACM: heed quirk also in error handling (git-fixes).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016).
- clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
- clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
- clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)).
- compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)).
- copy_{to,from}_user(): consolidate object size checks (git fixes).
- crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes).
- dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)).
- dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)).
- dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)).
- dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)).
- dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)).
- dm: various cleanups to md->queue initialization code (git fixes).
- dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)).
- dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)).
- Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618).
- drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510).
- drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes
- drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
- drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes
- drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472)
- drm/radeon: fix double free (bsc#1152472)
- drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
- e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
- e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510).
- EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
- evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
- evm: Fix a small race in init_desc() (bsc#1051510).
- extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510).
- gpiolib: Document that GPIO line names are not globally unique (bsc#1051510).
- HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
- ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
- ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
- ibmvnic: Flush existing work items before device removal (bsc#1065729).
- ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
- iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510).
- iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
- ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510).
- ima: Fix ima digest hash table key calculation (bsc#1051510).
- include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868).
- intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
- KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279).
- kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
- KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904).
- KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
- libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
- livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
- livepatch: Disallow vmlinux.ko (bsc#1071995).
- livepatch: Make klp_apply_object_relocs static (bsc#1071995).
- livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
- livepatch: Remove .klp.arch (bsc#1071995).
- md: Avoid namespace collision with bitmap API (git fixes (block drivers)).
- md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)).
- mmc: fix compilation of user API (bsc#1051510).
- netfilter: connlabels: prefer static lock initialiser (git-fixes).
- netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
- netfilter: not mark a spinlock as __read_mostly (git-fixes).
- net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484).
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592).
- NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
- nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058).
- nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058).
- objtool: Clean instruction state before each function validation (bsc#1169514).
- objtool: Ignore empty alternatives (bsc#1169514).
- overflow: Fix -Wtype-limits compilation warnings (git fixes).
- overflow.h: Add arithmetic shift helper (git fixes).
- p54usb: add AirVasT USB stick device-id (bsc#1051510).
- PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
- PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510).
- PCI: Program MPS for RCiEP devices (bsc#1051510).
- PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510).
- perf: Allocate context task_ctx_data for child event (git-fixes).
- perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
- perf: Copy parent's address filter offsets on clone (git-fixes).
- perf/core: Add sanity check to deal with pinned event failure (git-fixes).
- perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
- perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
- perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
- perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
- perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
- perf/core: Fix error handling in perf_event_alloc() (git-fixes).
- perf/core: Fix exclusive events' grouping (git-fixes).
- perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
- perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
- perf/core: Fix locking for children siblings group read (git-fixes).
- perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)).
- perf/core: Fix perf_event_read_value() locking (git-fixes).
- perf/core: Fix perf_pmu_unregister() locking (git-fixes).
- perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)).
- perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
- perf/core: Fix race between close() and fork() (git-fixes).
- perf/core: Fix the address filtering fix (git-fixes).
- perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
- perf/core: Force USER_DS when recording user stack data (git-fixes).
- perf/core: Restore mmap record type correctly (git-fixes).
- perf: Fix header.size for namespace events (git-fixes).
- perf/ioctl: Add check for the sample_period value (git-fixes).
- perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes).
- perf: Return proper values for user stack errors (git-fixes).
- perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
- perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes).
- perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
- perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes).
- perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes).
- perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable).
- perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
- perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable).
- perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
- perf/x86: Fix incorrect PEBS_REGS (git-fixes).
- perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes).
- perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes).
- perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
- perf/x86/intel: Fix PT PMI handling (git-fixes).
- perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes).
- perf/x86/intel/uncore: Add Node ID mask (git-fixes).
- perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
- perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)).
- perf/x86/uncore: Fix event group support (git-fixes).
- pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)).
- pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510).
- pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510).
- pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510).
- pnp: Use list_for_each_entry() instead of open coding (git fixes).
- powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
- powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729).
- powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
- power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510).
- power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510).
- power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
- raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)).
- resolve KABI warning for perf-pt-coresight (git-fixes).
- Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)).
- Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)).
- Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove'
- rpm/kernel-docs.spec.in: Require python-packaging for build.
- s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
- s390: fix syscall_get_error for compat processes (git-fixes).
- s390/qdio: consistently restore the IRQ handler (git-fixes).
- s390/qdio: lock device while installing IRQ handler (git-fixes).
- s390/qdio: put thinint indicator after early error (git-fixes).
- s390/qdio: tear down thinint indicator after early error (git-fixes).
- s390/qeth: fix error handling for isolation mode cmds (git-fixes).
- scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814).
- scsi: qedf: Add port_id getter (bsc#1150660).
- scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).
- spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510).
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
- staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
- SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624).
- tracing: Fix event trigger to accept redundant spaces (git-fixes).
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
- tty: n_gsm: Fix SOF skipping (bsc#1051510).
- tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510).
- usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510).
- usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510).
- usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510).
- usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510).
- usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
- usb: musb: start session in resume for host port (bsc#1051510).
- usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
- usb: serial: qcserial: add DW5816e QDL support (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes).
- virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)).
- vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
- vmxnet3: add support to get/set rx flow hash (bsc#1172484).
- vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
- vmxnet3: avoid format strint overflow warning (bsc#1172484).
- vmxnet3: prepare for version 4 changes (bsc#1172484).
- vmxnet3: Remove always false conditional statement (bsc#1172484).
- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484).
- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
- vmxnet3: update to version 4 (bsc#1172484).
- vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484).
- w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510).
- work around mvfs bug (bsc#1162063).
- x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
- x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes).
- x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
- x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
- xfrm: fix error in comment (git fixes).
ImportantSUSE bug 1051510SUSE bug 1065729SUSE bug 1071995SUSE bug 1085030SUSE bug 1104967SUSE bug 1114279SUSE bug 1144333SUSE bug 1148868SUSE bug 1150660SUSE bug 1152107SUSE bug 1152472SUSE bug 1152624SUSE bug 1158983SUSE bug 1159058SUSE bug 1161016SUSE bug 1162002SUSE bug 1162063SUSE bug 1168081SUSE bug 1169194SUSE bug 1169514SUSE bug 1169795SUSE bug 1170011SUSE bug 1170592SUSE bug 1170618SUSE bug 1171124SUSE bug 1171424SUSE bug 1171558SUSE bug 1171673SUSE bug 1171732SUSE bug 1171761SUSE bug 1171868SUSE bug 1171904SUSE bug 1172257SUSE bug 1172344SUSE bug 1172458SUSE bug 1172484SUSE bug 1172759SUSE bug 1172775SUSE bug 1172781SUSE bug 1172782SUSE bug 1172783SUSE bug 1172999SUSE bug 1173265SUSE bug 1173280SUSE bug 1173428SUSE bug 1173462SUSE bug 1173514SUSE bug 1173567SUSE bug 1173573SUSE bug 1174115SUSE bug 1174462SUSE bug 1174543CVE-2019-16746 at SUSECVE-2019-16746 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20908 at SUSECVE-2019-20908 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10769 at SUSECVE-2020-10769 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- bsc#1174543 - secure boot related fixes
- bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages
ImportantSUSE bug 1163019SUSE bug 1174543CVE-2020-8608 at SUSECVE-2020-8608 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-ipaddress (Important)SUSE OpenStack Cloud 9
This update for python-ipaddress fixes the following issues:
- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing
CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions
in IPv4Interface and IPv6Interface could lead to DOS.
ImportantSUSE bug 1173274CVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma (Moderate)SUSE OpenStack Cloud 9
This update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma fixes the following issues:
Security fixes included in this update:
ansible1:
- CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503).
grafana:
- CVE-2020-13379: Fixed an incorrect access control issue which could
lead to information leaks or denial of service (bsc#1172409).
- CVE-2020-12052: Fixed an cross site scripting vulnerability related to
the annotation popup (bsc#1170657).
kibana:
- CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909).
python-Django1 to 1.11.29:
- CVE-2020-13254: Fixed a data leakage via malformed memcached keys
(bsc#1172167).
- CVE-2020-13596: Fixed a cross site scripting vulnerability related to
the admin parameters of the ForeignKeyRawIdWidget (bsc#1172166).
- CVE-2020-7471: Fixed a SQL injection via StringAgg delimiter
(bsc#1161919).
- CVE-2020-9402: Fixed a SQL injection via tolerance parameter in GIS
functions and aggregates (bsc#1165022).
- CVE-2019-19844: Fixed a potential account hijack via password reset
form (bsc#1159447).
python-Pillow:
- CVE-2020-10177: Fixed multiple out-of-bounds reads in
libImaging/FliDecode.c (bsc#1173413).
- CVE-2020-11538: Fixed multiple out-of-bounds reads via a crafted JP2
files (bsc#1173420).
- CVE-2020-10994: Fixed multiple out-of-bounds reads via a crafted JP2
files (bsc#1173418).
- CVE-2020-10378: Fixed an out-of-bounds read when reading PCX files
(bsc#1173416).
- CVE-2019-16865: Fixed a denial of service with specially crafted
image files (bsc#1153191).
- CVE-2020-5311: Fixed an SGI buffer overflow (bsc#1160151).
- CVE-2020-5312: Fixed a buffer overflow in the PCX P mode (bsc#1160152).
- CVE-2020-5313: Fixed a buffer overflow related to FLI (bsc#1160153).
- CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py
(bsc#1160192).
python-waitress to version 1.4.3:
- CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF
handling (bsc#1161088).
- CVE-2019-16786: Fixed HTTP request smuggling through invalid
Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: Fixed HTTP Request Smuggling through invalid
whitespace characters (bsc#1160790).
- CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length
header handling (bsc#1161670).
rubygem-activeresource:
- CVE-2020-8151: Fixed possible information disclosure through specially
crafted requests (bsc#1171560).
Non security fixes:
Changes in ansible1.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add 0001-Disallow-use-of-remote-home-directories-containing-..patch
(bsc#1126503, CVE-2019-3828)
Changes in ardana-ansible.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1591138508.e269bdb:
* Use internal endpoint for upload image (SOC-11294)
- Update to version 9.0+git.1589740968.d339a28:
* Reconfigure rabbitmq user permissions on update (SOC-11082)
- Update to version 9.0+git.1588953276.b8b5512:
* Fix incorrect prefix used to collect supportconfig files (bsc#1171273)
Changes in ardana-cobbler.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1588181228.bae3b1f:
* Ensure distro_signatures.json gets updated if needed (SOC-11249)
Changes in ardana-glance.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1593631708.9354a78:
* Idempotent cirros image upload to glance (SOC-11342)
Changes in ardana-input-model.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1589740948.c24fc0b:
* Add default rabbitmq exchange write permissions (SOC-11082)
Changes in ardana-logging.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1591193994.d93b668:
* kibana: set x-frame-options header (bsc#1171909)
Changes in ardana-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1594158642.b5905e4:
* Ensure manila_upgrade_mode is initialised appropriately (SOC-11341)
- Update to version 9.0+git.1593516580.6c83767:
* Skip openstack-manila-share status check during upgrade (SOC-11341)
Changes in ardana-monasca.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1589385256.7fbfaaf:
* Fix stop start/stop logic (SOC-11209)
- Update to version 9.0+git.1588610558.98958f3:
* Fix monasca-thresh-wrapper status action (SOC-11209)
- Update to version 9.0+git.1588343155.0e67455:
* monasca-thresh restart and storm upgrade enhancements (SOC-11209)
Changes in ardana-mq.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1593618110.cbd1a37:
* Ensure epmd.service started/stopped independent of rabbitmq (SOC-6780)
- Update to version 9.0+git.1589715197.9196f62:
* Don't mirror reply queues (SOC-10317)
Changes in ardana-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1590756257.e09d54f:
* Update L3 rootwrap filters (SOC-11306)
Changes in ardana-octavia.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1590079609.a2ae6ab:
* fix octavia to glance communication over internal endpoint (SOC-11294)
Changes in ardana-tempest.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1593033709.9495bb2:
* load-balancer: set check timeout to 120 seconds (SOC-11330)
- Update to version 9.0+git.1593010160.cb417d7:
* Blacklist neutron test_snat_external_ip test (SOC-11279)
- Update to version 9.0+git.1592341936.3b5ad41:
* Remove blacklisted octavia test (SOC-11289)
- Update to version 9.0+git.1592239656.b18289a:
* Blacklist NetworkMigration tests (SOC-11279)
- Update to version 9.0+git.1590429931.4fa308a:
* Install only needed tempest pluguins (SOC-11297)
- Update to version 9.0+git.1590164310.9e7888e:
* Enable tempest shelve tests (SOC-9775)
- Update to version 9.0+git.1590151267.16bddd9:
* Add NetworkMigration tests back in neutron filter (SOC-11279)
- Update to version 9.0+git.1589460689.e3bd243:
* Enable test_delete_policies_while_tenant_attached_to_net test (SOC-9235)
- Update to version 9.0+git.1589206665.aedb17d:
* Blacklist some NetworkMigration tests (SOC-11279)
Changes in crowbar-core.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 6.0+git.1594619891.b75a61d0d:
* upgrade: Do not stop pacemaker managed apache service (SOC-11298)
- Update to version 6.0+git.1593156244.533c05c01:
* Ignore CVE-2020-8184 (SOC-11299)
- Update to version 6.0+git.1592589539.e0cbb8c8f:
* provisioner: allow tftp access from admin network only (bsc#1019111)
- Update to version 6.0+git.1590650924.e7548b2ac:
* Ignore latest ruby-related CVEs in the CI (SOC-11299)
- Update to version 6.0+git.1589803358.48ba3f4a6:
* provisioner: Fix ssh key validation (SOC-11126)
- Update to version 6.0+git.1588062060.de79301bf:
* upgrade: disable zypper process check temporarily (SOC-11203)
Changes in crowbar-openstack.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 6.0+git.1591795073.49cb6400e:
* kibana: set x-frame-options header (bsc#1171909, CVE-2020-10743)
- Update to version 6.0+git.1591104467.7de344556:
* Restore undeprecated nova dhcp_domain option (bsc#1171594)
- Update to version 6.0+git.1590579980.5258ac04a:
* tempest: Enable shelve tests when using RBD ephemeral (SOC-11176)
- Update to version 6.0+git.1589957131.fcfccecc1:
* galera: Make sure checks are executed without password (bsc#1136928)
- Update to version 6.0+git.1589573559.3bf36a7cd:
* rabbitmq: sync startup definitions.json with recipe (SOC-11077,SOC-11274)
- Update to version 6.0+git.1589544034.e52fd938a:
* trove: fix rabbitmq connection URL (SOC-11286)
- Update to version 6.0+git.1589389407.5a306c6d3:
* tempest: remove port_admin_state_change workaround (SOC-10029)
- Update to version 6.0+git.1588686448.3c0060ca7:
* Fix monasca libvirt ping checks (bsc#1107190)
- Update to version 6.0+git.1588259003.a4e938422:
* run keystone_register on cluster founder only when HA (SOC-11248)
* ceilometer: Post API removal cleanup (SOC-10124)
- Update to version 6.0+git.1588096476.79154bb30:
* nova: run keystone_register on cluster founder only (SOC-11243)
Changes in grafana.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add CVE-2020-13379.patch
* Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379)
- Add 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
* Security: Fix annotation popup XSS vulnerability
(bsc#1170657, CVE-2020-12052)
- Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#1148383)
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
Changes in kibana.SUSE_SLE-12-SP4_Update_Products_Cloud9:
- Add 0001-Configurable-custom-response-headers-for-server.patch
(bsc#1171909, CVE-2020-10743)
Changes in openstack-barbican.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop python-argparse buildrequires
Changes in openstack-ceilometer.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ceilometer-11.1.1.dev7:
* [stable-only] Add confluent-kafka to test-requirements
- Update to version ceilometer-11.1.1.dev6:
* Temporary failures should be treated as temporary
Changes in openstack-ceilometer.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ceilometer-11.1.1.dev7:
* [stable-only] Add confluent-kafka to test-requirements
- Update to version ceilometer-11.1.1.dev6:
* Temporary failures should be treated as temporary
Changes in openstack-cinder.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version cinder-13.0.10.dev12:
* Remove VxFlex OS credentials from connection\_properties
- Update to version cinder-13.0.10.dev11:
* [stable only] Add warning about rbd\_keyring\_conf
- Update to version cinder-13.0.10.dev10:
* VMAX Driver - Backport fix for Rocky and Queens
Changes in openstack-cinder.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop obsolete python-argparse buildrequires
- Update to version cinder-13.0.10.dev12:
* Remove VxFlex OS credentials from connection\_properties
- Update to version cinder-13.0.10.dev11:
* [stable only] Add warning about rbd\_keyring\_conf
- Update to version cinder-13.0.10.dev10:
* VMAX Driver - Backport fix for Rocky and Queens
Changes in openstack-dashboard.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version horizon-14.1.1.dev6:
* Fix tenant\_id for a new port
- Update to version horizon-14.1.1.dev5:
* Fix .zuul.yaml syntax errors
* Gate fix: use tempest-horizon 0.2.0 explicitly
* Authenticate before Authorization
Changes in openstack-designate.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version designate-7.0.2.dev2:
* Worker should send NOTIFY also to all servers in 'also\_notifies' pool settings
- Update to version designate-7.0.2.dev1:
* Pin stable/rocky tempest tests to 0.7.0 tag
7.0.1
Changes in openstack-designate.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version designate-7.0.2.dev2:
* Worker should send NOTIFY also to all servers in 'also\_notifies' pool settings
- Update to version designate-7.0.2.dev1:
* Pin stable/rocky tempest tests to 0.7.0 tag
7.0.1
Changes in openstack-heat-templates.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 0.0.0+git.1582270132.8a20477:
* Drop use of git.openstack.org
* Add example for running Zun container
* OpenDev Migration Patch
* Replace openstack.org git:// URLs with https://
* Add sample templates for Blazar
* Remove docs, deprecated hooks, tests
* Update the bugs link to storyboard
* Add an example of OS::Mistral::ExternalResource
Changes in openstack-ironic.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ironic-11.1.5.dev6:
* Fix issue where server fails to reboot
- Update to version ironic-11.1.5.dev4:
* Fix SpanLength calculation for DRAC RAID configuration
Changes in openstack-ironic.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ironic-11.1.5.dev6:
* Fix issue where server fails to reboot
- Update to version ironic-11.1.5.dev4:
* Fix SpanLength calculation for DRAC RAID configuration
Changes in openstack-keystone.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version keystone-14.2.1.dev4:
* Fix security issues with EC2 credentials
* Ensure OAuth1 authorized roles are respected
- Update to version keystone-14.2.1.dev2:
* Check timestamp of signed EC2 token request
- Update to version keystone-14.2.1.dev1:
* Add cadf auditing to credentials
14.2.0
Changes in openstack-keystone.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Remove patches (merged upstream)
* 0002-Check-timestamp-of-signed-EC2-token-request.patch
* 0002-Ensure-OAuth1-authorized-roles-are-respected.patch
* 0002-Fix-security-issues-with-EC2-credentials.patch
- Update to version keystone-14.2.1.dev4:
* Fix security issues with EC2 credentials
* Ensure OAuth1 authorized roles are respected
- Update to version keystone-14.2.1.dev2:
* Check timestamp of signed EC2 token request
- Add security patches (bsc#1171070, bsc#1171071, bsc#1171072):
* 0002-Check-timestamp-of-signed-EC2-token-request.patch
* 0002-Ensure-OAuth1-authorized-roles-are-respected.patch
* 0002-Fix-security-issues-with-EC2-credentials.patch
- Update to version keystone-14.2.1.dev1:
* Add cadf auditing to credentials
14.2.0
Changes in openstack-magnum.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop obsolete python-argparse buildrequires
Changes in openstack-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version manila-7.4.2.dev31:
* [Unity]: Failed to delete cifs share if wrong access set
- Update to version manila-7.4.2.dev29:
* [devstack][ci] Move bgp setup to plugin
- Update to version manila-7.4.2.dev27:
* [devstack][ci] Modify firewall in ds-plugin
- Update to version manila-7.4.2.dev25:
* [devstack][ci] Set public network ID in tempest.conf
* Make manila-tempest-plugin installation optional
- Update to version manila-7.4.2.dev21:
* fix bug in consume from share
- Update to version manila-7.4.2.dev19:
* Conditionally restore default route in setup\_ipv6
- Update to version manila-7.4.2.dev18:
* [NetApp] Fix driver to honor standard extra specs
* [NetApp] cDOT to set valid QoS during migration
- Update to version manila-7.4.2.dev14:
* Remove provisioned calculation on non thin provision backends
- Update to version manila-7.4.2.dev12:
* [NetApp] Fix share replica failing for 'transfer in progress' error
* [NetApp] Fix share shrink error status
* Delete type access list when deleting types
* fix bug in quota checking
* Prevent share type deletion if linked to group types
Changes in openstack-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop obsolete python-argparse buildrequires
- Update to version manila-7.4.2.dev31:
* [Unity]: Failed to delete cifs share if wrong access set
- Update to version manila-7.4.2.dev29:
* [devstack][ci] Move bgp setup to plugin
- Update to version manila-7.4.2.dev27:
* [devstack][ci] Modify firewall in ds-plugin
- Update to version manila-7.4.2.dev25:
* [devstack][ci] Set public network ID in tempest.conf
* Make manila-tempest-plugin installation optional
- Update to version manila-7.4.2.dev21:
* fix bug in consume from share
- Update to version manila-7.4.2.dev19:
* Conditionally restore default route in setup\_ipv6
- Update to version manila-7.4.2.dev18:
* [NetApp] Fix driver to honor standard extra specs
* [NetApp] cDOT to set valid QoS during migration
- Update to version manila-7.4.2.dev14:
* Remove provisioned calculation on non thin provision backends
- Update to version manila-7.4.2.dev12:
* [NetApp] Fix share replica failing for 'transfer in progress' error
* [NetApp] Fix share shrink error status
* Delete type access list when deleting types
* fix bug in quota checking
* Prevent share type deletion if linked to group types
Changes in openstack-monasca-agent.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to version 2.8.2~dev5
- Fix libvirt ping_checks documentation
- update to version 2.8.2~dev3
- Add debug output for libvirt ping checks
- Lockdown /bin/ip permissions for the monasca-agent (bsc#1107190)
- add addtional arguments to /bin/ip in sudoers
- Fix missing sudo privleges (bsc#1107190)
- add /bin/ip and /usr/bin/ovs-vsctl to monasca-agent sudoers
- update to version 2.8.2~dev2
- Remove incorrect assignment of ping_cmd to 'True'
- Do not copy /sbin/ip to /usr/bin/monasa-agent-ip
Changes in openstack-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version neutron-13.0.8.dev68:
* [DVR] Related routers should be included if are requested
- Update to version neutron-13.0.8.dev67:
* [EM releases] Move non-voting jobs to the experimental queue
* [OVS] Make QoS OVS agent deletion operations more resilient
* Add 'igmp\_snooping\_enable' config option for OVS agent
- Update to version neutron-13.0.8.dev61:
* Unnecessary routers should not be created
* Ensure that stale flows are cleaned from phys\_bridges
* Do not block connection between br-int and br-phys on startup
* Improve log message when port losts its vlan tag
* [DVR] Reconfigure re-created physical bridges for dvr routers
- Update to version neutron-13.0.8.dev52:
* Fix rocky gates, multiple fixes
- Update to version neutron-13.0.8.dev51:
* Dynamically increase l3 router process queue green pool size
- Update to version neutron-13.0.8.dev49:
* Allow usage of legacy 3rd-party interface drivers
- Update to version neutron-13.0.8.dev47:
* Router synch shouldn't return unrelated routers
- Update to version neutron-13.0.8.dev45:
* Only notify nova of port status changes if configured
- Update to version neutron-13.0.8.dev44:
* Add Rocky milestone tag for alembic migration revisions
- Update to version neutron-13.0.8.dev42:
* Cap pycodestyle to be < 2.6.0
* Report L3 extensions enabled in the L3 agent's config
- Update to version neutron-13.0.8.dev39:
* Adding LOG statements to debug 1838449
- Update to version neutron-13.0.8.dev38:
* Improve VLAN allocations synchronization
* [L3 HA] Add 'no\_track' option to VIPs in keepalived config
* Change ovs-agent iteration log level to INFO
* Refactor the L3 agent batch notifier
* Do not link up HA router gateway in backup node
Changes in openstack-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version neutron-13.0.8.dev68:
* [DVR] Related routers should be included if are requested
- Add 0001-Revert-Do-not-block-connection-between-br-int-and-br.patch (LP#1887148)
- Update to version neutron-13.0.8.dev67:
* [EM releases] Move non-voting jobs to the experimental queue
* [OVS] Make QoS OVS agent deletion operations more resilient
* Add 'igmp\_snooping\_enable' config option for OVS agent
- Update to version neutron-13.0.8.dev61:
* Unnecessary routers should not be created
* Ensure that stale flows are cleaned from phys\_bridges
* Do not block connection between br-int and br-phys on startup
* Improve log message when port losts its vlan tag
* [DVR] Reconfigure re-created physical bridges for dvr routers
- Update to version neutron-13.0.8.dev52:
* Fix rocky gates, multiple fixes
- Update to version neutron-13.0.8.dev51:
* Dynamically increase l3 router process queue green pool size
- Update to version neutron-13.0.8.dev49:
* Allow usage of legacy 3rd-party interface drivers
- Update to version neutron-13.0.8.dev47:
* Router synch shouldn't return unrelated routers
- Update to version neutron-13.0.8.dev45:
* Only notify nova of port status changes if configured
- Update to version neutron-13.0.8.dev44:
* Add Rocky milestone tag for alembic migration revisions
- Update to version neutron-13.0.8.dev42:
* Cap pycodestyle to be < 2.6.0
* Report L3 extensions enabled in the L3 agent's config
- Update to version neutron-13.0.8.dev39:
* Adding LOG statements to debug 1838449
- Update to version neutron-13.0.8.dev38:
* Improve VLAN allocations synchronization
* [L3 HA] Add 'no\_track' option to VIPs in keepalived config
* Change ovs-agent iteration log level to INFO
* Refactor the L3 agent batch notifier
* Do not link up HA router gateway in backup node
Changes in openstack-neutron-vsphere.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- The networking-vsphere repo got moved from github to opendev.org.
We no longer able to automatically generate changelogs from
opendev.org as it doesn't provide the same API as github.
We'll need to manually update it from now on.
- update to version 2.0.1~dev167
- Making networking-vsphere run under Python3
- OVSvApp Security Group Changes
Changes in openstack-nova.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version nova-18.3.1.dev38:
* libvirt: Don't delete disks on shared storage during evacuate
* Add functional test for bug 1550919
- Update to version nova-18.3.1.dev36:
* Fix os\_CODENAME detection and repo refresh during ceph tests
- Update to version nova-18.3.1.dev35:
* Update scheduler instance info at confirm resize
- Update to version nova-18.3.1.dev33:
* Reproduce bug 1869050
- Update to version nova-18.3.1.dev31:
* Revert 'nova shared storage: rbd is always shared storage'
- Update to version nova-18.3.1.dev29:
* Clean up allocation if unshelve fails due to neutron
* Reset the cell cache for database access in Service
* Reproduce bug 1862633
* Make RBD imagebackend flatten method idempotent
- Update to version nova-18.3.1.dev21:
* Add config option for neutron client retries
- Update to version nova-18.3.1.dev19:
* Add retry to cinder API calls related to volume detach
- Update to version nova-18.3.1.dev18:
* Lowercase ironic driver hash ring and ignore case in cache
Changes in openstack-nova.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version nova-18.3.1.dev38:
* libvirt: Don't delete disks on shared storage during evacuate
* Add functional test for bug 1550919
- Update to version nova-18.3.1.dev36:
* Fix os\_CODENAME detection and repo refresh during ceph tests
- Update to version nova-18.3.1.dev35:
* Update scheduler instance info at confirm resize
- Update to version nova-18.3.1.dev33:
* Reproduce bug 1869050
- Update to version nova-18.3.1.dev31:
* Revert 'nova shared storage: rbd is always shared storage'
- Update to version nova-18.3.1.dev29:
* Clean up allocation if unshelve fails due to neutron
* Reset the cell cache for database access in Service
* Reproduce bug 1862633
* Make RBD imagebackend flatten method idempotent
- Update to version nova-18.3.1.dev21:
* Add config option for neutron client retries
- Update to version nova-18.3.1.dev19:
* Add retry to cinder API calls related to volume detach
- Update to version nova-18.3.1.dev18:
* Lowercase ironic driver hash ring and ignore case in cache
Changes in openstack-octavia.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update patch for SUSE distro support
* Fix osutils.py to handle secondary interfaces (SOC-11289)
* Add 020-amphora-logging.conf for configuring log targets
- Update to version octavia-3.2.3.dev7:
* Fix the amphora noop driver
* Validate resource access when creating loadbalancer or member
- Update to version octavia-3.2.3.dev3:
* Fix Rocky v2 scenario and grenade jobs
Changes in openstack-octavia-amphora-image.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update image to 0.1.4 to include latest changes
Changes in openstack-resource-agents.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 1.0+git.1569436425.8b9c49f:
* Add a configurable delay to Nova Evacuate calls
* OpenDev Migration Patch
* NovaEvacuate: fix a syntax error
* NovaEvacuate: Support the new split-out IHA fence agents with backwards compatibility
* NovaEvacuate: Correctly handle stopped hypervisors
* neutron-ha-tool: do not replicate dhcp
* NovaCompute: Support parsing host option from /etc/nova/nova.conf.d
* NovaCompute: Use variable to avoid calling crudini a second time
* NovaEvacuate: Allow debug logging to be turned on easily
Changes in python-Django1.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
* Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
* Pinned PyYAML < 5.3 in test requirements.
* Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
* Fixed timezones tests for PyYAML 5.3+.
* Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
* Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
* Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
* Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596)
* Added patch CVE-2020-13254.patch
* Added patch CVE-2020-13596.patch
Changes in python-Pillow.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add 010-Fix-OOB-reads-in-FLI-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10177, bsc#1173413
- Add 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch
* From upstream, backported
* Fixes CVE-2020-11538, bsc#1173420
- Add 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10994, bsc#1173418
- Add 013-Fix-bounds-overflow-in-PCX-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10378, bsc#1173416
- Remove decompression_bomb.gif and relevant test case to avoid
ClamAV scan alerts during build
- Add 001-Corrected-negative-seeks.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 002-Added-decompression-bomb-checks.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 003-Raise-error-if-dimension-is-a-string.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 004-Catch-buffer-overruns.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 005-Catch-PCX-P-mode-buffer-overrun.patch
* From upstream, backported
* Fixes CVE-2020-5312, bsc#1160152
- Add 006-Catch-SGI-buffer-overruns.patch
* From upstream, backported
* Fixes CVE-2020-5311, bsc#1160151
- Add 007-Ensure-previous-FLI-frame-is-loaded.patch
* From upstream, backported
* Fixes https://github.com/python-pillow/Pillow/issues/2649
* Uncovers CVE-2020-5313, bsc#1160153
- Add 008-Catch-FLI-buffer-overrun.patch
* From upstream, backported
* Fixes CVE-2020-5313, bsc#1160153
- Add 009-Invalid-number-of-bands-in-FPX-image.patch
* From upstream, backported
* Fixes CVE-2019-19911, bsc#1160192
Changes in python-ardana-packager.SUSE_SLE-12-SP4_Update_Products_Cloud9:
- fetch updated nova_host_aggregate from git
- Add missing novaclient required domain entries (bsc#1174006)
- update from git repo
- Add missing novaclient required domain entries (bsc#1174006)
Changes in python-heatclient.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to version 1.16.3
- Replace openstack.org git:// URLs with https://
- OpenDev Migration Patch
Changes in python-neutron-tempest-plugin.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- added 0002-Ensure-that-external-network-dont-have-any-ports-before-deletion.patch
Changes in python-octavia-tempest-plugin.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Fix broken compile options for httpd.bin
Changes in python-os-brick.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Apply patches to resolve CVE-2020-10755 (bsc#1172522)
- 0001-Remove-VxFlex-OS-credentials-from-connection_propert.patch
- 0002-Fix-Remove-VxFlex-OS-credentials-regression.patch
Changes in python-oslo.messaging.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- added 0001-Use-default-exchange-for-direct-messaging.patch
(SOC-11082, SOC-11274, bsc#1159046)
Changes in python-pyroute2.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to 0.5.2
* ndb: read-only DB prototype
* remote: support communication via stdio
* general: fix async keyword -- Python 3.7 compatibility
* <https://github.com/svinota/pyroute2/issues/467>
* <https://bugzilla.redhat.com/show_bug.cgi?id=1583800>
* iproute: support monitoring on BSD systems via PF_ROUTE
* rtnl: support for SQL schema in message classes
* nl80211: improvements
* <https://github.com/svinota/pyroute2/issues/512>
* <https://github.com/svinota/pyroute2/issues/514>
* <https://github.com/svinota/pyroute2/issues/515>
* netlink: support generators
- update to 0.5.1
* ipdb: #310 -- route keying fix
* ipdb: #483, #484 -- callback internals change
* ipdb: #499 -- eventloop interface
* ipdb: #500 -- fix non-default :: routes
* netns: #448 -- API change: setns() doesn't remove FD
* netns: #504 -- fix resource leakage
* bsd: initial commits
- update to 0.5.0
* ACHTUNG: ipdb commit logic is changed
* ipdb: do not drop failed transactions
* ipdb: #388 -- normalize IPv6 addresses
* ipdb: #391 -- support both IPv4 and IPv6 default routes
* ipdb: #392 -- fix MPLS route key reference
* ipdb: #394 -- correctly work with route priorities
* ipdb: #408 -- fix IPv6 routes in tables >= 256
* ipdb: #416 -- fix VRF interfaces creation
* ipset: multiple improvements
* tuntap: #469 -- support s390x arch
* nlsocket: #443 -- fix socket methods resolve order for Python2
* netns: non-destructive `netns.create()`
Changes in python-urllib3.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Skip test_source_address_error as we raise different error with
fixes that we provide in new python2/3
- Update python-urllib3-recent-date.patch to have RECENT_DATE within
the needed boundaries for the test suite.
Changes in python-waitress.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to 1.4.3 to include fixes for:
* CVE-2019-16785 / bsc#1161088
* CVE-2019-16786 / bsc#1161089
* CVE-2019-16789 / bsc#1160790
* CVE-2019-16792 / bsc#1161670
- make sure UTF8 locale is used when runnning tests
* Sometimes functional tests executed in python3 failed if stdout was not
set to UTF-8. The error message was:
ValueError: underlying buffer has been detached
- %python3_only -> %python_alternative
- update to 1.4.3
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
request smuggling/splitting.
- drop patch local-intersphinx-inventories.patch
* it was commented out, anyway
- update to 1.4.0:
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
- CRLR handling Security fixes
- update to 1.3.1
* Waitress won’t accidentally throw away part of the path if it
starts with a double slash
- version update to 1.3.0
Deprecations
~~~~~~~~~~~~
- The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
pending removal in a future release.
and https://github.com/Pylons/waitress/pull/246
Features
~~~~~~~~
- Add a new ``outbuf_high_watermark`` adjustment which is used to apply
backpressure on the ``app_iter`` to avoid letting it spin faster than data
can be written to the socket. This stabilizes responses that iterate quickly
with a lot of data.
See https://github.com/Pylons/waitress/pull/242
- Stop early and close the ``app_iter`` when attempting to write to a closed
socket due to a client disconnect. This should notify a long-lived streaming
response when a client hangs up.
See https://github.com/Pylons/waitress/pull/238
and https://github.com/Pylons/waitress/pull/240
and https://github.com/Pylons/waitress/pull/241
- Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how
much waitress will buffer internally before flushing to the kernel, whereas
previously it used to also throttle how much data was sent to the kernel.
This change enables a streaming ``app_iter`` containing small chunks to
still be flushed efficiently.
See https://github.com/Pylons/waitress/pull/246
Bugfixes
~~~~~~~~
- Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
no longer set the version to the string value 'None'. See
https://github.com/Pylons/waitress/pull/252 and
https://github.com/Pylons/waitress/issues/110
- When a client closes a socket unexpectedly there was potential for memory
leaks in which data was written to the buffers after they were closed,
causing them to reopen.
See https://github.com/Pylons/waitress/pull/239
- Fix the queue depth warnings to only show when all threads are busy.
See https://github.com/Pylons/waitress/pull/243
and https://github.com/Pylons/waitress/pull/247
- Trigger the ``app_iter`` to close as part of shutdown. This will only be
noticeable for users of the internal server api. In more typical operations
the server will die before benefiting from these changes.
See https://github.com/Pylons/waitress/pull/245
- Fix a bug in which a streaming ``app_iter`` may never cleanup data that has
already been sent. This would cause buffers in waitress to grow without
bounds. These buffers now properly rotate and release their data.
See https://github.com/Pylons/waitress/pull/242
- Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger
an exception when passed to the ``wsgi.file_wrapper`` callback.
See https://github.com/Pylons/waitress/pull/249
- Trim marketing wording and other platform mentions.
- Add fetch-intersphinx-inventories.sh to sources
- Add local-intersphinx-inventories.patch for generating the docs
correctly
- update to version 1.2.1:
too many changes to list here, see:
https://github.com/Pylons/waitress/blob/master/CHANGES.txt
or even:
https://github.com/Pylons/waitress/commits/master
- Remove superfluous devel dependency for noarch package
Changes in rubygem-activeresource.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add bsc#1171560-CVE-2020-8151-encode-id-param.patch
Prevent possible information disclosure issue that could allow
an attacker to create specially crafted requests to access data
in an unexpected way (bsc#1171560 CVE-2020-8151))_
Changes in rubygem-json-1_7.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244)
Changes in rubygem-puma.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Fix indentation in gem2rpm.yml_
- Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077)
- Add chunked-request-handling.patch (needed for CVE-2020-11076.patch)
- Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076)
- Add all patches to gem2rpm.yml
Changes in release-notes-suse-openstack-cloud.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.20200610:
* Terraform support validation release note added (SOC-11314)
- Update to version 9.20200504:
* language change for accuracy - MANAGEMENT network group (SOC-10106)
* add limitation about MANAGEMENT network group (SOC-10106)
- Update to version 9.20200429:
* Mark identity api v2 as deprecated (bsc#1163446)
- Update to version 9.20200428:
* Update release notes to indicate Octavia support has shipped (SOC-11241)
ModerateSUSE bug 1019111SUSE bug 1107190SUSE bug 1126503SUSE bug 1136928SUSE bug 1153191SUSE bug 1159046SUSE bug 1159447SUSE bug 1160151SUSE bug 1160152SUSE bug 1160153SUSE bug 1160192SUSE bug 1160790SUSE bug 1161088SUSE bug 1161089SUSE bug 1161670SUSE bug 1161919SUSE bug 1163446SUSE bug 1165022SUSE bug 1170657SUSE bug 1171070SUSE bug 1171071SUSE bug 1171072SUSE bug 1171273SUSE bug 1171594SUSE bug 1171909SUSE bug 1172166SUSE bug 1172167SUSE bug 1172409SUSE bug 1172522SUSE bug 1173413SUSE bug 1173416SUSE bug 1173418SUSE bug 1173420SUSE bug 1174006CVE-2019-16785 at SUSECVE-2019-16785 at NVDCVE-2019-16786 at SUSECVE-2019-16786 at NVDCVE-2019-16789 at SUSECVE-2019-16789 at NVDCVE-2019-16792 at SUSECVE-2019-16792 at NVDCVE-2019-16865 at SUSECVE-2019-16865 at NVDCVE-2019-19844 at SUSECVE-2019-19844 at NVDCVE-2019-19911 at SUSECVE-2019-19911 at NVDCVE-2019-3828 at SUSECVE-2019-3828 at NVDCVE-2020-10177 at SUSECVE-2020-10177 at NVDCVE-2020-10378 at SUSECVE-2020-10378 at NVDCVE-2020-10743 at SUSECVE-2020-10743 at NVDCVE-2020-10755 at SUSECVE-2020-10755 at NVDCVE-2020-10994 at SUSECVE-2020-10994 at NVDCVE-2020-11538 at SUSECVE-2020-11538 at NVDCVE-2020-12052 at SUSECVE-2020-12052 at NVDCVE-2020-13254 at SUSECVE-2020-13254 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDCVE-2020-13596 at SUSECVE-2020-13596 at NVDCVE-2020-5311 at SUSECVE-2020-5311 at NVDCVE-2020-5312 at SUSECVE-2020-5312 at NVDCVE-2020-5313 at SUSECVE-2020-5313 at NVDCVE-2020-7471 at SUSECVE-2020-7471 at NVDCVE-2020-8184 at SUSECVE-2020-8184 at NVDCVE-2020-9402 at SUSECVE-2020-9402 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for LibVNCServer (Important)SUSE OpenStack Cloud 9
This update for LibVNCServer fixes the following issues:
- security update
fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
ImportantSUSE bug 1173477SUSE bug 1173691SUSE bug 1173694SUSE bug 1173700SUSE bug 1173701SUSE bug 1173743SUSE bug 1173874SUSE bug 1173875SUSE bug 1173876SUSE bug 1173880CVE-2017-18922 at SUSECVE-2017-18922 at NVDCVE-2018-21247 at SUSECVE-2018-21247 at NVDCVE-2019-20839 at SUSECVE-2019-20839 at NVDCVE-2019-20840 at SUSECVE-2019-20840 at NVDCVE-2020-14397 at SUSECVE-2020-14397 at NVDCVE-2020-14398 at SUSECVE-2020-14398 at NVDCVE-2020-14399 at SUSECVE-2020-14399 at NVDCVE-2020-14400 at SUSECVE-2020-14400 at NVDCVE-2020-14401 at SUSECVE-2020-14401 at NVDCVE-2020-14402 at SUSECVE-2020-14402 at NVDCVE-2020-14403 at SUSECVE-2020-14403 at NVDCVE-2020-14404 at SUSECVE-2020-14404 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libX11 (Important)SUSE OpenStack Cloud 9
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628).
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xerces-c (Moderate)SUSE OpenStack Cloud 9
This update for xerces-c fixes the following issues:
- CVE-2017-12627: Processing of external DTD paths could have resulted in a
null pointer dereference under certain conditions (bsc#1083630)
ModerateSUSE bug 1083630CVE-2017-12627 at SUSECVE-2017-12627 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.4 (bsc#1174662):
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,
CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.
ImportantSUSE bug 1174662CVE-2020-9862 at SUSECVE-2020-9862 at NVDCVE-2020-9893 at SUSECVE-2020-9893 at NVDCVE-2020-9894 at SUSECVE-2020-9894 at NVDCVE-2020-9895 at SUSECVE-2020-9895 at NVDCVE-2020-9915 at SUSECVE-2020-9915 at NVDCVE-2020-9925 at SUSECVE-2020-9925 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dovecot22 (Important)SUSE OpenStack Cloud 9
This update for dovecot22 fixes the following issues:
- CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922).
- CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923).
ImportantSUSE bug 1174922SUSE bug 1174923CVE-2020-12673 at SUSECVE-2020-12673 at NVDCVE-2020-12674 at SUSECVE-2020-12674 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for grub2 (Important)SUSE OpenStack Cloud 9
This update for grub2 fixes the following issues:
- CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).
- Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745).
ImportantSUSE bug 1172745SUSE bug 1174421CVE-2020-15705 at SUSECVE-2020-15705 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
- CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
- CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).
ImportantSUSE bug 1174633SUSE bug 1174635SUSE bug 1174638CVE-2020-14345 at SUSECVE-2020-14345 at NVDCVE-2020-14346 at SUSECVE-2020-14346 at NVDCVE-2020-14347 at SUSECVE-2020-14347 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573).
- CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574).
ImportantSUSE bug 1174910SUSE bug 1174913CVE-2020-14361 at SUSECVE-2020-14361 at NVDCVE-2020-14362 at SUSECVE-2020-14362 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Moderate)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
ModerateSUSE bug 1175070SUSE bug 1175071SUSE bug 1175072CVE-2020-11985 at SUSECVE-2020-11985 at NVDCVE-2020-11993 at SUSECVE-2020-11993 at NVDCVE-2020-9490 at SUSECVE-2020-9490 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
CVE-2019-17639
* Class Libraries:
- JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
- JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
- TRANSLATION MESSAGES UPDATE FOR JCL
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Java Virtual Machine:
- IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
- LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
* JIT Compiler:
- CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
IN DEBUGGING MODE
- INTERMITTENT ASSERTION FAILURE REPORTED
- CRASH IN RESOLVECLASSREF() DURING AOT LOAD
- JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
- SEGMENTATION FAULT WHILE COMPILING A METHOD
- UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
APPLICATION ON IBM Z PLATFORM
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
- CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
- IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH
DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
- IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
KEYFACTORY CLASS
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for squid (Critical)SUSE OpenStack Cloud 9
This update for squid fixes the following issues:
- CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671).
- CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665).
- CVE-2020-15810: Enforce token characters for field-name (bsc#1175664).
CriticalSUSE bug 1175664SUSE bug 1175665SUSE bug 1175671CVE-2020-15810 at SUSECVE-2020-15810 at NVDCVE-2020-15811 at SUSECVE-2020-15811 at NVDCVE-2020-24606 at SUSECVE-2020-24606 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libX11 (Moderate)SUSE OpenStack Cloud 9
This update for libX11 fixes the following issues:
- CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239).
ModerateSUSE bug 1175239CVE-2020-14363 at SUSECVE-2020-14363 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621
CVE-2020-14593 CVE-2020-14583 CVE-2019-17639
* Class Libraries:
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Moderate)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
- Mozilla Firefox ESR 78.2
MFSA 2020-38 (bsc#1175686)
* CVE-2020-15663 (bmo#1643199)
Downgrade attack on the Mozilla Maintenance Service could
have resulted in escalation of privilege
* CVE-2020-15664 (bmo#1658214)
Attacker-induced prompt for extension installation
* CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
bmo#1656957)
Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- Fixed Firefox tab crash in FIPS mode (bsc#1174284).
- Fix broken translation-loading. (bsc#1173991)
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes
- Google API key is not usable for geolocation service any more
ModerateSUSE bug 1173991SUSE bug 1174284SUSE bug 1175686CVE-2020-15663 at SUSECVE-2020-15663 at NVDCVE-2020-15664 at SUSECVE-2020-15664 at NVDCVE-2020-15670 at SUSECVE-2020-15670 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
- cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
- cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
- cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127).
- ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
- ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
- ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
- ipvs: fix the connection sync failed in some cases (bsc#1174699).
- kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
- kabi: mask changes to struct ipv6_stub (bsc#1165629).
- mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
- ocfs2: add trimfs dlm lock resource (bsc#1175228).
- ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix remounting needed after setfacl command (bsc#1173954).
- ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
- ocfs2: load global_inode_alloc (bsc#1172963).
- ocfs2: load global_inode_alloc (bsc#1172963).
- powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
- powerpc/pseries: PCIE PHB reset (bsc#1174689).
- Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b.
- Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47.
- scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978).
- selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
- Update patch reference for a tipc fix patch (bsc#1175515)
- x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
- xen: do not reschedule in preemption off sections (bsc#1175749).
ImportantSUSE bug 1058115SUSE bug 1071995SUSE bug 1144333SUSE bug 1154366SUSE bug 1165629SUSE bug 1171988SUSE bug 1172428SUSE bug 1172963SUSE bug 1173798SUSE bug 1173954SUSE bug 1174205SUSE bug 1174689SUSE bug 1174699SUSE bug 1174757SUSE bug 1174784SUSE bug 1174978SUSE bug 1175112SUSE bug 1175127SUSE bug 1175213SUSE bug 1175228SUSE bug 1175515SUSE bug 1175518SUSE bug 1175691SUSE bug 1175749SUSE bug 1176069CVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24394 at SUSECVE-2020-24394 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for shim (Moderate)SUSE OpenStack Cloud 9
This update for shim fixes the following issues:
- Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)
This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by
disallowing binaries signed by the previous SUSE UEFI signing key from booting.
This update should only be installed after updates of grub2, the Linux kernel and (if used)
Xen from July / August 2020 are applied.
Additional fixes:
+ shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
ModerateSUSE bug 1168994SUSE bug 1175626SUSE bug 1175656CVE-2020-10713 at SUSECVE-2020-10713 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libsolv (Moderate)SUSE OpenStack Cloud 9
This update for libsolv fixes the following issues:
This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.
libsolv was updated to version 0.6.36 fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
ModerateSUSE bug 1120629SUSE bug 1120630SUSE bug 1120631SUSE bug 1127155SUSE bug 1131823SUSE bug 1137977CVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for perl-DBI (Important)SUSE OpenStack Cloud 9
This update for perl-DBI fixes the following issues:
Security issues fixed:
- CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412).
- CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409).
ImportantSUSE bug 1176409SUSE bug 1176412CVE-2020-14392 at SUSECVE-2020-14392 at NVDCVE-2020-14393 at SUSECVE-2020-14393 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091).
- CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface
could have led to denial of service (bsc#1173274).
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
- CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).
- If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).
ImportantSUSE bug 1088004SUSE bug 1088009SUSE bug 1130840SUSE bug 1141853SUSE bug 1149955SUSE bug 1153238SUSE bug 1162423SUSE bug 1173274SUSE bug 1174091SUSE bug 1174701CVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ovmf (Moderate)SUSE OpenStack Cloud 9
This update for ovmf fixes the following issues:
- CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476).
- Use openSUSE CA for the opensuse flavor (bsc#1175674)
ModerateSUSE bug 1175476SUSE bug 1175674CVE-2019-14562 at SUSECVE-2019-14562 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Important)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established
a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
(CVE-2020-1472, bsc#1176579).
- Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369).
- Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120);
ImportantSUSE bug 1174120SUSE bug 1174316SUSE bug 1176579CVE-2020-1472 at SUSECVE-2020-1472 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libqt5-qtbase (Important)SUSE OpenStack Cloud 9
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315)
- Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515)
ImportantSUSE bug 1172515SUSE bug 1176315CVE-2020-17507 at SUSECVE-2020-17507 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
-Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)
- CVE-2020-15677: Download origin spoofing via redirect
- CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a
contenteditable element
- CVE-2020-15678: When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-free scenario
- CVE-2020-15673: Fixed memory safety bugs
- Enhance fix for wayland-detection (bsc#1174420)
- Attempt to fix langpack-parallelization by introducing separate
obj-dirs for each lang (bsc#1173986, bsc#1167976)
ImportantSUSE bug 1167976SUSE bug 1173986SUSE bug 1174420SUSE bug 1176756CVE-2020-15673 at SUSECVE-2020-15673 at NVDCVE-2020-15676 at SUSECVE-2020-15676 at NVDCVE-2020-15677 at SUSECVE-2020-15677 at NVDCVE-2020-15678 at SUSECVE-2020-15678 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for pdns (Moderate)SUSE OpenStack Cloud 9
This update for pdns fixes the following issues:
- CVE-2020-17482: Fixed an issue where an authorized user with the ability
to insert crafted records into a zone might be able to leak the content of uninitialized memory (bsc#1176535).
ModerateSUSE bug 1176535CVE-2020-17482 at SUSECVE-2020-17482 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2020-25602: Fixed an issue where there was a crash when
handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)
- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path
(bsc#1176341,XSA-334)
- CVE-2020-25604: Fixed a race condition when migrating timers between x86
HVM vCPU-s (bsc#1176343,XSA-336)
- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)
- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)
- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)
- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)
- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)
- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)
- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)
- CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534).
- Various bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1175534SUSE bug 1176339SUSE bug 1176343SUSE bug 1176344SUSE bug 1176345SUSE bug 1176346SUSE bug 1176347SUSE bug 1176348SUSE bug 1176349SUSE bug 1176350CVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for perl-DBI (Important)SUSE OpenStack Cloud 9
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).
- CVE-2013-7490: Fixed memory corruption when using many arguments
to methods for CallbacksUsing (bsc#1176496).
ImportantSUSE bug 1176496SUSE bug 1176764CVE-2013-7490 at SUSECVE-2013-7490 at NVDCVE-2019-20919 at SUSECVE-2019-20919 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_7_0-openjdk fixes the following issues:
- java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157)
- JDK-8028431, CVE-2020-14579: NullPointerException in
- DerValue.equals(DerValue)
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
- sun.security.util.DerInputStream.getUnalignedBitString()
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8238925: Enhance WAV file playback
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
- JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c
- JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError
- JDK-8077982: GIFLIB upgrade
- JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions
- JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded'
- JDK-8155691: Update GIFlib library to the latest up-to-date
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
- JDK-8203190: SessionId.hashCode generates too many collisions
- JDK-8217676: Upgrade libpng to 1.6.37
- JDK-8220495: Update GIFlib library to the 5.1.8
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- JDK-8229899: Make java.io.File.isInvalid() less racy
- JDK-8230597: Update GIFlib library to the 5.2.1
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
ImportantSUSE bug 1174157CVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon (Critical)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon fixes the following issues:
Security changes on this update:
grafana:
- CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple XSS
vulnerabilities, caused by an incomplete fix for CVE-2018-12099
(bsc#1172450).
- CVE-2020-11110: Fixed a stored XSS in dashboard snapshots (bsc#1174583).
openstack-nova:
- CVE-2020-17376: Fixed an information leak during live migration
(bsc#1175484).
python-Flask-Cors:
- CVE-2020-25032: Fixed a potential information leak through path
traversal (bsc#1175986).
rubygem-crowbar-client:
- CVE-2018-17954: Fixed an issue where provision leaks admin password to all nodes in cleartext (bsc#1117080)
Non security changes on this update:
Changes in ardana-ansible:
- Ensure that installing SOC 9 triggers removal of any existing
ardana-freezer package, which is not available for SOC 9 (SOC-9779)
- Update to version 9.0+git.1596813072.110811d:
* Update the Swift XFS inode size check (SOC-10300)
- Update to version 9.0+git.1596487185.d56da1b:
* Remove lingering Cloud9 development hack (SOC-5480)
- Update to version 9.0+git.1596479802.67906d5:
* Enable SLE12 SP3 LTSS for SMT deployments (SOC-11223)
- Update to version 9.0+git.1596209332.4ce15a6:
* Fix upgrade validations Keystone V3 check target (SOC-10300)
Changes in ardana-cinder:
- Update to version 9.0+git.1596129576.0b3d3ce:
* Install python-swiftclient as cinder-backup dependency (SOC-11364)
Changes in ardana-cobbler:
- Update to version 9.0+git.1588258487.3acf8ad:
* Rip out unsupported distributions (SOC-9008)
Changes in ardana-installer-ui:
- Ensure SOC 9 package obsoletes HOS 8 equivalent package (SOC-11184)
Changes in ardana-opsconsole-ui:
- Add BuildRequires for ardana-devel so that the ardana_description
macro is defined.
- Ensure SOC 9 package obsoletes HOS 8 equivalent package (SOC-11184)
Changes in ardana-osconfig:
- Update to version 9.0+git.1597427032.a062830:
* Check for HOS 8 release package being installed (SOC-11184)
Changes in crowbar-core:
- Update to version 6.0+git.1598519900.770074aa7:
* upgrade: Allow transition from crowbar_upgrade to rebsct (trivial)
Changes in grafana:
- BuildRequire go1.14 explicitly
- Add recompress source service
- Add go_modules source service to create vendor.tar.gz
containing 3rd party go modules.
- Adjust spec to work for Grafana-6.7.4
- Adjust Makefile to work for Grafana-6.7.4
- Remove CVE-2019-15043.patch (merged upstream)
- Remove CVE-2020-13379.patch (merged upstream)
- Remove 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
(merged upstream)
- Update to version 6.7.4 (bsc#1172450, CVE-2018-18623,
CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110)
* Only allow 32 hexadecimal digits for the avatar hash
* 6.7.3 cherry-picks (#23808)
* Fix CI for pushing a multi-architecture manifest (#23327)
* AzureMonitor: Fix Log Analytics and Application Insights
for Azure China (#21803) (#22753)
* Revert 'grafana/data: PanelTypeChangedHandler API update
to use PanelModel instead of panel options object
[BREAKING] (#22754)'
* Bumped version
* Snapshots: Sanitize orignal url (#23254)
* Plugins: Expose promiseToDigest (#23249)
* Variables: Do not update variable from url when value is
the same (#23220)
* DashboardSave: Add new dashboard check (#23104)
* Fix: reverted back to `import * as module` instead of
using namespaces (#23069)
* BackendSrv: Adds config to response to fix external
plugins that use this (#23032)
* DataLinks: make sure we use the correct datapoint when
dataset contains null value. (#22981)
* Fix mysterious Babel plugin errors (#22974)
* Select: Fixed select text positition (#22952)
* grafana/data: PanelTypeChangedHandler API update to use
PanelModel instead of panel options object [BREAKING]
(#22754)
* Docs: Fix Broken Link (#22894)
* Panels: Fixed size issue with panels when existing panel
edit mode (#22912)
* Azure: Fixed dropdowns not showing current value (#22914)
* BackendSrv: only add content-type on POST, PUT requests
(#22910)
* Check if the datasource is of type loki using meta.id
instead of name. (#22877)
* CircleCI: Pin grabpl to 0.1.0 (#22904)
* Design tweaks (#22886)
* Rich history UX fixes (#22783)
* AzureMonitor: support workspaces function for template
variables (#22882)
* SQLStore: Add migration for adding index on
annotation.alert_id (#22876)
* Plugins: Return jsondetails as an json object instead of
raw json on datasource healthchecks. (#22859)
* Backend plugins: Exclude plugin metrics in Grafana's
metrics endpoint (#22857)
* Graphite: Fixed issue with query editor and next select
metric now showing after selecting metric node (#22856)
* Stackdriver: Fix GCE auth bug when creating new data
source (#22836)
* @grafana/runtime: Add cancellation of queries to
DataSourceWithBackend (#22818)
* Rich history: Test coverage (#22852)
* Datasource config was not mapped for datasource
healthcheck (#22848)
* upgrades plugin sdk to 0.30.0 (#22846)
* Rich History: UX adjustments and fixes (#22729)
* TablePanel: Enable new units picker (#22833)
* Fix dashboard picker's props (#22815)
* Grafana-UI: Add invalid state to Forms.Textarea (#22775)
* SaveDashboard: Updated modal design/layout a bit (#22810)
* Forms: Fix input suffix position (#22780)
* AngularPanels: Fixed inner height calculation (#22796)
* Fix: fixes issue with headers property with different
casing (#22778)
* DataSourceWithBackend: use /health endpoint for test
(#22789)
* Chore: remove expressions flag and allow (#22764)
* Core: Pass the rest of to props to Select (#22776)
* Add support for sending health check to datasource
plugins. (#22771)
* Datasource: making sure we are having the same data field
order when using mixed data sources. (#22718)
* DashboardSave: Autofocus save dashboard form input
(#22748)
* @grafana/e2e: cherry picked
4fecf5a7a65f5b7b4c03fefb9a3da15cee938f02 (#22739)
* CircleCI: Implement new release pipeline (#22625)
* Toolkit: use fs-extra instead of fs (#22723)
* What's new docs for 6.7 release (#22721)
* Backend Plugins: use sdk v0.26.0 (#22725)
* PanelInspector: Add Stats Tab (#22683)
* Revert 'Graph: Improve point rendering performance
(#22610)' (#22716)
* Docs: add rendering configuration in reporting (#22715)
* reverting the changes that failed the e2e tests. (#22714)
* Remove multiple occurrences of 'before' (#22710)
* Datasources: Update dashboards (#22476)
* API: Fix redirect issues (#22285)
* Explore: adds QueryRowErrors component, moves error
display to QueryRow (#22438)
* RichHistory: Design Tweaks (#22703)
* Modals: Unify angular/react modals backdrop color (#22708)
* Graphite: Don't issue empty 'select metric' queries
(#22699)
* support duplicate field names in arrow format (#22705)
* UX: Update new form styles to dark inputs (#22701)
* Docs: Grammar corrections
* Docs: Overcoming Grammatical errors (#22707)
* Pass dashboard via angular directive (#22696)
* Docs: Replace 'API' by 'Integration' key for PagerDuty
(#22639)
* Docs: Edited Enterprise docs (#22602)
* CloudWatch: Expand alias variables when query yields no
result (#22695)
* Dependency: sdk's dataframe package renamed to data
(#22700)
* @grafana/e2e: include Cypress tsconfig in published
package (#22698)
* Graphite: Update config editor (#22553)
* @grafana/e2e: fix runtime ts-loader errors with Cypress
support files (#22688)
* Docs: Add version note about Azure AD OAuth2 (#22692)
* StatPanel: Return base color when there is no value set
(#22690)
* Send jsondata for Datasources on DatasourceConfig for
backend plugins (#22681)
* Explore: Rich History (#22570)
* XSS: Fixed history XSS issue (#22680)
* Fix caching problem (#22473)
* on update for checkbox and switch (#22656)
* Notification Channel: Make test button wider (#22653)
* Backend plugins: Updates due to changes in SDK (#22649)
* Make sure commit hook in FieldPropertiesEditor is
invalidated when value changes (#22673)
* Docs: Plugin.json: Fix property descriptions, add missing
properties, add example (#22281)
* Alerting: Fixed bad background color for default
notifications in alert tab (#22660)
* Webpack: Updated terser plugin (#22669)
* Core: DashboardPicker improvements (#22619)
* Storybsck: Forms.Form docs (#22654)
* Templating: Migrates some variable types from Angular to
React/Redux (#22434)
* Grafana UI: Fix Forms.Select onChangeWithEmpty (#22647)
* Azure Monitor: Fix app insights source to allow for new
__timeFrom and __timeTo (#21879)
* @grafana/e2e: install necessary dependencies for published
package (#22657)
* DashboardSave: Correctly overwrite dashboard when saving
(#22650)
* StatPanel: Fixes base color is being used for null values
(#22646)
* FieldOverrides: Add value mappings editor to standard
config properties registry (#22648)
* Docs: Update gauge.md (#22637)
* Docs: Create Intro grafana (#22522)
* Toolkit: wrap plugin signing stub with error checking
(#22626)
* @grafana/e2e: fix empty bundle files (#22607)
* Toolkit: include a github release utility (#22520)
* Rendering: Have phantomjs wait a bit before rendering to
give fonts a change to load (#22623)
* Cascader: Do not override default width behavior (#22620)
* Update documentation-style-guide.md (#22581)
* Adds signed in user to backend v2 plugins requests
(#22584)
* CloudWatch: updated namespaces - Athena, DocDB, and
Route53Resolver (#22604)
* Graph: Improve point rendering performance (#22610)
* Alerting: Fix state age test failures (#22606)
* Docs: Update image_rendering.md (#22586)
* UI: Segment improvements (#22601)
* remove section about alias imports (#22585)
* Backend Plugins: Support handling of streaming resource
response (#22580)
* Stackdriver: Migrate GCE default project (#22593)
* Toolkit: plugin ci needs to cooperate better with
make/mage (#22588)
* surround CloudWatch dimension names with double quotes
(#22222)
* Fix: when reloading page make sure that time picker
history is converted to dateTime.
* Core: add active users stat (#22563)
* Chore: Modules tidy and vendor (#22578)
* Loki: use series API for stream facetting (#21332)
* Testing code owners for backend code (#22572)
* Azure Monitor: config editor updates, update sameas
switch, fix test snaps (#22554)
* Grafana-UI: Use value for Radio group id (#22568)
* Chore: fix moment import in alerting tests (#22567)
* avoid aliased import in cli (#22566)
* Chore: Avoid aliasing importing models in api package
(#22492)
* ShareModal: able to extend tabs (#22537)
* Tests: fix alerting reducers tests (#22560)
* Logs: Improve log level guess (#22094)
* DataSourceWithBackend: apply template variables (#22558)
* @grafana/e2e: added support for plugin repositories
(#22546)
* Add fallback to search_base_dns if group_search_base_dns
is undefined. (#21263)
* Docs: Added a Markdown Style Guide (#22425)
* Old AsyncSelect: Add story (#22536)
* Chore: add missing aria-label for rendered panel image
(e2e tests) (#22543)
* Form migrations: Dashboard- and TimeZonePicker (#22459)
* Migration: Share dashboard/panel modal (#22436)
* Revert 'Select: scroll into view when navigate with
up/down arrows (#22503)' (#22535)
* Backend plugins: Prepare and clean request headers before
resource calls (#22321)
* Cascader: Add size for input (#22517)
* ArrowDataFrame: allow empty results (#22524)
* Migration: Save dashboard modals (#22395)
* Toolkit: don't clean dist folder before build (#22521)
* Docs: Add Storybsck guidelines (#22465)
* Docs: Removed menu links to SDK Reference until we are
ready for 7.0 (#22509)
* Stackdriver: Project selector (#22447)
* Select: scroll into view when navigate with up/down arrows
(#22503)
* Elastic: To get fields, start with today's index and go
backwards (#22318)
* API: Include IP address when logging request error
(#21596)
* chore: avoid aliasing imports in services (#22499)
* Grafana-UI: add storysource addon to Storybsck (#22490)
* canary 404 previous versions (#22495)
* Fix Dockerfile lint errors (#22496)
* Migration: Invite Signup (#22437)
* Core: add hideFromMenu for child items (#22494)
* Dashboard: Adds support for a global minimum dashboard
refresh interval (#19416)
* CI: Deploy enterprise image (#22488)
* changelog: adds note about breaking change (#22480)
* chore: avoid alias for models in plugins (#22483)
* chore: avoid aliasing models in middleware (#22484)
* Grafana UI: Add missing argument (#22487)
* NewPanelEditor: Angular panel options, and angular
component state to redux major change (#22448)
* @grafana/ui: Create slider component (#22275)
* Icons: add reports icon (#22445)
* Panel inspect: Horizontal scrolling in Data table (#22245)
* Alerting: Fixed the issue/bug of diff and percent_diff
functions *Breaking change* (#21338)
* App Plugins: support react pages in nav (#22428)
* Optimized package.json files (#22475)
* Toolkit: add junit reporting and jest.config.js to plugin
build (#22450)
* Grafana UI: Add forwardRef (#22466)
* Docs: Update Getting started (#22422)
* pkg/api/pluginproxy: Access token provider should handle
access tokens without ExpiresOn field (#19928)
* Documentation: Specify usage of datasource whitelist
(#22412)
* Form: Allow default values updates (#22435)
* NewPanelEditor: Wait a bit before resending query result
on panel editor exit (#22421)
* Grafana-UI: update date picker (#22414)
* grafana-cli: Upgrade to urfave/cli v2 (#22402)
* Docs: adding first version of the auto-generated packages
API docs. (#22107)
* NewPanelEditor: Panel edit tweaks (#22415)
* Core: Make application title customizable for WL (#22401)
* Fix: making select to return empty list when no values are
selected in multivalue mode.
* Fix: Added missing 'remove'-icon for light theme.
* Docs: adding API reference documentation support for the
packages libraries. (#21931)
* Accessibility: Makes tag colors more accessible (#22398)
* Admin: fix images on license page (#22413)
* DataSourceWithBackend: Add a get/post resource standard
path (#22408)
* Docs: Fix examples, grammar, add links (#22406)
* Docs: Add links, fix grammar, formatting, wording (#22381)
* Changelog: adds missing enterprise features (#22399)
* Docs: Add info on active LDAP sync (#22347)
* Docs: Fixed formatting issue in new stat docs (#22390)
* @grafana/toolkit: completed support for source maps in
plugin builds (#22379)
* UX: BackButton left arrow icon (#22369)
* Scrollbar: Show scrollbar on only on hover (#22386)
* NewPanelEditor: Fixed cleanup that could cause crash
(#22384)
* Theme: Fixed bug in sass file (#22382)
* Alerting: Don't include image_url field with Slack message
if empty (#22372)
* Docs: New doc pages for panels Stat, Gauge & Bar Gauge
(#22335)
* Docs: Update front-end style guide (#22197)
* Chore: Update latest.json (#22345)
* CircleCI: Fix publishing of releases (#22342)
* Changelog: v6.6.2 (#22341)
* CircleCI: Switch to new master build pipeline (#22158)
* Docs: Update white-labeling.md (#22224)
* Webpack: Upgrade terser webpack plugin (#22332)
* grafana/ui: Export TextArea under Forms namespace (#22328)
* Suggesting couple of changes to the document (#22298)
* Correcting Line 22 (#22292)
* Docs: Fix 'enable' steps formatting (#22324)
* [Docs] Improvised instructions for adding data source.
(#22305)
* DashLinks: Add pull right to dropdown menu (#22233)
* Migration: User invite (#22263)
* Select: Fix focus issue and remove select container
(#22309)
* Annotations: Call panel refresh when table transform
changes to annotations (#22323)
* Docs: Couple of changes to the document (#22291)
* Docs: Typo correction in Line 19 (#22297)
* Rendering: Store render key in remote cache (#22031)
* Backend Plugins: Provide proper plugin config to plugins
(#21985)
* New panel edit: data links tweaks (#22304)
* Metrics: Add gauge for requests currently in flight
(#22168)
* OAuth: Enforce auto_assign_org_id setting when role
mapping enabled using Generic OAuth (#22268)
* CircleCI: Upgrade Ubuntu base image to 19.10 also for
enterprise (#22315)
* CI: check ubuntu and alpine images with trivy (#22314)
* Docker: Upgrade Ubuntu to 19.10 (#22306)
* grafana/data: runtime dependencies moved from
devDependencies (#22283)
* PanelInspector: Fixed issue in panel inspector (#22302)
* grafana/ui: Add basic horizontal and vertical layout
components (#22303)
* Field Config Editors: Remove namespacing from standard
field config editors (#22296)
* CircleCI: Increase nodejs max memory (#22295)
* Update rpm.md (#22284)
* FieldConfigs: String select type & cell display mode added
to table panel (#22274)
* LinkSrv: Add newlines so I can read code
* Docs: Fix TestData docs (#22279)
* API: Improve recovery middleware when response already
been written (#22256)
* Update mac.md (#22280)
* @grafana/toolkit: lint fix option now writes changes to
disk (#22278)
* Docs: minor fixes (#22223)
* Reorder cipher suites for better security (#22101)
* Docs: Minor typo fix (#22221)
* NewPanelEdit: Add back datalinks and new table panel fix
(#22267)
* Prometheus: Implement region annotation (#22225)
* Table: Fixed header alignment (#22236)
* Data proxy: Log proxy errors using Grafana logger (#22174)
* TimePicker: fixing weird behavior with calendar when
switching between months/years (#22253)
* Update timeseries.md (#20795)
* Auth: Don't rotate auth token when requests are cancelled
by client (#22106)
* Elastic: Map level field based on config. (#22182)
* Sqlstore: guard against getting a dashboard without
specifying identi… (#22246)
* Migrations: Signup page (#21514)
* Storybsck: Add color theme and theme switcher (#22005)
* NewPanelEditor: Making angular panels reuse data and
render on edit mode enter (#22229)
* PanelEdit: Title tweaks (#22237)
* NewPanelEdit: Minor changes (#22239)
* Chore: Fixed strict null errors (#22238)
* NewPanelEditor: Thresholds v2 (#22232)
* Toolkit: support sass style for plugins (#22235)
* add CloudWatch Usage Metrics (#22179)
* FieldOverrides: Fix issue with same series name for every
display value (#22234)
* Inspector: find the datasource from the refId, not the
metadata (#22231)
* New panel editor: Persist panel editor ui state (#22210)
* Toolkit: don't create declaration files for plugins (by
default) (#22228)
* Docs: Update windows.md (#22185)
* Docs: Add linking topic (#21986)
* Docs: Refactored Enterprise side menu (#22189)
* CircleCI: Push master Docker images without revision in
tag (#22218)
* Alerting: Update the types of recipient supported by the
Slack notifier (#22205)
* docs: change URL occurences to uppercase (#22151)
* Docs: Fix link for provisioning data sources (#22159)
* DevEnv: update frontend dependencies - tests (#22140)
* DevEnv: update frontend dependencies - type definitions
(#22141)
* Make Explore panel link work when grafana served from sub
url (#22202)
* DevEnv: update frontend dependencies - node (#22139)
* API: Fix redirect issue when configured to use a subpath
(#21652)
* Inspect: Inspect header design update (#22120)
* FieldOverrides: FieldOverrides UI (#22187)
* Azure OAuth: enable teamsync (#22160)
* Docs: Organize basic concepts and getting started (#21859)
* FieldOverides: apply field overrides based on
configuration (#22047)
* Docs: Suggesting few changes to the doc (#22115)
* Docs: Update phrasing line 35 (#22152)
* Docs: Correcting Typo in Line131 (#22155)
* Dashboard: fixed padding inconsistency
* BackendSrv: Fixes a stupid mistake with a missing return
(#22177)
* PanelEdit: Fixed timing and state related issues (#22131)
* Elastic: Replace range as number not string (#22173)
* change sync target branch to master (#21930)
* e2e: Fixed issue with aria label (#22166)
* Fix: Do not remove whitespace in PanelLink url (#22087)
* React Migration: Migrates FolderPicker from angular to
react (#21088)
* Auth: Azure AD OAuth (#20030)
* DevEnv: update frontend dependencies - grunt (#22136)
* Bugfix: updates cloudwatch query editor test async render
to prevent it from throwing error (#22150)
* NewPanelEdit: Design tweaks (#22156)
* TestData: Update streaming.json (#22132)
* DevEnv: update frontend dependencies - babel (#22135)
* Docs: Fix port config list formatting (#22113)
* Explore: Refactor active buttons css (#22124)
* Forms/Switch: Simplifies and adjusts CSS/Markup (#22129)
* Datasource/Loki: Fixes issue where live tailing displayed
date as invalid (#22128)
* NewPanelEditor: Fixed issue going back to dashboard after
pull page reload (#22121)
* Loki, Prometheus: Fix PromQL and LogQL syntax highlighting
(#21944)
* NewPanelEdit: Added visualization tab / selection view
(#22117)
* Increase ts fork check mem limit (#22118)
* NewPanelEditor: Panel editor tabs in state (url) (#22102)
* Delete report.20200209.125304.14262.0.001.json
* Annotation & Alerts: Makes various annotation and alert
requests cancelable (#22055)
* Select zindex (#22109)
* Docs: Add doc templates (#21927)
* Fix mentioning Slack users/groups (#21734)
* Docs: Update rules.md (#21989)
* Docs: Update metrics.md (#21988)
* Docs: Update dashboard.md (#21951)
* Docs: Added release notes tag (#22012)
* Forms/RadioButtonGroup: Improves semantics and simplifies
CSS (#22093)
* Docs: add LDAP active sync limitation for single bind
configuration (#22098)
* Docs: Update behind_proxy.md to include HTTPS and URL
rewrite example (#21832)
* DataLinks: Avoid null exception in new edit mode (#22100)
* Docs: Image rendering improvements (#22084)
* Fix display of multiline logs in log panel and explore
(#22057)
* Fix/add width to toggle button group (#21924)
* NewPanelEditor: Introduce redux state and reducer
(#22070)
* Prometheus: make $__range more precise (#21722)
* New panel edit: data links edit (#22077)
* Docs: fix minor typos in datasources.md (#22092)
* Toolkit: add a warning about tslint migration (#22089)
* Read `target` prop from the links in the footer (#22074)
* CircleCI: Publish enterprise Docker dev image for new
master pipeline (#22091)
* CircleCI: Include build ID in version for new master
pipeline (#22013)
* Alerting: Handle NaN in reducers (#22053)
* Toolkit: create manifest files for plugins (#22056)
* Backend Plugins: make transform work again (#22078)
* Docs: Fix broken link (#22010)
* Docs: Fix formatting typo (#22067)
* CircleCI: Publish enterprise ARM variants from master
pipeline (#22011)
* Chore: Adds cancellation to backendSrv request function
(#22066)
* Dashboard: Move some plugin & panel state to redux
(#22052)
* Docs: Clarify that extraction of zip is required to
install plugin (#22061)
* Chore: Fixes non utc tests (#22063)
* Grafana ui/time of day picker ui improvements (#21950)
* Links: Assure base url when single stat, panel and data
links are built (#21956)
* BackendSrv: Returns correct error when a request is
cancelled (#21992)
* Make zoom and time shift work after emmitter change
(#22051)
* New Editor: refresh when time values change (#22049)
* New Editor: Add ValuePicker for overrides selection
(#22048)
* Collapse: add a controlled collapse (#22046)
* Cascader: Fix issue where the dropdown wouldn't show
(#22045)
* New Editor: add display modes to fix ratio with actual
display (#22032)
* Chore: Use forwardRef in ButtonSelect (#22042)
* DashNavTimeControls: remove $injector and rootScope from
time picker (#22041)
* New panel edit: field overrides ui (#22036)
* Select: Portaling for Select (#22040)
* New Select: Fix the overflow issue and menu positioning
(#22039)
* Upgrade: React layout grid upgrade (#22038)
* PanelChrome: Use react Panel Header for angular panels.
(#21265)
* New Editor: add a tabs row for the query section (#22037)
* New Editor: use unit picker (#22033)
* Dashboard: Refactor dashboard reducer & actions (#22021)
* New panel editor: Add title editor (#22030)
* UnitPicker: Use the new Cascader implementation (#22029)
* FieldEditor: extendable FieldConfig UI (#21882)
* Cascader: Add enable custom value (#21812)
* New panel edit: support scrolling (#22026)
* Thresholds: get theme from context automatically (#22025)
* New Panel Edit: works for panels with and without queries
(#22024)
* PanelEditor: use splitpane for new editor (#22022)
* Select: Fixed allow custom value in
Select/UnitPicker/Segment/AsyncSegment (#22018)
* Chore: export arrow dataframe utilities (#22016)
* TSLint → ESLint (#21006)
* Docker: Publish enterprise image with master-commit tag
(#22008)
* Chore: Resolve random failure with golangci-lint (#21970)
* New panel edit: don't query when entering edit mode
(#21921)
* Fix bad grammar in Dashboard Link page (#21984)
* Update documentation-style-guide.md (#21736)
* Prometheus: Allow sub-second step in the prometheus
datasource (#21861)
* Update latest.json versions to 6.6.1 (#21972)
* Change log for 6.6.1 (#21969)
* Datasource: updates PromExploreQueryEditor to prevent it
from throwing error on edit (#21605)
* Explore: Adds Loki explore query editor (#21497)
* @grafana/ui: Fix displaying of bars in React Graph
(#21968)
* Prometheus: Do not show rate hint when increase function
is applied (#21955)
* Elastic: Limit the number of datapoints for the counts
query (#21937)
* Storybsck: Update categories (#21898)
* Quota: Makes sure we provide the request context to the
quota service (#21949)
* Docs: Documentation for 6.6 Explore and Logs panel
features (#21754)
* Annotations: Change indices and rewrites annotation find
query to improve database query performance (#21915)
* Prometheus: Fixes default step value for annotation query
(#21934)
* Dashboard edit: Fix 404 when making dashboard editable
* Publish from new master pipeline (#21813)
* Metrics: Adds back missing summary quantiles (#21858)
* delete redundant alias (#21907)
* grafana/ui: Fix displaying of bars in React Graph (#21922)
* Docs: Added developer-resources.md (#21806)
* Fix formatting (#21894)
* New Select: Blur input on select (#21876)
* Fix/add default props to prom query editor (#21908)
* Graph Panel: Fixed typo in thresholds form (#21903)
* Disable logging in button (#21900)
* DatasourceEditor: Add UI to edit custom HTTP headers
(#17846)
* Datasource: Show access (Browser/Server) select on the
Prometheus datasource (#21833)
* Docs: Update dashboard.md (#21896)
* Docs: Update dashboard.md (#21200)
* Docs: Make upgrading instructions for Docker work (#21836)
* deps so can mock in tests (#21827)
* Templating: Add new global built-in variables (#21790)
* Fix: Reimplement HideFromTabs in Tabs component (#21863)
* grafana/data: Remove unused PanelSize interface (#21877)
* New Select: Extend creatable select api (#21869)
* Backend plugins: Implement support for resources (#21805)
* Docker: change plugin path in custom docker (#21837)
* Image Rendering: Fix render of graph panel legend aligned
to the right using Grafana image renderer plugin/service
(#21854)
* Docs: Update _index.md (#21700)
* grafana/toolkit: Fix failing linter when there were lint
issues (#21849)
* DatasourceSettings: Fixed issue navigating away from data
source settings page (#21841)
* AppPageCtrl: Fix digest issue with app page initialisation
(#21847)
* Explore: adds basic tests to TableContainer checking the
render and output on 0 series returned
* Explore: adds MetaInfoText tests
* Explore: adds export of MetaItem and its props
* Explore: updates TableContainer to use MetaInfoText
component
* Explore: updates Logs component to use MetaInfoText
component
* Explore: adds MetaInfoText component
* Explore: removes unnecessary styles for panel logs
* Explore: updates Table container render to avoid rendering
table on empty result
* Explore: updates explore table container to show a span on
0 series returned
* docs/cli: Fix documentation of reset-admin-password with
--homepath (#21840)
* Replace ts-loader with Babel (#21587)
* Docs: Add information about license expiration (#21578)
* Fix digest issue with query part editor's actions menu
(#21834)
* Graphite: Fixed issue with functions with multiple
required params and no defaults caused params that could
not be edited (groupByNodes groupByTags) (#21814)
* TimePicker: Should display in kiosk mode (#21816)
* Chore: Upgrade Storybsck to 5.3.9 (#21550)
* Table: Make the height of the table include header cells
(#21824)
* StatPanels: Fixed migration from old singlestat and
default min & max being copied even when gauge was disbled
(#21820)
* Docs: Update docker image run and configuration
instructions (#21705)
* DataFrame: update golden test files (#21808)
* Docs: Alphabetize datasource names in sidebar under
docs/Features/DataSources (#21740)
* Inspect: Add error tab (#21565)
* Select: Fix direct usages of react-select to make the
scroll great again (#21822)
* TablePanel: display multi-line text (#20210)
* Fixed strict errors (#21823)
* Fix: prevents the BarGauge from exploding when the
datasource returns empty result. (#21791)
* Select: Fix scroll issue (#21795)
* Fix: Fixes user logout for datasourceRequests with 401
from datasource (#21800)
* Azure Monitor: Fix Application Insights API key field to
allow input (#21738)
* Influxdb: Fix cascader when doing log query in explore
(#21787)
* Devenv: OpenTSDB dashboard (#21797)
* MSI: License for Enterprise (#21794)
* OpenTSDB: Add back missing ngInject (#21796)
* Heatmap: Legend color range is incorrect when using custom
min/max (#21748)
* Config: add meta feature toggle (#21786)
* Logs panel: Rename labels to unique labels (#21783)
* Add link guide for installing new renderer (#21702)
* Chore: Lowers strict error limit (#21781)
* Chore: Removes Cypress record (#21782)
* Docs: Document configuration of console, file and syslog
log formats (#21768)
* Annotations: Fixes this.templateSrv.replace is not a
function error for Grafana datasource (#21778)
* Fix typos in the communication documentation (#21774)
* Chore: Fixes various strict null errors (#21763)
* Forms: Allow custom value creation in async select
(#21759)
* Chore: bump react-select to 3.0.8 (#21638)
* grafana/data: Add type for secure json in DataSourceAPI
(#21772)
* Influxdb: Fix issues with request creation and parsing
(#21743)
* Explore/Loki: Fix handling of legacy log row context
request (#21767)
* 6.6.0 latest (#21762)
* Docs: Updates Changelog for 6.6.0 (#21753)
* Docs: Update image rendering (#21650)
* Docs: misc. nitpicks to the HTTP API docs (#21758)
* Dashboard: fixes issue with UI not being re-rendered after
moving dashboard
* Dashboard: fixed issues with re-rendering of UI when
importing dashboard (#21723)
* Build: Added devenv docker block for testing grafana with
traefik.
* Update What's new in 6.6 (#21745)
* Footer: Display Grafana edition (#21717)
* BackendSrv: Fixes POST body for form data (#21714)
* Docs: Update CloudWatch and Stackdriver docs for 6.6
(#21679)
* BackendSrv: Adds missing props back to response object in
datasourceRequest (#21727)
* Explore: Fix context view in logs, where some rows may
have been filtered out. (#21729)
* Toolkit: add canvas-mock to test setup (#21739)
* TablePabel: Sanitize column link (#21735)
* Docs: Fix getting started links on Windows installation
page (#21724)
* Docs: Enterprise 6.6 (#21666)
* Template vars: Add error message for failed query var
(#21731)
* Loki: Refactor editor and syntax hooks (#21687)
* Devenv: Fixed devenv dashboard template var datasource
(#21715)
* Footer: added back missing footer to login page (#21720)
* Admin: Viewer should not see link to teams in side menu
(#21716)
* Annotations: Fix issue with annotation queries editors
(#21712)
* grafana/ui: Remove path import from grafana-data (#21707)
* Loki: Fix Loki with repeated panels and interpolation for
Explore (#21685)
* CircleCI: Add workflow for building with Grafana Build
Pipeline (#21449)
* StatPanels: Fixed possible migration issue (#21681)
* Make importDataSourcePlugin cancelable (#21430)
* Docs: Update what's new in 6.6 (#21699)
* Docs: Fix broken link in upgrade notes (#21698)
* Alerting: Support passing tags to Pagerduty and allow
notification on specific event categories (#21335)
* PhantomJS: Fix rendering of panels using Prometheus
datasource
* backendSrv: Only stringifies request body if payload isn't
already a string (#21639)
* Update changelog generation to ignore not merged pull
requests (#21641)
* StatPanel: minor height tweak (#21663)
* Circle: Introduce es-check to branches & pr workflow
(#21677)
* Run query when region, namespace and metric changes
(#21633)
* Explore: Fixes some LogDetailsRow markup (#21671)
* SQLStore: Fix PostgreSQL failure to create organisation
for first time (#21648)
* Migrations: migrate admin user create page (#21506)
* Docs: Whats new updates (#21664)
* CloudWatch: Auto period snap to next higher period
(#21659)
* Login: Better auto sizing of login logo (#21645)
* Chore: Fixes PhantomJs by adding polyfills for fetch and
AbortController (#21655)
* Alert: Minor tweak to work with license warnings (#21654)
* Toolkit: copyIfNonExistent order swapped (#21653)
* Doc: Update configuration.md (#21602)
* Explore: Fix log level color and add tests (#21646)
* Templating: A way to support object syntax for global vars
(#21634)
* CloudWatch: Add DynamoDB Accelerator (DAX) metrics &
dimensions (#21644)
* next version 6.7.0 (#21617)
* latest.jso: Update latest beta 6.6.0-beta1 (#21623)
* Docs: Update changelog with attribution (#21637)
* Docs: Updated what's new article (#21624)
* Plugins: Apply adhoc filter in Elasticsearch logs query
(#21346)
* Changelog: v6.6.0-beta1 (#21619)
* Chore: Remove angular dependency from backendSrv (#20999)
* Emotion: Add main package with version 10 (#21560)
* TestData: allow negative values for random_walk parameters
(#21627)
* Update musl checksums (#21621)
* CloudWatch: Expand dimension value in alias correctly
(#21626)
* Devenv: InfluxDB logs dashboard (#21620)
* Build: adds missing filters required to build oss msi
(#21618)
* BigValue: Updated test dashboard and made some chart
sizing tweaks (#21616)
* TestData: Adds important new features to the random walk
scenario (#21613)
* graphite: does not modify last segment when... (#21588)
* grafana/ui: Add synced timepickers styling to TimePicker
(#21598)
* Explore: Remove destructuring of empty state in
LogRowMessage (#21579)
* Build: enables deployment of enterprise msi (#21607)
* CI: MSI for Enterprise (#21569)
* E2E docs: Add guide to debuging PhantomJS (#21606)
* Toolkit: fix prettier error reporting (#21599)
* Render: Use https as protocol when rendering if HTTP2
enabled (#21600)
* Typescript: null check fixes, and news panel fix (#21595)
* Inspect: table take full height in drawer (#21580)
* OAuth: Fix role mapping from id token (#20300)
* ButtonCascader: Fix error in Explore (#21585)
* CloudWatch: Fix ordering of map to resolve flaky test take
2 (#21577)
* Redux: Fixed function adding a new reducer (#21575)
* Minor style changes on upgrade page (#21566)
* Revert 'Babel: use babel-loader instead of ts-loader,
ng-annotate with babel-plugin-angularjs-annotate (#21554)'
(#21570)
* Explore: Context tooltip to copy labels and values from
graph (#21405)
* Config: Use license info instead of build info for feature
toggling (#21558)
* Fix merge problem (#21574)
* CloudWatch: Fix ordering of map to resolve flaky test
(#21572)
* Docs: What's new in Grafana v6.6 Draft (#21562)
* Explore: Create unique ids and deduplicate Loki logs
(#21493)
* Chore: Fix go vet problem (#21568)
* Provisioning: Start provision dashboards after Grafana
server have started (#21564)
* CloudWatch: Calculate period based on time range (#21471)
* Inspect: Download DataFrame to Csv (#21549)
* CloudWatch: Multi-valued template variable dimension alias
fix (#21541)
* Babel: use babel-loader instead of ts-loader, ng-annotate
with babel-plugin-angularjs-annotate (#21554)
* Stackdriver: Support meta labels (#21373)
* CI: Revert msi build (#21561)
* Alerting: Fix image rendering and uploading timeout
preventing to send alert notifications (#21536)
* CI: adds missing files for ee msi (#21559)
* CI: Enterprise MSI (#21518)
* Add component: Cascader (#21410)
* CloudWatch: Display partial result in graph when max
DP/call limit is reached (#21533)
* Dashboards: Default Home Dashboard Update (#21534)
* Docs: Update rpm.md (#21547)
* Docs: Update mac.md (#20782)
* Templating: update variables on location changed (#21480)
* Vendor: grafana-plugin-sdk-go v0.11.0 (#21552)
* fix dateMath import in grafana-ui (#21546)
* Explore/Loki: Filter expression only treated as regex when
regex operator is used (#21538)
* Fix TypeScript error (#21545)
* Build: Ignore content of /pkg/extensions, not directory
(#21540)
* Update latest to 6.5.3 (#21509)
* Explore: Ensures queries aren't updated when returning to
dashboard if browser back is used (#20897)
* Inspect: Use AutoSizer for managing width for content in
tabs. (#21511)
* Changelog generation: Generate grafana/ui changelog
(#21531)
* Toolkit: support less loader (#21527)
* AppPlugin: remove simple app from the core repo (#21526)
* @grafana/toolkit: cleanup (#21441)
* DataFrames: add arrow test and capture metadata parsing
errors (#21524)
* DataLinks: allow using values from other fields in the
same row (#21478)
* grafana/data: Update plugin config page typings (BREAKING)
(#21503)
* Fix regex in convertCSSToStyle, add test coverage (#21508)
* CloudWatch: Annotation Editor rewrite (#20765)
* Admin: Add promotional page for Grafana Enterprise
(#21422)
* Add changelog for 6.5.3
* Backend Plugins: Collect and expose metrics and plugin
process health check (#21481)
* Auth: Rotate auth tokens at the end of requests (#21347)
* Tabs: Hide Tabs on Page header on small screens (#21489)
* Fix importing plugin dashboards (#21501)
* SideMenu: Fixes issue with logout link opened in new tab
(#21488)
* DataLinks: Make data links input grow again (#21499)
* Templating: use default datasource when missing (#21495)
* Explore: Fix timepicker when browsing back after switching
datasource (#21454)
* Add disabled option for cookie samesite attribute (#21472)
* Chore: Adds basic alerting notification service tests
(#21467)
* ImportDashboardCommand: Validate JSON fields (#21350)
* Docs: add test for website build (#21364)
* Fix: when clicking a plot on a touch device we won't
display the annotation menu (#21479)
* Backend Plugins: add a common implementation (#21408)
* Alerting: new min_interval_seconds options to enforce a
minimum eval frequency (#21188)
* Panel: Use Tabs in panel inspector (#21468)
* Docs: Update rpm install (#21475)
* Alerting: Enable setting of OpsGenie priority via a tag
(#21298)
* Alerting: fallbackText added to Google Chat notifier
(#21464)
* Plugins: Move backend plugin manager to service (#21474)
* Backend Plugins: Refactor backend plugin registration and
start (#21452)
* Admin: New Admin User page (#20498)
* Docs: Update cli.md (#21470)
* Fix: Tab icons not showing (#21465)
* Chore: Add react-table typings to Table (#21418)
* Login: Refactoring how login background is rendered
(#21446)
* StatPanel: Refactoring & fixes (#21437)
* Chore: Migrates reducers and actions to Redux Toolkit
(#21287)
* DeleteButton: Button with icon only was not centered
correctly. (#21432)
* Logos: Refactoring a bit how logos are rendered (#21421)
* Docs: Update documentation-style-guide.md (#21322)
* More datasource funcs poc (#21047)
* Docs: Update plugin installation and CLI (#21179)
* Docs: Update debian.md (#21339)
* Alerting: Adds support for sending a single email to all
recipients in notification channel (#21091)
* ThreemaNotifier: Use fully qualified status emoji (#21305)
* Settings: Env override support for dynamic settings
(#21439)
* Security: refactor 'redirect_to' cookie to use 'Secure'
flag (#19787)
* Logs: Fix parsing for logfmt fields that have parens
(#21407)
* Improve documentation for the Prometheus data source
(#21415)
* Heatmap: fix formatting (#21433)
* Docs: Fixed broken links of Datasource doc at Grafana
plugin page (#21363)
* ApiUser: Fix response when enabling, disabling or deleting
a nonexistent user (#21391)
* grafana/ui: Create Tabs component (#21328)
* Inspector: support custom metadata display (#20854)
* Table: Added text align option to column styles (#21175)
* PluginPage: Add appSubUrl string to config pages url
(#21414)
* Docs: Remove comment about upcoming alerting for
singlestat and table panels (#21416)
* Footer: Single footer component for both react & angular
pages (#21389)
* API: Added alert state validation before changing its
state (#21375)
* AddDataSource: Added missing phantom plugin (#21406)
* Plugins: Use grafana-plugin-sdk-go v0.5.0 (#21116)
* UnitPicker: show custom units on load (#21397)
* Cloud Watch: Standardize Config Editor Implementation
(#20489)
* CloudWatch: dimension_values templating fix (#21401)
* Docs: explain how to setup the apt repo without helpers
(#21194)
* Build: prevent changes to pkg/extentions/main.go from
throwing error on merge
* TimeZones: fix utc test (#21393)
* Build: package all binaries for enterprise (#21381)
* Datasource: fixes prometheus datasource tests - adds align
range
* CircleCI: Testing upgrade to CircleCI 2.1 (#21374)
* Storybsck: Remove reference to jquery.flot.pie file from
storybsck config (#21378)
* Cloudwatch: Fixed crash when switching from cloudwatch
data source (#21376)
* Docs: Added Squadcast notifications (#21372)
* Chore: upgrade d3 (#21368)
* Datasource: fix a bug where deleting data source will
trigger save and test events (#21300)
* Forms: revamped select (#21092)
* Toolkit: add git log info to the plugin build report
(#21344)
* Docs: Use https scheme for Grafana playground links
(#21360)
* fix docs links (#21359)
* AddDatasourcePage: Refactoring & more Phantom plugins
(#21261)
* Chore: Remove empty flot.pie file (#21356)
* Docs: Fix link (#21358)
* Docs: Fix InfluxDB templated dashboard link (#21343)
* Rendering: Fix panel PNG rendering when using sub url &
serve_from_sub_path = true (#21306)
* NewsPanel: update default feed url (#21342)
* docs: fix influxdb templated dashboard link (#21336)
* Docs: Update Windows.md (#21333)
* Arrow: don't export arrow... breaking phantomjs e2e test
(#21331)
* DataFrame: round trip metadata to arrow Table (#21277)
* Prometheus: user metrics metadata to inform query hints
(#21304)
* Panel: disable edit/duplicate/delete entry for repeat
panel (#21257)
* Prometheus: Disable suggestions at beginning of value
(#21302)
* grafana/ui: Do not build in strict mode as grafana/ui
depends on non-strict libs (#21319)
* Docs: Update security.md (#20981)
* @grafana/data: use timeZone parameter rather than isUtc
(#21276)
* Units: support dynamic count and currency units (#21279)
* Docs: Added sudo and removed $ where inconsistent.
(#21314)
* ImgUploader: add support for non-amazon S3 (#20354)
* Fix: tooltips value disappear when label has too long word
(#21267)
* Docs: Update provisioning.md (#21303)
* Docs: Update alerting_notification_channels.md (#21245)
* Loki: fix filter expression suggestions (#21290)
* Prometheus: Fix label value suggestion (#21294)
* Prometheus: Fix term completion that contain keywords
(#21295)
* Docs: Fixed broken links in Basic Concepts (#21035)
* Docs: Edited Windows install instructions (#20780)
* Docs: Update troubleshooting.md (#21244)
* Fix internal links in http_api/dashboard.md (#21255)
* Docs: Update README.md (#21274)
* Docs: Fix aliases/redirects (#21241)
* Docs: Document tracing.jaeger configuration (#21181)
* Websockets: upgrade websocket libray to 1.4.1 (#21280)
* FieldConfig: add thresholds and color modes (#21273)
* Prometheus: improve tooltips (#21247)
* Explore: Moves PromContext from query level to
DataQueryRequest level (#21260)
* BridgeSrv: do not strip base from `state.location.url`
(#20161)
* Graph: another tooltip fix (#21251)
* Alerting: Add configurable severity support for PagerDuty
notifier (#19425)
* Graph: Fixed no value in graph tooltip (#21246)
* Units: support farenheit (existing misspelling) (#21249)
* Docs: fix typo (#21190)
* Promtheus: Fix hint and error display for query rows
(#21242)
* Docs: fixed broken doc link for graph and table panels
(#21238)
* Docs: fix of broken doc link in the dashlist panel's help
section (#21230)
* Docs: Update the link to docs for singlestat (#21225)
* Docks: Update provisioning.md with proper Slack settings
(#21227)
* Editor: Ignore closing brace when it was added by editor
(#21172)
* Explore: moves add query row button below query rows
(#20522)
* Explore: adds PrometheusExploreQueryEditor (#20195)
* Simplify adjustInterval (#21226)
* Sass: Checked in tmpl files
* Table: Component progress & custom FieldConfig options
(#21231)
* Chore: remove StreamHandler and DataStreamState (#21234)
* DashboardGrid: Fixed flickering while resizing (#21221)
* docs: rename premium plugins to enterprise plugins
(#21222)
* NewsPanel: add news as a builtin panel (#21128)
* grafana/toolkit: Readme update (#21218)
* grafana/toolkit: Resolve modules correctly (#21216)
* New bar gauge style: Unfilled (#21201)
* Dashboard: new updated time picker (#20931)
* Metrictank: fix bundled dashboard (#21209)
* Tooltip: preventing xss injections via the colors
variable. (#21203)
* Livetailing: set table withd to 100% (#21213)
* Docs: Fix broken link in debian.md (#21199)
* Added back logo file (#21198)
* Docs: fix ordering of apt setup (#21192)
* Docs: Fix Azure ad generic OAuth code markdown formatting
(#21189)
* docs: rendering plugin required for reporting (#21162)
* Chore: Fixes wrong e2e path in .gitignore (#21186)
* e2e: Waits for login before moving forward (#21185)
* PanelChrome: Mini refactor (#21171)
* Tracing: Support configuring Jaeger client from
environment (#21103)
* @grafana/toolkit: webpack extend TS→JS (#21176)
* [docs] Azure monitor link in templating (#21173)
* grafana/toolkit: Add option to override webpack config
(#20872)
* Docs: Adds best practices after visit and a link back to
e2e.md (#21117)
* Changelog: Add PagerDuty breaking change (#21170)
* DashboardGrid: Change grid margin to 8, to align to 8px
grid (#21167)
* Alerting: Add more information to webhook notifications
(#20420)
* Panel: Show inspect panel in Drawer instead of Modal
(#21148)
* Prometheus: Fix typehead after binary operators (#21152)
* docs: always updates docker image before building docs
site (#21165)
* Table: Matches column names with unescaped regex
characters (#21164)
* DataLinks: Sanitize data/panel link URLs (#21140)
* Dashboard: Only show resize-handle on hover (#21160)
* PagerDuty: Fix custom_details to be a JSON object instead
of a string (#21150)
* grafana/ui: New table component (#20991)
* e2e: Migrates query variable CRUD tests to new framework
(#21146)
* Chore: Upgrade react, react-dom, react-test-renderer
versions (#21130)
* Fix log row when query is short (#21126)
* Prometheus: Display HELP and TYPE of metrics if available
(#21124)
* e2e: Updates truth image (#21132)
* Cloudwatch ECS Container Insights Support (#21125)
* FontSize: Change base font size to 14px (#21104)
* Explore: Refactor log rows (#21066)
* phantomjs: performance.getEntriesByType not supported
(#21009)
* New panel editor (behind feature toggle) (#21097)
* e2e: Adds ScenarioContext and video recordings to e2e
(#21110)
* DashboardImport: Fixes broken import page in prod builds
(#21101)
* Dependencies: Bump npm from 6.9.0 to 6.13.4 (#21095)
* Docs: Fix broken link in loki.md (#21098)
* Dependencies: Upgrade grunt-contrib-compress to resolve
issues with iltorb (#21096)
* Update CODEOWNERS (#21093)
* E2E: Testing recording e2e tests (#21094)
* FieldConfig: set min/max automatically for gauge (#21073)
* Postgres/MySQL/MSSQL: Adds support for region annotations
(#20752)
* Azure Monitor: Use default from datasource if not saved on
dashboard/query (#20899)
* Azure Monitor: Copy AM Creds to Log Analytics When Using
Same As (#21032)
* Docs: Add minimal hugo build, update docs README (#20905)
* CI: Added junit test report (#21084)
* UI: ConfirmButton component (#20993)
* Angular/React: Migrates team creation form to react
(#21058)
* Templating: Fixes digest issues in Template Variable
Editor (#21079)
* OrgSwitcher: Fixed issue rendering org switcher even when
it's not open (#21061)
* Chore: Remove rejected files (#21072)
* e2e: Uses should on first element after visit to prevent
flakiness (#21077)
* FieldConfig: support overrides model (#20986)
* AngularPanels: fixed transparency issue (#21070)
* Docs: Update configuration.md for #3349 (#21069)
* OAuth: Removes send_client_credentials_via_post setting
(#20044)
* API: Validate redirect_to cookie has valid (Grafana) url
(#21057)
* Explore: Refactor log details table (#21044)
* Prometheus: Prevents validation of inputs when clicking in
them without changing the value (#21059)
* Prometheus: Fixes so user can change HTTP Method in config
(#21055)
* MetricSegment: Fix metric segment UI crash in prod builds
(#21053)
* OpenTSDB: Adding lookup limit to OpenTSDB datasource
settings (#20647)
* Templating: Fixes default visibility for submenu to same
as dashboard (#21050)
* Create CODEOWNERS (#21045)
* Elastic: Add data links in datasource config (#20186)
* Alerting: Fix panic in dingding notifier (#20378)
* Logs: Optional logs label column (#21025)
* Chore: updated to latest stable version (#21033)
* Docs: change log for release v6.5.2 (#21028)
* Chore: Improve rendering logging (#21008)
* Modules: Add patched goavro dependency for extensions
(#21027)
* Explore: Sync timepicker and logs after live-tailing stops
(#20979)
* Fix: Shows SubMenu when filtering directly from table
(#21017)
* Alerting: Fix template variable in query check (#20721)
* Toolkit: remove unused plugin-ci report types (#21012)
* MixedDatasources: Do not filter out all mixed data sources
in add mixed query dropdown (#20990)
* Docs: Change checkout to check out where necessary
(#20926)
* Promtheus: Improve tab completion (#20938)
* build: adds IANA timezone info to windows build (#21001)
* Loki: fix labels fetching when no initial range given
(#21000)
* Docs: Update datasource API examples (#20951)
* UI: Segment fixes (#20947)
* Stackdriver: Make service list searchable (#20989)
* Remove un-used imports (#20937)
* upgrade aws-sdk-go (#20957)
* UI: ConfirmModal component (#20965)
* Docs: Updates from puppeteer to Cypress (#20962)
* e2e: Adds better log information during test runs (#20987)
* Alert: If the permission is forbidden, keep the historical
alarm data present. (#19007)
* Graph: Add fill gradient option to series override line
fill (#20941)
* use https for fetch gravatar by default (#20964)
* Prometheus: disable dynamic label lookup on big
datasources (#20936)
* Loki: Fix datasource config page test run (#20971)
* Devenv: Fix loki block (#20967)
* e2e: Replaces truth image (#20966)
* Forms: introduce RadioButtonGroup (#20828)
* Fix: Adds e2e as a package that needs to be built (#20961)
* Make sure datasource variable is being used everywhere
(#20917)
* Refactor: Navigates directly to add data source page
instead (#20959)
* Alerting: Improve alert threshold handle dragging behavior
(#20922)
* DisplayProcessor: Interpret empty strings as NaN instead
of 0 to support empty value map texts in Singlestat
(#20952)
* Prometheus: Refactor labels caching (#20898)
* e2e: Uses Cypress instead of Puppeteer (#20753)
* Renderer: Add user-agent to rendering plugin requests
(#20956)
* DataSource: remove delta option (#20949)
* Elasticsearch: set default port to 9200 in ConfigEditor
(#20948)
* Loki: Remove appending of (?i) in Loki query editor if not
added by user (#20908)
* Datasource/Loki: Loki now goes to Logs mode when importing
prom queries (#20890)
* Cloudwatch: Defined explore query editor for cloudwatch
(#20909)
* Datasource/Loki: Empty metric name no longer replaced by
query (#20924)
* Revert 'Modules: Add goavro dependency for extensions
(#20920)' (#20928)
* Docs: Update debian.md (#20910)
* UI: Segment Input change (#20925)
* Modules: Add goavro dependency for extensions (#20920)
* UI: Segment Input (#20904)
* Remove escaping of \ ( ) characters (#20915)
* AngularPanels: Check for digest cycle on root scope
(#20919)
* InfluxDB: Use new datasource update option funcs (#20907)
* Docs: Update debian-ubuntu installation instructions
(#20875)
* Search: Fixed angular digest issues (#20906)
* Remove false positive error message for expression and id
field (#20864)
* fix notifications page (#20903)
* Update documentation-style-guide.md (#20871)
* Docs: update content to work with website repo (#20693)
* Elastic: Fix multiselect variable interpolation for logs
(#20894)
* Singlestat: Fixed unit not showing and switched to new
unit picker (#20892)
* MetaAnalytics: Minor fix for meta analytics event (#20888)
* Explore: Cleanup redundant state variables and unused
actions (#20837)
* Chore/Tech debt: Remove (most) instances of $q angular
service use (#20668)
* AngularPanels: Fixed loading spinner being stuck in some
rare cases (#20878)
* TeamPicker: Increase size limit from 10 to 100 (#20882)
* Echo: mechanism for collecting custom events lazily
(#20365)
* StatPanel: change to beta
* Azure Monitor: Standardize Config Editor Implementation
(#20455)
* GraphTooltip: added boundaries so we never render tooltip
outside window. (#20874)
* Graphite: Use data frames when procesing annotation query
in graphite ds (#20857)
* Elastic: Fix parsing for millisecond number timestamps
(#20290)
* Docs: Sync docs with website repo via GitHub Action
(#20694)
* Gauge/BarGauge: Added support for value mapping of 'no
data'-state to text/value (#20842)
* UI: Use SelectableValue as Segment value (#20867)
* Datasource/Loki: Fixes issue where time range wasn't being
supplied with annotation query (#20829)
* Server: Return 404 when non-pending invite is requested
(#20863)
* Explore: Fix reset reducer duplication (#20838)
* CLI: Return error and aborts when plugin file extraction
fails (#20849)
* Datasource/Loki: Simplifies autocompletion (#20840)
* Update README.md (#20820)
* ValueFormats: dynamically create units (#20763)
* @grafana/data: don't export ArrowDataFrame (#20855)
* @grafana/data: export ArrowDataFrame (#20832)
* Docs: Add section about derived fields for Loki (#20648)
* Migration: Migrate org switcher to react (#19607)
* Remove screencasts.md (#20845)
* Update requirements.md (#20778)
* Explore: Log message line wrapping options for logs
(#20360)
* AlertNotifier: Support alert tags in OpsGenie notifier
(#20810)
* Fix prettier (#20827)
* Loki: Support for template variable queries (#20697)
* Explore: Export timezone from redux state (#20812)
* Forms: introduce checkbox (#20701)
* OpenTsdb: Migrate Config Editor to React (#20808)
* TablePanel, GraphPanel: Exclude hidden columns from CSV
(#19925)
* DataFrame: add utilities to @grafana/data that support
apache arrow (#20813)
* Panels: Fixed transparency option for angular panels
(#20814)
* CloudWatch: Upgrade aws-sdk-go (#20510)
* Update documentation-style-guide.md (#20777)
* Chore: Move Prometheus datasorce tests from specs folder
and merge duplicated test files (#20755)
* Profile: Remove sign-out tab from profile page (#20802)
* Doc: Change inline comment on interface to doc comment
(#20794)
* Server: Fail when unable to create log directory (#20804)
* Update stale.yml
* Rename config.yaml to config.yml
* GitHub: Add link to forum when adding new issue (#20798)
* Datasource/Loki: Fixes regression where enhanceDataFrame
was not called (#20660)
* Updated changelog
* Docs: Updated changelog
* SQLStore: Test admins/editors/viewers stats validity
(#20751)
* Graph-Panel: Center option for bar charts (#19723)
* Packages: Fixed rollup issue with grafana-ui (#20790)
* Stalebot: update issue config (#20789)
* Stalebot: Automatically label PRs with no activity after
14 days as stale, then after 30 days close (#20179)
* StatPanel: ColorMode, GraphMode & JustifyMode changes
(#20680)
* Units: Remove SI prefix symbol from new
milli/microSievert(/h) (#20650)
* Graphite: Add metrictank dashboard to Graphite datasource
(#20776)
* Docs: Remove typo from mssql.md (#20748)
* Navigation: Fix navigation when new password is chosen
(#20747)
* Cleanup: use the local variable (#20767)
* Prometheus: Fix caching for default labels request
(#20718)
* Release: Updates latest.json and
grafana/packages/*/package.json (#20734)
* Release: Updates Changelog for 6.5.1 (#20723)
* ReactMigration: Migrate Graphite config page to React
(#20444)
* SQLStore: Rewrite system statistics query to count users
once (#20711)
* Docs: Clean up influxdb.md (#20618)
* CloudWatch: Region template query fix (#20661)
* Units: remove unreachable code (#20684)
* Tests: Skipping Template Variable tests for now (#20707)
* Datasource/Loki: Fix issue where annotation queries
weren't getting their variables interpolated (#20702)
* Documentation: Add missing blank in docker run command
(#20705)
* Server: Defer wg.Done call to ensure it's called (#20700)
* Fix: Fixes templateSrv is undefined for plugins that do
not use @@ngInject (#20696)
* Server: Clean up startup logic/error checking (#20679)
* CloudWatch: Annotations query editor loading fix (#20687)
* OAuth: Add missing setting from defaults.ini (#20691)
* DataLinks: Refactor title state (#20256)
* Forms: TextArea component (#20484)
* Explore: Adjust the max-width of the tooltip (#20675)
* Units: Add currency and energy units (#20428)
* transform: update to use sdk with frame.labels moved to
frame.[]field.labels (#20670)
* dev: fix pre-commit typo in toolkit (#20673)
* Docs: Update change user password payload in http api
(#20666)
* Chore: Sync defaults.ini with sample.ini (#20645)
* Loki: Fix query error for step parameter (#20607)
* Fix: Disable draggable panels on small devices (#20629)
* Chore: Remove several instances of non-strict null usage
(#20563)
* StatPanel: Rename singlestat2 to stat (#20651)
* Panels: Add support for panels with no padding (#20012)
* CloudWatch: Docs updates after feedback (#20643)
* Explore: Update docs with updated images (#20633)
* Build: Update latest.json (#20638)
* Forms: Introduce form field (#20632)
* docs: update versions (#20635)
* Changelog: 6.4.5 (#20625)
* Changelog: 6.5.0 (#20620)
* Docs: 6.5 update (#20617)
* Chore: Improve grafana-server profiling and tracing
(#20593)
* grafana/toolkit: Update FAQ (#20592)
* Forms: Introduce new Switch component (#20470)
* E2E: Adds tests for QueryVariable CRUD (#20448)
* Toolkit: Do not continue after compile error (#20590)
* BarGauge/Gauge: Add back missing title option field
display options (#20616)
* VizRepeater/BarGauge: Use common font dimensions across
repeated visualisations (#19983)
* Update services.md (#20604)
* Docs: CloudWatch docs fixes (#20609)
* Changelog: Add v6.3.7 (#20602)
* Cloudwatch: Docs improvements (#20100)
* Fix: Wrong path when sending package build time (#20595)
* CloudWatch: Fix high CPU load (#20579)
* Explore: UI changes for split view and live tailing
(#20516)
* Explore: Keep logQL filters when selecting labels in log
row details (#20570)
* Instrumentation: Edition and license info to usage stats
(#20589)
* Metrics: Add metric for each package build time (#20566)
* grafana/toolkit: Smaller output after successful upload
(#20580)
* Table: Use the configured field formatter if it exists
(#20584)
* TextPanel: Fixes issue with template variable value not
properly html escaped (#20588)
* Docs: Update Explore docs for 6.5 (time-sync button & log
details) (#20390)
* Explore: UI changes for derived fields (#20557)
* Docker: Custom dockerfiles, docker and image rendering
docs update (#20492)
* Tooltip: Fix issue with tooltip throwing an error when
retrieving values (#20565)
* Changelog: Reference a few more issues that were fixed
(#20562)
* Enable theme context mocking in tests (#20519)
* Chore: Remove angular dependency from prometheus
datasource (#20536)
* Build: Verify checksums when downloading PhantomJS
(#20558)
* DevEnv: updates nodejs from 10.x to 12.x and golang to
1.13 in ci-deploy dockerfile. (#20405)
* Explore: updates responsive button to pass all the div
element props
* Explore: fixes explore responsive button ref
* Explore: adds a ref to responsive button
* Explore: updates responsive button to forward ref
* Explore: UI fixes for log details (#20485)
* Document required Go version in developer guide (#20546)
* UserTableView: Show user name in table view (#18108)
* CloudWatch: enable min_interval (#20260)
* CI: fix release script remove filtering (#20552)
* Update dashboards (#20486)
* CI: Build all platforms for Enterprise (#20389)
* Alerting: Propagate failures to delete dashboard alerts
(#20507)
* Cloudwatch: Fix LaunchTime attribute tag bug (#20237)
* Fix: Prevents crash when searchFilter is non string
(#20526)
* docs: what's new fixes (#20535)
* What's new in 6.5 - adding CloudWatch topics (#20497)
* grafana/ui: Expose Icon component (#20524)
* Backend plugins: Log wrapper args formatting fix (#20521)
* Build: Clean up scripts/grunt/options/phantomjs.js
(#20503)
* MySql: Fix tls auth settings in config page (#20501)
* Backend plugins: Log wrapper args formatting (#20514)
* CloudWatch: Remove HighResolution toggle since it's not
being used (#20440)
* API: Optionally list expired keys (#20468)
* Image-rendering: Cleanup of rendering code (#20496)
* Build: Reports times and outcomes from CircleCI jobs
(#20474)
* Chore: Upgrade prettier for grafana-toolkit (#20476)
* TimePicker: Fixed update issue after plugin uses
getLocationSrv().update (#20466)
* Docs: Add explore images to What's new in v6.5 (#20442)
* Chore: Bumps prettier version for new typescript syntax
support (#20463)
* handle PartialData status (#20459)
* CloudWatch: Make sure period variable is being interpreted
correctly (#20447)
* Forms: New Input component (#20159)
* UsersPage: Removed icon in external button (#20441)
* Build: Fix RPM verification (#20460)
* Dashboard Migrator: persist thresholds param if already
set (#20458)
* Docs: Fix developer guide link (#20434)
* Fix package signing (#20451)
* Build: Fix signing (#20450)
* transform: changes to support sdk v0.2.0 (#20426)
* Reporting: Handle timeouts in rendering (#20415)
* Build: Upgrade build-container Docker image version
(#20443)
* Upgrade build-container image (#20438)
* Provisioning: Fix unmarshaling nested jsonData values
(#20399)
* Fail when server is unable to bind port (#20409)
* Devenv: Fix integration of postgres and fake-data-gen
containers (#20329)
* Util: Modify SplitHostPortDefault not to return an error
for empty input (#20351)
* InfluxDB: convert config editor to react (#20282)
* Packages: stable release tags update (#20417)
* Chore/Go-dep: change sdk to use new tag (#20422)
* Chore: Log actual error when oauth pass thru fails
(#20419)
* Grafana/Loki: Adds support for new Loki endpoints and
metrics (#20158)
* Chore: Fix error caused by typescript upgrade (#20408)
* Chore: Upgrade typescript to 3.7 (#20375)
* NavLinks: Make ordering in navigation configurable
(#20382)
* Fix flot overriding onselectstart/ondrag events (#20381)
* Docs: Updates docs for redux framework (#20377)
* chore: fix 'testing' version is latest.json (#20398)
* transform_plugin: stop plugin when grafana stops (#20397)
* Chore: Update latest.json (#20393)
* Docs: What's new in Grafana v6.5 Draft (#20368)
* Update changelog for v6.5.0-beta1 (#20350)
* Chore: Move and wrap Cascader component to @grafana/ui
(#20246)
* MySql: Fix password regression in MySQL datasource
(#20376)
* CloudWatch: Datasource improvements (#20268)
* grafana/toolkit: remove aws-sdk and upload to grafana.com
API endpoint (#20372)
* LDAP: last org admin can login but wont be removed
(#20326)
* Devenv: Replace deprecated SQL Server docker image
(#20352)
* DataFrame processing: Require table rows to be array
(#20357)
* grafana/ui: Add Icon component (#20353)
* Telegram: Check error before adding defer close of image
(#20331)
* ValueFormats: fix description for dateTimeAsUS (#20355)
* Fix alert names in dev dashboard (#20306)
* Docs: Getting started edits (#19915)
* Bus: Remove unused wildcard handlers and clean up tests
(#20327)
* Explore: updates breakpoint used to collapse datasource
picker
* Elastic: Fix Elastic template variables interpolation when
redirecting to Explore (#20314)
* transform_plugin: pass encoded dataframes through (#20333)
* Links: Updated links to grafana.com (#20320)
* Avatar: Don't log failure to add existing item to cache
(#19947)
* Devenv: Enable tracing for loki docker block (#20309)
* Build: adds make target run-frontend (#20227)
* Devenv: fix kibana in elastic7 docker block (#20308)
* Build: Fix Docker builds (#20312)
* Devenv: Add nginx_proxy_mac/nginx_login_only.conf (#20310)
* Build: Build Ubuntu based Docker images also for ARM
(#20267)
* Devenv: fix connection in elastic 5 and 6 blocks (#20304)
* Prometheus: Adds hint support to dashboard and fixes
prometheus link in query editor (#20275)
* Explore: Fix always disabled QueryField for InfluxDB
(#20299)
* Docker blocks: Add loki blocks for loki releases (#20172)
* Explore: Fix interpolation of error message (#20301)
* PanelLinks: fixed issue with old panel links and grafana
behind a subpath (#20298)
* ColorPicker: Fixes issue with ColorPicker disappearing
too quickly (#20289)
* Configuration: Update root_url to reflect the default
value (#20278)
* Templating: Made default template variable query editor
field a text area with dynamic automatic height (#20288)
* Transformations: filter results by refId (#20261)
* PanelData: Support showing data and errors in angular
panels (#20286)
* Fix: URL Encode Groupd IDs for external team sync (#20280)
* Build: Collect frontend build time metric (#20254)
* Datasource: fixes prometheus metrics query query field
definition (#20273)
* Update version (#20271)
* Admin: Adds setting to disable creating initial admin user
(#19505)
* Tests: We should not click on default button when there is
only one ds (#20266)
* AuthProxy: additions to ttl config change (#20249)
* Graphite: add metrictank meta in response (#20138)
* Docker: Add dependencies to support oracle plugin in
alpine (#20214)
* ReactMigration: Migrate Prometheus config page to React
(#20248)
* Templating: highlight first item when searching a variable
dropdown (#20264)
* e2eTests: Adds cleanup of created datasource and dashboard
(#20244)
* Gauge Panel: fix the default value of thresholds cannot be
modified (#20190)
* AuthProxy: Can now login with auth proxy and get a login
token (#20175)
* DataFrame: move labels to field (#19926)
* Add Dockerfiles for Ubuntu (#20196)
* Graph: Fixed no graph in panel edit mode (#20247)
* Explore: Configure explore series colours via field config
(#20239)
* LDAP: Fixing sync issues (#19446)
* Docs: Added alias for old reporting page location (#20238)
* ReactPanels: Adds Explore menu item (#20236)
* Elasticsearch: Support rendering in logs panel (#20229)
* Alerting: Add alert_state to the kafka message Fixes
#11401 (#20099)
* Graph: introduce Tooltip to React graph (#20046)
* @grafana/runtime: Expose datasourceRequest in backendSrv
* Auth Proxy: replace ini setting ldap_sync_ttl with
sync_ttl (#20191)
* DevEnv: updates prometheus random data golang image to
1.13.0
* Provisioning: fix for cannot save provisioned dashboard
(#20218)
* DisplayProcessor: improve time field support (#20223)
* Docs: Adding how to use plugin version, through docker env
variable (#19924)
* Docs: Add docs abscout time range URL query params
(#20215)
* MixedQuery: refactor so other components could also batch
queries (#20219)
* SharedQuery: don't explode when missing logo (#20187)
* LDAP: Interpolate env variable expressions in ldap.toml
file (#20173)
* Chore: Update latest.json (#20216)
* build: Ignore Azure test snapshot for msi build (long file
name) (#20217)
* Explore: fixes toolbars datasource selector and date
picker responsiveness (#19718)
* Logs Panel: Generate valid logQL for multi-select template
variable (#20200)
* Fix when only icon is present (#20208)
* TablePanel: Prevents crash when data contains mixed data
formats (#20202)
* OAuth: Make the login button display name of custom OAuth
provider (#20209)
* Explore: Add custom DataLinks on datasource level for Loki
(#20060)
* QueryField: Prevent query runs on blur in Explore (#20180)
* Azure Monitor: Datasource Config Type (#20183)
* PluginLoader: export classes on @grafana/ui (#20188)
* Changelog: 6.4.4 release (#20201)
* CLI: Reduce memory usage for plugin installation (#19639)
* DataLinks: fix syntax highlighting not being applied on
first render (#20199)
* SafeDynamicImport: Updates so that it does not act as an
ErrorBoundary (#20170)
* grafana/data: Make display processor work with time fields
(#20174)
* update triggers to use new deployment_tools location
(#20194)
* mysql: fix encoding in connection string (#20192)
* pkg/util: Replace custom pbkdf2 implementation by
maintained version (#19941)
* Datasource/Elasticsearch: Fix logs which were displayed
with incorrect timestamp in Explore logs tab (#20009)
* Error Handling: support errors and data in a response
(#20169)
* OAuth: Generic OAuth role mapping support (#17149)
* sdk: update to latest (#20182)
* Docs: Add introduction to time series (#20068)
* Docs: Simplify headings and make active (#20163)
* Docs: Add 'the' to license reference in README (#20167)
* LDAP: All LDAP servers should be tried even if one of them
returns a connection error (#20077)
* Dashboards: add panel inspector (#20052)
* Docker: Reduce layers in build container and modified
initialization of PATH env in final container (#20132)
* Docs: Display panels alphabetically (#20130)
* Docs: Updates getting_started.md for spelling mistake
'configuered' to 'configured' (#20027)
* fix: modifying AWS Kafka dimension names to correct ones
(#19986)
* Templating: Makes so __searchFilter can be used as part of
regular expression (#20103)
* Dashboard Editor: use chevron icon rather than >
(#19588)
* Docs: update datasources that support alerting (#20066)
* Units: Add milli/microSievert, milli/microSievert/h and
pixels (#20144)
* Toolkit: copy full directory structure for img,libs,static
(#20145)
* Heatmap: Insert div to fix layout (#20056)
* Build: adds the pkg/errors dependency that was missing
from go.mod (#20143)
* Explore: Memory leak fix due to dedup selector (#20107)
* DataLinks: Fix access to labels when using Prometheus
instant queries (#20113)
* PluginLoader: fix imports for react-redux (#19780)
* LDAP Debug: No longer shows incorrectly matching groups
based on role (#20018)
* Licensing service (#19903)
* Explore: Add titles to query row action buttons (#20128)
* Graph: Added series override option to have hidden series
be persisted (#20124)
* grafana/ui: Drawer component (#20078)
* Depedency: Bump crewjam/saml to the latest master (#20126)
* grafana/ui: fix button icon styles (#20084)
* Explore: UI change for log row details (#20034)
* api/dashboard: fix panic on UI save (#20137)
* grafana/toolkit: Fixup save artifacts in a zip id in the
folder (#20071) (#20139)
* Docs: Fix InfluxDB Typos (#20004)
* Docs: Data Sources subsection naming (#20127)
* Docs: Update basic_concepts.md (#20102)
* GEL: include the expression count in the request (#20114)
* GEL: wrap arrow utils in async load (#20134)
* grafana/toolkit: save artifacts in a zip id in the folder
(#20123)
* remove editor keys and null coalescing (#20115)
* Emails: Update notification templates (#19662)
* Docs: Ordering and formatting of datasources in docs
(#19485)
* Docs: Improve remote image renderer documentation (#20031)
* Add devenv block for apache proxy working for Mac (#20119)
* Allow saving of provisioned dashboards (#19820)
* Update Azure AD instructions in generic-oauth.md (#20091)
* Docs: Fixed a broken link to LogQL in the docs (#20106)
* Explore: Fix deferred rendering of logs (#20110)
* Templating: Adds typings to Variables (#20117)
* Chore: Reorg packages (#20111)
* Chore: Moves QueryField to @grafana/ui (#19678)
* Docs: Consolidate backend guidelines (#19823)
* transform: add expressions to query editor (w/ feature
flag) (#20072)
* DataSource: don't filter hidden queries automatically
(#20088)
* Docker: makes it possible to parse timezones in the docker
image (#20081)
* Plugins: Transform plugin support (#20036)
* Add data link from panel to cloudwatch console (#20061)
* DataLinks: Fix blur issues (#19883)
* Explore: Remove datasource testing on selector (#19910)
* Grafana/ui: Refactor button and add default type = button
(#20042)
* Add some typings for react events (#20038)
* PanelQuerRunnerrremove logging (#20073)
* Enable errcheck for golangci-lint (#19976)
* DataLinks: Implement javascript callback (#19851)
* Chore: correct typo in word Fahrenheit (#20040)
* ReactMigration: Migrate Loki and Elastic config pages to
React (#19979)
* api: new v2 metrics query endpoint
* Forms: Introduce new Primary, Secondary and Destructive
buttons (#19973)
* grafana/ui: Fix modal component (#19987)
* WIP: Spawn backend plugins v2 (#19835)
* build: Fix building of Enterprise Docker images (#19992)
* Docker: Build and use musl-based binaries in alpine images
to resolve glibc incompatibility issues (#19798)
* PluginPage: replace plugin absolute url with relative
(#19956)
* Add info about static files (#19965)
* Explore: Change loading state to done after live-tailing
stops (#19955)
* pkg/util: Check errors (#19832)
* Core: Show browser not supported notification (#19904)
* grafana/toolkit: Support js plugins (#19952)
* Forms: Introduce typographic form elements (#19879)
* SingleStat: apply mappings to no data response (#19951)
* Docs: Clean up contribute docs (#19716)
* pkg/models: Check errors (#19839)
* pkg/setting: Check errors (#19838)
* pkg/tsdb: Check errors (#19837)
* Docs: Document Makefile (#19720)
* Explore: Add functionality to show/hide query row results
(#19794)
* pkg/services: Check errors (#19712)
* API: Fix logging of dynamic listening port (#19644)
* Cloudwatch: Make it clear that role switching is not
supported (#19706)
* Update Apache configuration to work with MPMs as shared
modules (#19900)
* Cloudwatch: Lowercase Redshift Dimension entry for service
class and stage (#19897)
* Units: Added mega ampere and watt-hour per kg Units
(#19922)
* Clarify use of custom.ini on deb/rpm platforms (#19939)
* Update ISSUE_TRIAGE.md (#19942)
* docs: improved setup instructions for reporting (#19935)
* grafana/ui: Enable mdx imports in stories (#19937)
* Refactor: Suggestion plugin for slate (#19825)
* grafana/ui: Enable storybsck docs (#19930)
* Fix: Correct color on TagItems (#19933)
* Dependencies: Update yarn.lock (#19927)
* Chore: Updates yarn.lock (#19919)
* pkg/plugins: Only warn if plugins fail to load. Fixes
#19846 (#19859)
* Chore: Bump storybsck to 5.2.4 (#19895)
* QueryEditor: move QueryEditorRows to its own component
(#19756)
* ReactMigration: Migrate DataSource HTTP Settings to React
(#19452)
* TemplateVariables: Introduces $__searchFilter to Query
Variables (#19858)
* Forms: Introduce new spacing variables to GrafanaTheme
(#19875)
* Forms: Introduce new color variables to GrafanaTheme
(#19874)
* Chore: Bump Angularjs 1.6.6 -> 1.6.9 (#19849)
* Update documentation.md
* Edited Contribute docs
* devenv: have bra watch attempt graceful shutdown (#19857)
* Release: Update latest (#19866)
* DataFrame: guess number field when on NaN (#19833)
* Loki: Remove param (#19854)
* InputDataSource: Fixed issue with config editor (#19818)
* Fix: Unsubscribe from events in dashboards (#19788)
* Explore: Add unit test to TimeSyncButton (#19836)
* build: update scripts go.(mod|sum) (#19834)
* Loki: Return empty result if no valid targets (#19830)
* DataLinks: Fix url field not releasing focus (#19804)
* Alerting: All notification channels should always send
(#19807)
* @grafana/toolkit: Check if git user.name config is set
(#19821)
* pkg/middleware: Check errors (#19749)
* Fix: clicking outside of some query editors required 2
clicks (#19822)
* pkg/cmd: Check errors (#19700)
* grafana/toolkit: Add font file loader (#19781)
* Select: Allow custom value for selects (#19775)
* Docs: Add database architecture docs (#19800)
* Call next in azure editor (#19799)
* grafana/toolkit: Use http rather than ssh for git checkout
(#19754)
* DataLinks: Fix context menu not showing in singlestat-ish
visualisations (#19809)
* Elasticsearch: Adds support for region annotations
(#17602)
* Docs: Add additional capitalization rules (#19805)
* Docs: Add additional word usage rule (#19812)
* Update aws-sdk-go (#19138)
* Dashboard: Allows the d-solo route to be used without slug
(#19640)
* pkg/bus: Check errors (#19748)
* Panels: Fixes default tab for visualizations without
Queries Tab (#19803)
* Chore: Refactor grafana-server (#19796)
* Add missing info about stylesFactory
* Types: Adds type safety to appEvents (#19418)
* Docs: Split up Sharing topic (#19680)
* Update README.md (#19457)
* Docs: Link to architecture docs from Developer guide
(#19778)
* toolkit linter line number off by one (#19782)
* pkg/plugins: Check errors (#19715)
* Explore: updates live button to responsive button
* Explore: fixes live button margin
* Explore: fixes a responsive fold of live tailing button
* updated live tailing text
* updated live tail button - responsive fold
* updated toolbar - added media query for tail buttons
* Docs: Add docs on services (#19741)
* fix: export Bus on search service (#19773)
* Chore: Refactor GoConvey into stdlib for search service
(#19765)
* Quick typo fix (#19759)
* Docs: Fixes go get command in developer guide (#19766)
* Datasource: Add custom headers on alerting queries
(#19508)
* Docs: Add API style/casing rule (#19627)
* Explore: updates clear all button to responsive button
(#19719)
* pkg/infra: Check errors (#19705)
* Docs: Update Prometheus Custom Query Parameters docs.
(#19524)
* Docs: Fix playlist layout issues (#19739)
* Docs: Update instructions and flows in Playlist.md
(#19590)
* pkg/components: Check errors (#19703)
* UX: Fix empty space in select (#19713)
* pkg/login: Check errors (#19714)
* enforce GO111MODULE=on when running make run (#19724)
* Docs: Add Troubleshooting section to Developer guide
(#19721)
* Update README.md (#19551)
* Singlestat: Fixed issue with mapping null to text (#19689)
* Don't truncate IPv6 addresses (#19573)
* Tests: Fix runRequest test (#19711)
* Docs: Update pkg\README.md (#19615)
* Feature: Adds connectWithCleanup HOC (#19629)
* Docs: Add 'repository' case, and 'open source' to style
guide
* React group by segment poc (#19436)
* Graph: make ContextMenu potitioning aware of the viewport
width (#19699)
* pkg/api: Check errors (#19657)
* Explore: Synchronise time ranges in split mode (#19274)
* build: use vendored packages for circle backend tests
(#19708)
* Docs: Add correct casing for API and ID to style guide
(#19625)
* API: added dashboardId and slug in response after import
(#19692)
* Docs: Simplify README (#19702)
* Docs: Move dev guide from README (#19707)
* Explore: Expand template variables when redirecting from
dashboard panel (#19582)
* Alerting: Fix dates stored in local time when pausing
alerts (#19525)
* Explore/UI: Removes unnecessary grafana-info-box wrapper
around InfluxCheatSheet (#19701)
* Docs: Updating to 6.4.0 (#19698)
* Chore: Fixes lines that exceeded 150 chars (#19694)
* Chore: Updates latest.json for 6.4.2 (#19697)
* Chore: Updates Changelog for 6.4.2 (#19696)
* Docs: Update folder.md (#19674)
* build: use vendor folder for building (#19677)
* Table: Proper handling of json data with dataframes
(#19596)
* SharedQuery: Fixed issue when using rows (#19610)
* SingleStat: Fixes $__name postfix/prefix usage (#19687)
* Chore: Upgrade Docker images to Go 1.13.1 (#19576)
* Grafana Image Renderer: Fixes plugin page (#19664)
* Units: consistent Meter spelling and abbreviations
(#19648)
* CloudWatch: Changes incorrect dimension wmlid to wlmid
(#19679)
* Loki: Fix lookup for label key token (#19579)
* Documentation: Fix time range controls formatting (#19589)
* Docs: Add additional style rules (#19634)
* De-duplicate `lint-go` step (#19675)
* Docs: Update keyboard shortcuts formatting (#19637)
* AzureMonitor: Alerting for Azure Application Insights
(#19381)
* ci-build: Improve build-deploy script (#19653)
* Rename live option in queries (#19658)
* Docs: Update README.md (#19456)
* Docs: Update typos, make docs more consistent. (#19633)
* Docs: Fix operating system names (#19638)
* Docs: Move issue triage docs to contribute (#19652)
* DataFormats: When transforming TableModel -> DataFrame ->
Table preserve the type attribute (#19621)
* Graph: Updated auto decimals logic and test dashboard
(#19618)
* Graph: Switching to series mode should re-render graph
(#19623)
* Revert 'Feature: Adds connectWithCleanup HOC (#19392)'
(#19628)
* Feature: Adds connectWithCleanup HOC (#19392)
* Panels: Progress on new singlestat / BigValue (#19374)
* Units: fixed wrong id for Terabits/sec (#19611)
* Docs: General improvements to docs, and a fix in oauth
(#19587)
* Docs: Replace ampersands with and (#19609)
* Profile: Fix issue with user profile not showing more than
sessions some times (#19578)
* Azure Monitor : Query more than 10 dimensions ( Fixes
#17230 ) (#18693)
* Login: Show SAML login button if SAML is enabled (#19591)
* UI: Adds Modal component (#19369)
* Prometheus: Fixes so results in Panel always are sorted by
query order (#19597)
* Docs: Improve guides for contributing (#19575)
* Migration: Migrates Admin settings from angular to react
(#19594)
* Chore: Converts HelpModal from angular to react (#19474)
* Fix typo (#19571)
* Chore: Upgrade to Go 1.13 (#19502)
* Explore: Move data source loader into the select (#19465)
* Release: Fix issue with tag script on osx (#19557)
* Release: Update latest (#19559)
* Docs: Updates about Loki annotations (#19537)
* Theme: follow-up fix for snapshot
* UI: Centers the filter tags in input field (#19546)
* Update README.md (#19515)
* Docs: Updated changelog (#19558)
* Theme: fix theme issue
* Provisioning: Handle empty nested keys on YAML
provisioning datasources (#19547)
* Docs: updates to what's new in 6.4 (#19539)
* Loki: remove live option for logs panel (#19533)
* Chore: Updates to 6.4.0 stable (#19528)
* CloudWatch: Add ap-east-1 to hard-coded region lists
(#19523)
* ChangeLog: Release 6.4.0 Stable (#19526)
* Docs: Add notice about plugins that need updating (#19519)
* Panels: Skip re-rendering panel/visualisation in loading
state (#19518)
* Docs: LDAP Debug View documentation (#19513)
* Docs: reports feature (#19472)
* SeriesOverrides: Fixed issue with color picker
* Build: Fix building when $LDFLAGS is set (#19509)
* API: Add `createdAt` and `updatedAt` to api/users/lookup
(#19496)
* Fix logs panel image path
* Logs: Publish logs panel (#19504)
* Explore: Update broken link to logql docs (#19510)
* Chore: Remove console.log (#19412)
* Refactor: Split LogRow component (#19471)
* Build: Upgrade go to 1.12.10 (#19499)
* CLI: Fix version selection for plugin install (#19498)
* Upgrade grafana-plugin-model (#19438)
* grafana-ui: Moves slate types from devDependencies to
dependencies (#19470)
* Docs: Improve guide descriptions on docs start page #19109
(#19479)
* Explore: Generate log row uid (#18994)
* Editor: Brings up suggestions menu after clicking
suggestion (#19359)
* Docs: Add Live tail section in Explore (#19321)
* Docs: Add guide for developing on macOS (#19464)
* API: Add createdAt field to /api/users/:id (#19475)
* Docs: Updated heading to sentence case (#19450)
* grafana/toolkit: Remove hack to expose plugin/e2e exports
& types (#19467)
* Testdata: Rename package to circumvent convention in go
(#19409)
* Docs: Update package's manual release guide (#19469)
* Users: revert LDAP admin user page (#19463)
* Explore: Take root_url setting into account when
redirecting from dashboard to explore (#19447)
* Refactor: RefreshPicker export things as statics on class
(#19443)
* grafana/ui: Fix value time zone names to be capitalized
(#19417)
* Release: Make sure packages are released from clean git
state (#19402)
* Docs: Add styling.md with guide to Emotion at Grafana
(#19411)
* Docs: Update SECURITY.md (#19385)
* Debt: Simplifies actionCreatorFactory (#19433)
* Update PLUGIN_DEV.md (#19387)
* Release: Create cherrypick task work for enterprise repo
(#19424)
* Theme: Generate colors SASS
* DisplayFormat: use toLocaleString for infinity
* Docs: Update Loki docs with new syntax and features
(#19370)
* UI: Add orangeDark color to theme (#19407)
* grafana/toolkit: Improve contribution readme (#19400)
* Docs: Remove hard wrap (#19413)
* Tests: Adds throwUnhandledRejections to jest setup
(#19398)
* DataLinks: suggestions menu improvements (#19396)
* Dev: Sets `preserveSymlinks` to `false` in top-level
tsconfig (#19395)
* Build: fixed signing script issue with circle-ci (#19397)
* Docs: Update readme with info about ongoing migration
(#19362)
* PanelData: Adds timeRange prop to PanelData (#19361)
* Docs: Update Playlist.md (#19382)
* Update documentation-style-guide.md (#19389)
* Build: Fix correct sort order of merged pr's in cherrypick
task (#19379)
* dependencies: Update yarn.lock (#19377)
* ValueFormats: check for inf (#19376)
* Update UPGRADING_DEPENDENCIES.md (#19386)
* Update ROADMAP.md (#19384)
* Update SUPPORT.md (#19383)
* Update ISSUE_TRIAGE.md (#19280)
* Update datasource_permissions.md (#19336)
* MySQL: Limit datasource error details returned from the
backend (#19373)
* MySQL, Postgres: Update raw sql when query builder updates
(#19209)
* MySQL, Postgres, MSSQL: Fix validating query with template
variables in alert (#19237)
* Explore: Do not send explicit maxDataPoints for logs.
(#19235)
* grafana/ui: Add Timezone picker (#19364)
* Heatmap: use DataFrame rather than LegacyResponseData
(#19026)
* Explore: Refactor mode selection (#19356)
* Dashboard: Fix export for sharing when panels use default
data source (#19315)
* Azure Monitor: Revert support for cross resource queries
(#19115)' (#19346)
* grafana/ui: Add electrical units mAh and kAh (#19314)
* grafana/ui: Add Indian Rupee (INR) to currencies (#19201)
* Chore: Bump typescript to version 3.6.3 (#19308)
* Explore: Refactor live tail controls (#19328)
* Docs: Documentation for return-to-dashboard feature
(#19198)
* Select: Set placeholder color (#19309)
* Keybindings: Improve esc / exit / blur logic (#19320)
* Plugins: Skips existence of module.js for renderer plugins
(#19318)
* Explore: Fix unsubscribing from Loki websocket (#19263)
* Release: update latest.json (#19312)
* Docs: Uppercase HTTP acronyms (#19317)
* Multi-LDAP: Do not fail-fast on invalid credentials
(#19261)
* DataLinks: Small UX improvements to DataLinksInput
(#19313)
* Alerting: Prevents creating alerts from unsupported
queries (#19250)
* Chore: Update Slate to 0.47.8 (#19197)
* Chore: Upgrades react-redux to version 7.1.1 (#19272)
* Docs: Update documentation-style-guide.md (#19292)
* Admin/user: fix textarea postion in 'Pending Invites' to
avoid page scrolling (#19288)
* Changelog update for 6.3.6
* Revert 'Changelog update for 6.3.6'
* Changelog update for 6.3.6
* Build: Split up task in the CI pipeline to ease running
outside circleci (#18861)
* Build: Scanning grafana master docker image with trivy in
ci (#19195)
* Dashboard: Hides alpha icon for visualization that is not
in alpha/beta stage #19300
* Update changelog task to generate toolkit changelog too
(#19262)
* QueryEditor: Clean-up interface to only have one PanelData
(#19249)
* Docs: Add style rule for Git (#19277)
* Docs: Update CONTRIBUTING.md (#19273)
* Docs: Add glossary (#19148)
* Docs: Add style guide for docs (#19190)
* Vector: remove toJSON() from interface (#19254)
* MySQL, Postgres, MSSQL: Only debug log when in development
(#19239)
* Graphite: Changed range expansion from 1m to 1s (#19246)
* AlertBox: Merged Alertbox into Alert (#19212)
* Explore: live tail UI fixes and improvements (#19187)
* Docs: Update theming docs (#19248)
* grafana/toolkit: Fix toolkit not building @grafana/toolkit
(#19253)
* CloudWatch: ContainerInsights metrics support (#18971)
* Alerting: Truncate PagerDuty summary when greater than
1024 characters (#18730)
* grafana/toolkit: Add plugin scaffolding (#19207)
* Snapshots: store DataFrameDTO instead of MutableDataFrame
in snapshot data (#19247)
* Revert 'Graphite: Changed range expansion from 1m to 1s,
#11472'
* Graphite: Changed range expansion from 1m to 1s, #11472
* Fix docs issues (#19240)
* Docs: Minor edits to the README and several md files
(#19238)
* LDAP: Show non-matched groups returned from LDAP (#19208)
* plugins: expose whole rxjs to plugins (#19226)
* SQL: Rewrite statistics query (#19178)
* CI: Update frontend ci metrics for strict null checks
* grafana/ui: Add disabled prop on LinkButton (#19192)
* Cloudwatch: Fix autocomplete for Gamelift dimensions
(#19145) (#19146)
* Backend: Remove redundant condition of `ROLE_VIEWER`
(#19211)
* FieldDisplay: Update title variable syntax (#19217)
* Docs: Note when using For and No Data in alert rule
(#19185)
* Docker: Upgrade packages to resolve reported
vulnerabilities (#19188)
* MSSQL: Revert usage of new connectionstring format
(#19203)
* Prometheus: datasource config with custom parameters
string (#19121)
* Contributing: Add guidelines for contributing docs
(#19108)
* LDAP debug page: deduplicate errors (#19168)
* Menu: fix menu button in the mobile view (#19191)
* Dashboard: Fixes back button styles in kiosk mode (#19165)
* API: adds redirect helper to simplify http redirects
(#19180)
* docs: image rendering (#19183)
* Chore: Update latest.json (#19177)
* Chore: Update version to next (#19169)
* Docs: What's new in 6.4 update (#19175)
* Devenv: create slow_proxy_mac (#19174)
* Chore: Changelog for v6.4.0-beta1 (#19171)
* Revert 'Chore: Update Slate to 0.47.8 (#18412)' (#19167)
* Chore: Update Slate to 0.47.8 (#18412)
* Changelog: Breaking changes and deprecation notes for v6.4
(#19164)
* Docs: What's new 6.4 draft (#19144)
* Docs: Add docs around feature toggles config (#19162)
* Azure Monitor: Add support for cross resource queries
(#19115)
* Api: Readonly datasources should not be created via the
API (#19006)
* Explore: Update live tail buttons (#19143)
* LDAP: only show tab if LDAP is enabled (#19156)
* TimePicker: Fixes onBlur issue with FireFox on MacOS
(#19154)
* Feature: Encapsulated dynamic imports with error boundary
and suspense (#19128)
* Metrics: Adds setting for turning off total stats metrics
(#19142)
* Add directions for more details provided when not anymore
on issue triage (#19116)
* grafana/data: Reorganise code (#19136)
* Login: fix Footer to be visible (#19147)
* Chore: fix prettier error after github suggestions commit
(#19150)
* Alerts: show a warning/error if transformations are
configured (#19027)
* Explore: No logs should show an empty graph (#19132)
* Ldap: Add LDAP debug page (#18759)
* Elasticsearch: allow templating queries to order by
doc_count (#18870)
* Chore: cross-package security bumps (#19131)
* Close the connection only if we establish it. (#18897)
* Fix: Fixes crash using back button with zoomed graph
(#19122)
* Routing: Update routing to require sign in on every route
(#19118)
* Graph: constant series as override (#19102)
* Login: fix login page failing when navigating from reset
password views (#19124)
* DataFrame: Fixes to dealing with empty results (#19119)
* Explore: calculate intervals when building data source
request (#19107)
* Graph: Adds onHorizontalRegionSelected (#19083)
* Loki: Updated cheat sheet with new filter syntax (#18947)
* grafana/toolkit: Find module files correctly and add basic
error tracing (#19089)
* Templating: Clicking Selected should deselect all if 1 or
more are already selected (#19104)
* NotificationChannels: Add delete button to edit page
(#19103)
* Dashboard: Fix arrow positioning in button while in panel
edit mode (#19084)
* Update _index.md (#19045)
* CLI: Fix installing plugins on windows (#19061)
* LDAP: Allow an user to be synchronised against LDAP
(#18976)
* Docs: Adds a requirements page (#18917)
* DataLinks: enable access to labels & field names (#18918)
* Singlestat: fix format messes up on negative values if
select duratio… (#19044)
* Explore: Move throttling before processing (#19095)
* Prometheus: Fix response states (#19092)
* Explore: Fix how log bars in graph are stacking (#19015)
* Explore: Add throttling when doing live queries (#19085)
* Stackdriver: Add extra alignment period options (#18909)
* QueryProcessing: Added missing error event for angular
editors (#19059)
* Explore: Fixes issue with lastResult being null (#19081)
* GraphPanel: don't listen to legacy onDataReceived events
(#19054)
* QueryProcessing: Fixes showing last result in initial
loading state (#19057)
* toolkit: fix master build, avoid null check (#19055)
* Auth: Allow inviting existing users when login form is
disabled (#19048)
* MSSQL: Fix memory leak when debug enabled (#19049)
* Update CONTRIBUTING.md (#19051)
* Update README.md (#19047)
* toolkit: pipe execa output to console.stdout (#19052)
* QueryProcessing: Observable query interface and RxJS for
query & stream processing (#18899)
* Fix exit live mode icon: change back to Stop. (#19043)
* Loki: Fix vertical alignment issue in label selector
(#18943)
* Fix: Align buttons and label in ToggleButtonGroup (#19036)
* toolkit: run make for backend plugins (#19029)
* Explore: Fix auto completion on label values for Loki
(#18988)
* TimeSeries: Replace fieldName with fieldIndex (#19030)
* DataLinksInput - change the way enter key is handled
(#18985)
* TimeSeries: Add data frame index and field name (#19005)
* Packages: update versioning and release process (#18195)
* API: Add `updatedAt` to api/users/:id (#19004)
* PageContent: fix logic in Page.Contents (#19002)
* Calcs: Fixed calc reducer (#18998)
* AlphaNotice: replaced big popover tooltip with native
tooltip (#18997)
* grafana/ui: Add Time of day picker (#18894)
* QueryOptions: update maxDataPoints text and show any value
that is configured (#18761)
* Piechart: fix unit selector when scrolling is required
(#18932)
* Refactor: Move sql_engine to sub package of tsdb (#18991)
* Refactor: move ScopedVars to grafana/data (#18992)
* Units: Adding T,P,E,Z,and Y bytes (#18706)
* Image rendering: Add deprecation warning when PhantomJS is
used for rendering images (#18933)
* Singlestat: render lines on the panel when sparklines are
enabled (#18984)
* Explore: Unify background color for fresh logs (#18973)
* Annotations: Add annotations support to Loki (#18949)
* TimeSeries: datasources with labels should export tags
(not labels) (#18977)
* Explore: UX/UI improvements for pausing and resuming of
live tailing (#18931)
* Annotations: Fix query editor rendering on datasource
change (#18945)
* Bump lodash-es from 4.17.11 to 4.17.15 (#18963)
* Bump fstream from 1.0.11 to 1.0.12 (#18962)
* Bump mixin-deep from 1.3.1 to 1.3.2 (#18960)
* Bump lodash.template from 4.4.0 to 4.5.0 (#18961)
* Alerting: fix response popover prompt when add
notification channels (#18967)
* Build: Fix potential case-insensitive import collision for
github.com/Unknwon/com (#18915)
* MixedDataSource: refactor, cleanup, and add tests (#18948)
* Bump lodash.mergewith from 4.6.1 to 4.6.2 (#18959)
* Units: Add electrical charge - ampere-hour unit
* Transformers: configure result transformations after
query(alpha) (#18740)
* grafana/toolkit: Add default mock for stylesheet imports
for Jest (#18955)
* grafana/toolkit: Improve readme (#18747)
* Docs: Add PR review practices link (#18937)
* Build: Allow extending of LDFLAGS in build.go (#18954)
* Build: Support SOURCE_DATE_EPOCH for reproducible builds
(#18953)
* LDAP: Fetch teams in debug view (#18951)
* Dashboard: Fixes dashboard overwriting behavior (#18944)
* Grafana: Create new playlist/dashboard/channel card is not
visible when there are no items in the list (#18890)
* Storybsck: fix type error (#18934)
* Sass: changed color in gradient in template files to lower
case (#18921)
* Notification is sent when state changes from no_data to ok
(#18920)
* SASS: Add pointer events none to .disabled class (#18919)
* Explore: Adds ability to save a panel's query from Explore
(#17982)
* Loki: support loki with streaming in dashboards (#18709)
* UserProfile: convert user organizations section to react
(#18707)
* Annotations: Check that timeEnd if defined before
comparing to avoid false truthiness (#18903)
* Sass: Align generated file with tmpl (#18896)
* LDAP: Add API endpoint to query the LDAP server(s) status
(#18868)
* Add South African Rand (ZAR) to currencies (#18893)
* Annotations: check if the name exists before creating a
new annotation (#18880)
* ErrorHandling: Error boundary for every container (#18845)
* Precommit: Fixed precommit task issue (#18883)
* Docs: Quick typo fix in readme (#18874)
* CI: no longer using grafana-master... package. (#18884)
* Styles: fixed gradient in logo so it doesn't go outside
the logo and get a defined start and end color, changed
brand gradient to be the same as in logo, created new
variable for vertical gradient (#18882)
* Webpack: Fix accidental double typechecking (#18881)
* Explore: elastic small fixes (#18879)
* Explore: Add typings for queryTransaction.request (#18847)
* LDAP: Add API endpoint to debug user mapping from LDAP
(#18833)
* PanelQueryState: restore comment
* grafana/toolkit: fix common webpack config (#18862)
* Explore: Use DataFrame to derive graph/table/logs (#18859)
* Updated is time series test
* Fixed unit test
* alerting: add lock on job to prevent a race condition
(#18218)
* Reworked ResultProcessor tests
* Explore: everything seems to be working again
* WIP: Use data frames in explore
* Explore: Allow pausing and resuming of live tailing
(#18836)
* CI: stop deployment to s3 (#18831)
* Performance/Webpack: Introduces more aggressive
code-splitting and other perf improvements (#18544)
* Explore: Introduces PanelData to ExploreItemState (#18804)
* Core: Adding DashboardPicker component (#18811)
* Git: Precomit hook slimmed down
* DataSourceSettings: Fixed issue changing data source name,
fixes #18660 (#18826)
* Prometheus: Fixed Prometheus query editor error (plus new
ErrorBoundaryAlert component) (#18838)
* Explore: Style panel containers (#18834)
* Snapshot: Fix http api (#18830)
* Open new window when exploring panel metrics (#18802)
* Release: update latest.json
* Docs: Update changelog with v6.3.5 issues (#18827)
* Build: Update ua-parser/uap-go (#18788)
* Build: Use the latest build container which has go 1.12.9
(#18807)
* DataFrame: split DataFrameHelper into MutableDataFrame
and FieldCache (#18795)
* MixedDatasource: don't filter hidden queries before
sending to datasources (#18814)
* Enterprise: add dependencies for upcoming features
(#18793)
* Editor: Fixes issue where only entire lines were being
copied (#18806)
* Explore: Fixed query status issue (#18791)
* DashboardMigrator: Fixed issue migrating incomplete panel
link models (#18786)
* Explore: Fixes query hint issues (#18803)
* Build: Optional skipping of typescript checking in dev
bundler (#18772)
* Docs: Improve API tutorial intro content and readability
(#18762)
* Panels: Destroy panel model when recreating repeated
panels (#18799)
* Singlestat: Various fixes to singlestat and DataFrame
(#18783)
* Explore: Fixed issue in PanelQuery state arround
cancellation (#18771)
* Going to Explore from a panel with mixed data sources now
works (#18784)
* Changelog update (#18780)
* Explore: Add memoization and remove unused props (#18775)
* Prometheus: Changes brace-insertion behavior to be less
annoying (#18698)
* Datasource: Support min time interval input in ms (#18719)
* Explore: Use PanelQueryState to handle querying (#18694)
* Chore: Improve err message for notifications (#18757)
* @grafana/toolkit: add package versions to the ci report
(#18751)
* @grafana/data: Matchers and Transforms (#16756)
* Docs: Document LDAP config reload in admin http api
(#18739)
* center NoDataSourceCallToActionCard in Explore (#18752)
* DataLinks: enable data links in Gauge, BarGauge and
SingleStat2 panel (#18605)
* DashboardDatasource: reuse query results within a
dashboard (#16660)
* Plugins: show a clear error on the plugin page when it
failed to load (#18733)
* Chore: Use ruleId instead of alertId as log keyword
(#18738)
* @grafana/data: improve the CircularVector api (#18716)
* QueryEditor: check if optional func toggleEditorMode is
provided (#18705)
* Emails: remove the yarn.lock (#18724)
* OAuth: Support JMES path lookup when retrieving user email
(#14683)
* Emails: resurrect template notification (#18686)
* Email: add reply-to and direct attachment (#18715)
* Dashboard: Adds Logs Panel (alpha) as visualization option
for Dashboards (#18641)
* Heatmap: Add Cividis and Turbo color schemes (#18710)
* Units: add counts/sec (cps) and counts/min (cpm) in
Throughput (#18702)
* Dev Docker: Use golang:1.12.9-alpine to prevent glibc
mismatch. (#18701)
* Docs: Fix broken link for the Grafana on RHEL or Ubuntu
tutorial (#18697)
* Fixes several usability issues with QueryField component
(#18681)
* convert teams section of user profile to react (#18633)
* Singlestat/Gauge/BarGauge: Improvements to decimals logic
and added test dashboard (#18676)
* Emails: Change text (#18683)
* Streaming: improve JSDocs for DataSourceAPI streaming
support (#18672)
* TimeSrv: Enable value time windowing in TimeSrv (#18636)
* Explore: Fixes so Show context shows results again
(#18675)
* Graph: Updated y-axis ticks test dashboard (#18677)
* Add typings to package.json in packages (#18640)
* Plugins: better warning when plugins fail to load (#18671)
* SingleStat2: save options to defaults not override
(#18666)
* Packages: Fix path import from grafana/data (#18667)
* SingleStat: use DataFrame results rather than
TimeSeries/TableData (#18580)
* TestData: attach labels to series results (#18653)
* Singlestat: Disable new singlestat gauge usage (#18610)
* Explore: Fixes query field layout in splitted view for
Safari browsers (#18654)
* MSI: new long file names are causing error building MSI
(#18646)
* Auth: change the error HTTP status codes (#18584)
* Refactor: EmptyListCTA (#18516)
* Build: Upgrade to go 1.12.9 (#18638)
* Chore: Revert React 16.9.0 bump (#18634)
* Azure Monitor and Log Analytics converted and separated
into components (#18259)
* Rewrite user profile edit to react (#17917)
* Docs: remove codecov badge (#18623)
* Prometheus: Prevents panel editor crash when switching to
Prometheus datasource (#18616)
* Chore: Rename Popper to Popover (#18543)
* SingleStat: add a gauge migration call to action button in
the editor (#18604)
* Build: update revive dependency (#18585)
* LDAP: multildap + ldap integration (#18588)
* Docker: switch docker image to alpine base with phantomjs
support (#18468)
* Backend: Adds support for HTTP/2 (#18358)
* Explore: Fixes error when switching from prometheus to
loki data sources (#18599)
* TimePicker: Set time to to 23:59:59 when setting To time
using calendar (#18595)
* Prometheus: Return labels in query results (#18535)
* Docs: Update changelog and docs for annotation region
change (#18593)
* Refactor: move KeyValue and deprecation warning to
@grafana/data (#18582)
* Annotations: use a single row to represent a region
(#17673)
* Docs: Update upgrading guide (#18547)
* Docs: Adds tests requirement to bugs checklist (#18576)
* DataFrame: convert from row based to a columnar value
format (#18391)
* Packages: Temporarily skip canary releases if packages
build fail (#18577)
* Update latest.json to latest stable version (#18575)
* Docs: Update changelog for v6.3.3 (#18569)
* Graph: Fixed issue clicking on series line icon (#18563)
* grafana/toolkit: Unpublish previous 'next' version when
releasing a new one (#18552)
* Toolkit: write PR report to a folder with the circle build
number (#18560)
* CI: Fail build if yarn.lock is not up to date (#18555)
* Chore: Updates react-dependant packages to address react
warnings (#18549)
* Prometheus: Fix regression of rerunning query on
legend/interval change (#18147)
* Explore/Prometheus: More consistently allows for
multi-line queries (#18362)
* Login: Fixes undefined redirect (#18545)
* Plugins: expose react-redux, redux (#18501)
* TimeSeries: assume values are all numbers (#18540)
* Login: Angular to React (#18116)
* InfoTooltip: Info icon with tooltip (#18478)
* Annotations: Fix failing annotation query when time series
query is cancelled (#18532)
* remotecache: support SSL with redis (#18511)
* QueryData: Handle that response data must be array
(#18504)
* React: Rename deprecated UNSAFE_componentWillReceiveProps
(#18526)
* Explore: Replaces TimeSeries with GraphSeriesXY (#18475)
* API: Restrict anonymous user information access (#18422)
* Fix: failing build after React bump (#18514)
* strictNullChecks: First batch (#18390)
* Chore: bump React to 16.9.0 (#18502)
* Docs: Adds a new security section (#18508)
* Docs: Update issue triage doc with external PRs section
(#18464)
* Typo: fix typo in processDataFrame.ts comment (#18492)
* Explore: Fix loading error for empty queries (#18488)
* Fix: Fixes stripping of $d in Explore urls (#18480)
* grafana/ui: fix toTimeTicks error (#18448)
* Docs: Adds details to Pull Request Checklist (#18471)
* DataLinks: respect timezone when displaying datapoint's
timestamp in graph context menu (#18461)
* Chore: strictNullChecks, ColoringEditor and
time_region_manager (#18442)
* Backend: Do not set SameSite cookie attribute if
cookie_samesite is none (#18462)
* DataLinks: Apply scoped variables correctly (#18454)
* DataLinks: Use datapoint timestamp correctly when
interpolating variables (#18459)
* API: Minor fix for team creation endpoint when using API
key (#18252)
* Login: Adjust space between skip and its icon (#18407)
* Docs: Update Auth Proxy documentation (#18444)
* Docs: Minor Readme update (#18438)
* OAuth: return GitLab groups as a part of user info (enable
team sync) (#18388)
* Fix: Avoid glob of single-value array variables (#18420)
* DataLinks: Enable multiple data links per panel (#18434)
* Markdown: Handle undefined/null strings (#18433)
* Docs: Update changelog and latest with 6.3.1 and 6.3.2
releases (#18437)
* Explore: Fixes Legend overflow in splitted view (#18396)
* Docs: changelog for docker 6.3 (#18429)
* Panels: Fixed crashing dashboards with panel links
(#18430)
* DataFrame: remove dateFormat (#18424)
* backend: null.Float NaN -> null for json marshal (#18284)
* Frontend: adds folder name in home dash choose menu
(#18346)
* TestData: Query variable support (nested + glob queries)
(#18413)
* Update latest.json (#18417)
* Changelog 6.3.0 (#18414)
* PanelLinks: Fix render issue when there is no panel
description (#18408)
* e2e tests: Make pageObjects mandatory (#18406)
* Documentation: document the 'Mixed' Data Source (#18398)
* Explore: Moves GraphSeriesXY and DisplayValue to
grafana/data (#18400)
* Explore: Fixes incorrect handling of utc in timeEpic
(#18386)
* Postgres: Add support for scram sha 256 authentication
(#18397)
* Update behind_proxy.md with linkback to nginx.com (#18150)
* Do not set SameSite for OAuth cookie if cookie_samesite is
None (#18392)
* Gauge/BarGauge: Rewrite of how migrations are applied
(#18375)
* MSSQL: Change connectionstring to URL format to fix using
passwords with semicolon (#18384)
* CloudWatch: Fix alerting for queries with Id (using
GetMetricData) (#17899)
* Chore: Update strictNullChecks error limit (#18387)
* Chore: Fixes some strict errors (#18381)
* Graph: Improved graph tick decimals logic arround
significant digits (#18370)
* CI: Added metric to track strict null erros (#18379)
* Auth: Do not search for the user twice (#18366)
* grafana/toolkit: improve CI task (#18189)
* Alerting: Also include configured AlertRuleTags in
Webhooks (#18233)
* Loki: Apply start parameter to speed up test query
(#18266)
* Docs: Changelog 6.3.0 beta4 (#18359)
* Select: Fixes issue where ToggleButtonGroup overlapped
DataSourcePicker in Firefox (#18361)
* SignIn: Update redirect on reroute (#18360)
* Gauge/BarGauge: Support decimals for min/max
toFloatOrUndefined (#18368)
* FieldDisplay: Return field defaults when there are no data
(#18357)
* Auth: introduce more tests for middleware module (#18365)
* Docs: updated latest.json (#18363)
* LDAP: nitpicks (#18309)
* Docs: mention unsupported versions of PostgreSQL (#18307)
* Navigation: Fixed double settings menus (#18349)
* Build: allow bash to expand the wildcard (#18354)
* Gauges: Fixes error when mappings array was undefined
(#18353)
* Frontend: Fixes progress tracker close button to use
`$link-hover-color` (#18352)
* Frontend: Fixes hard-coded font-weight properties to use
variables (#18350)
* LDAP: Align ldap example with the devenv testdata (#18343)
* Auth: consistently return same basic auth errors (#18310)
* cli: fix for recognizing when in dev mode. (#18334)
* QueryEditors: Fixes flakey text edit mode toggle (#18335)
* Refactor: use data rather than series in stream
callback(#18126)
* Keybindings: Disable on login url (#18331)
* Fix failing end to end tests job for release (#18323)
* Fix OAuth error due to SameSite cookie policy (#18332)
* Chore: noImplictAny no errors left (#18303)
* [Shortcuts] Fixes shortcuts for moving time range
backwards and forwards (#18305)
* TablePanel: Remove scroll option on TablePanel (#18318)
* Keyboard Shortcuts: Sign in to enable them (#18271)
* GitHub Templates: Pull Request Template update (#18300)
* Auth Proxy: Include additional headers as part of the
cache key (#18298)
* grafana/toolkit: support windows paths (#18306)
* Chore: noImplicitAny Sub 500 errors (#18287)
* Plugins: return a promise for loadPluginCss (#18273)
* Utils: avoid calling console.warn() too often for
deprecation warnings (#18269)
* CLI: Allow installing custom binary plugins (#17551)
* Docs: Update link to example app (#18253)
* GettingStarted: Skip Query for getting started (#18268)
* v6.3.0-beta2 is latest testing (#18283)
* Release: Changelog update with v6.3.0-beta2 (#18281)
* Chore: Upgrades typescript to version 3.5 (#18263)
* docs: team sync (#18239)
* SAML: Only show SAML login button on Enterprise version
(#18270)
* Permissions: Show plugins in nav for non admin users but
hide plugin configuration (#18234)
* CI: Change target branch in CI task trigger-docs-update
(#18255)
* Plugins: Include build number and PR in metadata (#18260)
* Run End-to-End tests for release builds (#18211)
* DataLinks: Fixed interpolation of series name, fixes
#18250 (#18251)
* Timerange: Fixes a bug where custom time ranges didn't
respect UTC (#18248)
* Loki: Remove prefetching of default label values (#18213)
* Build: fix use of env vars in parentheses execs (#18249)
* TimePicker: Increase max height of quick range dropdown
(#18247)
* TimePicker: Fixed css issue casued by CSS Optimizer
(#18244)
* Revert 'Timerange: Fixes a bug where custom time ranges
didn't respect UTC (#18217)' (#18246)
* Timerange: Fixes a bug where custom time ranges didn't
respect UTC (#18217)
* LDAP: improve POSIX support (#18235)
* Instrumentation: Add failed notifications metric (#18089)
* Docs: update links to sample plugins (#18240)
* Build: Removed webpack from default grunt task, fixes
#18232 (#18242)
* Packages: update package.json files (#18173)
* Replaced ubuntu:latest with ubuntu:18.04; specific image
version to make grafana build images consistent (#18224)
* Build: correct verify script (#18236)
* remote_cache: Fix redis connstr parsing (#18204)
* Auth: do not expose disabled user disabled status (#18229)
* Build: Introduce shellcheck (#18081)
* Docs: Update documentation with new SAML features (#18163)
* Typo: fix threshodsWithoutKey (#18228)
* alerting: more specific error when missing threshold
(#18221)
* Graph: fix time label description for datalink suggestions
(#18214)
* Explore: Reduce default time range to last hour (#18212)
* alerting: return err when SetAlertState fails to save to
sql (#18216)
* PhantomJS: Fixes rendering on Debian Buster (#18162)
* Docs: sudo is required on the apt-key add not on wget
(#18180)
* Build: watch and dev mode webpack improvements (#18153)
* Plugin: AzureMonitor - Reapply MetricNamespace support
(#17282)
* Refactor: move end-to-end test infrastructure to
@grafana/toolkit (#18012)
* SAML: add auth provider label (#18197)
* Plugins: avoid app importDashboards() NPE (#18128)
* Plugins: fix previous commit, output 'build' property in
json
* SAML: add metrics (#18194)
* Plugins: add build info to plugin metadata (#18164)
* datasource: testdata - add predicatable csv wave scenario
(#18183)
* Docs: SAML idp_metadata_url option (#18181)
* Panel: Show error in edit mode (#18175)
* E2E: saving a dashboard should wait for success (#18171)
* @grafana/toolkit: integrate latest improvements (#18168)
* Build: change definition of the vars in makefile (#18151)
* noImplicitAny: Down approx 200 errors (#18143)
* datasource: testdata - add predictable pulse scenario
(#18142)
* Minor 6.3.0 beta1 changes (#18048)
* Docs: SAML (#18069)
* Docs: prioritize use of `make run` to `bra` (#18154)
* Fix provision alerts generation script (#18145)
* SQLStore: use bscl pointer instead of string (#18111)
* Registry: add a reusable function registry (#17047)
* grafana/toolkit: test improvements and show stats (#18137,
#18138)
* Metrics: use consistent naming for exported variables
(#18134)
* Build: copy .browserslistrc to node build container
(#18141)
* @grafana/toolkit: HtmlWebpackPlugin when in watch mode
(#18130)
* update yarn.lock (#18125)
* grafana/toolkit: prettier and lint fix in dev mode
(#18131)
* Chore: Fix about 200 noImplicitAny errors (#18067)
* Build: allow dynamically change docker image (#18112)
* grafana/toolkit: update the way config is being passed to
jest cli (#18115)
* Build: detect changes to packages based on the git diff
(#18118)
* Build: Release packages under next tag when changes
detected on master (#18062)
* SQLStore: allow to look for `is_disabled` flag (#18032)
* Metrics: add LDAP active sync summary metric (#18079)
* Docs: correct issue_triage.md texts
* ValuMapping: start with some values (#18092)
* Docs: Simplify download links & instructions and make
download link clearer (#18090)
* FieldDisplay: move threshold and mapping to Field (#17043)
* InfluxDB: Enable interpolation within ad-hoc filter values
for InfluxDB data source (#18077)
* Docs: Move data links down (#18072)
* grafana/toolkit: improve CircleCI integration (#18071)
* Build: consistently reference go binary (#18059)
* devenv: Fix typo in nginix docker for mac (#18068)
* noImplicitAny: 1670 errors (#18035)
* Add missing pull requests to Changelog (#18061)
* provisioning: escape literal '$' with '$$' to avoid
interpolation (#18045)
* grafana/toolkit: improve CircleCI stubs (#17995)
* Docs: clarify the ttl units (#18039)
* Update docs readme for running MySQL/Postgres tests
* Auth: Duplicate API Key Name Handle With Useful HTTP Code
(#17905)
* Chore: upgrade node-sass to 4.12.0 (#18052)
* API: Minor fix for nil pointer when trying to log error
during creating new dashboard via the API (#18003)
* Chore: update lodash (#18055)
* Update latest.json (#18043)
* Update Changelog (#18042)
* Chore: bump master version number to 6.4.0-pre
* Explore/Loki: Display live tailed logs in correct order
(#18031)
* Fix unused variable errors (#18030)
* Docs: First draft of whats new in 6.3 (#17962)
* Packages: create shared tsconfig.json (#18010)
* CLI: Fix encrypt-datasource-passwords fails with sql error
(#18014)
* LDAP: Adds bind before searching LDAP for non-login cases.
(#18023)
* Users: show badges for each auth provider (#17869)
* Loki: Don't use _ numerical separator (#18016)
* grafana-cli: allow installing plugins from a local zip
file (#18021)
* grafana/toolkit: Copy or extract static files (#18006)
* Packages: Use lerna for release orchestration (#17985)
* AnnoList: add alpha annotations list plugin (#17187)
* grafana/toolkit: Use babel-plugin-angularjs-annotate
(#18005)
* CSV Export: Timezone based on dashboard setting (#18002)
* LDAP: Adds back support for single bind. (#17999)
* Reducers: consistent result for first/last reducer
shortcut (#17911)
* SAML: Show SAML login button even if OAuth is disabled
(#17993)
* Fix: Break redirect loop if oauth_auto_login = true and
OAuth login fails (#17974)
* Refactor: fix range util imports (#17988)
* Refactor: move dom utils to @grafana/ui (#17976)
* Docs: Documents new features available with Loki data
source in Explore (#17984)
* Prometheus: added time range filter to series labels query
(#16851)
* Explore: Adds support for new loki 'start' and 'end'
params for labels endpoint (#17512)
* Chore: Removes custom debounce utility in favor of
lodash/debounce (#17977)
* Api: Fix auth tokens returning wrong seenAt value (#17980)
* Refactor: move more files to @grafana/data (#17972)
* @grafana/data: export dateMath and rangeUtil (#17971)
* Refactor: move some files to @grafana/data (#17952)
* noImplicitAny: Azure Monitor (#17966)
* grafana/toolkit: initial CI task and various small
improvements (#17914)
* First version of prettier checks in toolkit (#17964)
* LDAP: finishing touches (#17945)
* Graphite: Refactor lexer and parser (#17958)
* noImplicitAny: Datasource files, under 2500 (#17959)
* Auth: saml enabled check. (#17960)
* Auth: SAML login button. (#17932)
* grafana/toolkit: Add support for extensions styling
(#17938)
* Datasource: Refactor Graphite to class (#17942)
* SAML: Configuration defaults, examples and dependencies
(#17954)
* OAuth: deny login for disabled users (#17957)
* Build: Adds pre-commit check that fails if node versions
are not synced (#17820)
* Docs: minor ha-setup edit (#17950)
* Docs: Added very basic docs about revoking user sessions
(#17931)
* Docs: Updates documentation regarding logs integration in
Explore (#17896)
* noImplicitAnys: Fix InfluxDB type issues #17937)
* TimePicker: align position between dashboard and explore
(#17940)
* AzureMonitor: remove duplicate query logic on the frontend
(#17198)
* UserProfilePage: Fix team avatar urls #17866 (#17930)
* Explore: Introduces storage keys for last used data source
on per-orgId basis (#17934)
* Docs: added version notice to new ldap feature docs
(#17929)
* Explore: Restricts query text edit toggle to metrics mode
(#17921)
* grafana/runtime: Expose SystemJS from @grafana/runtime
(#17927)
* Templating: Correctly display __text in multi-values
variable after refresh (#17918)
* grafana/toolkit: bundle plugins with webpack (#17850)
* Explore: Adds orgId to URL for sharing purposes (#17895)
* grafana/toolkit: copy sass files (#17888)
* ChangePassword: Rewrite change password page to react
(#17811)
* AngularPanels: Fixed loading state indication for angular
panels (#17900)
* Explore: Adds support for toggling text edit mode in
explore (#17870)
* LDAP: Divide the requests (#17885)
* Build: fixes missing shebang in release tagging script.
(#17894)
* Teams: show proper label for each auth provider (#17860)
* Logging: Login and Logout logging actions (#17760)
(#17883)
* Loki: Adds comment explaining usage of RFC3339Nano string
(#17872)
* Explore: Query rows are now reset when changing data
sources (#17865)
* Codestyle: add guidelines for removing the m alias for
models (#17890)
* Docs: How to work with themes (#17876)
* Docs: Fix developing plugins index page (#17877)
* StatsPicker: Fix multiple value input layout etc. (#17827)
* Chore: Build grafana-cli when running bra run (#17788)
* Build: use golangci-lint as a make command (#17739)
* Explore:?Log highlights only update when user stops typing
(#17845)
* Loki: getHighlighterExpressionsFromQuery Returns null if
filter term is not quoted (#17852)
* Docs upgrading deps (#17657)
* Testing: Include BatchRevoke for all tokens in the fake.
(#17728)
* Refactor: rename SeriesData to DataFrame (#17854)
* devenv: switch OpenTSDB docker block (#17849)
* Devenv:LDAP: couple simplifications for LDAP (#17807)
* Login: divide login errors by pkg and service (#17835)
* Auth Proxy: Respect auto_sign_up setting (#17843)
* OAuth: return github teams as a part of user info (enable
team sync) (#17797)
* noImplicitAny: Sub 3000 errors (#17821)
* TimePicker: Style and responsive fixes, restored dashboard
settings (#17822)
* Templating: Correctly display __text in multi-values
variable (#17840)
* Elasticsearch: Fix default max concurrent shard requests
(#17770)
* Explore: Fix filter by series level in logs graph (#17798)
* Docs: Add v6.3 version notes and encryption format
information (#17825)
* Graphite: use POST for /metrics/find requests (#17814)
* Dashboard: Force update after dashboard resize (#17808)
* Toolkit: moved front end cli scripts to separate package
and introduced very early version of plugin tools
* Explore: Uses new TimePicker from Grafana/UI (#17793)
* Explore: Uses RFC3339Nano string to retrieve LogRow
contexts from Loki API (#17813)
* noImplicitAny: Lower count to about 3450 (#17799)
* Graphite: Fixes issue with seriesByTag & function with
variable param (#17795)
* noImplicitAny: Reduce errors to 3800-ish (#17781)
* Graphite: remove feature that moves alias function last
(#17791)
* Explore: Adds URL support for select mode (#17755)
* TestData: add option to increase the number of test
streams (#17789)
* Usage Stats: Update known datasource plugins (#17787)
* Docs: Adds section on Querying Logs for Elasticsearch
(#17730)
* Docs: Adds section on Querying Logs for InfluxDB (#17726)
* Devenv: makes the grafana users default for saml. (#17782)
* Explore: Displays only one Time column as configured in
TimeZone settings (#17775)
* Markdown: Replace rendering library (#17686)
* ApiKeys: Fix check for UTC timezone (#17776)
* Prometheus: Minor style fix (#17773)
* Docs: fixed notifications table
* Auth: Allow expiration of API keys (#17678)
* 17278 prometheus step align utc (#17477)
* Docs: Update release guide (#17759)
* release: update latest.json to v6.2.5 (#17767)
* release: 6.2.5 changelog (#17766)
* Fix typo s/Applicaiton/Application/ in error messages
(#17765)
* UserAdmin: UI for disabling users (#17333)
* API: get list of users with additional auth info (#17305)
* TimePicker: fixed minor issues with new timepicker
(#17756)
* Explore: Parses and updates TimeSrv in one place in
Explore (#17677)
* @grafana/ui: release (#17754)
* Password: Remove PasswordStrength (#17750)
* Devenv:SAML: devenv block with saml test app (#17733)
* LDAP:Docs: add information on LDAP sync feature and update
LDAP sync default (#17689)
* Graph: Add data links feature (click on graph) (#17267)
* Explore: Changes LogsContainer from a PureComponent to a
Component (#17741)
* Chore: Remove tether and tether drop dependency in
grafana/ui (#17745)
* noImplicitAny: time region manager etc. (#17729)
* Panel: Fully escape html in drilldown links (was only
sanitized before) (#17731)
* Alerting: Improve alert rule testing (#16286)
* Elasticsearch: Visualize logs in Explore (#17605)
* Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB
packages and config/homepath are now global flags (#17695)
* Add guidelines for SQL date comparisons (#17732)
* Docs: clarified usage of go get and go mod (#17637)
* Project: Issue triage doc improvement (#17709)
* Improvement: Grafana release process minor improvements
(#17661)
* TimePicker: New time picker dropdown & custom range UI
(#16811)
* RemoteCache: redis connection string parsing test (#17702)
* Fix link in pkg/README (#17714)
* Dashboard: Use Explore's Prometheus editor in dashboard
panel edit (#15364)
* Settings: Fix typo in defaults.ini (#17707)
* Project: Adds a security policy (#17698)
* Project: Adds support resource docs (#17699)
* Document issue triage process (#17669)
* noImplicitAny: slate (#17681)
* config: fix connstr for remote_cache (#17675)
* Explore: Improves performance of Logs element by limiting
re-rendering (#17685)
* Docs: Flag serve_from_sub_path as available in 6.3
(#17674)
* @grafana/runtime: expose config and loadPluginCss (#17655)
* noImplicitAny: Fix basic errors (#17668)
* Docs: Update readme to reference correct repo (#17666)
* LDAP: small improvements to various LDAP parts (#17662)
* Chore: Fix noImplicitAny issues (#17636)
* AddPanel: Fix issue when removing moved add panel widget
(#17659)
* TablePanel: fix annotations display (#17646)
* middleware: fix Strict-Transport-Security header (#17644)
* Build: add @grafana/data package (#17436)
* Update latest.json for 6.2.4
* Update latest.json for 6.2.3
* Update the changelog with v6.2.4 information
* Build: Updates node image for e2e job (#17632)
* Explore: Prometheus query errors now show (#17470)
* Chore: Lowered implicit anys limit to 4599 (#17631)
* noImplicitAny: SingleStat panel (#17616)
* Build: Update node image for test-frontend job step
(#17628)
* grafana-cli: Fix receiving flags via command line (#17617)
* Typescript: Removes implicit anys (#17625)
* Explore: Removes minus button in adhoc query field
(#17573)
* Correct 6.2.3 release date (#17624)
* codestyle: styleguide and arch for grafanas backend
(#17545)
* JsonTree: fix jsonTree angular binding (#17608)
* HTTPServer: Fix X-XSS-Protection header formatting
(#17620)
* Changelog: Add known issues for v6.2.3 (#17615)
* Update the changelog with v6.2.3 information (#17612)
* Refactor buttons (#17611)
* Tests: Replaces e2e tests truth screenshot (#17609)
* cli: grafana-cli should receive flags from the command
line (#17606)
* AppPlugin: Fix load legacy plugin app (#17574)
* Typescript: A batch of implicit any fixes (#17590)
* RefreshPicker: Handle empty intervals (#17585)
* Docker: Switch base to ubuntu:latest (#17066)
* SQLStore: extend `user.SearchUsers` method (#17514)
* Explore: Tag and Values for Influx are filtered by the
selected measurement (#17539)
* ldap: makes mocks available for testing. (#17576)
* Devenv: Add nginx proxy for mac (#17572)
* Graph: Added new fill gradient option (#17528)
* Typescript: Reduce implicit any errors (#17550)
* SinglestatPanel: Manages when getColorForValue() function
returns null value. Closes #9747 (#17552)
* LDAP: refactoring (#17479)
* Elasticsearch: Fix empty query request to send properly
(#17488)
* SinglestatPanel: fix min/max config in singlestat
sparklines (#17543)
* AuthProxy: Optimistic lock pattern for remote cache Set
(#17485)
* Explore: Includes context parameter when invoking
getExploreState() from Prometheus datasource (#17569)
* Tests: Replaces truth image (#17570)
* Fix: Fixes merge conflict (#17568)
* Build: Fix failing e2e tests and implicit any check
(#17567)
* Explore: Fixes implicit any error in
AdHocFilterField.test.tsx (#17565)
* Fix so that correct cache is provided to di registry
(#17566)
* Build: Upgrades to golang 1.12.6 (#17542)
* Explore: Adds ability to remove filter from
<AdHocFilterField /> key dropdown (#17553)
* codestyle: moves cache to infra (#17519)
* Docs feedback: installation/debian.md (#17563)
* Chore: Lowered implicit anys limit to 5131 (#17562)
* Influx: Reset logs query field on clear all and clear row
in explore (#17549)
* Devenv: Add telegraf with log parsing to influxdb docker
block (#17546)
* Explore: Runs query when measurement/field and pairs are
selected in logs mode for influx (#17523)
* Influx: Adds start page for logs in Explore (#17521)
* OAuth: Fix for wrong user token updated on OAuth refresh
in DS proxy (#17541)
* middleware: add security related HTTP(S) response headers
(#17522)
* Docs: Clarifies from which version the Patch VERB is
available (#17532)
* Chore: Hugo upgrade (#17494)
* Codestyle: Fix some goconst issues (#17530)
* Docs: Adds clarification to the provider name for
provisioned dashboards (#17524)
* Singlestat: Add y min/max config to singlestat sparklines
(#17527)
* Explore: Clear queries when switching between metrics and
logs (#17505)
* 16223 user auth token list and revoke (#17434)
* Feature: Parse user agent string in user auth token api
response (#16… (#17504)
* Tests: Adds better logging to e2e tests (#17511)
* Codestyle: Add typecheck and unused linters (#17491)
* Docs: Add CircleCI step trigger-docs-update (#17481)
* remote_cache: Fix redis (#17483)
* auth_proxy: non-negative cache TTL (#17495)
* Explore: Adds LogQueryField for InfluxDb (#17450)
* sqlstore: clean quota and user_auth_tokens when removing
users (#17487)
* Prometheus: Preallocate data for Prometheus backend
response parsing (#17490)
* Docs: Fix a typo in Elasticsearch docs (#17492)
* gtime: some code style refactoring (#17369)
* Build: make bra a local dependency (#17414)
* Add tests for multildap (#17358)
* RefreshPicker: SetInterval comments to rxjs code added
(#17404)
* metrics: expose stats about roles as metrics (#17469)
* Explore: Handle newlines in LogRow Highlighter (#17425)
* Alerting: Add tags to alert rules (#10989)
* Config: Add comment before log_queries in sample ini file
(#17462)
* CLI: Search perf test data (#17422)
* Prometheus: Use overridden panel range as $_range instead
of dashboard range (#17352)
* Update latest (#17456)
* NavModel: Fixed page header ui tabs issues for some admin
pages (#17444)
* Update changelog for 6.2.2 (#17452)
* PluginConfig: Fixed plugin config page navigation when
using subpath (#17364)
* Tracing: allow propagation with Zipkin headers (#17009)
* Perf: Fix slow dashboards ACL query (#17427)
* Explore: Fixes crash when parsing date math string with
whitespace (#17446)
* Cloudwatch: Add AWS DocDB metrics (#17241)
* Provisioning: Support folder that doesn't exist yet in
dashboard provisioning (#17407)
* Codestyle: Fix govet issues (#17178)
* @grafana/runtime: expose location update (#17428)
* Fix: Adds context to list of keys that are not part of
query (#17423)
* Prometheus: Correctly escape '|' literals in interpolated
PromQL variables (#16932)
* Explore: Makes it possible to use a different query field
per mode (#17395)
* DataSourceApi: remove ExploreDataSourceApi (#17424)
* Fix: change angular loader paths (#17421)
* Build: specify build flag for `docker-compose up` (#17411)
* Add a @grafana/runtime package with backendSrv interface
(#16533)
* Database: Initialize xorm with an empty schema for
postgres (#17357)
* docs: configuring custom headers in the dataproxy (#17367)
* Explore: Queries the datasource once per run query and
uses DataStreamObserver (#17263)
* Feature: Adds redux action logging toggle from url params
(#17368)
* Build: Adds e2e tests back to master workflow with better
error messages and with artifacts (#17374)
* Explore: Handle datasources with long names better in ds
picker (#17393)
* Annotations: Improve annotation option tooltips (#17384)
* InfluxDB: Fixes single quotes are not escaped (#17398)
* Chore: Bump axios to 0.19.0 (#17403)
* Alerting: golint fixes for alerting (#17246)
* Batch disable users (#17254)
* Chore: Remove unused properties in explore (#17359)
* MySQL/Postgres/MSSQL: Add parsing for day, weeks and year
intervals in macros (#13086)
* Security: Prevent csv formula injection attack (#17363)
* LDAP: remove unused function (#17351)
* Enterprise: remove gofakeit dep (#17344)
* Explore: Update time range before running queries (#17349)
* Build(package.json): improve npm commands (#17022)
* Chore: upgrade webpack analyser (#17340)
* NewDataSourcePage: Add Grafana Cloud link (#17324)
* CloudWatch: Avoid exception while accessing results
(#17283)
* Build: ignore absence of docker-compose (#17331)
* Build(makefile): improve error handling (#17281)
* adds auth example for the cli cherrypick task (#17307)
* docs: remove my email from docs examples (#17325)
* 16365 change clashing variable names (#17140)
* Frontend/SeriesData: Fix for convert SeriesData to Table
format (#17314)
* Frontend/utils: Import has only from lodash (#17311)
* Frontend/utils: Add missing type (#17312)
* update v6.2-beta1 changelog with missing pr (#17308)
* explore: don't parse log levels if provided by field or
label (#17180)
* HTTP Server: Serve Grafana with a custom URL path prefix
(#17048)
* update latest.json to latest stable version (#17306)
* release: v6.2.1 changelog update (#17303)
* Build: Removes e2e-tests from Grafana master workflow
(#17301)
* Build(devenv): correct the context issue (#17291)
* Build: Enables end-to-end tests in build-master workflow
(#17268)
* Gauge/BarGauge: font size improvements (#17292)
* Chore: Update jquery to 3.4.1 in grafana ui (#17295)
* CLI: Add command to migrate all datasources to use
encrypted password fields (#17118)
* Auth Proxy: Log any error in middleware (#17275)
* devenv: metricbeat and kibana for elasticsearch 7 block
(#17262)
* LDAP: reduce API and allow its extension (#17209)
* database: retry transaction if sqlite returns database is
locked error (#17276)
* Tech: Update jQuery to 3.4.1 (#17290)
* fix typo in basic_concepts.md (#17285)
* Feature: do dev environment via makefile (#17136)
* devenv: adds auth proxy load test (#17271)
* Table: various minor fixes (alpha panel) (#17258)
* Singlestat: fixes issue with value placement and line
wraps (#17249)
* Devenv: Update Graphite port in dev datasources (#17255)
* Chore: bump grafana-ui version (#17256)
* Release: Updated latest.json
* Auth: Logout disabled user (#17166)
* docs: fixes typo in provisioning docs (#17248)
* CloudWatch: Made region visible for AWS Cloudwatch
Expressions (#17243)
* Panel: Pass transparency prop down to React panels.
(#17235)
* Build: Fix filter for building msi during release (#17236)
* DataSourcePlugin: Avoid anuglar injector if only one
parameter (#17239)
* Alerting: Support for configuring content field for
Discord alert notifier (#17017)
* Explore: Update the way Loki retrieve log context (#17204)
* Docs: Fix grammar in docs (#17233)
* LDAP: consistently name the LDAP entities (#17203)
* Panels: Show Drilldown links in top-left corner of custom
React panels (#17142)
* Build: Fix final prompt for @grafana/ui npm publish
confirmation
* Docs: Updated versions selector
* Docs: Example for multiple LDAP servers (#17216)
* Release: Updated changelog
* Release: updated changelog with v6.2 entries (#17201)
* Search: removed old not working search shortcuts (#17226)
* azuremonitor: revert to clearing chained dropdowns
(#17212)
* Search: changed how search filter on current folder works
(#17219)
* AzureMonitor: docs for multiple subscriptions (#17194)
* Defer closing of files (#17213)
* Docs: Add guidelines for PR/commit messages (#17190)
* Users: Disable users removed from LDAP (#16820)
* docs: what's new in v6.2 fixes (#17193)
* DataSourceMeta: add an option to get hidden queries
(#17124)
* Panel: Apply option defaults on panel init and on save
model retrieval (#17174)
* BarGauge: Fix for negative min values (#17192)
* Azuremonitor: multiple subscription support for alerting
(#17195)
* AppPlugin: add types for jsonData (#17177)
* MSI: Generate sha256sum during MSI build process in
circleci (#17120)
* explore: fix null checks (#17191)
* Fix: Fixes so new data is pushed during live tailing
(#17189)
* testdata: logs scenario (#17182)
* testdata: scenarios returned are now sorted in a
consistent way (#17181)
* TablePanel: Check for table using keys (#17185)
* Fix gosimple issues (#17179)
* AppPlugin: add an init function (#17150)
* Fix: Changes WebSocket protocol to wss:// for https
(#17173)
* alerting: golint fixes for alert notifiers. (#17167)
* LDAP: add tests for initialBind (#17132)
* Explore: Adds Live option for supported datasources
(#17062)
* alerting: fix a bunch of lint issues. (#17128)
* chore: mocks plugin loader for DataSourceSettingsPage
tests (#17157)
* Release: Improved cherry pick task (#17087)
* Explore: Fix selection/copy of log lines (#17121)
* Explore: Fix empty space in toolbar on smaller devices
(#17110)
* Explore: display log line context (#17097)
* Plugins: expose rxjs matching 6.4.0 (#17148)
* Chore: fix codespell issue with build (#17144)
* Feature: LDAP refactoring (#16950)
* explore: fix issues when loading and both graph/table are
collapsed (#17113)
* explore: make sure datasource is added to target (#17116)
* Fix: tighten revive exit code & make it happy (#17127)
* GraphPanel: Don't sort series when legend table & sort
column is not visible (#17095)
* Chore: Update grafana-ui version to 6.2.0-alpha.0 (#17109)
* add support for periodically reloading mysql client certs
(#14892)
* Chore: Deduplicate sqlstore transaction code (#17069)
* Alertmanager: Replace illegal chars with underscore in
label names (#17002)
* Adjusted documentation for gcs to reflect the code
(#16947)
* fix: Initial url update in Explore should replace existing
url history #17030 (#17061)
* Explore: Allow switching between metrics and logs
(#16959)
* Chore: explore possibilities of using makefile (#17039)
* Chore: Bump jest to 24.8.0 (#17094)
* Chore: Bump ts-node to 8.1.0 (#17093)
* Release: Updated changelog
* backend: replace /pkg/errors with errutil (#17065)
* Explore: Fixes filtering in Prometheus queries when
clicking in Table (#17083)
* Remotecache: Avoid race condition in Set causing error on
insert. (#17082)
* Build: Support publishing MSI to grafana.com (#17073)
* InputDataSource: better empty value support (#17075)
* Panels: Fixed alert icon position in panel header (#17070)
* GraphPanel: use SeriesData directly (skip legacy
transformation) (#17037)
* Streaming: support streaming in MetricsPanelCtrl (#17034)
* Gauge: Fix switching orientation issue when switching from
BarGauge to Gauge (#17064)
* serverlock: run tests async should be more linear time
wise (#17059)
* InfoPopover: Fixes transclude undefined error (#17063)
* Dashboard: Fixes lazy loading & expanding collapsed rows
on mobile (#17055)
* fix: Azure Monitor adds missing closing div tag to query
editor (#17057)
* Chore: Use executable dir instead of pwd in CLI for isDev
check (#16974)
* Search: Set element height to 100% to avoid Chrome 74's
overflow (#17054)
* Docs: adds note about removing session storage (#17003)
* Chore: remove use of `== false` (#17036)
* Explore: use @grafana/ui legend (#17027)
* tech: avoid alias for importing models in alerting
(#17041)
* DataSourcePlugin: support custom tabs (#16859)
* Dashboard: Fixes scrolling issues for Edge browser
(#17033)
* SeriesData: remove color from Field (#17044)
* chore: remove x character in explore
* Dashboard: show refresh button in kiosk mode (#17032)
* Devenv: Updated gauge test dashboard
* Chore: reintroduce gosec (#17021)
* Gauge: tweaks to background color and height usage
(#17019)
* Feature: provide multildap server configuration (#16914)
* (feat/explore): Support for new LogQL filtering syntax
(#16674)
* fix(explore): Prevent double querying for Prometheus and
Loki (#17004)
* Chore: No implict any fixes (#17020)
* move log package to /infra (#17023)
* Chore: Lowered implicit anys limit to 5386
* Chore: Updated snapshot
* Select: Fixed isOpen issue
* Chore: Typescript no-implicit any fixes progress (#17018)
* GraphPanel: show results for all SeriesData (#16966)
* Fix: Wrap value of multi variable in array when coming
from URL (#16992)
* GettingStarted: add key and remove ng-class (#17007)
* explore: add some extra time for angular query editors to
update query (#16955)
* Explore: Align Explore with Dashboards and Panels (#16823)
* Explore: Fix empty result from datasource should render
logs container (#16999)
* Explore: Fixes zoom exception in Loki/Graph (#16991)
* PanelEditor: Fix queries tab now showing, wrong
skipDataQuery logic (#16994)
* DataSourceApi: convert interface to abstract class
(#16979)
* Panels: Fixed error panel tooltip (#16993)
* Docker: Prevent a permission denied error when writing
files to the default provisioning directory (#16831)
* Notification: attempt to send notifications to all given
email addresses (#16881)
* GettingStarted: convert to react panel plugin (#16985)
* Plugins: Remove dataFormats key and add skipDataQuery
(#16984)
* AlertList: removed icon
* MetricsPanelCtrl: use shared queryRunner to support query
execution (#16659)
* TableData: support name (#16983)
* Changelog: Typo guage -> gauge (#16982)
* TestData: stream via fetch (#16963)
* plugins: fix how datemath utils are exposed to plugins
(#16976)
* NewDataSource: Updated page header title
* fix(prometheus): issue with click label to filter for
recording rules in Explore
* Explore: Removes Promise.All from runQueries thunk
(#16957)
* Chore: Add prometheus basic auth proxy (#16882)
* Snapshot: use given key and deleteKey (#16876)
* DataSourcePlugins: more generics improvements (#16965)
* AddDataSource: Updated page design & categories (#16971)
* Templating: Support selecting all filtered values of
multi-value variable (#16873)
* Chore: Add Input stories (#16897)
* FieldDisplay: Don't use group ui elements in field editors
(#16953)
* GettingStarted: Fixes layout issues, fixes #16926 (#16941)
* PanelModel: Fix crash after window resize, fixes #16933
(#16942)
* Singlestat: fixed centering issue for very small panels
(#16944)
* Tests: Adds end-to-end tests skeleton and basic smoke test
scenario (#16901)
* Chore: Replaces moment with Grafanas DateTime (#16919)
* InfluxDB: Fix HTTP method should default to GET (#16949)
* Chore: Skip unnecessary checks on pre commit (#16946)
* http: remove dualstack since its deprecated (#16940)
* devenv: add slow reverse proxy (#16943)
* AppPlugin: Menu Edit Url Fix (#16934)
* DataSource Plugins: consistent generics order
<TQuery,TOptions> (#16936)
* Plugins: update beta notice style (#16928)
* Chore: update version number for 6.3 (#16927)
* Plugins: Support templated urls in routes (#16599)
* changelog: add 5.4.4 release
* docs: add download link to what's new in v6.2
* update changelog
* Update changelog for 6.2.0-beta1
* AzureMonitor: adds support for multiple subscriptions per
datasource (#16922)
* docs: what's new in v6.2 (#16909)
* Chore: ban importing from @grafana/ui in grafana ui files
(#16920)
* BarGauge: New multi series enabled gauge like panel with
horizontal and vertical layouts and 3 display modes
(#16918)
* alerting: no notification when going from nodata ->
pending (#16905)
* rpm: start grafana after mysqld process (#16917)
* Build: fix failing grafana/ui build (#16913)
* BarGauge: Updated test dashboards and threshold fix
(#16911)
* PanelModel: Clear queryRunner on destroy (#16906)
* Panels: No title will no longer make panel header take up
space (#16884)
* Elasticsearch: Fix pre-v7.0 and alerting error (#16904)
* Gauge: Better handling of gauge repeat title (#16886)
* Refactor: move datemath to grafana/ui (#16890)
* PanelQueryState: check for existing running query (#16894)
* devenv: add alert list panel (#16896)
* Security: Add new setting allow_embedding (#16853)
* build: fix integer overflow in pkg/tsdb tests on 32bit
platforms (#16818)
* Security: Responses from backend should not be cached
(#16848)
* Alert: Support variables in Alert List filters (#12583)
(#16892)
* Chore: Lowered implicit anys limit to 5617
* FieldDisplay: shared options model for singlestat panels
(#16703)
* Refactor: rename statsCalculator to fieldReducer (#16867)
* PanelModel: expose isInView property to PanelModel
(#16877)
* CSV: escape quotes in toCSV (#16874)
* Dashboard: Lazy load out of view panels (#15554)
* LDAP: Added reload endpoint for LDAP config (#15470)
* PluginsList: Removed icons and updated snapshots (#16872)
* Panels: Fixed issue with panel type change and data
updates (#16871)
* Chore: fix modes for non-executable files (#16864)
* DataSourceSettings: Minor fix for uncontrolled input
(#16863)
* Chore: Lowered implicit anys limit to 5623
* TestData: Add dashboards to testdata (#16855)
* Input Datasource: convert from angular config to react
ConfigEditor (#16856)
* DataSources: minor typescript cleanups and comments
(#16860)
* TestDataDatasource: Add config editor (#16861)
* App Plugins: support react pages and tabs (#16586)
* Add Windows MSI generation to build process (#16502)
* Datasources: add support for POST HTTP verb for InfluxDB
(#16690)
* Add pattern validation in configs (#16837)
* Search: Enable filtering dashboards in search by current
folder (#16790)
* FormLabel: allow any rather than just a string for tooltip
(#16841)
* prometheus: fix regression after adding support for
tracing headers (#16829)
* area/circleci: Speed up circleci build process for
branches and pr (#16778)
* DataProxy: Restore Set-Cookie header after proxy request
(#16838)
* docs: clarify page parameter version support for
folder/dashboard search (#16836)
* Chore: revise some of the gosec rules (#16713)
* Refactor: consistant plugin/meta usage (#16834)
* Explore: Use SeriesData format for loki/logs (#16793)
* Refactor: move NavModel to @grafana/ui (#16813)
* Auth: Enable retries and transaction for some db calls for
auth tokens (#16785)
* Provisioning: Show file path of provisioning file in
save/delete dialogs (#16706)
* Add tracing headers for prometheus datasource (#16724)
* Config: Fixes bug where timeouts for alerting was not
parsed correctly (#16784)
* build: removes gopkg files from dev docker file (#16817)
* Provisioning: Trying to fix failing test (#16800)
* Table: React table fix rotate support in storybsck
(#16816)
* TestData: add log level in dummy message (#16815)
* removes gopkg.lock from root folder
* Explore: Support user timezone (#16469)
* Plugins: rename vizPlugin to panelPlugin (#16802)
* Plugins: move app/feature/plugin properties into
PluginMeta (#16809)
* Plugins: move PanelPluginMeta to grafana/ui (#16804)
* Plugins: move datasource specific meta out of the main
meta type (#16803)
* updates changelog for 6.1.6
* Fix: Fetch histogram series from other api route (#16768)
* phantomjs: set web-security to true
* Chore: Lowered implicit anys limit to 5668
* build: restore postgres integration tests (#16801)
* docs: explain correct access control model of GCS buckets
(#16792)
* Chore: Fixed no implicit any Typescript errors (#16799)
* Feature: introduce LdapActiveSyncEnabled setting (#16787)
* Plugins: ReactPanelPlugin to VizPanelPlugin (#16779)
* UX: Improve Grafana usage for smaller screens (#16783)
* ThresholdEditor: Minor style fix for smaller screens
(#16791)
* Build: Use isolated modules for ts-jest (#16786)
* LDAP Refactoring to support syncronizing more than one
user at a time. (#16705)
* build: removes unused vendored files
* (fix/explore): remove vertical-align looks better for long
logs (#16736)
* Chore: bump jQuery to 3.4.0 in grafana/ui (#16781)
* Devenv: Updated home dashboard and added new influxdb test
dashboard
* Chore: Lowered implicit anys limit to 5946
* RefreshPicker: minor design update (#16774)
* Streaming: support streaming and a javascript test
datasource (#16729)
* GraphLegendEditor: use stats picker rather than switches
(#16759)
* Feature: add cron setting for the ldap settings (#16673)
* Build: Disables gosec until identified performance
problems (#16764)
* Chore: bump jQuery to 3.4.0 including prototype pollution
vulnerability fix (#16761)
* elasticsearch: add 7.x version support (#16646)
* Provisioning: Add API endpoint to reload provisioning
configs (#16579)
* Config: Show user-friendly error message instead of stack
trace (#16564)
* Chore: Lowered implicit anys limit to 5954
* Feature: Enable React based options editors for Datasource
plugins (#16748)
* sqlstore: use column name in order by (#16583)
* user friendly guide (#16743)
* Provisioning: Interpolate env vars in provisioning files
(#16499)
* admin: add more stats about roles (#16667)
* Feature: Migrate Legend components to grafana/ui (#16468)
* playlist: fix loading dashboards by tag (#16727)
* CloudWatch: Use default alias if there is no alias for
metrics (#16732)
* Provisioning: Support FolderUid in Dashboard Provisioning
Config (#16559)
* Refactor: Make SelectOptionItem a generic type to enable
select value typing (#16718)
* docs: fix upgrade instructions
* Chore: Small improvements to grafana-cli (#16670)
* Chore: Use x/xerrors instead of pkg/errors (#16668)
* Chore: a bit of spring cleaning (#16710)
* Fixes #15863 (#16684)
* Docs: Update notification services (#16657)
* PanelQueryRunner: add datasource name to queries (#16712)
* Chore: remove session storage references (#16445)
* Dashboard: Minor settings UI Update (#16669)
* Templating: Do not copy hide option (#16696)
* Docs: Fix advanced variable formatting examples (#16691)
* QueryEditors: pass PanelData and filtered PanelData to
each editor (#16692)
* Chore: remove extra logging (#16688)
* DashboardSrv: export getDashboardSrv to react (#16687)
* Refactor: split PanelQueryRunner into runner and state
(#16685)
* Docs: Googlechat provisioning config example (#16682)
* TestDataDatasource: add the query refId to each result
* AppPlugin: avoid app plugin navigation slowness (#16675)
* Refactor: improvements to PanelQueryRunner (#16678)
* Refactor: move getQueryRunner() to PanelModel (#16679)
* Docs: initial backend plugins development guide (#16631)
* build: remove dep config files since they are not used
anymore
* Fix typo in PULL_REQUEST_TEMPLATE.md
* refactor: move timeInfo to DataRequestInfo (#16664)
* QueryRunner: Move queryRunner to panelModel (#16656)
* PanelQueryRunner: move error handling to
QueryRunnerOptions (#16654)
* refactor: Merge PanelChrome and DataPanel, do query
execution in PanelQueryRunner (#16632)
* Search: Fixed search issue introduced in recent PR
(#16652)
* Cloudwatch: fix for flaky tests (#16649)
* UI: Remove old icons (#16335)
* Search: Fixes search limits and adds a page parameter
(#16458)
* Chore: Upgrade lodash to v4.17.11 (#16645)
* Chore: Lock dependencies (#16644)
* tech: replace bmizerany/assert with stretchr/testify
(#16625)
* Chore: update yarn.lock (#16637)
* Panel Plugins: pass query request/response to react panel
plugins (#16577)
* Explore: Adds logs highlighting in Explore on keypress
(#16596)
* Build: adding dependency used by extensions (#16622)
* TimePicker: Re-add apply button in time picker (#16619)
* Chore: refactor auth proxy (#16504)
* Docs: updated help for changelog cli task (#16615)
* replace dep with go modules (#16017)
* Docs: Updated changelog for 6.1.4
* Heatmap: Fixed auto decimals when bucket name is not
number but contains dots, fixes #13019 (#16609)
* build: partially replace gometalinter with golangci-lint
(#16610)
* Explore & Dashboard: New Refresh picker (#16505)
* Build: Fix missing icon typing (#16601)
* Plugins: added missing prop to type
* CloudWatch: GetMetricData refactoring & fix label handling
(#16383)
* Chore: prepare our SQL for cockroach db (#16471)
* AppPlugins: fix app support and add an alpha example
(#16528)
* Switch: made minor styling tweaks to switch to align to
4px grid (#16593)
* Docs: minor docs update for old urls
* Chore: Add more explicit typing (#16594)
* Chore: Lowered implicit anys limit to 5977
* Chore: Adds typings to lodash (#16590)
* PanelEditor: Change Queries heading to Query (#16536)
* Security: Store datasource passwords encrypted in
secureJsonData (#16175)
* More development dashboards (#16550)
* build: upgrades to golang 1.12.4 (#16545)
* Use package libfontconfig1, instead of libfontconfig
(#16548)
* Adjust Send on all alerts to default label (#16554)
* Chore: Lower limit of implicit anys to 6676
* DirectInput: new alpha datasource that lets you enter data
via CSV
* Plugins: expose getBackendSrv() to plugins (#15268)
* DataPanel: Added built-in interval variables to scopedVars
(#16556)
* TestData: Add minInterval query option
* Chore: Remove implicit anys for DashboardModel and tests
(#16553)
* Pushover alert, support for different sound for OK
(#16525)
* Chore: Lowered implicit anys limit to 6816
* CloudWatch: Fix template variable expand bug (#16405)
* CloudWatch: fix color order (#16408)
* Plugins: Unifying alpha state & options for all plugins
(#16530)
* Revert 'Build: Upgrades to go 1.12.3 (#16491)' (#16544)
* Annotations: Annotation list style improvements (#16541)
* QueryInspector: Now shows error responses (#16514)
* Build: Upgrades to go 1.12.3 (#16491)
* Build: Update master version number (#16532)
* Elasticsearch: Format elasticsearch test dashboard json
(#16537)
* Update jwt regexp to include = (#16521)
* Chore: docs fixes underscore formatting (#16516)
* Fix: Pass missing maxDataPoints to query in Explore
(#16513)
* Fix: Recalculate intervals in Explore on run queries
(#16510)
* devenv: add elasticsearch v6 filebeat integration (#16493)
* devenv: add worldmap panel panels for elasticsearch
(#16313)
* Plugins: Optionally preload some plugins during frontend
app bsct (#15266)
* Panels: Add types for DataList and range (#16500)
* Chore: Lowered implicit anys limit to 6818
* PanelData: Rename ColumnStats type to FieldStats (#16494)
* DataSourceApi: add getCollapsedText(query) to
DataSourceApi (#16482)
* Graph: Add some typescript types for data (#16484)
* Build: Updates goconvey to work on go1.12 (#16483)
* Provisioning: Do not allow deletion of provisioned
dashboards (#16211)
* Chore: lower limit for implicit anys to 6829
* Singlestat-v2/Gauge: Show title when repeating (#16477)
* Docs: fix grammar in query hint, tests, and documentation
(#16444)
* Heatmap: Fix empty graph if panel is too narrow (#16460)
* Release: updated latest.json
* Docs: Updated changelog
* docs: fixes and update current version
* Docs: Updated changelog for v6.1.3
* Graph: fixed png rendering with legend to the right
(#16463)
* Fix: Disables auto open datasource picker on focus
(#16398)
* add some mock/stub guidelines to testing guideline
(#16466)
* Feat: Suggestion list in Explore is virtualized (#16342)
* Docs: Updated roadmap issue to link to the pinned roadmap
issues
* Graph: Fixed auto decimals in legend values (#16455)
* Styling: Aligned heading (#16456)
* add PromQL keyword for adhoc filter (#16426)
* Singlestat: Use decimal override when manually specified
(#16451)
* Graph: follow-up graph decimals fix, #16414 (#16450)
* Chore: use remote cache instead of session storage
(#16114)
* Docs: Minor changelog tweak
* Docs: Updated changelog with v6.1.2 release issues
* datasource: fix disable query when using mixed datasource
(#16409)
* Graph: Fixed series legend color for hidden series
(#16438)
* Templating: Fixed loading React variable query editor
(#16439)
* Styles: Fixed left menu highlight (#16431)
* Fix: remove test artefact (#16411)
* Theme: Reworking button styling (#16362)
* Graph: Fixed tooltip highlight on white theme (#16429)
* BarGauge: Round sizing to avoid float widths
* Graph: Allow override decimals to fully override (#16414)
* Units: Correctly use the override decimals (#16413)
* Docs: Remove broken youtube link in timerange reference
(#16415)
* BarGauge: Fixed minor margin issue (#16419)
* Docs: Updated GitHub PR Template
* Bar Gauge: Show tile (series name) & refactorings & tests
(#16397)
* Fix: align panel padding between sass & js theme (#16404)
* Fix: playlist now preserve the correct url query params
(#16403)
* Fix: Graphite query rendering fix (#16390)
* Fix: Query editor toggle edit mode fix (#16394)
* Refactor: Plugin exports & data source / panel types
(#16364)
* Chore: Update lockfile (#16380)
* Alerting: Notification channel http api fixes (#16379)
* Chore: Add task to find FocusConvey tests (#16381)
* CloudWatch: Update AWS/IoT metric and dimensions (#16337)
* Fix: Table Panel fix to re-render panel when options are
updated (#16376)
* Docs: Fix typo in Prometheus documentation (#16369)
* build: Fixed incorrect permissions for repo folders in
ci-deploy. (#16360)
* Docs: remove embedd info about samesite cookie from app,
docs only is better
* Chore: Lowered error count limit
* build: fixes bug in verification script.
* Tech: Bump typescript and jest (#16354)
* Automation: Updates to yarn cli cherrypick & changelog
tasks (#16357)
* Feat: Improve embed panel info text (#16344)
* Fix: Cloudwatch fix for dimension value (#16356)
* build: Script to check that our repos work and what the
latest package version is (#16350)
* Fix: Autoprefixer is now working (#16351)
* Chore: docs updates to what's new for 6.1 (#16346)
* build: Fix for renamed package for armv6.
* Chore: bump storybsck and add build script (#16340)
* Refactor: React Panels to only use SeriesData[] (#16306)
* Docs: Suggest add-apt-repository to install APT repos
(#16333)
* Units: Add angle units, Arc Minutes and Seconds (#16271)
* Chore: Lowered implicit any limit to 6850
* Feat: Adds reconnect for failing datasource in Explore
(#16226)
* docs: improve alert notification channel provisioning
(#16262)
* Build: Moved the failing appveyor file so we can get green
builds in master
* Fix: Build report the correct directives before failing
(#16312)
* Fix: input elements autofill background (#16295)
* Fix: Bring back styles on Switch components when checked
* Chore: breaks build if certain FrontEnd limits are
exceeded (#16301)
* Fix: Graphite query ast to string fix (#16297)
* Fix: Template query editor this bind exception fix
(#16299)
* Fix: Alerting Notification channel http api fixes (#16288)
* Refactor: Move LogLevel and Labels utils to @grafana/ui
(#16285)
* Refactor: Rename Tags to Labels in SeriesData (simple)
(#16284)
* Elasticsearch: Fix view percentiles metric in table
without date histogram (#15686)
* Configuration: Improve session_lifetime comments (#16238)
* Alerting: Makes timeouts and retries configurable (#16259)
* Fix: Correct SnapshotData typing (#16279)
* Feat: Angular panels & SeriesData to Table/TimeSeries
(#16266)
* Fix: React Graph & Show message on no data (#16278)
* Feature: added actionable message in Explore when no
datasource configured (#16252)
* Feature: Case insensitive Loki search (#15948)
* Feat: Singlestat panel react progress & refactorings
(#16039)
* Chore: Implement gosec (#16261)
* Fix: Updated snapshot unit test that was failing
* Refactor: Theme & Removed the last rems (#16245)
* Refactor: Theme input padding variables (#16048)
* Feat: More robust csv support (#16170)
* Docs: Fix rpm dependencies example (#16272)
* Fix: HTML meta tags fix for iOS (#16269)
* Feature: Introduced CallToActionCard to @grafana/ui
(#16237)
* Refactor: Rename TimeSeriesVM to GraphSeriesXY (#16216)
* Chore: Implement revive (#16200)
* InfluxDB: Fix tag names with periods in alerting (#16255)
* Fix: Table Panel and string values & numeric formatting
(#16249)
* Tech: Patch lib updates, update yarn.lock (#16250)
* Chore: docs whats new article for the 6.1 release (#16251)
* Chore: Storybsck improvements (#16239)
* Feat: Introduce Button and LinkButton components to
@grafana/ui (#16228)
* Chore: changelog adds note for #16234
* Fix: Prometheus regex ad-hoc filters w/ wildcards (#16234)
* Chore: changelog notes for #13825,#15205,#14877,#16227
* Fix: Alert email variable name typo fixed (#16232)
* Fix: scripts changelog cli per page set to 100
* Fix: Dashboard history diff & white theme fix (#16231)
* Merge pull request #16241 from
grafana/hugoh/no-implicit-any
* Chore: Theme consistency, rems => pixels or variables
(#16235)
* Chore: Theme consistency, rems => pixels (#16145)
* changelog: adds notes for #16229 and #16227
* Fix: Elasticsearch fix template variables in the alias
field (#16629)
* Fix: TablePanel column color style now works even after
removeing styles, fixes #16162 (#16227)
* Docs: Updated changelog for 6.1 release (#16224)
* Alerting: Notification channel http api enhancements
(#16219)
* Upgrades: Patch updates to yarn lock (#16215)
* Fix: DatasourceApi query response typing fix (#16214)
* chore(influx): no point of reading response when bad
status (#16212)
* docs: loki provisioning
* docs(dev): Update docs about devenv dir (#16208)
* fix(dashboard): time regions spanning across midnight
(#16201)
* fix(InfluxDB): Reads body and close request body even for
error status codes (#16207)
* chore: more TableData to SeriesData renaming (#16206)
* fix(panels/graph): Default option name for spaceLength was
accidentally changed (#16205)
* fix(explore): only show split close button when split is
active (#16203)
* fix(react2angular): Fixed react to angular wrapper
watching function expressions causing infinte digest loop,
fixes #16194 (#16196)
* fix(Alerting): Fixed alert rules with eval in day units,
fixes #16174 (#16182)
* fix(panel/table): Fix for white text on white background
when value is null
* refactor(grafana/ui): Replace <input />with Input
component from grafana/ui (#16085)
* fix(loki): Hide empty labels column
* build: fixes publishing version.
* refactor(data models): Renamed TableData to SeriesData
(#16185)
* chore(core/utils): Add typings to datemath.ts (#16195)
* only call onPanelMigration when the version actually
changes (#16186)
* feat(explore): make it possible to close left pane of
split view (#16155)
* feat(Explore): make sure Loki labels are up to date
(#16131)
* build: makes sure grafana.version is available when
deploying.
* fix: added missing event to function signature Fixes:
#16055
* build: refactoring
* build: updated build container with support for rpi1.
* build: support for publishing armv6.
* build: builds armv6 with rpi1 compat gcc.
* fix: added target and datasource as isMetric property
Fixes: #15862
* chore: Removed implicit anys in react container and test
helpers
* Pamels: Options are always there
* Panels: Support angular -> react migration via
PanelMigrationHandler
* Panels: Added more tests for change panel plugin
* Panels: Refactoring how panel plugins sets hooks and
components, #16166
* clarify notifications API docs
* remove processTimeSeries
* merge master
* don't use process timeseries
* rename stat to show in UI
* use display value in pie chart
* keep plugin versions
* remove panel plugin setters
* renamed float to flot
* prevOptions should be optional
* moved migration hook to its own function
* Minor refactoring of stats picker / shared singlestat code
* Makes it possible to navigate back/forward with browser
buttons in Explore (#16150)
* Moved DisplayValueOptions type back, #16134
* adding check for decimals
* add one more test
* Graphite: fixed variable quoting when variable value is
nummeric, fixes #2078
* Minor refactoring of #16127
* Update provisioning.md
* Graphite: Fixed issue with using series ref and series by
tag, fixes #15237
* move typings to types,
* Link license corrections
* remove logging
* add stat picker to single stat
* removed option to not check strings
* drop one level of nesting
* cleanup and guess all columns
* Small license correction
* update cloudwatch metrics/dimensions list
* Enable sass theme change in Storybsck
* replaced rems with pixels or variables
* adding test
* updating usages in singlestat
* Sorting imports
* adding function
* Use grafana's logger implementation
* another change that didn't come with earlier commit
* change that didn't come with in last commit
* reversed dashboard-padding
* Update CloudWatch metrics/dimension list (#16102)
* brought back dashboard-padding and panel-padding
variables, made dashboard-padding more specific
* replaced rem with pixels or variables
* fix(prometheus): Change aligment of range queries
(#16110)
* fix, assign by event.time
* Minor refactoring of testdata query order PR #16122
* simplify
* deduplicate same value annotation
* cleaner version
* maintain query order
* Remove sleeps in test code by overriding time.Now()
* Update PLUGIN_DEV.md
* Abstract encrypt/encode and decode/decrypt into their own
functions
* Rename dispatched commands to make them easy to grok
* show all colums in graph
* Use structured logging instead of printf
* Make all http auth setting labels the same width
* Merge with master, and updated logo and name
* Rewrote creation of images tag
* Added missing commas
* Don't include non-existing image in MS Teams alert
* cast to column
* update table data model
* show all columns in singlestats
* fix(graphite): nonNegativeDerivative argument hidden if 0,
fixes #12488
* Correct table names of sql storage for remotecache
* more fixes to snapshot
* more fixes to snapshot
* Fixed gofmt issue in PR #16093
* removed empty space in snapshot
* fix: Update snapshot related to new jest version
* fixed snapshot for test
* Regenerate lockfile due to the amount of merge conflicts.
* removed dashboard variables, removed headings-font-family
variable, created theme variables for links and z-index,
removed unused class in _panel_editor and _dashboard
* Remove commented code
* flot pairs
* add more functions and tests
* Update org_user.go
* Minor progress on fixing no-implicit any issues
* refactor: merged types and updated references
* Remove leftover from first iteration
* Only keep certain query params when going to next playlist
* Snapshot update
* fix: ts issue on SelectOption test
* chore: Bump react and react-dom to 16.8.4
* Update latest.json
* Update templating.md
* chore: cleaning up noimplicit anys in search_srv and tests
progress: #14714
* Fix threshold editor color picker not working for custom
colors
* Updated comments
* Updated threshold editor test
* Re-render gauge / singlestat panels when changing options
* fix: refactored so members are loaded by TeamPages and use
hideFromTabs instead of filtering out children in navModel
* teams: explains the external property of a team
membership.
* fix: fixed snapshots and permission select not beeing able
to click
* fix: new team link goes nowhere for viewers
* teams: refactor so that you can only delete teams if you
are team admin
* permissions: removes global access to bus from
MakeUserAdmin.
* teams: local access to bus, moving away from dep on
global.
* teams: better names for api permissions.
* teams: refactor.
* permissions: refactor.
* teams: refactor.
* teams: hide tabs settings and groupsync for non team
admins
* teams: refactored db code.
* teams: disable new team button if user is viewer
* refactor: moved test from TeamMembers to TeamMemberRow
* refactor: splitted TeamMembers to TeamMemberRow
* teams: comment explaining input validation
* teams: cleanup.
* teams: cleanup.
* dashboards: simplified code.
* teams: disable buttons for team members
* teams: moved logic for searchteams to backend
* teams: viewers and editors can view teams
* teams: editor/viewer team admin cant remove the last
admin.
* teams: changed permission to permission type instead of
int
* teams: defaulting invalid permission level to member
permission level
* team: uses PermissionType instead of int64 for
permissions.
* teams: editors can't remove the last admin from a team.
* teams: tests use the new message for modifying team
members.
* team: renames teams.CanUpdate teamguardian.CanAdmin
* teams: remov permission select for non admin users
* docs: First take on describing feature toggle
* config: updated feature toggle name
* teams: cleanup.
* dashboard: only admin permission added to dashboard in
folder.
* dashboards: better error handling
* teams: team listing shows only your teams (editors).
* teams: teams guard on all teams update methods.
* teams: added delete team guard
* teams: removed feature toggle as it is already in
middleware
* teams: added feature toggle and refactor tests
* teams: cleanup.
* teams: test refactorings.
* teams: bugfix, user pointer.
* teams: start of team update guardian for editors
* teams: team update test
* teams: change back to permissionlevel for Member to 0
* teams: make sure we use TeamPermissionLevel enum
* teams: update only the selected user
* teams: only write error message if error
* teams: enabled so that user can update permission for team
members
* teams: feature toggle component
* teams: test for update team member.
* teams: can update team members permission.
* teams: basic ui for permission in team members view
* teams: editor added as admin for created teams.
* teams: editors can work with teams.
* teams: show teams and plugins for editors that can own
* teams: make test cases pass again
* folder: uses service to make user admin of created folder.
* permissions: broken out func for making creator admin.
* folders: admin for created folders
* dashboards: user automatically becomes admin for created
dashboards
* fix(ci): frontend tests was accidentially commented out
* Use SecretFormField in MSSql and Postgres datasources
* Add SecretFormField component
* Add possibility to pass custom input component to
FormField
* Allow angular react bridge to use kebab case attribute
names
* adding story and fixing tests
* build: migrates the build container into the main repo.
* build: updated deploy container with crcmod.
* build: crcmod speedups rsync to gcp for deploy.
* Update style_guides/backend.md
* remove the error collector
* Copied from new timepicker and unified component branch
* docs: renamed file and added redux framework file
* docs: moved examples to frontend.md
* docs: intial draft for frontend review doc
* Use ora#fail instead of console.log
* reorder imports
* test
* rename to char
* sorting imports
* moving
* Remove .only function
* Add more patterns to no-only-test task
* chore: Cleaning up implicit anys in DashboardExporter and
tests progress: #14714
* rename reducer to statsCalculator
* Great progress on bar gauge look
* Explore: Fix log stats for long labels
* calculate the column width
* disable react table cell measure
* dont test exists in the test... it will fail if not found
* add random_walk_table scenario
* adds backend code style guide
* add test file
* add startAt to random walk scenario
* get values from base options
* use singlestat base where appropriate
* feature(explore/table): Add tooltips to explore table
(#16007)
* Update changelog
* Bar gauge gradient mode
* Bar gauge auto lcd cell count
* Add check for Env before log
* Update index.md
* chore: Cleaning up implicit anys in manage_dashboard.ts
and manage_dashboard.test.ts progress: #14714
* chore: Cleaning up implicit anys in app.ts progress:
#14714
* panels: fix loading panels with non-array targets (add
tests)
* changelog: adds note about closing #15836
* set correct return type
* panels: fix loading panels with non-array targets
(refactor)
* Bar gauge styling tweaks
* panels: fix loading panels with non-array targets
* changelog: adds note about closing #6359 and #15931
* add partial
* no inheratance
* improve single stat display
* revert most options sharing
* Refactoring the bar gauge and the orientation modes
* add migration tests
* renaming function
* using refId from panel model
* Tooltip: show percent instead of value
* Add check so that header is not sent for anonymous users
* Update config docs
* Add custom header with grafana user and a config switch
for it
* changelog: adds note about closing #10816
* Right tooltip position
* Add 'No data points' message
* use constants for cache type
* makes variables template prettier complient
* Make recently used auth_module test more robust by adding
another 'log in'
* changelog: adds note about #15744
* updates old distcache names
* dont allow inifinite expiration
* chore: Upgrade all babel related packages that is lagging
behind
* return error if cache type is invalid
* Add more info to victorOps alert notifications
* fix: papaparse must have gone missing during rebase
* chore: Bump jest to 24
* fix: describe() should not be async
* fix: Use proper syntax for plugin-syntax-dynamic-import
* fix: Downgrade ts-node to 8.0.2 due to broken theme
generation
* chore: Bump ora
* chore: Bump tslint (again)
* chore: Bump axios
* chore: Bump npm
* chore: Bump glob
* fix: Invalid css
* chore: Bump clean-webpack-plugin,
html-webpack-harddisk-plugin, postcss-reporter
* chore: Bump file-loader and css optimizer webpack plugin
* chore: Bump css-loader and remove minimize option since
its removed in css-loader
* chore: Bump npm packages and lock down some versions
* chore: Bump mini-css-extract-plugin
* chore: Lock down versions of expose-loader and html-loader
* chore: Bump fork-ts-checker-webpack-plugin
* chore: Prod builds should not cache
* chore: Replace Uglify with Terser
* chore: Bump webpack, webpack-bundle-analyzer, webpack-cli
and webpack-dev-server to latest
* reuse more gauge settings in bargauge
* set the unit on time data
* add error when not found
* Added metric math docs
* check types better
* check types better
* docs: Change type of 'tags' in annotationQuery result
example to list
* single hook
* Change import path for social in the tests
* Change import path for social since it has moved
* generic repeater
* generic repeater
* Remove todo about index on user_id in user_auth because it
exists
* Add function in ds_proxy to handle oauthPassThru headers
* Remove auth_module settings from oauthPassThru ui
* Remove auth module from ds_proxy oauth test
* Get most recent oauth token from db, rather than lookup by
auth_module
* Improve tooltip look
* explore/logs: Hide empty duplicates column
* merge master
* fix for firefox checkboxes not appearing properly, added
appearance as none
* Always return most recently used auth_module from
GetAuthInfo
* used regex instead of string replacing
* Fixed issue with alert links in alert list panel causing
panel not found errors, fixes #15680
* Add comments
* Add simple test for the ColorPicker
* Use render props pattern in color picker
* Move ColorPicker trigger to separate component and cleanup
css
* Improved error handling when rendering dashboard panels,
fixes #15913
* fix return type
* Only send ci metrics to hosted metrics instance
* adding types
* Added back branch guard
* moved delete button from sidebar to general tab and
renamed it
* Refactoring the ci metrics a bit more making it easier to
re-use
* removed unused and very specific variables, also variables
with same value as general variable
* reduce loglevel to debug
* Updated bar gauge snapshot
* added some comments about state of components things
* better comments
* comment cleanup
* force circleci to try again
* format
* touch
* touch
* make sure the validator is called before setState
* API to fix/update properties before load
* more tests
* more options in storybsck
* adding simple widget to pick the reducer
* heatmap: fix for negative values
* Fixed more typescript no implicit any issues
* Also push to ci metrics to new shared HM instance
* move sort to table processing
* Fixed type issues introduced by adding angular types
* Typescript noAny fixes, start of a long journey
* Updated code stats collection
* Updated path to new script
* POC on collecting metrics in ci process
* changelog: add notes about heatmap issues #15683 #14019
* added two new variables in default theme for panel
padding, replaced panelhorizontalpadding and
variables.panelverticalpadding with new variables
* renamed default variables: s -> sm, m -> md, l -> lg
* removed gf-form-margin variable and replaced with space-
variables where it was used
* add table reducer
* heatmap: able to hide buckets with zero value #12080
* s -> sm, m -> md, l -> lg
* heatmap: fix prometheus buckets sorting, closes #15637
* s -> sm, m -> md, l -> lg
* removed headings-margin-bottom variable
* rename to displayValues
* remove kbn test
* more tests
* use new settings
* fix tests
* make value processing reusable
* Call ora instead of instantiating it
* Added scopedVars argument in datasourceSrv.get in
DataPanel
* MutableColumn
* cleanup after review
* rename handleXXX to onXX events
* torkel feedback
* onCellClick
* heatmap: able to reverse Y buckets order, #15683
* fix(explore/logs) not collapsing whitespace (#15737)
* Refactoring of multi-value datasource PR #15812
* fixed minor misstake with dashboard padding
* removed -margin, replaced with new general variables
* Move oauth token migrations in user_auth_mig
* heatmap: fix middle bucket bound for prometheus
* Refactoring / fixing password hint PR #15868
* chore: Move sidemenu out of context service and use the
logic we have in the router already for hiding the
sidemenu
* Fix deduplication results displaying wrong data (#15755)
* added new space variables to margins in AddPanelWidget,
add_data_source, dashboard_settings and sidemenu
* use `Get` instead of `Find`
* avoid exposing cache client directly
* add docs about remote cache settings
* renames distcache -> remotecache
* renames key to cache_key
* build steps for cache servers
* code layouts and comments
* rename put -> set
* reverts package.json I made during the flight >.>
* `memcache` -> `memcached`
* removes memory as distcache option
* test redis and memcached during integration tests
* adds config to default settings
* avoid exporting test helpers
* uses set instead of add for memcache
* adds memory as dist storage alt
* extract tests into seperate files
* avoid exposing internal structs and functions
* heatmap: don't display cut cards
* heatmap: fix error when series empty
* heatmap: middle bucket bound option, #15683
* rotate!
* added new variables for spacing, set margins in _cards
with new variables
* better css
* Revert 'Fix Datasource Update to no User/Password'
* rotate!
* fix imageurl in notification test
* add comment
* attach themes to table story
* reuse deprecationWarning
* move to string.ts
* move stringToJsRegex
* get field mapping to actually work
* add variable size storybsck
* cell builder cleanup
* minor storybsck cleanup
* fix typos
* autofill space rather than force with/height values
* return table directly, not the debug info
* Minor fix in values to histogram conversion
* Fix histogram x-axis min/max
* moved utillities to util
* Change xaxis min and max form input types to number
* Fix histogram xaxis min/max tests
* Optionally set histogram x-axis min/max
* table using MultiGrid
* cleanup
* cleanup
* adding toolbar
* adding stub table input CSV
* docs: Fix indentation level for OAuth2 config
* docs: update CONTRIBUTING.md
* merge master
* docs: update slack alert notification settings
* docs: update admin and user http api documentation
* feat(api): support list/revoke auth token in admin/current
user api
* support get user tokens/revoke all user tokens in
UserTokenService
* @grafana/ui - release docs v1 (#15835)
* Minor refactoring of copy tags when saving feature, #15446
* Simple implementation for preserve tags, closes #11627
* Updated prettierignore
* Refactoring of PR #14772
* Simple storybsck
* fix typo in pr template
* add nil/length check when delete old login attempts
* Minor refactoring of new react text panel
* Improve rendering
* fix allow anonymous server bind for ldap search
* changed all rems to pixels in defaults and template,
changed back root font size
* piechart -> pieChart
* Rename: Piechart -> PieChart
* Import only what is used from d3
* less nesting and add test
* remove type field and add helper functions to check if
data isTableData
* add storybsck
* fixes typo in redis devenv
* add support for memcached
* add support for redis storage
* add garbage collector for database cache
* test at interface level instead impl
* cache: initial version of db cache
* don't include stuff from app/...
* fix scss
* rename to Table
* rename to Table
* fix type errors
* move to grafana/ui
* better sort function
* use TableData, not interface
* Make password hint configurable from settings/defaults.ini
* move toTableData to grafana/ui
* don't require x & y columns for timeSeries
* use TableData for timeseries in react
* Update README.md
* heatmap: reduce number of legend segments to reasonable
value and round x values to prevent gaps
* heatmap: fix legend padding
* heatmap: fix legend for small values, #14019 #15683
* status: alpha
* changed root font to 100%(default 16px), changed font-size
from px to rem, updated rem sizes in template and
default.ts files, removed display classes and variables
since not used, removed lead class and variables since not
usedremoved serif font since not used and probably never
should be used
* Update core:start cli command to watch theme changes again
(#15856)
* Updated pull request template
* Updated pull request rtemplate
* Removed title case from issue template title
* Updated issue template titles
* Updated issue templates
* Updated templates
* fix: Update error message and replace npm with yarn #15851
* fix: Make sure we dont add &autofitpanels to the url if it
already exists #15849
* fix: Update test snapshot
* fix: Logo goes Home instead of toggling side menu #15482
* Update upgrading.md for wrong spell
* remove _
* cleanup
* use pure component
* return the same panelData unless it changes
* sortable class
* Map dataSourceTypeSearchQuery state from redux to search
input.
* move rendering to its own file
* try virtualized
* Initial tooltip
* Minor refactoring of PR #15770
* Revert 'Fix for leaving playlist mode'
* Alternative fix to detecting when to stop a playlist,
fixes #15701 and #15702
* fix discord notifier so it doesn't crash when there are no
image generated
* fix: Consistency in unit labels #15709
* Update latest.json
* Run prettier
* position from add panel, dimensions from copied panel
* Fix donut rendering
* Run prettier
* Fix pieType change
* changelog: add notes about closing #14509 #15179
* Render svg instead of canvas
* fix: Add class for input fields with help icon to avoid
icon hiding the text #15771
* restore to current folder when restoring old dashboard
version
* fix(renderer): Vendor ansicolor as typescript
* log phantomjs output even if it timeout and include orgId
when render alert
* keep size from copied panel and not from add panel widget
* Added basic cherry pick helping task
* Prevent search in VizPicker from stealing focus (#15802)
* fix only users that can edit a dashboard should be able to
update panel json
* Updated changelog task
* Fixed image rendering issue for dashboards with auto
refresh, casued by missing reloadOnSearch flag on route,
fixes #15631
* use props.replaceVariables rather than templateSrv
* Updated to add PR author, skip PR issue references
* Added first iteration/poc of changelog task
* Enable @grafana/ui version bump based on package.json
contents
* Fixed styling of gicon's in dropdown menus
* cleanup plugin versions
* use explore icon
* fix comments
* typescript functions on replace
* remove console.log
* add ScopedVars to replace function
* Make datasource variables multiselect and dashboard
repeatable
* set height
* add test file (ignored)
* fix variable name
* use typescrit in angular table
* use react-table
* add a basic alpha react table
* Ensure clean master only when publishing package to npm
* Remove log
* Ensuring master branch when performing release
* upgrade xorm packages to latest versions
* Expose onQueryChange to angular plugins
* docker: update prometheus2 block to version 2.7.2
* use replaceVariables
* Add a keybinding that toggles all legends in a dashboard
* fix allow anonymous initial bind for ldap search
* changelog: adds note for #8253
* prettier
* Aftermerge fixes
* use default min interval of 1m for sql datasources
* changelog: adds note about closing #15608
* Fixed scrollbar not visible due to content being added a
bit after mount, fixes #15711
* Added comment to Docker file
* moving
* style: add gicon-shield to sidemenu class Closes #15591
* remove `UseBool` since we use `AllCols`
* fix: Move chunk splitting from prod to common so we get
the same files in dev as prod
* fix: update datasource in componentDidUpdate Closes #15751
* changelog: add notes about closing #15739
* Moved Server Admin and children to separate menu item on
Side Menu (#15592)
* update version to 6.1.0-pre
* Viewers with viewers_can_edit should be able to access
/explore (#15787)
* Fixed scrolling issue that caused scroll to be locked to
the bottom of a long dashboard, fixes #15712
* reordered import
* Wrapperd playlist controls in clickoutsidewrapper
* Turn off verbose output from tar extraction when building
docker files, fixes #15528
* Hide time info switch when no time options are specified
* Made sure that DataSourceOption displays value and fires
onChange/onBlur events (#15757)
* Updated react select fork to 2.4.1
* utils: show string errors. Fixes #15782
* Update frontend.md
* Update frontend.md
* Minor refactor of cli tasks (core start, gui publishing)
* Fixed url of back button in datasource edit page, when
root_url configured (#15759)
* use onOptionsChange
* use replaceVariables rather than onInterpolate
* use updateOptions rather than onChange
* changelog: add notes about closing #15650
* changelog: add notes about closing #15765
* fix: Kiosk mode should have &kiosk appended to the url
#15765
* changelog: add notes about closing #15077
* org admins should only be able to access org admin pages
* only editor/admin should have access to alert
list/notifications pages
* Added MaximumUsedTransactionIDs metric to list of AWS RDS
metrics.
* fix: When in tv-mode, autofitpanel should not take space
from the navbar #15650
* devenv: fixes incorrect influxdb config.
* Fixes #15739
* Don't mutate seriesList parameter in mergeSeriesByTime
(#15619)
* new stable docs version
* Fix: #14706 Incorrect index pattern padding in alerting
queries
* fix
* changelog: adds note about closing #14239
* fix: prevent datasource json data stored as nil (#15508)
* changelog: adds note about closing #10506
* changelog: adds note about closing #15651
* Return 404 on user not found (#15606)
* Catch bad regex exception at controller level
* Prettier fix
* Add PiechartOptionsBox
* docs: missing field added to example
* 11780: invalid reg value can cause unexpected behaviour
* Fixed right side scrollbar margin on dashboard page
* fix: Return url when query dashboards by tag
* Fix prettier
* Initial rendering
* Add PiechartType enum
* Install d3
* Remove extra props
* Removed commented code
* Fixed alias in Cloudwatch Expressions
* Explore: Enable click on name label
* Bumping grafana ui version (#15669)
* Style and grammar fixes
* big text option
* Need this to be available for plugins
* service: fix for disabled internal metrics.
* docs: 6.0 whats new
* Toggle stack should trigger a render, not a refresh
* Updated latest.json with 6.0
* docs: grafana 6.0 has been released.
* moves social package to /login
* moves tracing packge into /infra
* changelog: adds notes for #14509 and #15179
* graph: fixes click after scroll in series override menu
* moves metric package to /infra
* Explore: Make sure line graphs get different colors
* stackdriver: change reducer mapping for distribution
metrics
* stackdriver: fix for float64 bounds for distribution
metrics
* update
* style tweaks
* Refactoring orientation stuff
* Refactoring bar gauge
* Refactoring bar gauge
* Added missing file
* refactoring repeater and code in gauge and bar gauge to
reuse more code
* docs: link to azure monitor from what's new in v6.0
* Fixed value dropdown not updating when it's current value
updates, fixes #15566
* docs: tweaks to AzureMonitor docs
* Added feature toggle to defaults.ini and sample.ini after
PR comments
* Moved variable to config struct after PR comments
* Added feature toggle editors_can_own
* updates all cols except created so user and password of
the database can be chaned to no user and password
* Fixed bug with getting teams for user
* Improve Loki logs render with ANSI colors (#15558)
* grafana/ui 6.0.0-alpha.0 release version bump
* removed color in color variables names
* changelog: add notes about closing #15303
* changelog: add notes about closing #1441
* update changelog
* grafana/ui 1.0.0-alpha.0 release
* Update grafana/ui readme
* docs: landing page update
* Bring back plugins page styles
* docs: layout fixes
* prettier fix
* Make published package public by default
* docs: fix link
* docs: fix order of datasources in menu/index and update
alert support
* Fixed prettier issue in color picker
* Update docs to match current npm scripts
* Added keywords and description go grafana/ui package
* Fixed failing tests because of circular dependency
* Fix version and name in grafana/ui package.json
* Imports updates
* Implemented scripts for building and releasing grafana/ui
* changed some more color variables to use variables
* fixed tests
* panel: defensive coding that fixes #15563
* Minor fix/polish to gauge panel and threshold editor
* copying options between visualizations
* fixed issue in dark sass template
* Updated body & page variables to use variables from code
theme
* updated building from source docs
* fixed snapshots failing in master
* Synced variable template files
* fix: mysql query using __interval_ms variable throws error
* Fixed scrollbar issue introduced in theme changes
* Fix build
* minor touch ups
* Fix heading levels in generic-oauth.md
* updated colors in light, dark and theme files, in template
file basic colors uses variables from dark/light files,
also changed to -basic in some files
* ValueOptions -> PiechartValueEditor
* Make it build
* fixes
* added orientation option
* export PiechartDataPoint from @grafana/ui
* change valueOptions
* get label and color from series
* prettier fix
* PieChartDataPoint -> PiechartDataPoint
* Rename PieChartPanelEditor to PiechartPanelEditor
* docs: adds Azure Monitor docs
* Fix blue in dark theme
* Readme update
* Minor fixes
* Review fixes
* Fixes after merging #15468
* Pass dashboardModel to PanelCtrl class. Fixes #15541
* Add piechart to builtInPlugins
* logo: svg -> png
* Remove old overwritten sass vars
* first draft of repeater component
* docs: howto for recreating our debian repositories.
* fix: Filter out values not supported by Explore yet #15281
* Bump Prettier version (#15532)
* updated theme variables to master
* updated theme template files variables to master
* add new issue templates
* Fixes #15506
* chore: graph2 panel plugin should use the new
ReactPanelPlugin from @grafana/ui
* fix: Have the tab param removed from the url when leaving
edit mode #15485
* reduce loglevel to debug
* Fixes #15505
* fix native annotation filtered by template variable with
pipe
* Fixed navbar backbutton padding
* Updated explore icon and style tweaks Lowered icon size
and improved paddings, tried to align placement between
dashboard and explore
* Display graphite function name editor in a tooltip
* Fixing array direction, adding simple render test, fixes
#15478 Fixed unit test and updated gauge Added migration
for threshold order
* changelog: adds note for #15500
* fixed page-header-bg
* cli: chmod 755 for backend plugin binaries
* reversed most of grays in dark theme
* Fixes #15477
* Changed how react panels store their options (#15468)
* Remove maxDataPoints and interval props from props to
remember in panel model
* Fix typo in view mode cykle button
* Variables regenerated
* Make clear that variable scss files are generated from
templates
* Fixed spelling issue in templating docs
* Removed primary class from Add Query button, and changed
name of Panel Options tab o General Options
* improved formatting of variable docs
* Datasource docs for Loki
* Replace require with import in start task
* Added enable_gzip documentation (#15322)
* Add Lux to units
* Fixed issue with PanelHeader and grid-drag-handle class
still being applied in fullscreen, fixes #15480
* Began work on handling panel type switching and keep
setting
* Fixed unit tests
* Fixed gauge issue that will require migration later and
also value options editor did not handle null decimals or
0 decimals
* Added missing Gauge props
* Bar gauge icon updated
* Added bar gauge icon
* Began work on adding options
* Added basic tests
* bar-gauge storybsck
* Began experimenting with a bar gauge
* Also remove nested options prop that was there due to bug
* Moved gauge value options into a sub oject and made editor
more generic, will be moved out of gauge pane later and
shared between singlestat, gauge, bargauge, honecomb
* Added a ReactPanelPlugin as the interface that react
panels export, this way react panels have clearer api, and
gives us hooks to handle migrations and a way for panel to
handle panel changes in the future
* Changed how react panels store their options
* Fixed prettier issue (#15471)
* Initial commit
* Added bar gauge icon
* Began work on adding options
* Added basic tests
* run db tests in all packages
* bar-gauge storybsck
* new dark-3 became new dark-2, created new lighter dark-3,
changed panel-bg, empty-cta etc to dark-2
* Began experimenting with a bar gauge
* docs: suggested changes
* docs: fix header
* fixed handling of alert urls with true flags, fixes #15454
* Fixed dashboard navbar buttons being visible in
fullscreen, fixes #15450
* Added missing strict type checking options to grafana/ui
and fixed type errors
* Extracted common code for diff calculation
* fix spelling error
* whats new: rename security section
* Fix percent_diff calculation when points are nulls
* Restored loading spinner to DataPanel
* rearrange bullet points in PR template
* added another error message scenario
* link to contributing guidelines in pr template
* Fixes to error handling and clearing, also publishing of
legacy events so old query editors work with react panels
fully
* contributing: adds link to help wanted label
* contributing: adds link to our CLA
* removes testing instruction from contributing doc
* docs: move alerting above session
* docs: mention samesite setting
* increased blue in dark-1-5, dark-3 and dark-4
* docs: adds note about new login cookie name
* changed color for blue light in light theme + small
changes in naming etc
* Add missing nodemon dependency
* make bug/feature titles more verbose
* mentioned closes/fixes for new features
* docs: improve removal of session storage for what's new in
v6.0
* docs: add upgrade notes for v6.0
* docs: add note regarding auth proxy and user session
requirement
* docs: fix typo
* removed more unused variables, restyled scrollbar
* allow 90 percent of alertTimeout for rendering to complete
vs 50 percent
* Fixed issue with sass variables used from typescript, the
prettier lowercases export variables
* using error callback from datapanel instead
* docs: add availability note regarding non-compliant
providers
* Fixed sass vars template files
* Added deprecation warning to npm watch script - use start
script instead
* added new dark variable to dark theme(the color used for
page-bg), changed some backgroud colors that doesn't use
variables to use variables, made some slight tweaks to
dark variables, fixed so item hover is the same as card
hover
* Simple CLI for running grafana in dev env
* Added common theme variabless generation, created
GrafanaThemeCommons interface
* contributing: improve guide for bug fixes
* Changed devenv default data source to testdata
* added support for influxdb non_negative_difference
function in tsdb
* added support for influxdb non_negative_difference
function in tsdb for alerting
* Remove precommit from npm scrips
* More files that has fixed with prettier
* Added prettierignore and check script
* devenv: use grafana:dev image in ha test per default
* devenv: send nginx logs to loki in ha test
* devenv: proper fluentd conf for grafana and loki
* devenv: use grafana/fluent-plugin-loki
* devenv: trying to make fluentd with inoffical
fluent-plugin-loki work
* fixed issue with updatePopperPosition
* Prettier had not been running as a precommit hook for some
time so had to run in on all files again
* removed _plugins.scss and _settings_permissions.scc,
removed unused classes in _login.scss, reduced dark
variabels in light theme and alignied light theme a bit
with dark theme, turned blue-gray, dark-3 and panel-bg
variables into one variable and removed gray-7 in dark
theme
* feat: Add EmptySearchResult ui component and use it in
VizTypePicker
* Revert 'feat: Add css-support for invalid form input
elements'
* Revert 'feat: Highlight vizpicker input when there are no
panels matching the search query'
* Regenerating variabless sas on theme edit v1
* Fixed a minor plugin json lingering issue
* Removed some icons in action button Trying to align some
title case issues
* implement show error in panelcorner
* Forgot about the snapshots
* Renamed to FilterInput and added label and search icon
* feat: Highlight vizpicker input when there are no panels
matching the search query
* Updated a few plugin json files with dataFormats
* feat: Add css-support for invalid form input elements
* remove comments
* bubble error from datapanel to panelchrome
* Changed noQueries to a dataFormats array that will allow a
panel to define supported formats and prefered (first in
array)
* use authtoken for session quota restrictions
* Fixed issues with double page body and husky pre-commit
hook
* fix: No need to have edit permissions to be able to 'Save
as' a dashboard
* Revert 'chore: wip: Replace brace with ace-builds to get
latest version of ace'
* chore: wip: Replace brace with ace-builds to get latest
version of ace
* fix: Error tooltip should have white text on red
background. Not red text on red background
* Move explore selectors to a separate file
* removes unused session code
* chore: Rename renderPanel to renderPanelBody
* chore: Rename renderDataPanel to renderPanel
* chore: Rename renderHelper > renderDataPanel and move
logic to smaller functions
* chore: PR feedback, shorten bsclean check
* chore: Rename isDataPanel to noQueries
* chore: Only show Queries tab for panel plugins with
isDataPanel set to true
* feat: Only use the DataPanel component when panel plugin
has isDataPanel set to true in plugin.json. And fix
PanelData when using snapshots
* feat: Add util to convert snapshotData to PanelData
* feat: Introduce IsDataPanel attribute to plugin.json
* fix: Add missing typing
* Fixes #15372 with number input and parseFloat
* Revert 'hard move'
* chore: PR feedback, shorten bsclean check
* chore: Rename isDataPanel to noQueries
* Merge with master
* Found another input that was tied to a regexp
* Fixes bug #12972 with a new type of input that escapes and
unescapes special regexp characters
* enable testing provsioned datasources
* Fixed elastic5 docker compose block
* Added one more test case for color resolving helper
* Fix error caused by named colors that are not part of
named colors palette
* Fixed issue with gauge requests being cancelled
* Update package.json
* changelog: adds note for #15363
* Move deduplication calculation from Logs component to
redux selector
* style tweak to alert
* Removed plus icons
* hard move
* restoring green CTA
* Removed double page container
* chore: Only show Queries tab for panel plugins with
isDataPanel set to true
* Removing default thresholds values.
* adds edition to build_info metric
* Updated lint-staged
* changelog: adds note for #14623
* Fixed double page class on api keys and org details page
* Color tweaks
* azuremonitor: don't use make for maps and array
* changed back to old green in light theme
* changelog: add notes about closing #15258
* changelog: add notes about closing #15223
* changelog: add notes about closing #15222
* changelog: add notes about closing #15122
* changelog: add notes about closing #15219
* changelog: add notes about closing #14432
* update changelog
* changelog: adds note for #15131
* changelog: add notes about closing #15284
* Fixed issue with light theme introduced by #15333
* devenv test dashboard
* minor style update
* revert ds_proxy timeout and implement dataproxy timeout
correctly
* changelog: adds note about closing #15295
* azuremonitor: fix auto interval calculation on backend
* Minor style fixes
* Remove not related code
* make sure opentsdb takes dashboard timezone into
consideration
* make sure influx takes dashboard timezone into
consideration
* Do not read store state from toggle panelaction creator
* make sure graphite takes dashboard timezone into
consideration
* Review changes
* return series label if selected stat is name
* Fix plugin loading failure message not being displayed
* fixes invalid folder check
* extract notifiers folder creation to new if statement
* interval: make the FormatDuration function public
* Fixed missing time axis on graph due to width not being
passed
* make sure notifiers dir exists for provisioning in docker
* should be able to navigate to folder with only uid
* renames usage state name for auth token
* Clear visualization picker search on picker close
* Update README.md
* changelog: adds note about closing #15288
* v1
* removed extra semi-colon
* Commented out the Loki dashboard query editor
* added old green to dark-theme
* Fixed issue with logs graph not showing level names
* set secondary to new blue
* removed unused directive
* Fixed issue where double clicking on back button closes
sidemenu
* changelog: add notes about closing #8570
* update changelog
* changelog: add notes about closing #14233
* changelog: add notes about closing #15189
* changelog: add notes about closing #13324
* azuremonitor: small refactoring
* azuremonitor: handles timegrain set to auto on backend
* Navbar back button, no title edit this time
* provide time range to angular query controllers
* azuremonitor: add test for dimension filter
* azuremonitor: refactor azure monitor api code into own
file
* azuremonitor: handle multi-dimensions on backend
* use timeSrv in metricFindQuery as timeRange
* remove unnecessary spy
* azuremonitor: add support for aggregations on backend
* Fix formatting
* Add aws ec2 api metrics for cloudwatch
* Improve usability showing disabled lines in forms
* Fixed issues with plus button in threshold and panel
option header, and current state in viz picker, fixes
#15329
* support three letter hex color strings
* azuremonitor: simple alerting for Azure Monitor API
* use unique datasource id when registering mysql tls config
* azuremonitor: builds a query and sends it to Azure on the
backend
* mark packages as Apache license
* Minor refactoring around theme access
* Use TS instead of JS to store theme variables@next
* Do not use js theme variables in sass (poor dev experience
for now)
* Update config mock in metrics panel controller test
* ldap: refactoring.
* ldap: fixes #14432. Fix for IPA v4.6.4
* ldap: adds docker block for freeipa
* feat: Only use the DataPanel component when panel plugin
has isDataPanel set to true in plugin.json. And fix
PanelData when using snapshots
* feat: Add util to convert snapshotData to PanelData
* feat: Introduce IsDataPanel attribute to plugin.json
* fix: Add missing typing
* slight tweaks
* fixed explore width-0 issue, fixes #15304
* Persis deduplication strategy in url
* Support ANSI colors codes in Loki logs
* adds usage stats for sessions
* Panel edit navbar poc
* make sure to create provisioning/notifiers directory for
deb and rpm packages
* log root cause error when reading from provisioning
directories
* moves usage stats sender to new package
* changelog: add notes about closing #15291
* Removed unnecessary code from ColorPicker and extended
theme type
* Selecting theme variable variant helper function
* added reducers tests
* update docs
* added way to test action called from react component
* Added annother initDashboard test
* removes cleanup setting from docs
* make hourly cleanup the default behavior
* fix single gauge
* removed direction and series mode options, cleaned up the
code somewhat
* Simplified condition
* support json format templating
* support /api/v1/labels
* devenv: update ha test and load test
* run token cleanup job when grafana starts, then each hour
* Added another error object message detection
* Fixed some remaining issues
* Improved dashboard page test
* Improved dashboard page test
* Big refactoring for dashboard init redux actions
* Fix SemVersion.isGtOrEq
* making changes suggested in review and improving typings
* fix
* show timeseries label under gauge
* Minor cleanup
* Added test for SASS variable retrieval function from JS
definition
* Updated stories to use new theming
* move authtoken package into auth package
* vertical and horizontal, removed mode option
* move UserToken and UserTokenService to models package
* Add failing test
* Rename version_test to version.test
* change UserToken from interface to struct
* replaced some hex values with variables
* some changes i forgot to save in first push in
variables.dark
* removed trailing whitespace
* removed unused theme variables, removed empty sections,
aligned the order of sections in the files
* combine mode with avg value
* Fix issue with graph legend color picker disapearing on
color selection
* changelog: add notes about closing #12546
* Added a basic test for initDashboard thunk
* docs: update annotaions http api
* azuremonitor: improve autocomplete UX
* Added DashboardPage tests that tests view mode transition
logic
* azuremonitor: fix autocomplete menu height
* Revert 'chore: Replace sizeMe with AutoSizer in
DashboardGrid'
* Revert 'chore: Remove react-sizeme'
* fix spelling
* wip: tests
* middleware fix
* enhanced expiration logic for lookup token
* changelog: add notes about closing #15265
* Address review comments
* auth token clean up job now runs on schedule and deletes
all expired tokens
* changes needed for api/middleware due to configuration
settings
* change configuration settings in auth package
* document login, short-lived tokens and secure cookie
configurations
* refactor login/auth token configuration settings
* remove unused code
* Added ServerlessDatabaseCapacity metric to list of AWS RDS
metrics.
* changelog: add notes about closing #8207
* Minor code simplification
* Delete template.html
* cloudwatch: Add tests for resource_arn template query
* cloudwatch: Add resource_arns template query function
Implements feature request #8207
* update to aws-sdk-go v1.16.15
* Updated add panel related flows
* Update types and themes usage in components
* Implemented theme context and renamed/moved theme related
types
* refactor panel
* changelog: adds note for #15182
* Breaking init dashboard up in to fetch & init
* stackdriver: fixes #15182
* Closing timepicker when clicking outside the picker
* Optimized so we only do checks when dropdown is opened
* stackdriver: add some more typings
* Fixed so that we close angular TimePicker when user clicks
outside the dropdown
* Moved remove panel logic to dashboard srv
* first working draft
* Removed unused controllers and services
* Improved error handling
* fix: Update snapshot
* chore: Explore: Remove inner AutoSizer, spread the
size-object to width/height, change height type to number
* chore: Remove react-sizeme
* fix: Calculation issue with AutoSizer in explore
* chore: Replace withSize with AutoSizer in
explore/Graph.tsx
* chore: Replace sizeMe with AutoSizer in DashboardGrid
* Prevent viewers from going into edit mode
* Expand rows for panels in collapsed rows
* Basic loading state for slow dashboards
* Fixes #15223 by handling onPaste event because of bug in
Slate
* Fixed add panel should scroll to top
* minor layout change, simple render test
* azuremonitor: improve autocomplete experence
* docs: fixes #14940
* Added custom scrollbar and remember scroll pos to jump
back to same scroll pos when going back to dashboard from
edit mode
* created new color variables, changed primary to blue,
changed success-btns to primary-btns.
* azuremonitor: more autocomplete suggestions for built-in
functions
* Updated playlist test
* added missing typing to explore props
* added comment to initDashboard
* improve the stackdriver logo
* Fixed so onBlur event trigger an QueryChange and
QueryExecute if values differ
* Renamed initialQueries to queries
* Added PATCH verb end point for annotation op
* move auth token middleware/hooks to middleware package
* auth package refactoring
* render after leaving fullscreen
* added flags to vizpicker from query param
* Added playlist controls to new react DashNav
* Fixed lots of loading flow issues and updated solo route
page
* Set page title on dashboard load
* now /api/login/ping returns Response
* Added handling of kiosk mode
* WIP Enable js defined theme to be used in SASS
* fix: Explore: Query wrapping on long queries #15222
* azuremonitor: fix where suggestions
* prepping go to visualization
* azuremonitor: use kusto editor for App Insights
* basic layout
* fixed unit test
* Made dashboard view state srv panel view state obsolete
* fix: Set ace editor min height to avoid problem with
scrollbar overlapping ace content #15122
* Missed to save
* fix: Data source picker in panel queries options should
overlap content below, including ace scrollbar #15122
* Fixed handling of orgId
* Fixed template variable value changed handling
* Fixed bug with removing a QueryRow thats not part of
nextQueries
* Now handles all dashbord routes
* Replaced intialQueris with queryKeys
* fix util for splitting host and port
* azuremonitor: where clause autocomplete
* azuremonitor: don't go back to dashboard if escape pressed
in the editor
* azuremonitor: suggest tables initially
* azuremonitor: add more builtin functions and operators
* Reverted redux-logger
* Added more typings
* added submenu, made sure submenu visibility is always up
to date
* changelog: add notes about closing #14231
* Removed modifiedQueries from state
* fixing logging action
* devenv: switching back using loki master plus various
fixes
* Fix save provisioned dashboard modal
* Merge with master
* Refactor of action, actionTypes and reducer
* More types and some refactoring
* Alignment of interfaces and components
* Removed the on every key change event
* Add AWS/Neptune to metricsMap and dimensionsMap
* added time picker
* refactorings and cleanup
* mssql: pass timerange for template variable queries
* improving dash nav react comp
* fixed panel removal
* Added more buttons in dashboard nav
* wip: progress
* Url state -> dashboard model state sync starting to work
* Dashboard settings starting to work
* wip: dashboard in react starting to work
* wip: minor progress
* wip: dashboard react
* base64 encode encrypted oauth token fields
* Add string quote func
* Remove option used to control within browser
* Remove length from text columns
* Add oauth pass-thru option for datasources
* did not add file, removing centerered
* Legend toggle should only trigger a re-render, not a
refresh
* first stuff
* updated snapshot
* Adding pointer to colorpicker
* Minor post review changes
* More style tweaks to panel option group add button
* Made some style tweaks
* setting margin on label
* Make runQueries action independent from datasource loading
* fixing test
* add button in header
* minor fix
* Made really good progress on loki support in dashboards
* Temporarily run queries independently from UI state of
explore panels
* Remove extra newline
* Clearify the Run from master instructions
* Use slate-plugins from app/features/explore
* Remove newline && runner plugins
* Move prism to app/features/explore
* Restoring explore panels state from URL
* Remove version.ts
* introduce samesite setting for login cookie
* sending paneldata to component, gauge can handle table
data
* always delete session cookie even if db delete fails
* New solo panel route working in all scenarios I can test
* Removed unused factory and fixed index based mapper lookup
* Fixed dashboard row title not updating when variable
changed, fixes #15133
* Removed comment from panel editor
* signout user if /api/login/ping returns 401 unauthorized
* must return json response from /api/login/ping
* adds more tests signing out session
* changes some info logging to debug
* wip
* tailing grafana logs and temporaily using an older build
* add missing ngInject annotation
* renames signout function
* delete auth token on signout
* typing data
* changelog: adds note about closing #10780
* Do not render time region line or fill if colors not
provided
* Fixed row options html template location, fixes #15157
* creating table data type
* wip: New react container route for solo panels that
supports both angular and react panels
* build: enterprise release co project.
* Fixed another type of fluent reducerFactory
* Moved dashboard state components to state folder
* Moved time_srv to services folder, this should not belong
to dashboard feature but it is too dependant on dashboard
to move it out now, needs a bigger refactoring to isolate
from dashboard
* Moved a few things around
* Removed then clauses, no need to test the test within the
test
* Updated what's new article
* Added reducerTester, reducer tests and tests
* Removed ActionTypes and fixed a
noPayloadActionCreatorFactory
* Replace usages of kbn.valueFormats with ui/getValueFormat
* Refactored Datasources as POC
* Fix anchor
* Added download links to docs
* Updated docs
* Updated version again
* Updated version and made some changes to changelog and
what's new article
* docs: Added version notice for time range variables
* Added loki video
* spell fixes
* chore: Add typings for react-grid-layout and
react-virtualized
* fix: Don't open panel menu when dragging (react-)panel in
dashboard #14946
* chore: Add missing typings in PanelResizer
* chore: Fix typings and remove bindings for arrow functions
in DashboardGrid
* Updated explore section again
* Updated explore section
* fixe merge issue
* updated what's new article
* adjusting types to match
* Add storybsck script to run it from root dir
* Minor change to Action interfaces
* Simplified inteface for reducerFactory
* Fixed a small bug and added case sensitivity
* docs: whats new tweaks
* Added reducerFactory and tests
* Minor updates to text and image placements
* docs: add video link to what's new
* whats new: note about session storage
* first implementation
* Added actionCreatorFactory and tests
* whats new: provisioning for alert notifiers
* Rename SetInitialQueries action to QueriesImported
* Add missing code
* changelog: adds note for #15129
* docs: update to what's new
* docs: wip - what's new for 6.0
* Minor style fix to button group
* Fixed failing unit test
* Added basic docs
* Minor refactoring and adding some typing
* changelog: add notes about closing #14709
* fixed sqlite issue introduced by #14709
* Change primaryAggregation to crossSeriesReducer in
Stackdriver
* update changelog
* changelog: add notes about closing #12764
* fix: Remove legacy title-prop and update document.title
when navModel is changed #15108
* Explore: query field should not propagate non-text change
* Wait for queries to be imported before proceeding with
datasource change
* removing alpha
* Remove commented code
* Tweaked panel option group styles
* Import queries before datasource is changed
* fixed prettier on switch component
* adding from and to built in variables
* azuremonitor: adds macros to slate intellisense
* Fixed issue with explore changeTime redux action not being
hooked up, fixes #15115
* Fixed explore query editor styling issues
* azuremonitor: remove wrong completions
* azuremonitor: autocomplete on enter
* Progress on tooltip style update
* azuremonitor: fix tests
* devenv: loki provisioned datasource
* azuremonitor: revert 'memory for webpack build'
* Azure Monitor: replace monaco by slate with initial Kusto
syntax
* docker: block for loki
* Make language provider cancelable in Loki and Prometheus
QueryField, to avoid setting state on unmounted component
* Add util for handling promise cancelation to avoid setting
state on unmounted components
* stackdriver: remove beta notice from config page
* increasing font size on longer strings
* magic number solution
* Propagate event to onChange prop in Switch component
* two minor bug fixes introduced in recent refactorings
* Minor progress on react query editor support, solving
updating query persisted state
* did some styling changes
* Updated Explore query styles to align them to other query
editor to make them fit in better
* chore: Fix typings and add Page-component to
FolderPermissions #14762
* chore: Fix typings and add Page-component to ServerStats
#14762
* chore: Fix typings and add Page-component to AlertRuleList
#14762
* chore: Fix typings and add Page-component to
DataSourceDashboards #14762
* fix: Add plugins to StoreState interface
* chore: Fix typings and add Page-component to
NewDataSourcePage #14762
* chore: Fix typings and add Page-component to
DataSourceSettingsPage #14762
* chore: Fix typings and add Page-component to
FolderSettingsPage #14762
* test: Updated snapshot
* chore: Fix typings and add Page-component to TeamPages
#14762
* fix: Add pageName default to avoid 'Loading undefined...'
* changelog: adds note about closing #10487
* pkg/util/{filepath.go,shortid_generator.go}: Fix golint
issues
* pkg/util/{ip.go,url.go}: Fix some golint issues
* pkg/util/*: Add missing function comments.
* docs: updates docs to refer to using uid
* azuremonitor: increase memory for webpack build
* gofmt issue
* moves test files into testdata folder
* renames alert_notifications -> notifiers
* changelog: add notes about closing #14711
* update inline documentation
* extract parsing of datasource tls config to method
* extract tls auth settings directive from datasource http
settings directive
* changelog: add notes about closing #13711
* changelog: add notes about closing #5699
* Fix for annotations not clearing when switching
dashboards, fixes #15063
* Import fix
* build: ignore latest
* Spelling/grammar fixes in top level markdown files
* build: publishes armv6 to grafana.com.
* Removed the initial data source as I could not see it
being used anywhere
* Initialize named colors palete lazily
* Fix thresholds default colors not being applied
* removes unnessecary db request
* Making sure we do not pass a long invalid queries and save
to state
* single import for types from @grafana/ui
* tab/spaces formatting
* Revert 'Updated home dashboard, removed home dashboard
header'
* Fixed wrong line in test
* Made sure we only resetTypeahead if mounted
* Delayed explore query loading indicator and implemented
minor ux improvements to it
* fixing test
* support both uid and id for showing/removing notifiers
* Revert 'Use the same panel loading indicator in explore as
on dashboard's panel'
* Firing off an action instead of listening to location
changes
* Handle undefined graph and table results
* enable explore by default
* Use the same panel loading indicator in explore as on
dashboard's panel
* Prevents query result cleaning when new query trransaction
starts
* Changes after PR Comments
* Made ExplorerToolbar connected and refactored away
responsabilities from Explore
* Removed some split complexity
* Fixed some more styling
* Fixed close split look and feel
* Fixed position of Closesplit
* Fixed small issue with TimePicker dropdown position
* Simplified some styles and dom elements
* Fixed some more with the sidemenu open and smaller screens
* Fixed so heading looks good with closed sidemenu
* Restructure of component and styling
* Refactored out ExploreToolbar from Explore
* updating state if no panel
* updated the color palette
* Fixed reinitialise of Explore
* changelog: add notes about closing #13929
* changelog: add notes about closing #14558
* changelog: add notes about closing #14484
* changelog: add notes about closing #13765
* changelog: add notes about closing #11503
* changelog: add notes about closing #4075
* changelog: add notes about closing #14722
* update changelog
* changelog: add notes about closing #10322
* changelog: add notes about closing #12991
* update changelog
* Update datasource before the loading has started
* Add cursor pointer to color swatches
* Fixed import path
* changelog: adds note about closing #14701
* upgrade golang to 1.11.5
* moves timeout tests to an integration test
* Moving a few things from dashboard folder
* Correct formatting of sqlstore_test.go
* pkg/services/dashboards/dashboard_service.go: simplify
return
* Updated url query param encoding to exctly match angular
encoding
* Updated snapshot
* Added missing props not being passed to scrollbar
component, fixes #15058
* Parse database host correctly when using IPv6
* Document /api/health
* some working solution, needs refactor
* changelog: adds note for #15062
* Do not update color picker popover position on tab change
* change default rotate_token_minutes to 10 minutes
* Rename deprecation warning helper
* Implemented tests for ColorPickerPopover and
NamedColorsPalette
* fix
* load test/ha fixes
* set low login cookie rotate time in ha mode
* Fix light theme issues with named colors disabled
* Stories cleanup
* fix multiple piechart instances bug
* scripts/build/*: Fix some golint issues
* scripts/build/*: Fix golint issues Url => URL
* build: fixes building grafana completely within docker.
* dont specify domain for auth cookies
* monaco-kusto: fix imports
* use @alexanderzobnin/monaco-kusto package for kusto syntax
highlight
* New snapshot reflecting changes
* Makes the clickable side menu header look great in light
theme again
* org id fix for load test
* user auth token load tests using k6.io
* add global datasource proxy timeout setting
* moves cookie https setting to [security]
* Azure Monitor: build monaco with webpack WIP
* Use Switch to control y-axis in series color picker
* Move Switch component to grafana-ui
* improves readability of loginping handler
* Bug Fix #14961
* minor styling changes to gaps, font-size and width
* makes sure rotation is always higher than urgent rotation
* use defer to make sure we always release session data
* Enable custom picers on color color picker popovers (for
y-axis support in legend picker)
* feat: Use CustomScrollbar in explore #14752
* chore: Better comment
* chore: Remove comment and unneeded export
* fix: Enable -webkit-scrollbar related css when there's no
overlay scrollbar #14807
* fixes broken test
* Make series overrides color picker display correctly
* removes unused/commented code
* removes old cookie auth configuration
* makes auth token rotation time configurable
* Update story for NamedColorsPalette
* Update imports of NamedColorsPalette
* Restore missing styles
* Fixed issue with color name retrieval not being aware of
current theme
* Fixed dashboard import issue after move
* Moved add panel panel and renamed it to add panel widget
* Fixed react key warning for loki start page
* Moved row options to it's own component folder
* Removed old query inspector (that was opened by clickin
error in panel title) think the new query insector from
Queries tab can replace this old one.
* Moving files to better locations
* Disable query should trigger refresh
* added docs entry for check_for_updates config flag, fixes
##14940
* Loki query editor is starting to work, had to make changes
to explore query field in order to update query from the
outside without unmount between
* store oauth login error messages in an encrypted cookie
* Removed sass import of spectrum.scss
* replaced palette colors with current palette adjusted for
dark and light theme
* Remove spectrum.js vendor dependency from grafana/ui
* changed light-theme tool-tip to be a bit lighter, trying
different paddings
* Fix hide timeout for color picker
* Rename colorsPalette util to namedColorsPalette
* Make small swatches react to theme changes
* redirect logged in users from /login to home
* Explore: Fix scanning for logs
* Update styles of selected named color swatch
* restrict session usage to auth_proxy
* Implement pointer component for spectrum palette sliders
* minor updates
* Make default color picker close on trigger mouse leave
* Moved ad hoc filters and upload directive
* Added deprecation warning to old color picker API props.
Moved named color support handling to color popovers
* changed color for label tooltips from blue/red-yellow
gradient to black/white
* Moved dashboard srv and snapshot ctrl
* Moved share modal
* Moved dashboard save modals to components folder
* Moved unsaved changes service and modal
* Removed unused alertingSrv
* Moved view state srv to services
* Moved timepicker to components
* Moved submenu into components dir
* Moved dashboard settings to components
* Moved dashboard permissions into components dir
* Moved history component, added start draft of frontend
code style guide
* fix: Use custom whitelist for XSS sanitizer to allow class
and style attributes
* Reduce padding in color picker popover
* Began work on improving structure and organization of
components under features/dashboard, #14062
* Fix a typo in changelog
* Implemented new spectrum palette
* Update ROADMAP.md
* use resetfolder instead so it shows current folder
* Updated home dashboard, removed home dashboard header
* fixes nil ref in tests
* add setting for how to long we should keep expired tokens
* stores hashed state code in cookie
* creates new config section for login settings
* based on encodeURIComponent() using strict RFC 3986
sub-delims
* fix: Dispatch the correct action (#14985)
* passing middleware tests
* Stories update for color picker
* Make named colors optional in color picker, enable named
colors in graph legend series picker
* Storybsck - add actions addon
* fixes:#14282 - Do not change folder for persisted
dashboards
* extract auth token interface and remove auth token from
context
* Fixed issues with the sanitizie input in text panels,
added docs, renamed config option
* build: removes arm32v6 docker image.
* Updated version in package.json to 6.0.0-pre1
* build: armv6 docker image.
* build: skips building rpm for armv6.
* build: builds for armv6.
* CustomScrollbar - expose underlying's
react-custom-scrollbars API to allow scroll tracks config.
* Explore: mini styling fix for angular query editors
* Removed unused props & state in PromQueryField
* chore: Remove logging and use the updated config param
* chore: Reverse sanitize variable so it defaults to false
* feat: wip: Sanitize user input on text panel
* fix: Text panel should re-render when panel mode is
changed #14922
* Minor rename of LogsProps and LogsState
* Splitted up LogLabels into LogLabelStats and LogLabel
* Make popover hide delay configurable to enable better UX
* Stories - fix import
* Enable new color picker in Gauge and Thresholds editor,
use ThemeProvider instead of ContextSrv
* Updated table tests to new behavior for colors (values are
always rendered as hex/rgb)
* Make named colors usable in angular code pt 1
* Story updates
* Update grafana/ui exports
* Refactor color picker to remove code duplicartion
(introduced colorPickerFactory). Allow popver position
update on content change
* Fix lint
* Updated stories
* Rendering arrows for color picker, applying color changes
to time series
* Fix TS errors
* Stories updates
* Unified color picker API, allowed for color specified for
theme selection, updated code to changes in
PopperController API
* Get rid of unused renderContent prop on PopperController
* Enabled knobs for storybsck and implemented some stories
* Lint fix
* Render series color picker with correct theme
* Added config provider to be able to access config easily
from react components
* Migrating color pickers to Popper from drop.js pt1
* Updates to Popper to be positions correctly within window
* Move tooltip themes to Tooltip component making
Popper/PopperController theme agnostic
* WIP Basics of named color picker
* Refactored out LogRow to a separate file
* Removed strange edit
* Added link to side menu header and fixed styling
* Moved ValueMapping logic and tests to separate files
* more auth token tests
* Fixed data source selection in explore
* Added refId to missing queries on panel model init
* adds cleanup job for old session tokens
* Fixed loading of default query editor
* Changed null logic for range value mappings after PR
comments
* fix tests after renaming now
* Added check for null value in ValueMappings and added
tests
* s/print/log
* avoid calling now() multiple times
* passing auth token tests
* fixed trailing whitespace
* handle expired tokens
* fixed circleci script run path for gometalinter
* Fixed circleci name for gometalinter exec step
* moved script and added exit_if_fail
* Moved gometalinter to a script instead of seperate
commands in circleci file, removed megacheck and added
staticcheck
* set userToken on request when logging in
* moves initWithToken to auth package
* set cookie name from configuration
* Added function hasAccessToExplore in ContextSrv and
refactored tests
* change rotate time
* mixor fixes
* dead code
* fix ip address parsing of loopback address
* removes commented code
* moves rotation into auth since both happens before
c.Next()
* fix: Viewers can edit means that viewers have acces to
Explore #14281
* Add loop counter for full refresh in playlist
* decreased panel height in edit mode
* toggle collapse when clicking on collapse state text
* Query editor row style update & sass cleanup
* Delete .all.ts@neomake_22624_74.ts
* Further refinements of typings
* more typings work around data query and data source
* wip: progress on adding query types
* wip: more typings
* wip: typings
* Revert 'Specify expected encoding for access/secret key'
* Moved add query button to the right
* Updated removing notification channel by uid
* Check that alert notification with id already exists in
notification settings
* change enabled to true
* Fixed scrollbar issue where it jumped to the top
* Added test case dashboard
* fix: Hack for getting the same height in splitted view,
view could use refactor IMHO #14853
* Minor refactoring and name changes
* Fixed issue with explore angular query editor support
introduced by recent angular query editor changes
* Redid logic for fontcolor and thresholds in Gauge and
added tests
* Make sure we do not change -Infinity
* Passed the theme to Gauge
* Added tests for formatted value
* Small refactor of Gauge and tests
* Added typings and refactored valuemappings code
* Moved Gauge to ui/components
* Preparing move to ui/viz
* Fixed getFontColor, added tests and fixed thresholds logic
* Removed baseColor
* add timeout test for alert handling.
* remove maxage from session token
* fix broken code
* fix cannot set cookie when response is written
* began work on react query editor props and integration
* Added data source type to explore state
* updated snapshot
* renaming DataSource type to DataSourceSettings and moved
to grafana ui
* Fixed issue with team and user picker, fixes #14935
* Moved data source and data query types
* Moved plugin types to @grafana/ui
* log fix
* inital code for rotate
* wip: moved plugin exports
* build: usage instruction for repo test.
* build: comments
* Minor fix scrollpos when duplicating
* build: updates ci deploy.
* build: fixes the path for gsutil and gcloud.
* build: fixes permissions issue.
* removed unused props from angular query component
interface
* Additional query editor row tweaks
* Query editor row in react is working
* shortening callback functions
* Explore: Fix datasource selector being empty with single
datasource
* Scroll to top when visualization picker is opened
* Made scrollbar have scrollTop and setScrollTop props so we
can control scroll position
* build: only build amd64 for enterprise.
* azuremonitor: guard for when switching from monaco editor
* azuremonitor: move files into grafana
* Query editor row react progress, buttons working
* build: test script for rpm repo.
* chore: Replace the deprecated SFC with FC
* chore: Wrap footer with React's memo hoc
* chore: Reduce code duplication by letting the page
component adding the header and taking care of the page
title
* mini stylefix to select component
* cloudwatch.md - quick typo fix
* removing Label and going with FormLabel
* Use light theme in storybsck
* Toggle edit mode works
* login users based on token cookie
* test: Update snapshots and mocks
* build: deb repo update test usage instructions.
* fix: Use Page component on 'Api Keys' and 'Preferences'
under Configuration
* build: uploads binaries before metadata in deb repo.
* feat: Generate page titles from navModel
* test: Updated snapshots
* chore: Better way of getting the body node
* chore: Reactify footer
* fix: Add Pages component to Plugins and TeamList
* fix: Configuration: Users should also use the Page
component
* feat: Possibility to change document title on pages using
the Page component
* fix: Add CustomScroller on DataSources page
* fix: Proper types for linter
* test: Snapshot update
* fix: Fix import path after Scrollbar move to @grafana/ui
* POC of page layout component
* Added uid to AlertNotification json
* Converted notification id to uid via fmt for old alert
notification settings
* Returned id for alert notifications which were created
without uid
* Formatted errors to err
* Using func InitNotifier for verifying notification
settings
* Added uid for alert notifications
* Renamed validation funcs for alert notification
* Commented alert_notifications sample config
* Instantiating notifiers from config before using
* Added parameter org_name of alert notification to
documentation
* Added orgName parameter for alert_notifications
* Added alert_notification configuration
* redoing input props
* another minor style change
* More style tweaks to thresholds
* fix: Manually trigger a change-event when autofill is used
in webkit-browsers #12133
* move styling
* renaming after pr feedback
* minor style change
* wip: testing new query editor row design
* Removed snapshot
* Refactored ValueMappings
* Moved ValueMappings to grafana/ui/component and renamed it
ValueMappingsEditor
* Moved Label to grafana/ui/components
* build: repo update testable and more robus.
* Experimenting with generating doc for ui component
* Move action properties to payload
* Fixed small bug with entries outside the min max values
* Fixed NaN issue when parsing
* Remove BasicGaugeColor from state
* Fixed so that we can not change base threshold
* Fixed so added threshold colors are always unique
* Fixed issue with changing value not changing index
* Fixed styling for small screens
* Reordered the input row
* Fixed the circle
* Fixed styling
* Refactored logic in ThresholdEditor
* File organization, action naming, comments
* Fix reducer issues
* Connect Explore child components to store
* Update comments
* Move types to types/explore
* Save state in URL and fix tests
* Allow multiple Explore items for split
* WIP Explore redux migration
* Fixed a bug with prefix and suffix not showing when using
value mappings
* fixing imports, minor fix on mapping row
* test and minor fix on mapping row
* updated snapshot
* Added suffix interpolation
* Scrollbar select fix
* Remove duplicated import
* Initial commit
* changelog: adds note for #14795
* Move ColorPicker leftovers to @grafana/ui
* inject login/logout hooks
* begin user auth token implementation
* utils
* fix: It should be possible to scroll in the unit picker
before selecting a value #14871
* fix go fmt
* [Feature request] MySQL SSL CA in datasource connector
https://github.com/grafana/grafana/issues/8570
* removes debug2 logging
* removes error2 logger
* WIP: good progress on react query editor support
* Updates to latest checking.
* 5.4.3 changelog
* changelog: adds ntoe about closing #12864
* fix that alert context and result handle context do not
use the same derived context.
* docs: add a title to the Explore docs
* stackdriver: converts some variables from any to types
* FormGroup component and implements
* Restored http settings directive that was hidden in an
unused angular controller page
* stackdriver: small fixes after reactifying
* changelog
* stackdriver: add help text for bucket alias
* Prometheus: Fix annotation step calculation
* stackdriver: fixes space before caret icon in query editor
* Fixed Syntax for folder permission's JSON
* avoid infinite loop in the dashboard provisioner
* build: fixes release problems.
* changelog: add notes about closing #5968
* wip: another wip commit
* Moved panel editing components to it's own folder
* removed old unused angular stuff, rename
* wip: react query editors
* Move panel width/height calculation to PanelChrome
* Updated singlestat to use new value format function syntax
and capitalized unit categories, fixes #12871
* build: build specific enterprise version when releasing.
* Fixed Gauge being cropped when resizing panel
* units: adds back velocity units. Fixes #14851
* Fix bug tls renegociation problem in Notification channel
(webhook) #14800
* Fix Error 500 on unexisting /api/alert-notification/<id>
* updated snapshot
* Minor renames and other fixes
* pushover: add support for attaching images (closes #10780)
* panel option section moved to grafana-ui and new panel
option grid component
* Simplified folder structure in grafana-ui lib
* Addedd assertions about raw time range when panel time
overriden
* Panel time override tests
* add feedback to what interval is being used (calculated in
the backend)
* use typings for ds and template srv
* value formats: another rename and updates code to use new
valueFormats func
* value formats: renamed folder
* Reverted move of defaults for GaugePanelOptions
* refactoring alias by
* Move Select styles to grafana/ui
* Moved defaultProps to ui/components
* Moved the rest of Threshold dependencies to ui/components
* Renamed Threshold files
* Renamed Thresholds to ThresholdsEditor
* Moved Thresholds and styles to grafana/ui/components
* Removed default export for colors
* Fixed typings
* Small change in SeriesColorPickerPopoverProps
* Moved colorpicker to ui/components
* Fixing test and small refactor
* Moving to grafana ui, fix issue with TestRuleResult
* Fix panel time overrides not being applied fully
* access scope directly from this. update tests
* build: makes sure all builds use the latest container.
* changelog: docker images for arm.
* Renamed Select related components: Picker* to Select*,
Option* to SelectOption*
* build: removes curl install from build.
* build: tags arm as well as amd64 as latest.
* Docker image for ARM
* Fixing TS and updating snapshot
* make sure frequency cannot be zero
* refactoring. fix broken test
* Migrate Select components to @grafana/ui
* provide angular directive scope props correctly
* docker: enable flux in influxdb docker block
* Moved Thresholds and styles to grafana/ui/components
* Update README.md
* 11503: escape measurement filter regex value
* 4075: Interpolate tempvar on alias
* rename
* fixing unitpicker
* removing tests
* React graph panel options component rename
* Minor refactor of Gauge panel
* Revert 'Docker image for ARM'
* Revert 'build: fixes docker push.'
* build: fixes docker push.
* feat: Add brand as tooltip theme and use it on panel edit
tabs #14271
* Docker image for ARM
* fix broken test
* chore: Remove ScrollBar component, superseded by
CustomScrollbar
* Update storybsck static files option to load statics
correctly
* unregister event listener correctly
* Changes after PR comments
* Removed unused refClassNameprops from Propper
* Fixed a small bug when toggling items in toolbar
* build: deploys enterprise to its own repo.
* build: inline docs
* build: publishes beta releases to separate repos.
* refactoring
* build: makes repo update enterprise compatible.
* build: uses official deployment image.
* build: adds aptly and createrepo to deploy tools.
* build: handles unexpected cases.
* build: only adds the correct packages to the repo.
* build: rpm repo deploy.
* build: repo update input error.
* build: release of debs to our debian repo.
* Added tests for TestRuleButton
* Removed Test Rule button from Angular and view
* Added TestRuleButton
* Hint for user on when the repeat is applied
* Removes unnecessary warnings from webpack output about
missing exports
* Use factors for max repeated panels per row
* Fixing TS errors and updating snapshot
* Move Portal to @grafana/ui
* chore: Move sass code related to custom scrollbar into
@grafana/ui #14759
* Post merge updates
* chore: Move CustomScrollbar to @grafana/ui #14759
* changed light theme page background gradient
* WIP
* Max number of repeated panels per row
* wip
* Make tooltips persistent when hovered
* docs: rpm/deb beta repo.
* update snapshot
* add form grow
* fix: Clean up per PR feedback. Thanks @dprokop
* removing duplicated things
* minor code refactor
* splitting into more files
* Moved AlertTab and StateHistory to app/features/alerting
* fix: When loki is default data source, datasource is
passed as undefined to QueryOptions #14667
* remove redundant max-width. it's already declared in
gf-form-select-box__menu-list
* add typing for metric descriptor
* Removed unused Popover component
* Update components to fit updated PopperController API
* make templateSrv a prop
* Refactored withPoper HOC to PopperController using render
prop
* use correct event handler name convention. register
directive on startup
* fix: Remove the onRenderError prop and add an
ErrorBoundary component
* replace fragment with empty jsx tags
* refactoring tests
* ugly fix. will be removed later on
* adds note for #13914 and #14581
* moved all units
* fix: GraphPanel should be a PureComponent
* fix more broken tests
* feat: Display error when plot fail to render
* wip: fix broken tests
* adding more units and functions
* Remove the jump effect on run query button
* ugly temporary fix for scope issue. will be removed later
on
* refactoring
* fix filter bug
* fix: Light theme corner bg color update
* set max width on the whole menu list instead
* bind array instead of function
* feat: Add 'theme' to Tooltip
* Notify user on query error
* Revert 'Revert 'add max width to group header
description''
* Revert 'add max width to group header description'
* remove not used property
* fix broken tests
* use correct type for select option
* set issearchable default value to true
* make variable type more slim
* remove group name from select component. let the parent
set group name instead
* move component to components dir. also move directive
registration out from datasource
* add template variable type
* rename template variables prop
* rename selected prop
* rename searchable prop
* improve component performance
* add max width to group header description
* remove debug logging
* rollback test state to before template variables were
added
* cleanup
* move template variable logic to component
* remove extra arrow div
* fix condition that expands group if it has a selected
child. also make it possible to pass expanded as a prop
* align input widths
* remove console log
* rename directive
* remove linebreak
* remove old group heading
* use new generic picker
* remove on metric type change
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* update failing tests
* remove redundant default value
* use new option group in aggregation directive
* remove redundant default value
* wip: add option group component
* wip: add basic option header
* Wrap react select component in angular directive
* updated scrollbar snapshot
* remove not used files
* Fixed new gometalinter issues
* fix JSON in responses for Admin API documentation
* 14722 - removing unnecessary arn check that breaks assume
role feature in other AWS partitions
* Fixed issue with cut legend in firefox & mobile devices,
fixes #14744 and #14489
* Some cleanup
* EqualFold()
* forgot go fmt
* pull connection string args from url instead
* Add mean on distribution as well
* docs: updated debian and centos repo.
* Fix stackdriver aggregation series merge
* first stuff
* Updated documentation for new macros
* Minor refactoring of EditorTabBody
* Fixed timepicker css issue introduced by PR #14700 and
remove hotfix from 297241c
* AlertTab style fixes
* Updated alert tab layout & markup
* Changed datasource list page default layout mode
* Fixed timepicker css issue introduced by PR #14700
* Added macros to mysql
* FIxed syntaxis mistake unixEpochNanoFrom and
unixEpochNanoTo
* Added previous macros to mssql
* Added unixEpochNanoTo and unixEpochNanoFrom macros to
postgresql
* Renamed unixEpochFilterNano to unixEpochNanoFilter
* cleanup
* add aggregation tests
* add tests
* Fix issue with value disappearing when selecting stat
* Fixing issue with value color being wrong
* initial design for way to build value formats lazily and a
backward compatability layer via Proxy
* fix template variable bug
* Don't cut off subsecond precision for postgres macros
* Nanosecond timestamp support postgresql
* remove not used file
* Fixed new gotmetalinter warning
* add support for defining additonal database connection
string args via extra_connection_string_args
* clear history
* cleanup. remove comments, not used files etc
* state history tab
* fix broken tests
* use correct type for select option
* set issearchable default value to true
* make variable type more slim
* remove group name from select component. let the parent
set group name instead
* move component to components dir. also move directive
registration out from datasource
* add template variable type
* rename template variables prop
* rename selected prop
* rename searchable prop
* improve component performance
* add max width to group header description
* remove debug logging
* rollback test state to before template variables were
added
* cleanup
* move template variable logic to component
* remove extra arrow div
* fix condition that expands group if it has a selected
child. also make it possible to pass expanded as a prop
* align input widths
* remove console log
* rename directive
* remove linebreak
* remove old group heading
* use new generic picker
* remove on metric type change
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* update failing tests
* remove redundant default value
* use new option group in aggregation directive
* remove redundant default value
* wip: add option group component
* wip: add basic option header
* Wrap react select component in angular directive
* s/initialDatasourceId/initialDatasource/
* add alert in react instead of angular
* Fixed issues with panel size in edit mode, fixes #14703
* hide protip if not defined
* fix filter bug
* add help text component
* Tweak datetime picker layout for mobile
* Explore: Remember last use datasource
* Update yarn.lock
* Logs data model: add more log levels
* Review feedback
* Explore: fix loading indicator z-index on panel container
* Loki: change query row to be single field again
* Explore: logging UI style fixes
* Loki: query limit configurable in datasource
* Removed rxjs compat
* ldap: adds extra debug logging
* reactify annotation query editor
* adds orgId to user dto for provisioned dashboards
* Update rxjs
* closes the body properly on successful webhooks
* makes cache mode configurable
* Fix general tab typos
* added node-sass as dev dependency, needed after I removed
grunt-sass
* Husky and sasslint fixes, fixes #14638
* Added a form component to @grafana/ui
* created visualizations folder
* Fixed JQuery typing issues
* Typings issues
* wip: moving react graph component to grafana/ui
* Don't do a full frontend release build in test-frontend
job, added typescheck (tsc noEmit) instead, fixes #14639
* Moved sass for component to @grafana/ui lib
* Moving a couple of types to @grafana/ui
* Testing moving out one type to grafana/ui
* Increased margin between controls in logs panel, fixes
#14637
* Fixed dashboard links not updating after variable or time
range change, fixes #14493
* Fixed group button tooltip placement from auto to bottom,
fixes #14634
* Removing erroneous backtick in docs
* Updating docs for auth_proxy whitelist CIDR support
* Add timestamp back to log entry type
* Update
public/app/plugins/datasource/loki/result_transformer.ts
* Loki: fix timestamp field
* Fixed panel height & scroll issue with flexbox in firefox,
fixes #14620
* remove segment srv prop
* use ds template srv reference
* remove not used stuff
* add event handler
* add help component
* Add support for InfluxDB's time zone clause (backend)
* note to future me
* delete works
* grunt test task update
* Add support for InfluxDB's time zone clause
* @grafana/ui lib now contains one components, seperate lint
& tsc steps
* changelog: add notes about closing #14519
* Grafana ui lib is starting to work
* typings and renamings
* breaking up grafana into multiple packages poc
* add project and help component
* add alias by component
* add alignment periods component
* cleanup aggregation picker
* move alignment population code to parent component. make
alignment a stateless component instead.
* flatten target obj
* Grafana ui library poc
* elasticsearch: support bucket script pipeline aggregations
* Add units for blood sugar concentration 💉
* on deselect when reducer is set to none
* add alignment component
* Fixes undefined issue with angular panels and editorTabs
* changelog: adds note about closing #14562
* refactor aggregation picker
* use render props pattern
* Update field name
* Add documentation
* use template variable prop
* cleanup
* Rename the setting and add description
* export init notifier func
* render editor toolbar buttons
* Increase recent and starred limit in search and home
dashboard, closes #13950
* changelog: adds note about closing #14486
* Panel help view fixes
* rewrite angular view
* Add min/max height when resizing and replace debounce with
throttle
* changelog: adds note about closing #14546
* Adding tests for auth proxy CIDR support
* fix only add column if not exists for mysql
* changelog: adds note about closing #14109
* fix handling of indices with multiple columns (mysql)
* fix only create/drop database indices if not exists/exists
* fix signed in user for orgId=0 result should return active
org id
* Another take on resizing the panel, now using
react-draggable
* only update session in mysql database when required
* Raise datasources number to 5000
* improve component performance
* add max width to group header description
* copy props to state to make it visible in the view
* remove debug logging
* rollback test state to before template variables were
added
* cleanup
* move template variable logic to component
* remove extra arrow div
* refactor to not crash when no links
* updating snaps
* renaming component
* panel help working
* snapshots: Close response body after error check
* fix condition that expands group if it has a selected
child. also make it possible to pass expanded as a prop
* align input widths
* Update sample and default configs
* Add OAuth provider flag to indicate if it's broken
* Register BrokenAuthHeaderProviders if needed
* Add units for Floating Point Operations per Second
* remove console log
* rename directive
* remove linebreak
* remove old group heading
* use new generic picker
* remove on metric type change
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* update failing tests
* remove redundant default value
* use new option group in aggregation directive
* remove redundant default value
* wip: add option group component
* wip: add basic option header
* Wrap react select component in angular directive
* Minor update
* Make sure panel id is unique since some datasources
(Graphite) will cancel ongoing requests with the same
panel id
* changelog: adds note about closing #14548
* Adding CIDR capability to auth_proxy whitelist
* Minor cleanup now that angular panel edit is no longer
* Gauge option form markup fixes
* toolbaritems viztab
* filter out table responses that don't have columns and
rows
* enable goto explore from query panel editor for all
datasources
* started with component for generic panel help
* moves migrations to /sqlstore/migrations
* adds integration tests to ci build
* renames main lock function
* clean up integration tests
* change from db_text to nvarchar
* adds server lock package
* initial verison of server lock
* Minor react graph panel refactorings and fixes
* sorting tests for change value
* Fixes issues with user and team picker
* fixing coloring
* upgrade to golang 1.11.4
* remove printed index
* updating test
* adding threshold
* Refactoring react graph
* updated dropdown typeahead to place down instead of up,
works better when inside scrollable area
* minor style tweak
* propagate initial state back to explore query runner
* Update gitlab.md
* Update github.md
* minor style fixes
* Updated snapshot
* Switched to react-select fork
* ldap: upgrades go-ldap to v3
* table: fixes #14484. Renders epoch string if date column
style
* changelog: adds note for #14483
* Fix for no metrics panels, now goes to viz tab and does
not show queries tab
* minor style fix
* minor change to table panel edit options
* minor tweaks to text panel
* Fixes and cleanup
* Show predefined time ranges as first in timepicker on
small screens
* code cleanup in add panel, and switched off grid css
transforms to fix z-index issuse
* minor tweaks to alert tab
* fixed name of alert tab
* removed unnessary test
* updated add panel a bit
* minor style fix
* updated snapshot
* fixes to unit picker
* updates on thresholds component
* remove check on axis.used in flot #13765
* Added custom scrollbar to select component
* removed a test that isn't neccessery any more
* replaced content in addpanelpanel with three buttons that
can create new panel, paste copied panel, and add a new
row, to paste panel one must copy one first, code is still
quite rough
* fixed cloudwatch issue
* select refactor fixes
* gauge working without thresholds
* changin colors
* explore using data source picker
* fixing issue with copy invite link
* getting closer with no thresholds
* renamed folder to select
* User picker using common select componnet
* wip: unifying select components
* fixing input unit test failure
* fixed issue with switching panels
* refactored panel-option-section into react component
* removed console log
* updated styles
* starting with threshold refactor
* wip: convert angular directives to react components
* wip: style change progress
* Update latest.json
* wip: styles are starting to come together
* wip: styles
* wip: testing new styles
* wip: style changes
* fixed ordering changing panel types, fixes issues with
loading panel options
* moving min/max to gauge options
* log error when resolvePath
* wip: minor style changes
* wip: changes
* break out metric picker and filter
* migration: renames logging ds to loki ds in data_source
table
* loki: updates the logo
* fixing tests
* mixing color when
* wip
* wip
* remove on metric type change
* things are working
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* changelog: add notes about closing #8843 #11175
* fixed unit tests
* update failing tests
* remove redundant default value
* wip
* wip
* redone state
* display value map or range map
* add oauth_auto_login setting to defaults file
* use new option group in aggregation directive
* wip
* remove redundant default value
* Adding mixed query
* Check with lowercase
* wip metrics tab changes
* changelog: adds note about closing #13754
* wip: making things work again
* React-select refactorings
* wip: add option group component
* wip: add basic option header
* wip: react select css refactoring
* docs: fix broken link on explore page
* wip
* changing type and started on Gauge
* fix threshold test
* Adding label
* styling on dropdowns
* Using drop down instead
* Filter tags select box on text input #14437
* fixed id bug
* Using an id to identify mappings
* Change KeyboardNavigation from hoc to render prop
component
* Clean up hoc and extend component props automatically
* Let VizTypePicker use the keyboard navigation hoc
* Moved more metrics tab to react
* Wrap react select component in angular directive
* Don't show heading for first tab
* snapshots: Add support for deleting external snapshots
* docs: explore
* snapshots: Move external snapshot creation to backend
* snapshots: Add external_delete_url column
* Add keyboard navigation to datasource picker via a hoc.
* Use react's onKeyDown event on the input instead of event
listener on document
* Explore: Improved line parsing for logging
* fixed typings and remove
* updated publish script
* Unmount component when fading out to reset its state, such
as search..
* Variable rename. Did not make sense at all.
* Fix styling for vizPicker keyboard nav and change so only
arrow up/down is OK to use
* fixed styling
* Start adding keyboard navigation to VizPicker
* use links instead of bridge network
* fix time regions bugs
* fixed issue with colorpicker position above window, fixes
#14412
* fixed issue with singlestat and repeated scopedVars, was
only working for time series data sources, and only if
there was any series, now scoped vars is always set, fixes
#14367
* fix search tag issues, fixes #14391
* Clear query models when changing data source type, fixes
#14394
* fixed issue with grid responsive mode
* fixed max height issue not being respected by react select
dropdown
* removed side menu for column styles, added small header to
column styles with a border
* Use correct variable name in fail text
* Fix search field styles
* Enable search also after editing
* Explore: Split logging query into selector and search
* Fix logs panel meta wrap
* Explore: dont pass all rows to all rows, fixes profiler
* Explore: Logging dedup tooltips
* Explore: Hide scanning again after result was found
* Explore: Fix timepicker inputs for absolute dates
* Switch to global match for full browser support of escaped
custom vars
* Allow backslash escaping in custom variables
* Fixed issue with logs graph and stacking
* align yellow collor with graph in logs table
* minor style change
* Add the AWS/SES Cloudwatch metrics of BounceRate and
ComplaintRate. Pull request #14399
* logs style polish
* allow sidemenu sections without children still have a
hover menu/header
* explore logs options styling
* transparent toggle style and new button group style
* Toggle buttons
* render a value mapping row
* removed side menu from display options, kept overrides in
display options, moved thresholds and time regions to its
own section in visualization
* changelog: adds note about closing #11221
* removes unused code
* fixes merge error
* remove result format. might add this later
* filter out build in datasources. add unit test
* click on dashboard title moves you back to dashboard
instead of search
* graphInterval needs to update after query execution, fixes
#14364
* Explore: Parse initial dates
* Aligned styling of stats popover/box with rest of grafana
& minor css refactoring
* Remove Explore > 'New tab' from sidebar
* initialize empty variables array in constructor so that
datasources can use the array in explore
* Prometheus: Make result transformer more robust for empty
responses
* add table support flag in influx config
* add scoped vars to query options
* Rebase fixes
* Explore: Logging line parsing and field stats
* fixed unit tests
* made unknown color theme aware and sync with graph color,
some minor cleanup
* initial stuff
* Explore: improve error handling
* use render props instead of cloneElement
* sort of a hacky way to figure if the small variation
should be used for the label
* add basic button group component, using the the same label
style as is
* Restore PluginEditCtrl accidently removed
* explore logs styling
* wip: alternative level styling & hover effect
* wip: explore logs styling
* more detailed error message for loki
* If user login equals user email, only show the email once
#14341
* UserPicker and TeamPicker should use min-width instead of
fixed widths to avoid overflowing form buttons. #14341
* wip: explore logs styling
* restoring monospace & making sure width are correct when
hiding columns
* fixed logs to time series calculation issue, increased
bucket size, fixes #14248
* Always open panel links in new window if user asked for it
#14333
* Changing from PureComponent to Component to re-render on
link updates made in Angular #14333
* minor tweaks, now table renders faster and changes less on
second stage rendering
* explore logs css refactoring, step1
* explore logs styling poc, WIP
* Fix transparent option #14333
* Add prop key to panelPropsString to avoid a bug when
changing another value and the render doesnt trigger
* loki: adds proper error handling for config page
* renames Grafana Logging ds to Loki
* Pass some panel props down as strings to trigger render
#14333
* Trigger panel.render on title, description, links change
#14333
* Put issue number to test code
* Fix bug what updating user quota doesn't work
* Fix bug what updating org quota doesn't work
* public/app/plugins/*: Fix some misspell issues
* public/sass/*: Fix misspell issue
* public/app/features/*: Fix some misspell issues
* public/app/core/*: Fix some misspell issues
* README.md: Fix small typo
* fix snapshots
* Added isDefault switch on settings
* fix to switch component
* Rename BodyPortal to Portal and accept prop 'root' which
is where the portal should be placed
* Create a portal and use it with our popper component
(tooltip and popover) to avoid potential
overflow-/zindex-bugs
* add icon
* explore data source selector fix
* Update css to use the border-radius variable and add a new
variable for the popper's distance to its ref
* Update README.md
* fix for panel-initialized event not being called
* refactored and added tests for panel model remember
properties
* redact value for plugin proxy routes
* pkg/*: Fix misspell issues
* fix for panel embedding. Solo panel height was not
correctly set. Made panel--solo into panel-solo class. in
develop branch we have remove the need for the panel class
* added support for influxdb cumulative_sum function in tsdb
* Use buildTableConstraint instead of buildSchemaConstraint
to find the datatype of a column if using a table from a
different database schema
* Readme: We should write Node.js the same way in all places
in the readme
* Small tooltip css-adjustments and add css for position
'bottom-start' used by the panel header corner
* Explore: Display duplicate row count as number
* Adapt styles
* Explore: Logging query live preview of matches
* added max-widths to explore start pages boxes
* Alert tab fails when datasource method
targetContainsTemplate doesnt exist #14274
* improve comments
* fixed promql and loggging syntax so all punctuation chars
are treated the same, remove hover move
* remove all query empty related code. root cause of the
problem was to fix hasNonEmptyQuery
* Let the cached props from previous visualization be the
masters, unless specified in keepLatestProps const
* POC on how to save away settings from a viztype and
restore when switching back to it #14274
* remove redudant spread
* Set query empty condition in render function. Also clear
query transactions when no valid query is present
* Remove query empty from model
* fixed logging start page
* Use popover styles for stats popover
* Fine tune stats styles
* Tests for label stats calculation
* Explore: Logging label stats
* stop scanning when clear all button is clicked
* build: update latest when pushing docker.
* Use origin meta
* only display scan button if there is at least one existing
selector that returned an empty result
* minor refactoring
* Explore: return to grid layout for logs table
* Add VizPicker search #14274
* changelog: add notes about closing #11067
* fixed grabage in markup
* fix: align input backgrounds for code editors
* fixedUnit for Flow:l/min and mL/min
* feat: #11067 prevent removing last grafana admin
permissions
* another style fix for broken dark theme word highlight
* fix time regions using zero hours
* Misc styling fixes to explore: start page, slate code
editor colors, text highlight in auto completeter
suggestion
* Revert commit
* only make it possible to scan for older logs if there is
at least one non failing selector
* update package.json to next version
* Stick to .tsx? for babel file test
* changelog: add notes about closing #13815
* changelog: add notes about closing #14246
* arrow function
* changelog: add notes about closing #12653
* fix for add/remove labels
* Hid 'Forgot your password' link from login menu when reset
is disabled
* Prevent password reset when login form is disabled or
either LDAP or Auth Proxy is enabled
* fix for initial options
* minor css fixes
* update changelog
* update latest.json to latest stable version
* new stable docs version
* minor css fix
* redid props for gauge options
* dataproxy: Override incoming Authorization header
* changelog: add notes about closing #14228
* Explore: Show logging errors from backend
* change obj order when merging so that correct format is
being used
* Explore: Fix logging query parser for regex with
quantifiers
* Update README.md
* Fixed typo in function name
* Explore: Fix label and history suggestions
* tidy import
* let each sql datasource handle timeFrom and timeTo macros
* style changes for panel placeholder (move and resize)
effect
* never load fallback query field. remove commented code
* add an error alert component that will be displayed when
there was an error loading ds in explore
* fix: minor style changes, removed hover scale increase
* react-panel: Add nullcheck to prevent error on datasources
without meta options
* react-panel: Options button should always be enabled now
when Time Range-options are there
* react-panel: Move time range options to its own component
and render it under the options button instead
* created color enum
* make sure target obj is not destructured so that angular
copy of objected can be mutated
* Review feedback
* react-panel: Add test for Input with validation on blur
* react-panel: Input validation should be optional
* react-panel: Clean up input validation and increase code
readability
* react-panel: Time range options moved to 'Queries' tab
* react-panel: Remove mock response button for now
* react-panel: Remove comments and improve readability in
render()
* react-panel: Use correct type for children prop to avoid
the use of fragments <></>
* react-panel: Remove json-formatter-js since we will
continue with the 'patched' version
* react-panel: Move all query inspector logic into
QueryInspector component and start with the 'Mock
response'
* react-panel: Toggle Expand/Collapse json nodes in Query
Inspector
* react-panel: Add CopyToClipboard-component and separate
QueryInspector to its own component from QueriesTab
* react-panel: Trigger panel refresh when opening inspector.
Add loading-message
* react-panel: Replace JSONFormatter npm package with the
current monkey patched JsonExplorer
* react-panel: Clean up the JSONFormatter and make sure it
updates both on mount and when props update
* react-panel: Get real datasource query for query inspector
* react-panel: Create component for JSON formatting and use
it on query inspector
* changelog: add notes about closing #14167
* make getAll return array instead of object
* remove obsolete test
* Update README.md
* Add AWS/CodeBuild namespace for CloudWatch datasource
* Fixed styling issues with new checkbox style
* Fix other misspell issues
* docs/*: Fix misspell issues
* CHANGELOG.md: Fix misspell issues
* Explore: Logging render performance
* remove log
* min and max value
* update gauge on remove threshold
* user added thresholds state
* console logs and code layout
* pass data correctly to event handler
* revert Label change
* update color on gauge when changing
* remove explore check - make it possible to load all
datasources
* add table support flag for stackdriver
* add table support flag for prometheus
* add table support flag for postgres
* add table support flag for opentsdb
* add table support flag for mysql
* add table support flag for mssql
* add table support flag for logging
* add table support flag for graphite
* added google_tag_manager_id from defaults.ini
* removed extra whitespace
* Update export_import.md
* added new icons, fixed so different icons in different
themes, added animation to hover on icons, styled choose
visualization and datasource for both themes, made som
styling adjustments to whole panel editor
* sorting tests
* remove border
* color indicator
* add new flag in order to be able to indicate whether the
datasource has native support for tables
* prevent explore from crashing when table is not present in
response
* Explore: Logging label filtering
* Logging: fix query parsing for selectors with multiple
labels
* using percentage to not hide search when smaller screen
* build: explaining the linux build.
* check for null with toLocalString (#14208)
* Fix elastic ng-inject (build issue) (#14195)
* add current editor to panel targets
* Added stop scan button
* Explore: Scan for older logs
* color picker
* remove time srv initialization
* restructure imports
* get intervals from explore function
* unregister all query editor event listeners
* remove comments
* temp remove until stackdriver implements explore
* sort on value
* use default range from time picker
* Requested Backend changes, removed link in popover
description for the offset field
* Remove confusing <> from variable intro
* includes ranges correctly in the options object
* docker: Upgrades base packages in the images.
* small fixes
* logic for adding rows, styling
* chore: correct pause-all-alerts auth in docs
* Requested Backend changes, added details to popover
description for the offset field
* Explore: Fix JS error when switching between 2 prometheus
datasources
* color touches
* Add support for Offset in elasticsearch datasource,
date_histogram aggregation, fixes grafana #12653
* Fix tests to account for sortText
* build: always test publisher.
* build: packages linked to dl.grafana.com.
* Fix tests to account for loglevel long names
* Explore: Filter logs by log level
* styling
* created test for some functions
* update changelog
* mock interval data
* fix handle of elasticsearch 6.0+ version
* rename variable
* hide row specific buttons when query editor is rendered
from explore
* add support for explore events
* minor style fix
* minor fixes
* docs: various fixes of what's new in v5.4
* use plugin_loader directly instead of using the wrapper
* docs: fix old ldap url redirect
* fixed issue with babel plugin proposal class properties
that initiated properties to void 0. This breaks angularjs
preAssignBinding which applies bindings to this before
constructor is called. Fixed by using fork of babel
plugin.
* Explore: make query field suggestions more robust
* Fix abbreviations of Litre/min and milliLitre/min (#14114)
* Sort Prometheus range suggestions by length
* docs: what's new in v5.4
* Explore: swtiching to logging should keep prometheus
labels in case of error
* tweaks to gf-inline-form style PR #14154 change
* adding back button
* styling tweaks
* initial commit
* docs: signout_redirect_url description in auth overview
* minor style changes
* Sticky footer for all pages
* edit mode styling
* edit mode styling
* edit mode styling
* Added comments
* style tweaks
* render and sort
* return actual error if failing to update alert data
* Fix issue with deleting a query (empty string not
updating)
* Fix history rendering for DataQuery
* margin when listing multiple gf-form should be right
* styling progress
* Fix a typo
* panel edit ux experiments
* changelog: add notes about closing #14150
* temporary fix for starting grafana not running systemd
* cloudwatch: handle invalid time ranges
* cloudwatch: recover/handle panics when executing queries
* Combine query functions
* Renamed targets to queries
* added icons for panel-edit side menu
* updates time range options for alert queries
* format: remove </input> and align tabs
* updating state
* Explore: Introduce DataQuery interface for query handling
* Fix set utilities for explore section
* typos in docs/sources/alerting/rules.md
* typos in docs/sources/alerting/rules.md
* fixed failing graph tests
* gfdev: fixes unparseable for duration
* fixed issue with new legend not checking if
panel.legend.show
* gfdev: adds alert always in pending state
* docs: adds example timeline for alerting for
* build: docker build for ge.
* react-panel: Avoid duplicate keys
* added alert tab to new react panel editor
* update path to alerting for image
* started on thresholds
* react-panel: Add data source 'options'. Needs UX, WIP.
* update release publish script links
* fixes to view mode for panels, can now go back as before
* Add visibility toggle for explore graph series
* what's new in v5.4 placeholder
* fix label and default threshold
* react-panel: Add data source 'help'
* fix for issue with error view in production builds
* changelog: adds note for #13561
* update changelog
* stackdriver: remove not used variable
* fixed menu to go to panel view mode
* stackdriver: use angular dropdown so that we can restrict
user input
* stackdriver: make sure object type queries are also
checked for vtemplate variables
* minor style update
* changelog: adds note about closing #13577
* adds basic auth configuration to default.ini
* added header section to legacy tabs
* stackdriver: reset defaults.ini
* changelog: add notes about closing #14120
* changelog: add notes about closing #14129
* switch slider changes
* linters.
* build: correct filters for ge build artifacts.
* build: releaser supports releasing only some artifacts.
* Revert 'docs: building Grafana on arm.'
* Add doc for api 'GET /api/users/:id/teams'
* Re-organize packages and add basic auth test
* Revert 'Update google analytics code to submit full URL
not just path'
* Add Cloudwatch/CloudHSM Metrics and dimensionMaps
* remove react warning
* added chekbox and other tweaks
* refactor options, show labels and markers
* docs: building Grafana on arm.
* stackdriver: add query keyword to service, metric and
project since these were the only fields in the editor
that was missing it in the whole editor
* Explore: POC dedup logging rows
* stackdriver: add query keyword style to query fields
* stackdriver: fix failing test
* stackdriver: reimplementing service variable query type
* Revert 'typo fix'
* typo fix
* prefix and suffix
* decimals
* update snapshot
* stackdriver: fix failing tests
* changelog: add notes about closing #13352
* changelog: add notes about closing #13810
* changelog: add notes about closing #13605
* changelog: add notes about closing #13876
* changelog: add notes about closing #13946
* changelog: add notes about closing #13555
* changelog: add notes about closing #13425
* changelog: add notes about closing #13655
* stackdriver: update docs
* stackdriver: add support for template variables
* react-panel: Finish the data source search on query tab
and start moving switch-data-source-logic from angular
* linter.
* fixed issue switching back from mixed data source,
introduced by react panels changes
* build: minor refactor.
* build: fixes a bug where nightly rpm builds would be
handled as stable.
* some touch ups on unit
* go meta lint errors
* update changelog
* builds: introduces enum for relase type.
* fix group sync cta link
* picker and functionaliy
* fixed issue with panel size when going into edit mode
* stackdriver: join resource and metric labels. split them
in values and keys
* changelog: add notes about closing #13924
* build: table-driven tests for publisher.
* fix id returned from google is a string
* changelog: adds note about closing #7886 & #6202
* changelog: adds note about closing #11893
* Fix param
* Add GET /api/users/:id/teams for orgAdmin
* Tooltip should be able to take up space when used on an
absolute positioned element
* minor fixes
* panel-header: Move the corner information in the panel
header to its own component
* changelog: add notes about closing #12550
* fix selected home dashboard should show as selected even
though its not starred
* panel-header: Move the panel description/links/error
container outside of panel header to not interfere with
the react-grid stuff
* reload browser after preferences been updated
* panel-header: Unmount popper when not needed.
* fix snapshot tests
* panel-header: Updated snapshots for popper
* panel-header: Add fade in transition to tooltip
* Trying to reduce the amount of duplication with
preferences
* panel-header: Make it possible to style the reference
element and fix so panel description looks good
* filter out alpha plugins in api call, fixes #14030
* panel-header: Simplify condition
* panel-header: Avoid undefined classNames and use the real
panel description
* panel-header: Updates for the new react-popper api and
make it possible to hover the tooltip popper without it
closing
* panel-header: Bump @types/react, @types/react-dom, react,
react-dom, react-popper to latest versions
* panel-header: Display description in modal
* update changelog
* changelog: add notes about closing #11977
* changelog: add notes about closing #6367
* docs: team http api update
* [elasticsearch] Do not set a placeholder to index name, if
it's already specified.
* changelog: adds note about closing #14043
* fixed issue with save.
* fixed mutability issue in dashboard dropdowns
* Explore: Fix table pagination styles
* team preferences ui
* feat: team preferences
* Explore: Dont set datasource in state if navigated away
* fix switching from es raw document metric breaks query
editor
* alerting: reduce the length of range queries
* Mitigate XSS vulnerabilities in Singlestat panel
* Retain decimal precision when exporting CSV
* Added Id to BasicUserInfo returns
* Added google oauth account id
* switch style tweaks
* Explore: collapsible result panels
* removing test page
* format value
* default value
* created classes for new checkbox and variables
* Prometheus: fix rules expansion
* handle default value
* various fixes to angular loading
* Explore: POC for datasource query importers
* build: enabled darwin build.
* expand groups when searching
* build: darwin compatible build env.
* maxHeight and style overrides
* moved slider into label to make it clickable, styled
slider in dark and light theme, created variables for
slider
* fix: dont setViewMode when nothing has changed
* fix redirect issue, caused by timing of events between
angular location change and redux state changes
* fix datasource testing
* panel options now load even when changing type
* fixed issues when changing type, need to remove event
listeners and cleanup props
* build: refactoring.
* React edit mode for angular panels progress
* minor fixes
* fixed order of time range tab
* Update ReadMe.
* Update google analytics code to submit full URL not just
path
* devenv: elasticsearch datasources and dashboards
* fix pipeline aggregations on doc count
* changelog: add notes about closing #5930
* fixed alert tab order and fixed some console logging
issues
* Add tooltip
* some progress on groups and options
* changed time region color modes
* panel-header: Move the corner information in the panel
header to its own component
* changelog: add notes about closing #12550
* fix pending alert annotation tooltip icon
* alert rule have to be pending before alerting is for is
specified
* fix selected home dashboard should show as selected even
though its not starred
* build: internal metrics for packaging.
* panel-header: Move the panel description/links/error
container outside of panel header to not interfere with
the react-grid stuff
* alerting: improve annotations for pending state
* reload browser after preferences been updated
* panel-header: Unmount popper when not needed.
* fix snapshot tests
* panel-header: Updated snapshots for popper
* panel-header: Add fade in transition to tooltip
* Trying to reduce the amount of duplication with
preferences
* stackdriver: revert project test stuff
* stackdriver: revert test code
* panel-header: Make it possible to style the reference
element and fix so panel description looks good
* adds pending filter for alert list page
* adds pending state to alert list panel
* alertmanager: adds tests for should notify
* Extracted language provider variables for readibility
* devenv: graph time regions test dashboard
* fix time regions mutable bug
* set default color mode
* filter out alpha plugins in api call, fixes #14030
* alerting: support `for` on execution errors and notdata
* poc: handling panel edit mode in react even for angular
panels poc
* panel-header: Simplify condition
* wip: minor update
* minor fix
* css update to switch slider
* tests for supporting for with all alerting scenarios
* should not notify when going from unknown to pending
* Fix formatting and remove enabled toggle
* panel-header: Avoid undefined classNames and use the real
panel description
* wip: switch slider test
* panel-header: Updates for the new react-popper api and
make it possible to hover the tooltip popper without it
closing
* panel-header: Bump @types/react, @types/react-dom, react,
react-dom, react-popper to latest versions
* Add basic authentication support to metrics endpoint
* panel-header: Display description in modal
* minor panel options type fix
* docs: description about graph panel time regions feature
* update changelog
* changelog: add notes about closing #11977
* changelog: add notes about closing #6367
* docs: team http api update
* wip: adding general tab for react panel edit mode
* [elasticsearch] Do not set a placeholder to index name, if
it's already specified.
* devenv: graph time regions test dashboard
* create time regions solely based on utc time
* started on options and groups
* fix: added events to MetricsTabCtrl to closer mimic
MetricsPanelCtrl
* minor css change
* Moved query manipulations from metrics controller to
metrics tab so they are more easily shared between angular
and react panels
* fixed panel focus for react panels
* minor changes to react panels
* changed how size is calcualted and propagated and added
proper interval calc to DataPanel
* changelog: adds note about closing #14043
* first stuff
* pkg/cmd/grafana-server/server.go: Check
sendSystemdNotification return value.
* pkg/cmd/grafana-server/server.go: check
serviceGraph.Provide() errors
* pkg/cmd/grafana-server/main.go: Fix error value not
checked
* wip panel size handling
* fixed issue with save.
* fixed mutability issue in dashboard dropdowns
* adced clickoutside wrapper
* fixed singlestat guage ceneterd dot rendering issue
* refactoring back the interval calculation, needs to be
different for react panels
* fix case where timeshift and time override is used
* wip: refactoring interval and time override handling
* updates latest to 5.3.4
* changelod: add release date for 5.3.3 and 5.3.4
* devenv: graph time regions test dashboard
* graph: Time region support
* Explore: Fix table pagination styles
* devenv: update alerting with testdata dashboard
* stackdriver: use arrow functions
* stackdriver: use new naming convention for query editor
all over
* adds redis devenv block
* restore user profile preferences
* changelog: add notes about closing #13328 #13949
* updates macaron session package
* minor react panels refafactor
* removed console.log
* some cleanup of unused stuff and type fixes
* completed work on panel not found view
* Clarify wording of playlist protip
* team preferences ui
* feat: team preferences
* Explore: Dont set datasource in state if navigated away
* Explore: Don't suggest term items when text follows
* wip: panel plugin not found
* fixed scrollbar autohide prop
* wip: panel-header: On panel refresh, get new timeRange
from timeSrv, not the old one from the state
* wip: panel-header: Avoid null returning to get better code
readability. High five @ peterholmberg
* wip: panel-header: Remove the TimeData type
* wip: panel-header: Add proper typings to maxDataPoints and
interval + remove code in comment
* wip: panel-header: Move getResolution and
calculateInterval into utils-functions and use the same
code from react and angular
* wip: panel-header: Start implementing the
applyPanelTimeOverrides in the react panels by moving it
to a util, make it pure and call it from angular and
react.
* import changes
* updated text styling when switching views
* Add `gofmt -s` to CircleCI
* minor fixes based on code review
* Fix gofmt issues
* Add pic into actionCard message
* minor style fixes & polish
* minor update
* disable custom webkit scrollbar styles
* refactoring & cleaning up css
* Minor progress on edit mode
* improve dropdown pane connetion to tab toolbar
* Add megacheck to gometalinter CircleCI target
* pkg/tsdb/influxdb/influxdb.go: Fix surrounding loop is
unconditionally terminated.
* scripts/build/release_publisher/publisher_test.go: Fix
trivial megacheck warning.
* draw gauge
* data source picker demo state
* stackdriver: remove service query tyhpe
* stackdriver: correct aligner name
* fix in to not render multiple labels
* stackdriver: typescriptifying props
* stackdriver: remove redundant try catch
* Update stackdriver.md
* Adjust UI depth of query statistics
* stackdriver: rename query function
* stackdriver: rename query variable
* stackdriver: remove debug log
* stackdriver: add documentation for the template query
editor
* stackdriver: test saved variable
* stackdriver: fix failing tests
* stackdriver: remove services query type
* stackdriver: update tests
* stackdriver: add tests for render snapshop and default
query type
* stackdriver: remove lodash since object assign will do the
trick
* stackdriver: make sure we don't crash when selected
service doesnt have a value
* stackdriver: add simple render test
* stackdriver: rename params
* stackdriver: remove not used prop
* stackdriver: persist template variable definition
* stackdriver: add default value for query type
* stackdriver: pass query definition from react, making it
possible to use another definition than the query string
only
* stackdriver: make it possible to use alignment period
template variable
* stackdriver: make it possible to use aligner template
variable
* stackdriver: make it possible to use aggregation template
variable
* stackdriver: make it possible to use aggregation template
variable
* stackdriver: make it possible to use metric type template
variable
* stackdriver: set currentdatasource when editview is
enabled
* stackdriver: return correct value
* stackdriver: reset query value on datasource changed
* stackdriver: fix default value bug
* stackdriver: extend label width
* stackdriver: revert refactoring
* stackdriver: extract variables for pickers
* stackdriver: cleanup
* stackriver: rename interface
* stackriver: use type for state
* stackdriver: rename state vars
* stackdriver: extract common function
* stackdriver: streamline the way labels are refreshed when
a new value is picked in the dropdowns above
* stackdriver: handle default state
* stackdriver: refactor dropdown component
* stackdriver: replace components with basic stateless
select
* stackdriver: remove not used func. wrap query in exception
* stackdriver: reload all child dropdown and update selected
accordingly
* stackdriver: improve default state handling
* stackdriver: use standard naming convention for selects
* stackdriver: streamline label change
* stackdriver: refactor TemplateQueryComponent
* stackdriver: use enum for query type
* stackdriver: add aggregation query
* stackdriver: add alignment periods
* stackdriver: add aligner query
* stackdriver: add resource types query
* stackdriver: add support for resource label queries
* stackdriver: return friendly display name
* stackdriver: add metric labels query
* stackdriver: move response parsing to datasource file
* stackdriver: return values for services and metric types
* stackdriver: rename default component
* stackdriver: more renaming
* stackdriver: refactoring - rename react components and
file structure changes
* stackdriver: remove not used code
* stackdriver: add selector components for service and
metric type
* stackdriver: refactor stackdriver query ctrl
* stackdriver: make sure default template query editor state
is propagted to parent angular scope
* stackdriver: conditional template component rendering
* stackdriver: add react component for template query editor
* stackdriver: make it possible to load react plugin
components from template query page
* stackdriver: add basic directive for loading react plugin
components
* Preserve suffix text when applying function suggestion
* wip: progress on edit mode ux with tabs
* can render something
* don't drop the value when it equals to None
* changelog: adds note about closing #13993
* Remove Origin and Referer headers while proxying requests
* Refactored log stream merging, added types, tests,
comments
* docs: improve helper test for `For`
* alerting: adds docs about the for setting
* panel-edit-ux-tabs on top alternative
* Add new option to set where to open the message url
* added loading state
* Fixes #13993 - adds more options for Slack notifications
* fix switching from es raw document metric breaks query
editor
* add auth.proxy headers to sample.ini
* add auth.proxy headers to default.ini
* refactored how testing state was handled, using redux for
this felt way to require way to much code
* adds debounce duration for alert dashboards in ha_test
* fixed issue with reducer sharing url query instance with
angular router
* fixed exporter bug missing adding requires for datasources
only used via data source variable, fixes #13891
* minor text change in export modal
* build: removes unused.
* clear test box if success
* Fixed issues introduced by changing to PureComponent
* Added testing state in reducer
* further refactoring of #13984
* minor fix
* refactorings and some clean-up / removal of things not
used
* Update
docs/sources/permissions/dashboard_folder_permissions.md
* Fix typo in docs/sources/reference/scripting.md
* experimental option boxes
* ux: changed panel selection ux
* move enterprise down in menu
* wip: panel-header: Fix shareModal compatibility with react
and angular
* wip: panel-header: Remove custom menu items from panels
completely
* wip: panel-header: Reverted a lot of code to pause the
'custom menu options' for now
* wip: panel-header: More merge conflicts during cherry pick
* wip: panel-header: More merge conflicts during cherry pick
* Update docs/sources/permissions/datasource_permissions.md
* Update docs/sources/permissions/datasource_permissions.md
* Update
docs/sources/permissions/dashboard_folder_permissions.md
* Update docs/sources/http_api/datasource_permissions.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* minor change
* wip: panel-header: More merge conflicts
* Fix loglevel tests for Explore loggging
* wip: panel-header: Merge conflicts
* wip: panel-header: Fragment not needed anymore
* wip: panel-header: Add possibility to add custom actions
to the menu by passing them in as props
* wip: panel-header: Separate all panel actions to its own
file so we decouple them from react
* wip: panel-header: Start implementing the Toggle legend,
but its not taken all the way
* wip: panel-header: Change DashboardPanel to a
PureComponent to avoid unwanted rerenders
* wip: panel-header: Refactor so 'Share' use the same code
in angular+react
* wip: panel-header: Add 'Edit JSON' functionality + make
sure everyone using the json editor pass in the model
property instead of the scope property when triggering the
json modal
* wip: panel-header: Add 'Copy' functionality
* wip: panel-header: Add 'Duplicate'
* wip: Add 'Share' to the react panels
* wip: panel-header: Move code existing in both
angular+react to utility functions
* wip: panel-header: Remove panel
* Mobx is now Redux
* wip: Initial commit for PanelHeaderMenu
* changelog: add notes about closing #13903
* changelog: add notes about closing #13932
* unify log level colors between rows and graph
* Graph log entries by log level
* fix selecting datasource using enter key
* Adaptive bar widths for log graph
* changelog: add notes about closing #13970
* build: fixes
* build: publisher handles nightly builds.
* rename and mark functions as private
* drag handle css
* moved drag handle
* fixed options
* Time selection via graph
* minor code style change
* basic panel options working
* Adding Cloudwatch AWS/Connect metrics and dimensions
* wip: react panel options architecture
* export: provide more help regarding export format
* build: minor publisher fixes.
* extract store from configurestore
* added actions
* build: publishes grafana enterprise to grafana.com
* changelog: adds note about closing #13322
* build: publisher uses local time.
* build: publisher supports both local and remote.
* build: publisher can find artifacts from local sources.
* build: refactor releaser.
* build: prepares release tool for finding local releases.
* build: improved release publisher dry-run.
* build: use build workflow id instead of build number.
(#13965)
* alerting: delete alerts when parent folder is deleted
* refactor dashboard alert extractor
* for: use 0m as default for existing alerts and 5m for new
* panel options wip
* Exposing digest from angular component
* adds tests for extracting for property
* minor fix
* changelog: add notes about closing #13606
* devenv: table panel links
* renames `debouceduration` to `for`
* introduce state `unknown` for rules that have not been
evaluated yet
* fixes go meta lint issue
* wire up debounce setting in the ui
* adds db migration for debounce_duration
* introduces hard coded deboucing for alerting
* always execute the user teams query
* handle error before populating cache
* build: fixes gcp push path.
* alerting: adds tests for the median reducer
* add minimal permission
* typo fix for 'has'
* Gitlab -> GitLab
* changelog: adds note about closing #13945
* Add tests covering alternate syntax for aggregation
contexts
* Handle suggestions for alternate syntax aggregation
contexts
* fix terms agg order deprecation warning on es 6+
* fix failing tests
* removed file I added accidentally
* fixed to template PR issues, #13938
* alerting: increase default duration for queries
* Explore: Logging graph overview and view options
* Load hash based styles in error.html, too
* Add [hash] to filename of grafana.{light,dark}.css
* minor tweak to back to dashboard buttons
* Fix minor JSON typo in HTTP API docs
* remove replaced components
* reverting babel change
* remove this
* removed these unused components
* reverting script change
* updated snap
* tests
* minor doc tweaks
* updated enterprise page
* Added new backend setting for license file
* updating state and save
* make permission sub items in sidemenu cleaner
* changelog: add notes about closing #13925
* Explore: fix metric selector for additional rows
* fix for responsive rule for footer
* Updated login page logo & wordmark and responsive behavior
* added new workmarks
* fixed react whitespace warning on teams page
* renamed org files to match new naming guide
* moved profile pages to it's own feature folder
* moved new teams page
* reload page after preferences update
* Add delta window function to postgres query builder
* Increase Telegram captions length limit.
* docs: enhanced ldap
* Explore: async starts of language provider
* listen for changes in angular land and propagate that back
to react
* docs: fix datasource permissions keywords
* build: grafana enterprise docker image.
* added caching of signed in user DB calls
* added actions
* IE11 fix for legend tables below graph
* cleaned up render
* renders angular component
* updated api keys snapshot
* restored transition
* removed logging call
* add table column date format
* fixed memory leaks and minor refactoring
* build: gpc credentials added to deploy.
* changelog: add notes about closing #13762
* update changelog
* build: deploys to gcp.
* build: deploys to gcp. (#13911)
* datasource permission http api
* restructure administration/permissions page into a section
with sub pages
* Fix TimePicker test by enforcing UTC on date string
* updated view to use angular loader
* Explore: repair logging after code restructuring
* docs: schema -> database
* build: deployment ci container. (#13902)
* docs: mysql
* minor progress
* Make Explore plugin exports explicit
* add functionality to override service in registry
* moved state
* register datasource cache service with proper name
* revert application lifecycle event support
* changelog: adds note about closing #13876
* Add new build info metrics that contains more info
(#13876)
* JS tooling: run TS grunt tasks only when files changed
* revert file name change
* remove unused code
* log error on datasource access denied
* include teams on signed in user
* application lifecycle event support
* refactor datasource caching
* Fix cell coloring
* Fix bug with background color in table cell with link
* add dashnav responsive rule to hide tv button on smaller
screens
* Implement oauth_auto_login setting
* Explore: fix copy/paste on table cells
* rename type
* using label component
* Pluggable components from datasource plugins
* fixed type
* removed angular code
* test and some refactoring
* build: adds branch info to binary build
* now that css is loaded sync again I can remove some styles
from index html body css
* WIP babel 7
* Revert to sync loading of css, sometimes js loaded before
css which caused issues
* Update grafana_stats.json
* Makefile: dependency-driven target to build node_modules
* removes old invalid release guide
* added missing alpha state prop to graph2 panel
* minor update
* added switch form component
* updated graph tests dashboard
* fixed width of panel edit mode
* Fix query hint tests after refactor
* Fixing issue 13855
* Add tests to cover PlaceholdersBuffer and sum hint
* Add sum aggregation query suggestion
* fixes to angular panel edit mode
* Reduce re-renderings when changing view modes
* updated singlestat logo
* more ux progress
* Add tests to cover aggregation context cases
* Fix label suggestions for multi-line aggregation queries
* panel edit mode changes
* Update snapshots.
* Use jest.fn instead of string.
* Explore: error handling and time fixes
* ux experiments
* build: builds grafana docker for enterprise at release.
* Add code to flot that plots any datapoints which to not
have neighbors as 0.5 radius points - fixes
https://github.com/grafana/grafana/issues/13605
* adding default value and update actions
* build: ge build fix.
* build: grafana enterprise docker. (#13839)
* moved state to redux, renamed entities
* testing panel edit ux idea
* changelog: add notes about closing #13769
* add test
* cache region result
* use default region to call DescribeRegions
* fix: updated backend srv to use appEvents and removed
parts of alertsSrv
* simple select
* build: correctly adds enterprise to the filename. (#13831)
* docs: improve ES provisioning examples
* changelog: adds note about closing #13723
* stackdriver: don't set project name in query response
since default project is now loaded in its own query
* Optimize the Dingding match values format
* Add Dingding message type to support mass text
notification
* graph legend: fix table padding
* Moved prom language features to datasource language
provider
* Split text template into variable
* Add match values into Dingding notification message
* graph legend: fix phantomjs rendering when legend is on
the right
* fix for annotation promise clearing, bug introduced last
week when merging react panels step1
* fix panel solo size
* mysql: fix timeFilter macro should respect local time zone
* load preferences
* support template variable in stat field
* only look in current database in findMetricTable
* graph legend: fix table alignment
* fix dingding doc error
* fixed routes and page
* graph legend: minor refactor
* Added types to query rows
* update latest.json to latest stable version
* changelog: update
* cleaned up the flow
* changelog: add notes about closing #13280
* delete provisioning meta data when deleting folder
* Update the regex-matching in templateSrv to work with the
new variable-syntax and be more flexible to regex-changes
#13804
* changelog: add notes about closing #13600
* changelog: update
* Move the variable regex to constants to make sure we use
the same reg… (#13801)
* docs: fix tutorials index page. Fixes #13799
* graph panel: fix legend alignment
* Explore: fix graph resize on window resize
* changelog: adds note for #13691
* docs: fix tutorials index page. Fixes #13799
* Resource type filter (#13784)
* Fix race condition on add/remove query row
* moving things
* typing changes
* changelog: add notes about closing #13764
* pkg/tsdb/stackdriver/stackdriver.go: Fix regular
expression does not contain any meta characters.
* pkg/tsdb/graphite/graphite.go: Fix regular expression does
not contain any meta characters.
* pkg/login/ldap.go: Fix warning comparison to bscl constant
* Added margin and correct border radius
* Fix rebase, fix empty field still issuing query problem
* Changelog: Adds curl to docker image in 5.3.2
* fix: another fix for #13764 , #13793
* Submit query when enabling result viewer
* Get query hints per query transaction
* docker: adds curl back into the docker image for utility.
(#13794)
* Explore: query transactions
* connected to store, self remove logic
* fix: kiosk url fix, fixes #13764
* changelog: add notes about closing #13633
* changelog: add notes about closing #13666
* fix: Text box variables with empty values should not be
considered fa… (#13791)
* renaming things
* graph legend: review fixes
* add debug logging of folder/dashbord permission checks
* sync mysql query editor template with postgres
* add char as datatype for metric and group columns
* build: indentation mistake.
* build: fixes filename issues.
* fix injecting dependencies to graph legend directive
* changelog: adds note for #13669
* docs: update debian installation instructions
* stackdriver: some tweaks to the text on the config page
and in docs
* stackdriver: refactoring request builder
* stackdriver: remove not used struct
* stackdriver: remove not needed scope
* stackdriver: add provisioning example for gce
authentication
* stackdriver: add documentation for gce default account
authentication
* stackdriver: change name of authentication type
* stackdriver: improve config page info box documentation
* stackdriver: prevent backend query from being made when
there are not yet any defined targets
* stackdriver: fix failing tests
* stackdriver: improve error handling
* graph legend: fix legend when series are having the same
alias
* stackdriver: remove not used query file
* stackdriver: remove test datasource query. use
ensuredefaultproject instead
* stackdriver: remove debug comments
* stackdriver: improve error handling in the datasource
* stackdriver: fix typo
* stackdriver: add debug logging
* stackdriver: fix broken braces
* stackdriver: fix broken condition after rebase
* stackdriver: use constant instead of variable
* stackdriver: remove debug log
* stackdriver: fix failing test
* stackdriver: use gce variable
* stackdriver: add variable for gce authentication type
* stackdriver: get default project from backend. also ensure
default project could be retrieved when authentication
type is gce
* stackdriver: only load default project from backend if
it's not available on the target. this might happen when
using gce authentication and provisioning
* stackdriver: display error message if project name is not
present in jwt file
* stackdriver: only load project name if it's not already
stored in the ds info json
* stackdriver: add default value for authentication type
* stackdriver: wip - remove debug code
* stackdriver: improve ui for toggling authentication type
* stackdriver: only get default token from metadata server
when applying route
* stackdriver: only get default token from metadata server
when applying route
* stackdriver: make backend query a pure test datasource
function
* stackdriver: add status code
* stackdriver: wip - return metric descriptors in the format
of tablew
* stackdriver: wip - get metric descriptors in the backend
* stackdriver: wip - add logic for retrieving token from gce
metadata server in the auth provider
* stackdriver: wip - add very basic checkbox for gce auto
authentication
* stackdriver: break out project name resolving into its own
function in the stackdriver.go file
* stackdriver: wip - temp remove jwt token auth
* stackdriver: wip - always use gce default account for
stackdriver
* stackdriver: wip - add scope and remove debug code
* stackdriver: WIP - test retrieving project id from gce
metadata
* skip jwt token auth if privateKey is empty
* fetch token from GCE metadata server
* Revert 'for development'
* for development
* graph legend: fix quotes displaying
* graph legend: minor refactor
* Enterprise crosscompilation (#13783)
* component working
* graph legend: fix rendering after legend changes
* graph legend: refactor, fix another review issues
* fix: DataPanel isFirstLoad state fix
* Fix click-based selection of typeahead suggestion
* ux: remove duplicate placeholder attribute
* initial work to add shortcut to toggle legend - generic
* scripts/build/publish.go: Fix warning on err variable.
* pkg/services/alerting/reader.go: Fix should use for range
instead of for { select {} }.
* pkg/middleware/middleware.go: Fix empty branch warning.
* pkg/plugins/plugins.go: remove ineffective break
statement.
* fix order for mysql, remove postgres specific code
* using react component
* Explore: reuse table merge from table panel
* graph legend: refactor, move behaviour logic into
component
* stackdriver: add default project to provisioning
documentation
* adjust meta data queries for mysql
* fix references to postgres datatypes
* graph legend: review fixes
* changelog: add notes about closing #13667
* changelog: add notes about closing #13718
* fixed gofmt issue after go update
* fix cannot receive dingding alert bug
* fix: fixed variable srv tests
* stackdriver: only add unit to resonse obj if it has a
value
* make interpolateVariable arrow function
* fix: another set of fixes for refresh
* fixed issue with template refresh
* Fix tslint errors
* stackdriver: fix failing tests
* stackdriver: make sure unit is not returned to the panel
if mapping from stackdriver unit to grafana unit can't be
made
* Fix variable highlighting
* Fixed yarn.lock (previous merge took out integrity)
* changelog: add notes about closing #13710
* wip: enterprise docs
* allow unit override if cloudwatch response unit is none
* Revert 'don't overwrite unit if user set'
* don't overwrite unit if user set
* changelog: add notes about closing #13674
* fix LDAP Grafana admin logic
* graph legend: remove unused code
* graph legend: refactor
* docs: cleanup of how to build for docker.
* Review feedback, increased height
* changelog: add notes about closing #12342
* update changelog
* remove not used file
* simplify code
* Explore: fix render issues in split view
* A list of where to make changes when upgrading Go and
Node.js (#13693)
* tests
* Update PromQueryField tests to address fixed bug
* Fix typeahead behaviour for QueryField
* permissions: cleanup.
* hooked up actions
* Explore: Use react-table as table component
* created view
* docs: installing custom plugins in docker.
* Document oauth_auto_login setting
* changelog: add notes about closing #13692
* postgres: use arrow function declaration of
interpolateVariable
* Use closure for calling interpolateVariable
* changelog: add notes about closing #12308
* Add socket support for mysql data source
* changelog: adds note about closing #12330 and #6696
* remove addpermissions component
* cloudwatch: return a distinct list of regions
* docs: update cloudwatch iam policy description
* removes d in disableResolvedMessage
* removed snaps
* alerting: tests default value for disable resolve message
* re-add hard coded region list
* update doc due to client layout change
* clean up tests
* fix gofmt, add test, correct noted concerns with default
value
* fix gofmt, add test, correct noted concerns with default
value
* changelog: add notes about closing #13629
* add encrypt connstr param conditionally on the value
chosen via GUI.
* graph legend: add color picker (react)
* removing datasource permissions states from grafana
* update latest.json to latest stable version
* update changelog
* build: Upgraded nodejs to 8 on appveyor
* codestyle
* rename UI Option, align with control, update tests
* pausing for now
* Remove unwanted char
* Fix incorrect alt text on logo
* return default region list from backend
* don't merge hard coded region list
* add error message
* get regions from after datasource save
* show all CloudWatch regions
* get region list from ec2:DescribeRegions
* fix concurrent map writes
* update, don't remove 'Known Issues' docs section.
* update provisioning docs.
* fix new setting default value handling.
* rename new JSON data attrbute.
* changelog: add notes about closing #13464
* changelog: add notes about closing #13553
* update changelog
* doc(documentation) license
* doc(documenation)
* add channel option to disable the resolved alert (OK
Message) that is sent when condition returns to normal.
* Can render graph
* Add 'encrypt' setting to MSSQL data source.
* rendering settings
* build: makes sure publisher.sh is available when
deploying.
* Fix grammar in log message
* changelog: add notes about closing #13641 #13650
* Escape typeahead values in query_part
* Escape values in metric segment and sql part
* changelog: add notes about closing #13628
* update .bra.toml for using latest bra version
* progress on react time series infra
* wip: began first steps for a react graph component
* various fixes to to queries tab (in react mode)
* react panels query processing
* react panels: got data
* working on react data / query exectution
* changed DataPanel from HOC to use render props
* fixing unit tests
* Removed reference to plugin_api.md (SDK Readme) on the
development page as the file that it points to no longer
exists. This addresses an open issue on the grafana.org
repo
* Adding tests
* Adding time clockms and clocks
* pkg/cmd/grafana-server/main.go: remove os.Kill as it
cannot be trapped
* changed to plain errors further down the alerting
validation model so error did not get double wrapping in
ValidationError
* alerting: propagate alert validation issues to the user
instead of just 'invalid alert data' message
* updated gitignore
* fix for graph time formating for Last 24h ranges, fixes
#13650
* pkg/services/sqlstore/user_auth_test.go: comment unused
users slice
* fixed a typo
* fixed a typo
* fix: label values regex for single letter labels
* created component for http settings
* removes debug log.
* make sure to add all variable nodes to dag before linking
variables
* changelog: adds note for #13607
* updated jest to 23.10
* Adds backend hooks service so extensions can modify index
data
* fix route issue
* removed unused setting variable
* minor setting refactorings
* renamed extension point in the frontend
* updated circleci build-container version
* minor change to cloudwatch code formatting
* minor ux fix for new select
* fmt
* grafana/grafana#13340 complete oauth doc
* changed property name to UserWasDeleted and added an
assert for it
* Update check for invalid percentile statistics
* pkg/services/alerting/notifiers/telegram.go: check error
before close.
* pkg/tsdb/*: Fix do not pass a nil Context
* devenv: fix influxdb block
* docs: refer to v5.3 instead of v5.2
* removed unsused function
* docs: stackdriver fixes after review
* fix mutability bug, removed unused constructor
* stackdriver: check if array is empty to prevent filter
from crashing. This closes #13607
* Handle DescriptionPicker's initial state #13425
* stackdriver docs: metric query editor and annotations
* Update snapshots after merge
* Requests for ds via backend blocked for users without
permissions.
* Removes unused code.
* Remove CTA when CTA-action is clicked instead of a /new
route #13471
* Add fancy delete button for ApiKeys.
* Add form to both the CTA page and the regular list.
* Add onClick handler to CTA.
* Updated tests for new protip.
* Updated protip, not sure what to write there.
* Update tests for ApiKeys CTA screen.
* changelog: add notes about closing #13616
* Show CTA if there are no ApiKeys, otherwise show table.
* Extract ApiKeyCount from state.
* made it possible to have frontend code in symlinked
folders that can add routes
* Added Loading state on org pages
* fix phantomjs render of graph panel when legend as table
to the right
* changelog: add notes about closing #13172
* add test for es alert when group by has no limit
* poc: frontend extensions
* added the UserWasRemoved flag to make api aware of what
happened to return correct message to UI
* Remove user form org now completely removes the user from
the system if the user is orphaned
* remove tab
* bug fix
* Update time_series_query.go
* changelog: add notes about closing #11711
* add admin page to show enterprise license status
* docs: add version notes
* tests
* Css fix for selected option
* User without permission to a datasource won't see it.
* Updated test snapshot #13425
* Initialize Explore datasource correctly
* Refactors ds permissions to a filter.
* Remove the fixed widths and make it possible to pass it in
as a prop instead #13425
* User filtering now works properly at the backend #13425
* Removed old code #13425
* Rename css class 'gf-form-select2' to 'gf-form-select-box'
#13425
* Use new class names #13425
* Fixes for the tag filtering in the search #13425
* Start implementing the upgraded react-select in the tag
filter box #13425
* fix /api/org/users so that query and limit querystrings
works
* Bump grafana/build-container to 1.2.0
* Revert 'Lock down node version to see if we get rid of the
circleci build issue'
* Revert 'Try to remove circleci cache to see if that solves
the build issue'
* Try to remove circleci cache to see if that solves the
build issue
* Generate yarn.lock from older yarn
* Revert 'Add node version output for debugging'
* Add node version output for debugging
* Lock down node version to see if we get rid of the
circleci build issue
* Lock down webpack to 4.19.1 to avoid issue with
webpack-cli
(https://github.com/webpack/webpack/issues/8082)
* Bump react-select to 2.1.0 #13425
* Updated lockfile to get rid of build error #13425
* Add frontend filtering of users in user picker #13425
* Replace $white with a color working in both themes #13425
* Replace System.import() with import() to get rid of
warning
* Clean up css for react-select v2 #13425
* Upgrade Datasources-picker on Explore page #13425
* Enable trailing on the debounce in the TeamPicker (same as
in UserPicker) #13425
* Update typescript notifications #13425
* Update (js-) tests and snapshots for react-select 2 #13425
* Remove variables not used #13425
* wip: Remove code for old react-select component #13425
* wip: The pickers are stateful nowadays, no need to pass in
the current value #13425
* wip: Upgrade react-select #13425
* set v5.3 as root docs
* disable permissions
* whatsnew: adds image for Stackdriver
* fixing weird arrow in select
* update latest.json to 5.3.0
* changelog: set date for 5.3.0 release
* fixing permission rows
* changelog: add notes about closing #13575
* enable permissions for data source
* Use correct naming convention
* Fix typo
* Provide more information about what's included in the
Stackdriver plugin
* changelog: add notes about closing #13575
* cloudwatch: return early if execute query returns error
* fix tab switching
* add test for automatically unit set
* fix crach bug
* fix id validation
* refactoring after review comments
* changelog: adds note for #13559
* added setting top hide plugins in alpha state
* wip: fixed issues now things are starting to work as
before for angular panels
* pausing permissions list
* Block graph queries from being queued until annotation
datasource promises resolve
* Redone with DataSourcePermissions
* remove datasource permission admin for now
* reverted AddPermissions
* Explore: highlight typed text in suggestions
* Update provisioning.md (#13572)
* stackdriver: update docs, showing how to escape private
key and use yaml multiline strings
* modified AddPermissions component
* set unit for CloudWatch GetMetricStatistics result
* Remove duplicate labels in the datasource query
* render drag handle only in edit mode
* ux: minor update to look of stackdriver query help
* changelog: adds note for #13495
* add gopkg.in/square/go-jose.v2 to dependencies, update
github.com/hashicorp/yamux
* adding permissions component
* reverted back and using angular for settings and
dashboards
* stackdriver: improve filter docs for wildcards and regular
expressions
* stackdriver: always use regex full match for =~ and
!=~operator
* stackdriver: add tests from regex matching
* stackdriver: always use regex full match for =~ and
!=~operator
* stackdriver: test build filter string
* stackdriver: test that no interpolation is done when there
are no wildcards
* stackdriver: remove debug logging
* stackdriver: add more tests
* stackdriver: fix broken substring. also adds tests
* stackdriver: remove not necessary helper functions
* stackdriver: interpolate stackdriver filter wildcards when
asterix is used in filter
* stackdriver metric name fix. Fixes #13562
* Fixed nav model
* fix for influxdb annotation issue that caused text to be
shown twice, fixes #13553
* wip: restoring old angular panel tabs / edit mode
* ux: final fixes to new datasource page
* Fix text overflow on playlist search #13464
* docs: fix minor typos
* ux: more minor ds setting tweaks
* ux: more minor ds setting tweaks
* ux: tweaks to add datasource page and datasource settings
page
* Fixed typo in query editor placeholder text.
* Explore: do not show default suggestions after expressions
* Explore: trigger a query field render to fix highlighting
* Explore: compact state URLs
* fix gofmt tests output
* removed duplicate route
* Use size-me to resize explore Graph, added types
* algorithm to find new name if it exists
* ux: misc react migration fixes and info box style
improvement
* docs: new variable type text box that allows free text
input
* docs: annotations tag filter with template variable
support
* docs: whats new in 5.3 - a few tweaks
* mysql: note about connection max lifetime and wait_timeout
* Explore: reset typeahead on cursor move
* Explore: resize graph on window resize
* Fix rate function hint for series with nulls
* Extract query hints
* Prevent Explore from updating when typing query
* Avoid new metrics options being passed selector, made
PromField pure
* Perf on query field and typeahead
* Dont rebuild datasource options on each render
* contributing.md
* changelog: add notes about closing #13326
* react-2-angular: added generic angular directive loader
util that can be used from react
* search data source types
* mini fix
* css: minor fix to search
* bump master version to 5.4.0-pre1
* provisioning: adds more logging about failed to deletion
of provisioned dashboards
* various fixes and improvements
* changelog: set date for 5.3.0-beta3 release
* build: fix for invalid pathing for release publisher
* changlog: adds note about closing #13551 and #13507
* new grid layout add data source
* test: updated react snapshot
* ux: minor tweak to link
* stackdriver: adds missing nginject attribute
* docs: better wording and docs links.
* Fix issue with updating role permissions #13507
* fixed toggle buttons
* dataproxy should forward a trailing slash to proxy
* add datasource proxy test to verify trailing slashes are
forwarded
* centered dashboard icon in search with flexbox
* mssql: fix tests
* build: automatically publish releases to grafana.com.
* updated after pr feedback
* pkg/tsdb/postgres/postgres_test.go: pass
context.Background() instead of nil
* pkg/tsdb/mysql/mysql_test.go: pass context.Background()
instead of nil
* pkg/tsdb/mssql/mssql_test.go: pass context.Background()
instead of nil
* adjust mssql tests
* pkg/tsdb/elasticsearch/client/client_test.go: pass
context.Background() instead of nil
* added data source type type
* pkg/services/alerting/notifiers/telegram_test.go: pass
context.Background() instead of nil
* remove generic macros from macros_test and add integration
test for generic macros
* Revert 'Revert 'Org users to react''
* Revert 'Org users to react'
* add postgres test for global macros
* add test
* stackdriver heatmap support
* added slow queries scenario to test data source, added new
panel test dashboard with slow queries
* Fix 'appropriate'-typo
* Update configuration doc to include socket@server
* move timeFrom, timeTo, unixEpochFrom and unixEpochTo
macros to sql_engine
* wip: began work on support for testdata tables &
annotations support
* docs: connection limits for sql datasources
* ux: put connection limits under own section
* fiddling with validation
* changelog: adds note about closing #13492
* view and route
* wip: made sqlstore dialect accessable from outside
* better comment about state changes
* get or create alert notification should use transaction
* use notification state id instead of notifier id
* merges defaultShouldNotify and ShouldNotify
* move version conflict logging for mark as complete to
sqlstore package
* removed duplicate route
* improve local variable name
* avoid exporting notificationState and
notificationStateSlice
* avoid sending full notification state to pending/complete
* deleting obsolete things
* Make max open, max idle connections and connection max
life time configurable
* snap
* fix after merge from master
* rename GetNotificationStateQuery to
GetOrCreateNotificationStateQuery
* reminder: uses UpdatedAt to track state changes.
* snaps
* invitees
* changed from RFC to PureComponent
* devenv: add postgres ha test config example
* wip: going in circles
* typo in sample.ini
* pkg/tsdb/cloudwatch/credentials.go: Remove unnecessary
variable assignment
* pkg/cmd/grafana-server/main.go: '_ = <-ch' simplified to
'<-ch'
* pkg/tsdb/stackdriver/stackdriver_test.go: return
simplified
* Fix megacheck issue unused code.
* invites table
* Update ldap.md
* use alert state changes counter as secondary version
* wip: data source permissions hooks
* docs: stackdriver version notice.
* tests
* added default prop instead of specifying prop
* filter users in selector based on search
* Moved explore helpers to utils/explore
* Explore: jump to explore from panels with mixed
datasources
* functions and tests
* cleanup alert_notification_state when deleting alert rules
and channels
* don't notify if notification state pending
* remove unused code
* stackdriver: set default view parameter to FULL
* stackdriver: no tags for annotations (yet)
* stackdriver: add help section for annotations
* devenv: enable some debug logging for ha test setup
* alert -> ok with reminders enabled should send
* stackdriver: revert an accidental commit for text template
variable
* Added test for url state in Explore
* Make Explore a pure component
* first crude display
* stackdriver: remove metric.category alias pattern
* stackdriver: remove commented code
* stackdriver: unit test group by and aggregation dropdown
changes
* stackdriver: make it impossible to select no aggregation
when a group by is selected
* Explore: Store UI state in URL
* stackdriver: add relevant error message for when a user
tries to create a template variable
* stackdriver: make sure labels are loaded when service is
changed in dropdown
* stackdriver: change info logging to debug logging
* stackdriver: change pattern for annotation to metric.value
* stackdriver: add support for bscl values
* stackdriver: add support for int64 values
* stackdriver: use correct default value for alignment
period
* stackdriver: fix reducer names
* fix set sent_at on complete
* snaps
* noop services poc
* implemented general actionbar
* handle pending and completed state for alert notifications
* stackdriver: fix froamt annotation text for value
* stackdriver: make it possible to use point values of type
string
* No need to get alert notification state in ShouldNotify
* using constant
* added no datasources added
* stackdriver: broadcasting through $scope doesnt work
anymore since query_filter_ctrl is now a sibling directive
to query_aggregation_ctrl, so broadcasting is now done
using $rootScope
* wip: test get alert notification state
* wip: send and mark as complete
* components, test, removed old not used files
* wip: impl so that get alertstate also creates it if it
does not exist
* fix: preloader element issue
* Adding AWS Isolated Regions
* wip
* stackdriver: pattern formatting for annotations
* stackdriver: fix alignment period bug
* stackdriver: set first metric as selected if no metric
could be retrieved from the target
* stackdriver: wip annotation support
* Compile TS of the whole project to detect type errors
* stackdriver: update tests
* stackdriver: es6 style directive, avoid using scope
* deletez
* refactoring: slight changes to PR #13247
* revert rename
* stackdriver: fix typescript error
* stackdriver: remove not needed alignment option
* using constant
* stackdriver: extract out filter, metric type directive
* stackdriver: add unit tests to resolve unit function
* rename to pluginlistitem
* fixing types
* stackdriver: convert most common stackdriver units to
grafana units if possible
* sqlstore: add support for checking if error is constraint
validation error
* rewrote to use react.sfc
* explore: fixes to dark theme, fixes #13349
* Remove angular code related to API Keys and point the
route to the React component #13411
* Open modal with API key information after key is added
#13411
* Add tests for the reducers & selectors for API keys #13411
* Update test-snapshot, remove dead code #13411
* Add tests for ApiKeysPage #13411
* Add 'search box' and a 'add new' box to the new API Keys
page #13411
* Pick up the type from app/types
* Pick up the type from app/types
* Move User type out of UserPicker and into app/types
* wip: Reactify the api keys page #13411
* add support for mysql and postgres unique index error
codes
* implement sql queries for transactional alert reminders
* stackdriver: fix typescript errors
* stackdriver: pass interval from panel to backend
* stackdriver: remove debug logging
* stackdriver: update docs so that they align with alignment
period rules in stackdriver gui
* stackdriver: update alignment period rules according to
stackdriver
* stackdriver: set target to be raw query
* stackdriver: publish docs to v5.3 (not root)
* initial rename refactoring
* changelog: adds note about closing #12534
* devenv: grafana high availability (ha) test setup
* stackdriver: use more appropriate test data
* Add goconst to CircleCI
* fix: also set dashboard refresh to false
* simplified fix for 12030
* prevent refresh on fixed time window
* using more variables
* stackdriver: fix broken test
* stackdriver: workaround for the fact the jest definitions
does not include not
* stackdriver: docs update
* stackdriver: WIP - implement stackdriver style auto
alignment period. also return the used alignment period
and display it in the query editor
* stackdriver: distinct grafana auto from stackdriver auto
in alignment period
* stackdriver: use correct name for variable
* stackdriver: remove montly from alignment periods
* Added constant
* tests
* stackdriver: add alignemnt period
* stackdriver: make sure service and metric display name is
used instead of value when loading a saved query editor
* alerting: move all notification conditions to
defaultShouldNotify
* stackdriver: use correct event name
* stackdriver: fix broken tests
* stackdriver: update aggregation and alignment before
refreshing when changing metric
* stackdriver: use correct naming convention
* stackdriver: get value type and metric kind from metric
descriptor instead of from latest metric result
* filter NULL values for column value suggestions
* changed to first and last child
* imguploader: Add support for ECS credential provider for
S3
* stackdriver: adds on-change with debounce for alias by
field
* cli: fix init of bus
* Remove .dropdown-menu-open on body click fixes #13409
* stackdriver: improve aggregation logic
* stackdriver: fix failing test
* stackdriver: wip: split metric dropdown into two parts -
resource and metric
* first test
* stackdriver: remove console.log
* filter plugins and layout mode
* stackdriver: typescriptifying controller
* render list
* stackdriver: break out aggretation logic into its own
directive and controller. also adds tests for new dropdown
population logic
* Remove option r from ln command since its not working
everywhere
* fix: updated tests
* using variable
* Fix spelling of your and you're
* Changed setting to be an alerting setting
* created test for graph disclaimer
* Remove non-existing css prop
* fix: Legend to the right, as table, should follow the
width prop. Removing css conflicting with baron's width
calculation. #13312
* stackdriver: populate alignment and aggregation dropdowns
based on metric type and value type
* docs: postgres gif.
* limit number of time series show in explore graph
* docs: whats new for 5.3
* rendering: Added concurrent rendering limits
* stackdriver: fix test after parameter added to constructor
* stackdriver: skeleton for more query types on the backend
* stackdriver: better error handling for getLabels
* stackdriver: move getLabels from query_ctrl to datasource
* Run all sql data source queries for one panel concurrently
* removed border, cleaned up css and fixed class naming
* devenv: fix uid for bulk alert dashboards
* Explore: moved code to app/features/explore
* target gfdev-prometheus datasource
* stackdriver: fix bug when multiple projects connected to
service account
* devenv: adds script for creating many dashboards with
alerts
* stackdriver: refactoring - extract out filtersegments
component
* stackdriver: alias patterns WIP
* Fix goconst issues
* When stacking graphs, always include the y-offset so that
tooltips can render proper values for individual points
* provisioning: changed provisioning default update interval
from 3 to 10 seconds
* Update render.js
* Update render.js
* Fix https://github.com/grafana/grafana/issues/13387 metric
segment options displays after blur
* docs: improve oauth generic azure ad instructions
* invalidate access token cache after datasource is updated
* Fix datbase > database
* Fix changed want md5 hash
* Revert Fahrenheit to Farenheit
* Fix some typos found by codespell
* Fix misspell issues
* fix: use same User-Agent header as in other places in
grafana when making external requests
* docs: changed Json Web Token wording to be just JSON key
file
* added beta notice
* created switch button for org users that can toggle
between users and invites
* pkg/tracing/tracing.go: replace deprecated cfg.New
function
* stackdriver: remove WIP tests
* pkg/services/sqlstore/user.go: empty branch
* pkg/tsdb/elasticsearch/response_parser.go: simplify
redundant code
* pkg/tsdb/elasticsearch/client/search_request.go: simplify
loop with append.
* Explore: remove closing brace with opening brace
* Explore: show series title in tooltip of legend item
* Explore: dont rate-hint on rate queries
* Explore: Fix metric suggestions when first letters have
been typed
* Fix misspelled authentication in Auth overview doc
* fix reader linux test
* resolve symlink on each run
* stackdriver: add templating support for metric, filter and
group by
* wip: panel options idea2
* stackdriver: use group by fields to create default alias
* make sure we don't add the slash twice
* Update render.js
* devenv: fix docker blocks paths
* Updated phantomjs render script to take full height
screenshots
* devenv: re-add missing docker-compose files
* Explore: Fix label suggestions for recording rules
* Explore: Fix click to filter for recording rule
expressions
* Don't use unnest in queries for redshift compatibility
* pkg/tsdb/elasticsearch/client/client.go: use time.Since
instead of time.Now().Sub
* pkg/plugins/dashboards_updater.go: Simplify err check
* pkg/services/sqlstore/alert_notification.go: Simplify err
check
* remove the test that does not do anything
* add the trailing slash
* stackdriver: add custom User-Agent header
* stackdriver: remove hardcoding of test project name
* updated
* set maxworkers 2 for frontend tests
* removes codedov refs
* disable codecov
* add a test
* Fix setting test
* stackdriver: improve query look
* moves /tests to /pkg/plugins
* stackdriver: add alignment period to query controller
* stackdriver: making sure we dont pass too big
alignmentPeriods to the stackdriver api
* stackdriver: fix broken tests
* stackdriver: adds default value for alignment period
* stackdriver: use alignment period that is passed from
frontend. if set to auto, use value provided from the
panel. also added tests for alignment period
* stackdriver: use alignment that is passed from frontend in
the query
* stackdriver: adds advanced options collapse to query
editor with the possibility to select secondary
aggregation and alignment
* removes testdata from getting started
* stackdriver: fix init labels bug
* moves benchmark script to devenv
* moves docker/ to devenv/docker
* changelog: adds note about closing #9735
* docs: add version disclaimer for postgres query editor
* moves files from /tests to more appropriate folders
* docs: template variable support for annotations
* Update getting_started.md
* pkg/services/sqlstore: Fix sess.Id is deprecated: use ID
instead. (megacheck)
* pkg/services/sqlstore: Fix x.Sql is deprecated: use SQL
instead. (megacheck)
* fix: increased team picker limit to 50, closes #13294
* rename folder
* Add documentation for PostgreSQL query builder
* stackdriver: improve query editor to handle no data better
* stackdriver: fixes in query editor
* stackdriver: type rename
* display team member labels
* new column for team_member table
* fix hipchat color code used 'no data' notifications
* stackdriver: makes sure filter dropdown doesnt crash if
clicked before values are loaded
* fixes strange gofmt formatting
* stackdriver: adds null check to query
* gdev: added test dashboard for polystat panel
* Explore: Add multiline syntax highlighting to query field
* stackdriver: add support for filtering to backend
* Hotfix for Explore (empty page after running query)
* stackdriver: add filters to query editor
* ldap: made minor change to group search, and to docs
* stackdriver: fixes remove option in filter
* dsproxy: add mutex protection to the token caches
* metrics: starts some counters at zero
* tech: remove all mobx stuff
* stackdriver: wip - filters for query editor
* stackdriver: adds remove group by option
* stackdriver: improve segments for group bys in query
editor
* stackdriver: load time series meta data for group by
dropdown
* stackdriver: make sure distinct labels are returned. also
added test
* stackdriver: fix failing test
* stackdriver: test get metric types
* stackdriver: wip - group bys
* stackdriver: update logo
* stackdriver: ux for config page, docs updated
* upload: make the button text configurable
* stackdriver: add simple readme
* stackdriver: reverse points array to be in ascending order
* stackdriver: adds support for primary aggregations
* stackdriver: better error handling and show query metadata
* stackdriver: tests for parsing api response
* stackdriver: add first test for parsing frontend queries
* Stackdriver: Fix weird assignment
* Stackdriver: Use metric type from query controller state
* Stackdriver: Set target correctly
* Stackdriver: Break out parse response to its own func
* Stackdriver: Use ds_auth_provider in stackdriver. This
will make sure the token is renewed when it has exporired
* Stackdriver: Restructured ds proxy tests
* stackdriver: fix test
* Stackdriver: Add new file
* Stackdriver: Start breaking out apply route to its own
file
* Stackdriver: Parsed url params
* Stackdriver: Parse datapoints correctly
* Stackdriver: Add backed query using
* Stackdriver: Prettify json
* Stackdriver: Move data to target
* Stackdriver: Load example metric and start parsing
response
* Stackdriver: Exposing stackdriver backend api
* Stackdriver: Use new access token API
* Stackdriver: Temporary exporting token lookup
* Stackdriver: Loads project name and metrics descriptions
into the query controller
* Stackdriver: Corrected field title and removed debug
logging
* Stackdriver: Removed debug logging
* Stackdriver: Improved feedback for when a JWT is already
uploaded in the ds config page
* docs: first draft for stackdriver datasource
* dsproxy: implements support for plugin routes with jwt
file
* Stackdriver: Added test for getProjects
* Stackdriver: Refactored api call to google resource
manager
* Stackdriver: Add scope for google resource manager
* Stackdriver: Fixed error message from google resource
manager
* Removes comment
* Adds skeleton for loading projects from google resource
manager
* Adds unit tests to test datasource
* Implemented datasource test
* Fixed broken if statement
* Adds jwt token signing google auth
* Improved user experience
* Upload: Fixing link function in directive
* Adds poc code for retrieving google auth accesstoken
* Build new stackdriver frontend script
* Add stackdriver backend skeleton
* Adds stackdriver frontend skeleton
* Use datasource cache for backend tsdb/query endpoint
(#13266)
* added underline to links in table
* fix: add permission fixes
* test: added simple dashboard reducer test
* feat: dashboard permissions are working
* Fix gauge display accuracy for 'percent (0.0-1.0)'
* use pluginName consistently when upgrading plugins
* removes old unused examples (#13260)
* fix: added loading screen error scenario (#13256)
* changelog: add notes about closing #11555
* Interpolate $__interval in backend for alerting with sql
datasources (#13156)
* anonymous usage stats for authentication types
* disabling internal metrics disables /metric endpoint
* wip: dashboard permissions to redux
* renames PartialMatch to MatchAny
* fix: add folder permission fix
* fix: fixed tslint issue introduced in recent prometheus PR
merge
* Folder pages to redux (#13235)
* folder permissions in redux
* minor fix
* fix test
* add annotation option to treat series value as timestamp
* wip: first couple of things starting to work
* fix: added reducer test
* Adhoc-filtering for prometheus dashboards (#13212)
* docs: include active directory ldap example and
restructure
* First pass at a text based template var, getting feedback
from devs
* fix: url update loop fix (#13243)
* wip: working on reducer test
* fix: gofmt issues
* fix: added loading nav states
* redux: moved folders to it's own features folder
* fix theme parameter not working problem while prefer theme
set to light (#13232)
* fix: added type export to fix failing test
* fix: fixed typescript test error
* mobx -> redux: major progress on folder migration
* another circleci fix
* Another circleci fix
* changed gometalinter to use github master
* commented out metalinter as gopkg is having issues
* wip: folder settings page to redux progress
* Fix prometheus label filtering for comparison queries
(#13213)
* Upgrade react and enzyme (#13224)
* enable partial tag matches for annotations
* put folder name under dashboard name, tweaked aliginments
in search results
* support template variables with multiple values
* Teams page replace mobx (#13219)
* renames jest files to match new convention
* upgrade of typescript and tslint and jest (#13223)
* fix nil pointer dereference (#13221)
* removes protoc from makefile
* wip: folder to redux
* changelog: note about closing #11681
* Adding Centrify configuration for Oauth
* wip: progress on redux folder store
* wip: moving option tabs into viz tab
* fix: changing edit / view fullscreen modes now work
* actions for group sync
* initial render/refresh timing issues
* team settings
* wip: began folder to redux migration
* test for team member selector
* flattened team state, tests for TeamMembers
* refactor: moved stuff into new features dir
manage-dashboards
* move: moved styleguide to admin
* fix: fixed singlestat test broken due to file move
* moved folders from features into the main feature folder
they belong to
* Add jsonnet with grafonnet-lib to provisioning docs
* fix: Dashboard permissions now shows correctly, fixes
#13201
* redux: do not use redux logger middleware in production
builds
* Allow oauth email attribute name to be configurable
(#13006)
* Document required order for time series queries (#13204)
* refactor: changed AlertRuleItem pause action to callback
* Fix query builder queries for interval start
* team members, bug in fetching team
* renaming things in admin
* graph legend: use refactored version of scrollbar, #13175
* Teampages page
* refactoring: custom scrollbars PR updated, #13175
* scrollbar: use enzyme for tests instead of
react-test-renderer
* changelog: add notes about closing #13121
* fix code formatting
* Fix quoting to handle non-string values
* scrollbar refactor: replace HOC by component with children
* graph legend: scroll component refactor
* scrollbar refactor: replace HOC by component with children
* adds usage stats for alert notifiers (#13173)
* changelog: typo
* docs: what's new in v5.3 placeholder
* tests for withScrollBar() wrapper
* tests for withScrollBar() wrapper
* changelog: restructure and add 5.3.0-beta1 header
* changelog: add notes about closing #13157
* wrapper for react-custom-scrollbars component
* graph legend: use 'react-custom-scrollbars' for legend
scroll
* wrapper for react-custom-scrollbars component
* docs: sql datasources min time interval
* changelog: note about closing #10424
* docs: minor fixes
* docs: Updated auth docs
* docs: updated
* spelling errors
* make default values for alerting configurable
* Adding Action to view the graph by its public URL.
* changelog: order changes by group (ocd)
* changelog: add notes about closing #13030
* added radix rule and changed files to follow rule (#13153)
* set search query action and tests
* docs: default paths in the docker container.
* delete team
* added only-arrow-functions rule and changed files to
follow new rule (#13154)
* load teams and store in redux
* build: uses 1.1.0 of the build container.
* creating types, actions, reducer
* Only authenticate logins when password is set (#13147)
* refatoring: minor changes to PR #13149
* Add min time interval to mysql and mssql
* build: updated build-container with go1.11.
* added no-conditional-assignment rule and changed files to
follow new rule
* fix test failures for timeInterval
* document postgres min time interval
* Add min time interval to postgres datasource
* Changed functions to arrow functions for
only-arrow-functions rule. (#13131)
* mobx: removed unused SearchStore
* fix: Updated test
* redux: minor changes to redux thunk actions and use of
typings
* Reactify sidebar (#13091)
* Changed functions to arrow functions for
only-arrow-functions rule.
* removed unused mobx state
* changed functions to arrowfunctions for
only-arrow-functions rule (#13127)
* fix: fixed home dashboard redirect issue when behind
reverse proxy, fixes #12429 (#13135)
* tests
* Changed functions to arrow functions for
only-arrow-functions rule.
* improve remote image rendering (#13102)
* handle new variables created not yet added
* changelog: add notes about closing #10095
* graph legend: implement series toggling and sorting
* docs: postgres provisioning
* changelog: adds note about closing #13125
* fixed title prefix, fixes #13123 (#13128)
* Reopen log files after receiving a SIGHUP signal (#13112)
* Fixed a bug in the test and added test for filter alert
rules
* graph legend: react component refactor
* added Bitcoin as a currency option
* added new-parens rule (#13119)
* cli: avoid rely on response.ContentLength (#13120)
* some basic selector tests
* fixed testcase
* pausing alert
* docs: v5.2 upgrade notice, ref #13084
* changelog: add notes about closing #7330
* extend from purecomponent
* remove log
* actions and reducers for search filter
* added rule use-isnan and and updated file to follow new
rule (#13117)
* added no-namespace and no-reference rules (#13116)
* added no-angle-bracket-type-assertion rule and updatet
files to follow rule (#13115)
* Updated rules for variable name (#13106)
* update wording and punctuation (#13113)
* redux: improved state handling
* redux: progress
* wip: load alert rules via redux
* refactor: changed nav store to use nav index and selector
instead of initNav action
* moving things around
* Fix array display from url
* wip: solid progress on redux -> angular location bridge
update
* wip: moving things around
* wip: moveing things around
* wip: redux refactor
* pass timerange in meta data queries
* ignore information_schema tables
* added jsdoc-format rule and fixed files that didn't follow
new rule (#13107)
* set member-access and no-var-keyword to true, removed
public in two files (#13104)
* fix: for text flickering in animation on chrome on windows
* graph legend: minor refactor
* use quoting functions from MysqlQuery in datasource
* render query from query builder
* graph: make table markup corresponding to standards
* graph: legend as React component
* wip: redux
* redux: wip progress for using redux
* fixed so preloader is removed when app is loaded
* removed console.log
* separated fade-ins for logo and text, tweaked delays and
timing for fade-in animations
* docs: minor updates, more work to do
* ux: minor fixes to loading screen
* start implementing mysql query editor as a copy of
postgres query editor
* reset metric column when changing table
* fix timeFilter resetting when changing table
* when changing table, refresh panel once after columns have
been changed
* added pro-tip text, removed pro-tip link
* fixed styling for background and text, added intro
animation, added fade in to text
* fix timecolumn handling when table changes
* set default for timeGroup in query builder to $__interval
* when changing table reset columns
* fix metric column suggestions
* fix suggestions for metric column
* Return correct path for OpenBSD in cli's returnOsDefault
(#13089)
* updated changelog
* New TV Mode, dashboard toolbar update (layout change & new
cycle view mode button) (#13025)
* added this:any to functions and changed functions to
arrowfunctions
* feat: loading css async & inline svg
* Explore: keep query when changing datasources (#13042)
* changed var to let in 50 files (#13075)
* changed var to let in last files (#13087)
* tsconfig: started on setting noImplicitThis to true
* tsconfig: format file
* document postgres version and TimescaleDB option
* tslint: added 1 more rule, #12918
* tslint: added 2 more rules and removed unused component,
#12918
* tslint: added a new tslint rule
* added rule prefer const to tslint (#13071)
* dep ensure (#13074)
* hide Query Builder button for table panels
* check for correct quoting of multiple singlequotes
* changed var to const 2 (#13068)
* changed var to const (#13061)
* update latest.json to latest stable version
* docs: corrected docs description for setting
* remove min time interval from datasource config
* remove unneeded queryOptions
* changelog: add notes about 4.6.4 and 5.2.3 releases
* fix quoting
* strip quotes when auto adding alias
* handle quoting properly for table suggestion
* link to github instead
* recheck timecolumn when changing table
* update filter macro on time column change
* string formating fixes
* go fmt fixes
* Moved tooltip icon from input to label #12945 (#13059)
* added empty cta to playlist page + hid playlist table when
empty (#12841)
* changed from rotating to bouncing, maybe to much squash
and stretch
* Update provisioning.md
* make default mode for table panels raw editor
* improve description for timescaledb option
* Review feedback.
* use series matchers to get label name/value
* changelog: add notes about closing #12865
* fixed so validation of empty fields works again
* added a loading view with a spining grafana logo
* fix handling of variable interpolation for IN expresions
* tslint: tslint to const fixes part3 (#13036)
* tslint: more const fixes (#13035)
* tslint: changing vars -> const (#13034)
* tslint: autofix of let -> const (#13033)
* fix: minor fix to changing type
* upgrades to golang 1.11
* wip: angular panels now have similar edit mode and panel
type selection enabling quick changing between panel react
and angular panel types
* add min interval to postgres datasource
* wip: major change for refresh and render events flow
* fix: going from fullscreen fix
* wip: minor fixes
* copy and docs update for alert notification reminders
* change/add tests for alerting notification reminders
* wip: trying to align react & angular edit modes
* WIP Update tslint (#12922)
* changelog: add notes about closing #12952 #12965
* build: fixes rpm build when using defaults.
* docs: reminder notifications update
* changelog: add notes about closing #12486
* docs: changes
* created a section under administration for authentication,
moved ldap guide here, created pages for auth-proxy,
oauth, anonymous auth, ldap sync with grafana ee, and
overview, moved authentication guides from configuration
to, added linksin configuration page to guides
* fixed so animation starts as soon as one pushes the button
and animation stops if login failed
* added link to getting started to all, changed wording
* tests: fix missing tests (with .jest suffix)
* docs: alerting notification reminders
* update copy/ux for configuring alerting notification
reminders
* heatmap: fix tooltip bug in firefox
* fix tableSegment and timeColumnSegment after table
suggestion
* Update notifications.md
* sql: added code migration type
* changelog: add notes about closing #11890
* Explore: Apply tab completion suggestion on Enter (#12904)
* Show min-width option only for horizontal repeat (#12981)
* Fix bulk-dashboards path (#12978)
* add suggestions for reminder frequency and change copy
* don't write to notification journal when testing
notifier/rule
* remove unnecessary conversion (metalinter)
* fix after merge with master
* Refresh query variable when another variable is used in
regex field (#12961)
* Webpack tapable plugin deprecation (#12960)
* unify quoting
* dsproxy: interpolate route url
* prefill editor with first metric table
* only allow 1 filter macro in where clause
* fix timeColumnType assignment
* make suggested filter macro depend on type
* use unixEpochGroup macro for unix timestamp
* alerting: inline docs for the slack channel.
* Replacing variable interpolation in 'All value' value
* changelog: add notes about closing #12229
* cleaning up test data
* changelog: add notes about closing #12892
* docs: es versions supported
* devenv: update sql dashboards
* when value in variable changes, identify which variable(s)
to update
* removed inverse btn styling and added bgColor to generic
oauth and grafana.com login buttons, added styling so log
in button uses dark theme inverse btn styling both for
dark and light theme
* suggest operators depending on datatype
* Doc - fix title level
* Update doc about repeating panels
* Doc - fix broken link
* build: beta versions no longer tagged as latest.
* docs: cleanup.
* docs: docker and restarts.
* update persisted parts on param change
* persist datatype information
* Don't do value suggestions for numeric and timestamp
* created a class for loading buttons, added a button for
when login slow on login page
* rename postgres_query.jest.ts to .test.ts
* fix variable escaping
* autodetect timescaledb when version >= 9.6
* build: duplicate docker run-script removed.
* detect postgres version for saved datasources
* Set User-Agent header in all proxied datasource requests
* use pointer cursor for buttons in query editor
* docs: cloudwatch dimensions reference link.
* require postgres 9.4+ for ordered set aggregate functions
* add postgres version to datasource config
* only show first/last aggregate when timescaledb is enabled
* keep jsonData in PostgresDatasource
* docs: remove message property in response from get alerts
http api
* changelog: add notes about closing #5623
* build: cleanup
* should allow one default datasource per organisation using
provisioning
* build: fixes rpm verification.
* docs: add grafana version note for gitlab oauth
* docs: gitlab: add note about more restrictive API scope
* social: gitlab_oauth: set user ID in case email changes
* docs: document GitLab authentication backend
* social: add GitLab authentication backend
* build: verifies the rpm packages signatures.
* changelog: add notes about closing #12224
* added guide for logging in to grafana for the first and
how to add a datasource
* docs: update
* feat: add auto fit panels to shortcut modal, closes #12768
* changelog: add notes about closing #12680
* docs: update postgres provisioning
* Remove dependencies
* Rename test files
* changelog: add notes about closing #12598
* add version disclaimer for TimescaleDB
* document TimescaleDB datasource option
* Use variable in newPostgresMacroEngine
* Remove Karma scripts and docs
* changelog: add notes about closing #10705
* fix: ds_proxy test not initiating header
* Don't pass datasource to newPostgresMacroEngine
* Remove tests and logs
* Fix for Graphite function parameter quoting (#12907)
* don't render hidden columns in table panel (#12911)
* fix: added missing ini default keys, fixes #12800 (#12912)
* refactor timescaledb handling in MacroEngine
* change: Set User-Agent to Grafana/%Version%
Proxied-DS-Request %DS-Type% in all proxied ds requests
* Remove comment
* Cleanup
* All tests passing
* Class to function. Half tests passing
* Karma to Jest: graph (refactor) (#12860)
* tech: removed js related stuff now that 99% is typescript
(#12905)
* Add React container
* changelog: add notes about closing #12805
* fix redirect to panel when using an outdated dashboard
slug (#12901)
* Add commit to external stylesheet url (#12902)
* build: increase frontend tests timeout without no output
* fix: Alerting rendering timeout was 30 seconds, same as
alert rule eval timeout, this should be much lower so the
rendering timeout does not timeout the rule context, fixes
#12151 (#12903)
* changelog: add notes about closing #12476
* now hides team header when no teams + fix for list hidden
when only one team
* Rename to HeatmapRenderer
* Mock things
* Explore: Fix label filtering for rate queries
* add $__unixEpochGroup to mssql datasource
* add $__unixEpochGroup to mysql datasource
* Add $__unixEpochGroup macro to postgres datasource
* changed const members to filteredMembers to trigger get
filtered members, changed input value to team.search
(#12885)
* get timecolumn datatype on timecolumn change
* changelog: add notes about closing #12882
* Removes link to deprecated docker image build
* Add mocks
* fix datatype query
* Changelog update
* docker: makes it possible to set a specific plugin url.
* Add support for $__range_s (#12883)
* Refactor setting fillmode
* Update dashboard.md
* Fix typo
* Explore: label selector for logging
* Replace element
* Rewrite heatmap to class
* Explore: still show rate hint if query is complex
* Explore: Filter out existing labels in label suggestions
* Add note for #12843
* Fix initial state in split explore
* replaced with EmptyListCta
* Begin conversion
* changed messaging
* mention time_bucket in timescaledb tooltip
* keep legend scroll position when series are toggled
(#12845)
* replaced confirm delete modal with deleteButton component
in teams members list
* [wip]added empty list cta to team list, if statement
toggles view for when the list is empty or not
* Update NOTICE.md
* Fix padding for metrics chooser in explore
* fix rebase error
* revert passing ctrl to testDatasource
* change timescaledb to checkbox instead of select
* add timescaledb option to postgres datasource
* build: fixes png rendering in the docker based
docker-image build.
* remove duplicated /tmp entry in .dockerignore
* move run script, update README
* produce an image compatible with grafana-docker
* More efficient builds and some fixes to the Go binaries
* Simple Docker-based build option
* Add example OR search_filter to docs
* Explore: expand recording rules for queries
* Explore: Query hints for prometheus (#12833)
* Convert URL-like text to links in plugins readme
* skip target _self to remove full page reload
* use uid when linking to dashboards internally in a
dashboard
* add previous fill mode to query builder
* added more info about the teams
* removed mock-teams, now gets teams from backend
* changelog: add notes about closing #12756
* add api route for retrieving teams of signed in user
* devenv: update sql dashboards
* team list for profile page + mock teams
* changelog: add notes about closing #11270
* Fixing bug in url query reader and added test cases
* fix missing *
* rename last fillmode to previous
* change fillmode from last to previous
* return proper payload from api when updating datasource
* Review feedback
* changelog: update #12768
* Remove window
* Fix url param errors
* Explore: Metrics chooser for prometheus
* Add clear row button
* Add clear button to Explore
* Explore: show message if queries did not return data
* Fix closing parens completion for prometheus queries in
Explore (#12810)
* Update ROADMAP.md
* Update ROADMAP.md
* Update ROADMAP.md
* switched to lowercase
* replaced escape() call, renamed formatter to be more
expressive
* Smaller docker image (#12824)
* build: failing to push to docker hub fails the build.
* Reversed history direction for explore
* Explore: Add history to query fields
* unix socket docs
* Explore: facetting for label completion (#12786)
* docs: how to build a docker image.
* Remove Karma test
* All tests passing
* Add mock constructor
* Begin conversion
* Convert query control
* Convert datasource
* refactor: take submenu into account PR #12796
* refactor: renaming variables, refactoring PR #12796
* refactor: moving code around a bit, refactoring PR #12796
* Remove weird import
* Disable submenu when autopanels is enabled
* Extract to own method
* Use and add keybard shortcut
* Add temporary url parameter
* Replace floor with round
* Go with just single margin compensation
* Add margin and padding compensation
* Remove weird import
* Fit panels to screen height
* dont break default parameters for functions
* fix suggestion query
* renamed slate unit tests to .jest.ts
* Remove simple tests
* Support client certificates for LDAP servers
* Begin conversion
* Add click on explore table cell to add filter to query
(#12729)
* dont order for aggregate
* build: makes it easier to build a local docker container.
* add moving average to query builder
* adjust frontend test
* use $__timeGroupAlias macro
* specify grafana version for last fill mode
* add fillmode 'last' to sql datasource
* build: disables external docker build for master and
release.
* build: complete docker build for master and releases.
* build: removes unused args to docker build.
* build: imported latest changes from grafana-docker.
* build: attach built resources.
* build: builds docker image from local grafna tgz.
* build: new workflow for PR:s and branches.
* docker: inital copy of the grafana-docker files.
* changelog: add notes about closing #1823 #12801
* Add auto_assign_org_id to defaults.ini
* changelog: add notes about closing #12749
* changelog: add notes about closing #12766
* adjust test dashboards
* remove info logging
* added two new classes for color, fixed so link has value
color
* changelog: add notes about closing #12063
* Add new Redshift metrics and dimensions for Cloudwatch
datasource
* changelog: add notes about closing #12752
* changelog: update
* Improve iOS and Windows 10 experience (#12769)
* add series override option to hide tooltip (#12378)
* changelog: add notes about closing #12785
* removed table-panel-link class
* removed table-panel-link class and add a class white to
modify table-panel-cell-link class
* add warning when switching from raw sql mode
* add more prominent button for switching edit mode
* document $__timeGroupAlias
* add $__timeGroupAlias to mysql and mssql
* fix custom variable quoting in sql* query interpolations
* add compatibility code to handle pre 5.3 usage
* Change to arrow functions
* Add all tests to one file
* changelog: add notes about closing #12561
* Remove angularMocks
* All tests passing
* replaced style with class for links
* Add $__timeGroupAlias to postgres macros
* adjust test dashboards
* remove alias from postgres $__timeGroup macro
* changelog: add notes about closing #12762
* fix: team email tooltip was not showing
* fix: test data api route used old name for test data
datasource, fixes #12773
* removed a blank space in div
* fixed color for links in colored cells by adding a new
variable that sets color: white when cell or row has
background-color
* changelog: add notes about closing #12300
* Weird execution order for the tests...
* fixed test result
* added urlescape formatting option
* changelog: add notes about closing #12744
* changelog: add notes about closing #12727
* add aws_dx to cloudwatch datasource
* also fixed 'Watt per square metre'
* fixed that missing one
* add version note to metric prefix and fix typo
* devenv: update sql dashboards
* mssql: update tests
* fix usage of metric column types so that you don't need to
specify metric alias
* Begin conversion
* changelog: update
* changelog: add notes about closing #12747
* Add missing tls_skip_verify_insecure (#12748)
* rename special to windows
* add first and last support
* refactor function handling in query builder
* refactor column function handling
* consistent nameing fro group and select
* mssql: add logo
* add tests for metric column prefix to mssql
* add metric column prefix test for mysql
* document metric column prefix in query editor
* document metric column prefix for mysql and mssql
* Remove extra mock
* Karm to Jest
* correct volume unit
* Remove lo
* Test passing. Remove Karma
* adjust metric prefix code to sql engine refactor
* add testcase for metric column as prefix
* Use metric column as prefix
* Fix emit errors
* Fix test
* Add async/await
* refactor schema query generation
* removed unused class from the deletebutton pr
* frontend part with mock-team-list
* Update test for local time
* update devenv datasources and dashboards for sql
datasources
* Begin conversion
* use const for rowlimit in sql engine
* Cleanup
* Remove Karma file
* All tests passing
* All except one passing
* remove tableschema from query builder ui
* changelog: add notes about closing #12731
* elasticsearch: support reversed index patterns
* update devenv datasources and dashboards for sql
datasources
* mssql: use new sql engine
* mysql: use new sql engine
* postgres: use new sql engine
* refactor sql engine to make it hold all common code for
sql datasources
* Pass more tests
* Refactor Explore query field (#12643)
* Begin conversion
* All tests passing. Remove Karma test.
* Almost all tests passing
* Add tslib to TS compiler
* docs: using interval and range variables in prometheus
* Two passing tests
* Update Configuration.md
* Start conversion
* changelog: add notes about closing #12533
* changelog: add notes about closing #12668
* changelog: update
* changelog: add notes about closing #12668
* fix for typeahead background, increased lighten
* added position absolute and some flexbox so I could remov
changes in display and setTimeout, added tests and types,
did some renaming
* fix invalid reference
* minor fixes
* fix failing test due to time diff issues
* Remove comments
* remove unneeded comment
* Remove old influx stuff
* changelog: add notes about closing #12489
* changelog: add notes about closing #12551
* changelog: add notes about closing #12533
* Karma to Jest
* Begin conversion
* changelog: add notes about closing #12589
* changelog: add notes about closing #12636 #9827
* Remove influx qeury_ctrl jest, as it is already completed
* Test fail depending on test order
* Karma to Jest: begin influx query_ctrl
* Make beautiful
* Karma to Jest: completer
* Remove comments and Karm test
* Karma to Jest
* Pass more tests
* changelog: add notes about closing #12644
* fix code style
* docs: mentation that config changes requires restart.
* return 400 if user input error
* changing callback fn into arrow functions for correct
usage of this (#12673)
* Fix requested changes
* Add templating docs for
* Add docs about global variables in query template
variables
* Figuring out why it doesn't initialize
* Add support for interval in query variable
* Add jest file
* Change to arrow functions
* Add graph_ctrl jest
* changelog: add notes about closing #12691
* Update kbn.ts
* Add jest test file
* Id validation of CloudWatch GetMetricData
* Fix timezone issues in test
* fix window function query without group by
* changelog: adds note for #11487
* add order by to metadata queries
* set explicit order for rate and increase
* escaping ssl mode on postgres param
* fix pre gui queries shortcircuit
* Add unit test for InfluxDB datasource
* Support timeFilter in templating for InfluxDB
* Datasource for Grafana logging platform
* removed blue-dark variable with blue-light in light-theme,
blue variable now has same value as blue-dark had before,
should fix issue with any low contrast issues with blue in
light-theme, this made query-blue variable unnecessery
removed it, added variable for variable dropdown highlight
background
* removed import appEvents
* built a component for delete button in tables, instead of
using a modal to confirm it now does it in the row of the
table, created a sass file for the component, the
component uses css transitions for animation
* fix: postgres/mysql engine cache was not being used, fixes
#12636 (#12642)
* added: replaces added to grafana
* fix: datasource search was not working properly
* add groupby when adding first aggregate
* docs: minor docs fix
* Fix label suggestions in Explore query field
* pluginloader: expose flot gauge plugin
* alert: add missing test after refactor
* Handle query string in storage public_url (#9351) (#12555)
* HTTP API documentation +fix when updating a playlist
(#12612)
* Explore: calculate query interval based on available width
* Use url params for explore state
* Dont parse empty explore state from url
* Fix default browser th font-weight
* Adding eval_data to alerts query results
* ldap: Make it possible to define Grafana admins via ldap
setup, closes #2469
* nginx: update to docker block
* minor fix for legacy panels
* Remove string casting for template variables in prometheus
* ldap: docker block readme update
* Make prometheus value formatting more robust
* Update README.md
* Devenv testdata dashboards (#12615)
* fix test for query generation
* dont run queries if target has no table set
* add query to find metric table
* add popover for metric column
* rename PostgresQueryBuilder to PostgresMetaQuery
* dont expand variables in rawSql
* filter datatype for groupby suggestions
* fix rate special function when using group by
* remove unused import
* refactor adding sqlPart
* remove render code from sql_part
* fix bug in query generation with metricColumn
* refactor PostgresQuery
* refactor PostgresQueryCtrl
* refactor PostgresQueryCtrl and PostgresQuery
* refactor addGroupBy and removeGroupByPart
* use let for variable declaration
* Add templateSrv to PostgresQuery tests
* add tests for query generation
* Reverted $q to Promise migration in datasource_srv
* Allow settting of default org id to auto-assign to
(#12401)
* Remove unused SASS variables (#12603)
* fix: panel embedd scrolbar fix, fixes #12589 (#12595)
* fix tests for postgres datasource
* Set datasource in deep links to Explore
* send timerange with metricFindQuery
* Explore Datasource selector
* changed you to your (#12590)
* indent generated SQL
* Add comments
* Fix freezing browser when loading plugin
* handle counter overflow and resets in rate
* partition by metricColumn when using increase
* add rate and increase special functions
* wip: another baby step, another million to go
* skip backend request if extended statistics is invalid.
(#12495)
* Refactor team pages to react & design change (#12574)
* (prometheus) prevent error to use $__interval_ms in query
(#12533)
* fix: folder picker did not notify parent that the initial
folder had been changed, fixes #12543 (#12554)
* Add support for skipping variable value in URL, fixes
#12174 (#12541)
* Update mac.md
* Update windows.md
* Update rpm.md
* Update debian.md
* Don't build-all for PRs
* Refactor value column SQL generation
* Refactor metric column sql generation
* fix: requests/sec instead of requets (#12557)
* Add folder name to dashboard title (#12545)
* Fix css loading in plugins (#12573)
* Refactor group by query generation
* Refactor where clause generation
* refactor SQL generation for value columns
* Refactor time column sql generation
* Refactor render function on PostgresQuery
* prepare sql part for special functions
* set query gui as default handle old panels gracefully
* Added BurstBalance metric to list of AWS RDS metrics.
* dont throw exception for unknown types
* Prevent scroll on focus for iframe
* add alias when adding group by
* Add new sequential color scales
* add aggregates when adding group by
* add column alias when add aggregate function
* move go vet out of scripts and fixing warning (#12552)
* fix enter in sql_part_editor
* fix editing expression parts
* wip: you can now change panel type in edit mode
* rename inputBlur to switchToLink
* react panels: working on changing type
* Cleanup and remove some jest.fn()
* fix spelling
* add current value to dropdown if its not in resultset
* Revert 'show current value in dropdown when its not part
of list'
* Remove irrelevant tests and templateSrv stub
* show current value in dropdown when its not part of list
* redid redux poc, old branch was to old and caused to many
conflicts
* wip: redux poc
* fix diff and percent_diff (#12515)
* improve error message
* generate unique id when variable is multi
* support GetMetricData
* dep ensure
* update aws-sdk-go
* Update lodash/moment version (#12532)
* fix: minor css change
* wip: minopr progress on react panel edit infra
* Tabs to spaces in tslint (#12529)
* wip: minor progres on react panels edit mode
* add None to metric column suggestions
* handle pre query gui queries gracefully
* dont break on panels that dont have rawQuery set
* refactor transformToSegments
* devenv: updated devenv provision scripts
* wip: viz editor started
* ux: minor fix/tweak to inactive view mode, think logo
should be visible & fixes dashboard title alignment
* changelog: add notes about closing #12379
* Fix datasource sorting with template variables
* another baby step
* changelog: add notes about closing #12484
* changelog: add notes about closing #12506
* rename quoteLiteral to quoteIdentAsLiteral
* changelog: add notes about closing #12506
* fix links not updating after changing variables
* remove unused function removeSelect
* put updateParam back in
* fix where clause generation
* remove hardcoded $__timeFilter, make macros functional in
where clause
* remove dead code, make label more flexible
* fix constraint removal
* react-panels: minor progress on data flow
* dont autoquote, suggest quoted values if requried
* prometheus heatmap: fix unhandled error when some points
are missing
* fix caret for help button is ds http settings
* do not autoquote identifiers
* fix group by ui
* changelog: add notes about closing #11618 #11619
* fix where constraint handling
* remove dead code from sql_part fix where clause query
generation
* Add mock to test files
* Create new instance in beforeEach
* Remove comments
* Karma to Jest: Cloudwatch datasource
* Karma to Jest: MySQL datasource
* Karma to Jest: postgres datasource
* Basic cleanup
* Add mocks in test file
* Remove q and stub
* Add Jest stubs
* Remove async
* Remove logs and comments
* Start elastic ds test conversion
* run enterprise build only on master for now
* refix the settings indentation
* update stats admin doc
* fix json indentation
* include where constraints in query generation
* remove unnecessary conversions
* rearrange elements of query builder
* mv query_part to sql_part
* changelog: update
* changelog: add notes about closing #11818
* changelog: add notes about closing #12460
* changelog: add notes about closing #8186
* changelog: add notes about closing #12379
* changelog: add notes about closing #12362
* devenv: open ldap docker block now prepopulating data with
correct member groups
* ci: Only publish grafana enterprise packages tagged with
enterprise.
* Make table sorting stable when null values exist (#12362)
* Fix bar width issue in aligned prometheus queries (#12483)
* correct example (#12481)
* ldap: improved ldap test env with more structured users
and groups
* test: fixed usage of wrap in tests.
* ci: typo
* ci: publishes grafana enterprise to s3.
* refactoring: making api wrap public
* refactoring: enterprise build/hooks refactorings (#12478)
* Karma to Jest: datasource_srv (#12456)
* fix: #12461 introduced issues with route registration
ordering, adding plugin static routes before plugins
package had been initiated (#12474)
* omit extra template refresh (#12454)
* wip: minor progress on DataPanel
* Improve extensions build. (#12461)
* [mysql] fix $__timeGroup rounding (#12469)
* [mssql] fix $__timeGroup rounding (#12470)
* [postgres] fix timeGroup macro rounding (#12468)
* pkg/social/github: Allow changing of userinfo data
(#12471)
* notifications: dont return error if one notifer failed
* use sqlPart for ui parts
* avoid calling os.Exit outside main.go (#12459)
* update mysql/mssql query/annotation help sections
* docs: update folders api
* Changed documentation for MSSQL and MySQL to reflect macro
changes
* docs: update scripted dashboard for v5
* docs: update scripted dashboard for v5
* docs: update organisation http api
* docs: upd windows installation
* notifications: send notifications synchronous
* notifications: read without tran, write with tran
* registry: adds more comments
* registry: adds comments to interfaces
* changelog: update
* changelog: update
* changelog: add notes about closing #12438
* alerting: only log when screenshot been uploaded
* fixes typos
* Reverted yarn.lock to master
* Used PostgreSQL TSDB as a model the set up the
__timeFilter, __timeFrom, and __timeTo macros for
Microsoft SQL and MySQL
* changelog: add notes about closing #12444
* Revert 'auth proxy: use real ip when validating white
listed ip's'
* changelog: adds note for #11892
* changelog: add notes about closing #12430
* fix footer css issue
* Karma to Jest: 3 test files (#12414)
* fix: log close/flush was done too early, before server
shutdown log message was called, fixes #12438
* react panels wip
* Karma to Jest: value_select_dropdown (#12435)
* support passing api token in Basic auth password (#12416)
* Add disabled styles for checked checkbox (#12422)
* changelog: add notes about closing #11920
* changelog: add notes about closing #11920
* changelog: update
* docs: upd what's new in v5.2
* docs: update index with link to what's new in 5.2 instead
of 5.0
* wip: react panels editor mode, tabs working
* changelog: add notes about closing #12385
* react panels wip
* feat: panels v2, metrics-tab loading
* docs: upd what's new in v5.2
* docs: upd what's new in v5.2
* login: fix layout issues
* build: yarn should be included out of the box on circle ci
* notifier: handle known error first
* ensure that if the dasboardID is negative, it will not
bypass the checking of the right (#12398)
* changelog: add notes about closing #11968
* Webpack 4 (WIP) (#12098)
* Make pre/postfix coloring checkboxes inactive when gauge
is active
* removes unused return object
* handle 'dn' ldap attribute more gracefully (#12385)
* Update ROADMAP.md
* Fix typo
* Switched MySQL and MSSQL macros for timeFilter and related
to use BETWEEN and calculate UNIX time server side instead
of database side. Fixes #11618 #11619
* docs: update installation instructions
* routing: raise panic if duplicate routes are added
* routing: allows routes to be added to existing groups
* changelog: add notes about closing #11868
* enhance error message if phantomjs executable is not found
* fix: annnotation api & sql issue
* changelog: add notes about closing #12248
* set correct text in drop down when variable is present in
url using key/values
* Light improve of massive delete annotation api (#12390)
* Fix 12248
* Fixing wrong /public path, relative to the webpack.dev
script, that would avoid webpack from cleaning previous
builds. (#12351)
* changelog: add notes about closing #12383
* changelog: adds note about closing #12313
* Return a 404 when deleting a datasource through the API if
it doesn't exist and add a test for it to confirm #12313
* Set $rootScope in DatasourceSrv
* Add options to colorize prefix and postfix in singlestat
* devenv: adds dashboard with multiple rows
* changelog: adds note about closing #10971
* Pass configured/auth headers to a Datasource.
* Karma to Jest: history_ctrl. .gitingore: .vs/
* changelog: add notes about closing #12359
* build: fix signing of multiple rpm packages
* docs: what's new in v5.2 and docker installation updates
* tech: adds comments about route register code
* changelog: add notes about closing issue
* Karma to Jest: history_ctrl. Update version: ts-jest
* changelog: add notes about 5.2.0-beta2
* changelog: add notes about closing #12240
* changelog: add notes about closing #12256
* changelog: add notes about closing #11792
* changelog: add notes about closing #12315
* dashboard: fix drop down links
* wip: react panels, query editor loading from react
PanelEditor view
* fix regressions after save modal changes of not storing
time and variables per default
* wip: react panel minor progrss
* updated
* Karma to Jest: history_srv (#12341)
* react panels minor progress
* make sure to process panels in collapsed rows when
exporting dashboard
* changelog: add notes about closing #3132
* docs: update installation instructions
* react panel minor progress
* ldap: add note about config in Grafana
* ldap: add note to dockerfile
* changelog: add notes about closing #12343
* docs: Plugin review guidelines and datasource auth pages
* remove unused argument in default scenario of guardian
test
* fix: fixed permission issue with api key with viewer role
in dashboards with default permissions
* wip: react panel makeover mini progress
* Karma to Jest: time_srv (#12303)
* Karma to Jest: team_details_ctrl (#12321)
* Fix error in InfluxDB query
* expose functions to use sessions
* changelog: adds note about closing #11607
* test commit for checking github permissions
* changelog: add notes about closing #12278
* changelog: add notes about closing #11076
* snapshot: copy correct props when creating a snapshot
* added comment to reason the id tag
* set current org when adding/removing user to org
* changelog: add notes about closing #10707
* Include the vendor directory when copying source in to
Docker (#12305)
* changelog: adds note about closing #12199
* adds tests for journaling sql operations
* use epoch to compare timestamp
* adds inTransactionCtx that calls inTransactionWithRetryCtx
* merge create user handlers
* transactions: start sessions and transactions at the same
place
* adds info about eval/reminder interval
* tests for defaultShouldNotify
* cloudwatch: handle invalid time range
* notifications: make journaling ctx aware
* make sure to use real ip when validating white listed ip's
* Adding Cloudwatch AWS/AppSync metrics and dimensions
* notifications: gather actions in one transaction
* changelog: adds note about closing #12286
* sql: adds tests for InTransaction
* bus: noop should still execute fn
* removes unused code
* bus: Dispatch now passes empty ctx if handler require it
* bus: dont start transaction when creating session
* bus: dont mix ctx/classic handlers
* bus: DispatchCtx can now invoke any handler
* refactoring: renamed AddCtxHandler to AddHandlerCtx PR
#12203
* refactoring: transaction manager PR #12203
* fixes typo in code
* check if admin exists or create one in one transaction
* replace begin/end with wrapper function
* bus: support multiple dispatch in one transaction
* docs: adds info about grafana-dev container
* changelog: add notes about closing #12282
* Added Litre/min and milliLitre/min in Flow (#12282)
* remove papaparse dependency
* list name is deleteDatasources, not delete_datasources
* remove internal influx ifql datasource
* Document the endpoint for deleting an org
* tests: rewrite into table tests
* influxdb: adds mode func to backend
* Fix queryfield wrapper css
* Fix Queryfield metrics field missing
* batch DOM reads from query field typeahead
* hint support for typeahead
* Make suggestions an object
* Trigger typeahead on Ctrl-Space
* refactor Explore query field
* changelog: add notes about closing #11484
* changelog: add notes about closing #11233
* Remove import
* Fix PR feedback
* Removed papaparse from external plugin exports
* Karma to Jest: query_builder
* dsproxy: move http client variable back
* Karma to Jest: threshold_mapper
* Expose react and slate to external plugins
* Karma to Jest: threshold_manager
* Karma to Jest: query_def, index_pattern
* Remove import
* Karma to Jest: elastic_response
* changelog: notes about closing #12189
* #11607 corrected file cleanup test
* #11607 removed unnecessary conversion (from gometalinter)
* Improve test readability
* #11607 fixed formatting
* #11607 Cleanup time of temporary files is now configurable
* moved link icon in panel header
* Karma to Jest: playlist_edit_ctrl
* Karma to Jest: exporter
* Update graphite.md
* changelog: add notes about closing #10796
* added id tag to Panels for html bsckmarking on longer
Dashboards
* dashboard import to folder: minor fixes
* Docs: output location from build script
* Correct Provisioning documentation link
* dsproxy: allow multiple access tokens per datasource
* Mock core in jest-setup
* Docs: Update Build from Source
* Convert tests from Karma to Jest
* changelog: add notes about closing #11963
* save-modal save button (#12047)
* Karma to Jest: graph-tooltip
* removed QueryOptionsCtrl references
* update latest.json to 5.1.3
* use ng-if
* hot-fix ifql testdatasource()
* triggers grafana-docker master build
* changed som variables to values so it's the same for dark
and light theme, added special styling for login text,
link and input (#12196)
* mattn/go-sqlite3 v1.6.0 to v1.7.0
* changelog: add notes about closing #11074
* fixed so panel title doesn't wrap and (#12142)
* graph: fix legend decimals precision calculation
* Use Passive eventListener for 'wheel' (#12106)
* removes more unused code
* removes unused code
* nicer collapsed row behaviour (#12186)
* remove DashboardRowCtrl (#12187)
* add panel on enter
* autoFocus the search filter
* adds missing return statement
* Fix typo: eleasticsearch -> elasticsearch (#12184)
* Annotations support for ifql datasource
* dashboard: improve import UX for non-editor users
* Template variable support for ifql datasource
* Use cut to trim down the SHA1.
* show import menu in sidenav, dashboard search and manage
dashboards page
* Fix metrics panel test by adding config mock
* Respect explore settings in config ini
* Add .html to webpack.hot resolve extensions
* Version the tarball uploaded to s3 and tell the next step
about it.
* dashboard: import into current folder from manage folder
page
* dashboard: add Import button to manage page
* dashboard: import to folder
* Query helpers for IFQL datasource
* alerting: fixes broken table rename
* docs: docker secrets available in v5.2.0
* Remove round-robin urls in ifql DS
* IFQL range variable expansion
* alerting: renames journal table to
alert_notification_journal
* alerting: move queries from evalcontext to notifier base
* alerting: invert sendOnce to sendReminder
* changelog: add notes about closing #11657
* alerting: remove zero units from duration
* alerting: only check frequency when not send once
* always show server admin link in sidenav if grafana admin
* update google auth config docs
* changelog: add notes about closing #11525
* fix: fixed problem with expanding access mode help in ds
settings
* dep: use master branch for plugin model
* alerting: fixes invalid error handling
* fixed so default is all and general only show dashboards
* changelog: add notes about closing #11882
* added s to folderId in params
* renamed variable in tests
* added comment, variableChange -> variableValueChange
* added a test
* added if to check if new variable has been added
* Gravatar fallback does not respect 'AppSubUrl'-setting
(#12149)
* change admin password after first login
* changelog: adds note about closing #11958
* revert: reverted singlestat panel position change PR
#12004
* Revert 'provisioning: turn relative symlinked path into
absolut paths'
* provisioning: turn relative symlinked path into absolut
paths
* changelog: adds note about closing #11670
* elasticsearch: sort bucket keys to fix issue wth response
parser tests
* docs: what's new in v5.2
* made folder text smaller
* Implement code review changes
* Bug fix for repeated alerting even on OK state and add
notification_journal cleanup when alert resolves
* Fix tests
* Fix multiple bugs
* Revert changes post code review and move them to
notification page
* Feature for repeated alerting in grafana
* InfluxDB IFQL datasource
* changelog: add notes about closing #11167
* docs: docker secrets support. (#12141)
* alerting: show alerts for user with Viewer role
* datasource: added option no-direct-access to
ds-http-settings diretive, closes #12138
* provisioning: adds fallback if evalsymlink/abs fails
* tests: uses different paths depending on os
* renames intervalSeconds to updateIntervalSeconds
* changelog: add notes about closing #5893
* removed italic
* changelog: add notes about closing #11500, #8168, #6541
* Alert panel filters (#11712)
* docs: update alerting docs with alerting support for
elasticsearch
* added span with folder title that is shown for recently
and starred, created a new class for folder title
* provisioning: makes the interval for polling for changes
configurable
* provisioning: only update dashboard if hash of json
changed
* remove dead code
* elasticsearch: minor refactor
* changelog: update
* changelog: add notes about closing #10748, #8805
* save modal ux improvements (#11822)
* changelog: add notes about closing #11515
* provisioning: only provision if json file is newer then db
* Guard /explore by editor role on the backend
* make path absolute before following symlink
* provisioning: follow symlinked folders
* test: fixes broken test on windows
* changelog: add notes about closing #11771
* changelog: add notes about closing #11971
* Fix singlestat threshold tooltip (#12109)
* build: only runs db related tests on db.
* build: integration testing postegres on ci.
* build: mysql integration testing on ci.
* Fix karma tests that rely on MetricsPanelCtrl
* changelog: Second epochs are now correctly converted to
ms.
* Fix panel menu test
* Restrict Explore UI to Editor and Admin roles
* Fix CSS to hide grid controls in fullscreen/low-activity
views
* changelog: add notes about closing #11645
* Support InfluxDB count distinct aggregation (#11658)
* provisioning: enable relative path's
* changelog: note about closing #11858
* devenv: improve readme
* provisioning: place testfiles within testdata folder
* changelog: add notes about closing #11494
* Add new regions to handleGetRegions function (#12082)
* PR: minor change to PR #12004 before merge
* fix: refactoring PR #11996 and fixing issue #11551
16706hashkey in json editors
* devenv: script for setting up default datasources
* tech: updated react-grid-layout to latest official
release, closes #12100
* Fix cache busting for systemjs imports for plugins
* devenv: scripts for generating many unique dashboards
* docker: new block for elasticsearch6
* changelog: add notes about closing #12087
* sql: seconds epochs are now correctly converted to ms.
* add validation of uid when importing dashboards
* fix: add track by name in annotation list to avoid
$$hashKey in json
* changelog: adds note about closing #9703
* go fmt fixes
* configure proxy environments for Transport property
* Show create dashboard link if at least editor in one
folder
* graphite: avoid dtracing headers in direct mode
* Fix sourcemaps for webpack hot config
* return better error message when err is ErrSmtpNotEnabled
* elasticsearch: handle if alert query contains template
variable
* changelog: adds note about closing #9847
* Sparklines should scale to the data range (#12010)
* Split webpack dev config into dev and hot
* Upgrade webpack loaders (#12081)
* pin versions of xorm to resolve sql tests
* build: fixes broken path for bra run
* use sql builder for the get system stats sql query
* fix directly specified variable rendering
* remove unused function renderAdhocFilters
* send param in callback for get-param-options
* Fix #9847 Add a generic signout_redirect_url to enable
oauth logout
* make separator configurable
* fix error message
* Changed Prometheus interval-alignment to cover whole panel
range
* alerting: refactor tests
* add usage stats for datasource access mode
* Review feedback (heading, typos)
* add additional usage stats metrics
* add tests for sending usage stats
* Integrated dark theme for explore UI
* elasticsearch: adds some more/better debug logging to
client
* changelog: fix broken link to contributor
* changelog: adds note about closing #11788
* The old code for centering removed
* Backend image rendering as plugin (#11966)
* Fix typo in README.md
* build: updates publisher to support arm archs for deb and
rpm.
* Explore split view
* Fixed custom dates for react timepicker
* Explore: Design integration
* Explore: time selector
* Fix dashboard snapshot deletion (#12025)
* fix names of foreign arch packages
* elasticsearch: handle NaN values
* elasticsearch: metric and pipeline agg setting json
encoding fix
* elasticsearch: query interval override fix
* elasticsearch: default interval fix
* Document table row merge for multiple queries
* elasticsearch: pipeline aggregation fix for json encoding
* build: always build for all platforms.
* fix: remove deadcode to make gometalinter happy
* elasticsearch: refactor query handling and use new es
simple client
* elasticsearch: new simple client for communicating with
elasticsearch
* elasticsearch: refactor and cleanup
* build: removes deploy from nightly while testing it.
* update provisioning.md
* Fix ResponseParser for InfluxDB to return only string
values
* Conditionally select a field to return in ResponseParser
for InfluxDB
* build: clean up the workflow filters.
* Revert 'Conditionally select a field to return in
ResponseParser for InfluxDB'
* Revert 'Fix ResponseParser for InfluxDB to return only
string values'
* Revert 'move queryTimeout option to common setting'
* move queryTimeout option to common setting
* add query timeout option for Prometheus
* build: crosscompilation for nightlies and releases.
* set style for registered query components
* make param wrapper configurable
* fix metric column when using group by
* separate label in template from type
* use sql part component
* use sql part component
* add sql_part component
* Singlestat value: vertical alignment fix
* Added Swiss franc currency
* quote column name in buildValueQuery
* return values quotes for suggestions in where expression
* test: moves test files to testdata folder
* build: downloads and bundles phantomjs for darwin and
windows.
* build: publisher updated to support more architectures and
OSs.
* build: saves artifacts with the build
* build: crossplatform build with packages.
* build: script for tagging and pushing a release
* codespell: fixes
* fix: fixed some minor startup logging issues
* Sqlstore refactor (#11908)
* Adds constant description for units
* test: increase expire time to avoid tz issues in tests
* explore: fixes #11953
* migrated files to ts, removed unused functions from
lodash_extended
* docs: installation pages for 5.1.3
* changelog: add note for #11830
* legend: fixes Firefox/baron scroll bug
* wrote classes
* migrated jquery.flot.events to ts
* use canMakeEditable
* allow to add annotation for non editable dashboard
* scroll: temporary fix for double scrollbar issue
* backend plugins: log an error if parsing meta field failed
* backend plugins: expose meta field
* fixes following first code review
* add useful note to alerting api docs
* improve alerting api docs sample responses
* Prometheus step alignment: shift interval only on jitter
* Use babel and hot loader only in yarn start
* docs: removes notes about beeing introduced in 5.0
* lock caniuse-db version to resolve phantomjs rendering
issue
* Update dashboard_permissions.md
* move database-specific code into dialects (#11884)
* refactor: tracing service refactoring (#11907)
* fix typo in getLdapAttrN (#11898)
* docs: update installation instructions targeting v5.1.2
stable
* changelog: add notes about closing #11862, #11656
* Fix dependencies on Node v10
* Update dashboard.md
* changelog: add notes about closing #10338
* Phantom render.js is incorrectly retrieving number of
active panels (#11100)
* singlestat: render time of last point based on dashboard
timezone (#11425)
* Fix for #10078: symbol '&' is not escaped (#10137)
* Add alpha color channel support for graph bars (#10956)
* interpolate 'field' again in Elasticsearch terms queries
(#10026)
* Templating : return __empty__ value when all value return
nothing to prevent elasticsearch syntaxe error (#9701)
* http_server: All files in public/build have now a huge
max-age (#11536)
* fix: ldap unit test
* only error log when err is not nil
* rename alerting engine to service
* case-insensitive LDAP group comparison (#9926)
* changelog: add notes about closing #11813
* docs: updated changelog
* fix XSS vulnerabilities in dashboard links (#11813)
* PR: ux changes to #11528
* renames alerting engine to match other services
* allow analytics.js to be cached, enable anonymizeIP
setting (#11656)
* Revert 'Add baron scrollbar to a node managed by gafana
(#11850)'
* decrease length of auth_id column in user_auth table
* fixed svg background (#11848)
* Add baron scrollbar to a node managed by gafana (#11850)
* Fix CSS asset loading for yarn start (HMR) (#11855)
* fix: fixed gometalinter issues with Discord PR
* docs: update installation instructions targeting v5.1.1
stable
* fix root_url in docs & comments (#11819)
* changelog: 5.1.1 update
* fix: loading of css url (images/fonts)
* Support for local Docker builds
* Update ROADMAP.md
* support additional fields in authproxy (#11661)
* better handling for special chars in db config (#11662)
* Fix/improved csv output (#11740)
* Update ROADMAP.md
* Update ROADMAP.md
* Update ROADMAP.md
* Remove preceding `/` from public JS path (#11804)
* Add panel scrolling docs (#11826)
* escape pipe symbol same way as in templating docs
* changelog: add notes about closing #11616
* added left:unset to counter left:0 in recent react-select
release
* fixed text color in light theme
* changelog: add notes about closing #11800
* test if default variable interpolation is effective when
no specific format is specified
* changelog: notes about closing #11690
* changelog: add notes for ##11754, #11758, #11710
* scroll: remove firefox scrollbars
* Add missing items to Gopkg.lock
* pipe escape try #3
* use ascii code for pipe symbol to not mess up markdown
table
* try to fix table
* dont shadow format passed in as function parameter
* fix: removed manully added http server from inject graph
as it is now a self registered service
* fix: removed unused channel
* fix: comment spell fix
* fix: fixed race condition between http.Server
ListenAndServe & Shutdown, now service crash during
startup correctly closes http server every time
* refactoring: lots of refactoring around server shutdown
flows, making sure process is terminated when background
service has crashed
* refactor: provisioning service refactoring
* Metrics package now follows new service interface &
registration (#11787)
* Revert 'Opportunities to unindent code (unindent)'
* scroll: fix scrolling on mobile Chrome (#11710)
* changelog: add notes about closing #11625
* remove jest it.only to not skip important tests
* fixed so all buttons are styled not just small ones, fixes
#11616
* --amend
* fix: improved handling of http server shutdown
* add test for prometheus table column title
* Fix url encoding, expand template vars, fix TS hacks
* Explore: Add entry to panel menu to jump to Explore
* changelog: notes about closing #11498
* Initial Baby Step to refactoring settings from global vars
to instance (#11777)
* table: fix for padding
* graph histogram: fix invisible highest value bucket
* dashboard: show save as button if can edit and has edit
permission to folders
* new property for current user indicating if edit
permissions in folders
* increase length of auth_id column in user_auth table
* fix dropdown typeahead issue
* Use opportunities to unindent code (unindent)
* Outdent code after if block that ends with return (golint)
* Remove redundancy in variable declarations (golint)
* fix: minor fix to plugin service shut down flow
* appveyor: uppercase the C drive in go path
* docs: further documents changes to the docker image.
(#11763)
* disable ent build to avoid slowing down build speed
* Explore: add support for multiple queries
* Fixed settings default and explore path
* Refactoring PluginManager to be a self registering service
(#11755)
* fix: removed log calls used while troubleshooting
* refactor: refactoring notification service to use new
service registry hooks
* Enable Grafana extensions at build time. (#11752)
* revert renaming of unit key ppm
* fix to match table column name and order
* Import and typescript fixups
* Settings to enable Explore UI
* tech: removes unused code
* Explore WIP
* add deadcode linter to circleci
* pkg: fix deadcode issues
* build.go: fix deadcode issues
* docs: update current version to 5.1
* docs: update installation instructions targeting v5.1.0
stable
* changelog: update for v5.1.0
* fix so that google analytics script are cached
* prometheus: convert metric find query tests to jest
* prometheus: fix variable query to fallback correctly to
series query
* removed height 100% from panel-container to fix ie11 panel
edit mode
* replaced border hack carot with fontawesome carot fixes
#11677
* dev: Mac compatible prometheus block. (#11718)
* mssql: fix value columns conversion to float when using
timeseries query
* postgres: fix value columns conversion to float when using
timeseries query
* mysql: fix value columns conversion to float when using
timeseries query
* sql datasource: extract common logic for converting value
column to float
* added pointer to show more, reset values on new query
* docs: add known issues section for mssql documentation
* force GET for metadataRequests, w/ test
* Renamed helperRequest and removed positional args
* Move function calls w/ side-effects to componentDidMount
* changed test name and dashboardMock code
* fixed test
* add ineffassign to circleci gometalinter check
* pkg/components: fix ineffassign issues
* pkg/cmd: fix ineffassign issues
* pkg/log: fix ineffassign issues
* pkg/services: fix ineffassign issues
* removed import config
* fixed so user who can edit dashboard can edit row, fixes
#11466
* Fixes signing of packages.
* db: fix failing user auth tests for postgres
* changed rps to reqps
* bump version
* added button to show more preview values for variables,
button runs a function that increases options limit, fixes
#11508
* Added requests/sec(throughput)
* use inherited property from api when rendering permissions
* return inherited property for permissions
* pkg/tsdb: fix ineffassign isues
* fix circleci gometalinter test
* Sort results from GetDashboardTags
* Add silent option to backend requests
* docs: escape asterisk in Graphite docs
* docs: disable quoting option for MSSQL
* docs: fix example for graphite tag query
* docs: spelling
* docs: add missing backtick for mysql/postgres
* docs: fixes for table in variable docs
* build: fixes release deploy
* changelog: adds releaste date for 5.1.0-beta1
* graphite: convert ds test to jest
* build: removes gometalinter
* cli: adds os and arch headers
* slightly better example
* adjust timeFilter, timeFrom and timeTo macro examples
* docs: what's new improvements
* docs: what's new improvements
* docs: what's new
* docs: fix typos
* docs: what's new
* docs: whats new
* docs: more info prometheus heapmap to whats new
* docs: improve what's new in v5.1
* docs: what's new in v5.1 draft
* Add weback-dev-server with hot/hmr support
* build: only lint the pkg folder
* changelog: adds note about closing #11476
* dev: only build server with bra run
* add gometalinter to circleci
* comment unused struct fields
* remove unused variables detected by varcheck
* fix typo
* docs: describes variable formatting options
* docs: graphite template variables for tag queries
* docs: describes new variable formatting syntax
* changelog: notes about closing #10427
* move jest test file to specs
* make add panel panel scrollbar adjust when panel/dashboard
grid are resized
* style: code simplifications
* build: introduce -dev flag optimal for building in
development mode
* changed copied message and added forced render for width
change
* removed padding and moved carrot
* changelog: adds note about closing #11613 and #11602
* cleanup, make sure users are always synced with ldap
* Specify expected encoding for access/secret key
* make sure user's default org is kept up to date
* fix: sign in link should have target self to trigger full
page reload, fixes #11626
* codespell: exclude by words instead of files
* remove old comment
* org role sync tests
* refactor authproxy & ldap integration, address comments
* pass DN in ldap test
* tests for user auth module
* fix ldap test
* restructure GetUserByAuthInfo
* error handling
* use Result in GetAuthInfoQuery
* switch to passing ReqContext as a property
* cleanup
* switch to Result
* update auth proxy
* fixes
* fix tests
* shared library for managing external user accounts
* fix: Label font weight should be semi bold, fixes #11629
* docs: typos
* graphite: adds tests for tags and tag_values functions
* docs: update provisioning documentation
* changelog: notes about closing #10883
* changelog: adds note for #11553
* dev: only build server with bra run
* changelog: adds note for #11173
* added forceupdate to grid item so addpanel items rezie
instantly, renamed function to copyPanel, fixed panel
items height issue
* revert changes of add panel button to require save
permission
* changelog: fix typo
* changelog: notes about closing #11572
* Fix issues with metric reporting (#11518)
* changelog: notes about closing #10747
* fix: Row state is now ignored when looking for dashboard
changes (#11608)
* disable codecov comments
* add some more sort order asserts for permissions store
tests
* Revert 'build: remove code cov'
* Revert 'removes codecov from frontend tests'
* docs: update postgres macro functions documentation
* tsdb: update query and annotation editor help texts for
postgres
* changelog: notes about closing #11578
* calculate datetime for timeFrom and timeTo macro in go
* set default for sslmode to verify-full in postgres
datasource editor (#11615)
* add some more sort order asserts for permissions store
tests
* Use sort.Strings() (gosimple)
* Remove unused return value assignment (gosimple)
* Remove unnecessary fmt.Sprintf() calls (gosimple)
* Merge variable declaration with assignment (gosimple)
* Use fmt.Errorf() (gosimple)
* Simplify make() (gosimple)
* Use raw strings to avoid double escapes (gosimple)
* Simplify if expression (gosimple)
* Simplify comparison to bscl constant (gosimple)
* Simplify error returns (gosimple)
* Remove redundant break statements (gosimple)
* fix unconvert issues
* variable: fix binding bug after ts conversion
* add GetFromAsTimeUTC and GetToAsTimeUTC and use them in
timeFilter macro
* fix merge conflict
* remove changes to module.ts from this branch
* migrated dropdown-typeahead to ts (#11499)
* changelog: adds note for #11556
* changelog: adds note for #11133
* dashboard: better size and alignment of settings icons
* bra should use the proper build script
* moved version in help menu to top
* docs: elasticsearch and influxdb docs for group by time
interval option (#11609)
* changelog: improved docker image
* docs: new docker image in Grafana 5.1.0.
* added fix for test
* addeds test for sort order
* Show Grafana version and build in Help menu
* changlelog: notes about closing issues/pr's
* sqlds: fix text in comments for tests
* add codespell to circleci
* removes codecov from front-end tests
* wip: writing tests for permission sorting
* changelog: adds note about closing #11228
* remove postgresversion and convert unix timestamp in go
* Support deleting empty playlist
* Grafana-CLI: mention the plugins directory is not writable
on failure
* make timefilter macro aware of pg version
* add postgresVersion to postgres settings
* changelog: adds note for #11530
* Documentation spelling fix
* docs: fix codespell issues
* public: fix codespell issues
* conf: fix codespell issues
* blocks: fix codespell issues
* CHANGELOG.md: fix codespell issues
* scripts: fix codespell issues
* pkg: fix codespell issues
* provisioned dashboard validation should be made when
importing a dashboard
* provisioned dashboard validation should not be made from
provisioning service
* remove comment/unused variable
* docs: improves provisoning example for postgres
* docs: add mssql provisioning example
* docs: improves provisoning example for each datasource
* ordered user orgs alphabeticaly fixes #11556
* permissions sorting fixed + icon same size as avatrs
* docs: update mssql with azure sql database support
* changelog: adds note for #11569
* docs: update default annotation limit when querying api
* Mention the ?inactive parameter in the docs
* Add another URL param ?inactive? which works like ?kiosk?
but with title
* tsdb: remove unnecessary type casts in sql data sources
macro engines
* tsdb: sql data sources should handle time ranges before
epoch start correctly
* change annotation limit from 10 to 100
* remove mistakenly added styles
* fix right side legend rendering in phantomjs
* scrollbar: fix so no overflow for legend under graph
* build: remove code cov
* scrollbar: fixes continuation scrolling for iOS
* added styling to fontawesome icons so they have same size
as the other icons
* Improve wording
* Add minimal IAM policy example for CloudWatch data source
* PR comments
* docs: fix typo of default port for mssql
* minor scrollbar fixes
* scrollbar: remove unused div
* dashboard: show baron scrollbar in dashboard panel when
mouse is over
* fix so that page scrollbars can be scrolled by keyboard on
page load
* fix so that dash list panel are rendered correctly
* panel: add baron scroller to correct element
* Windows build updated to go1.10.
* scrollbar: use native scroll for page
* converted functions to arrow functions
* folders: fix permissions in folder picker component
* permission: fix user with org viewer save/move permissions
* alerting: handle invalid json format
* docker: change mysql container so that it uses utc
* mysql: use a datetime column with microsecond precision in
test
* tsdb: improved floating point support when converting sql
time column to epoch (ms)
* added @ngInject
* provisioning: dont override permissions
* provisioning: simplify db query
* mssql: fix precision for time columns in time series query
mode
* postgres: support running multiple postgres integration
tests
* postgres: fix precision for time columns in time series
query mode
* mysql: fix precision for time columns in time series query
mode
* mysql: mysql tests should use a db server with UTC
* provisioning: fixes broken tests
* tsdb: add support for more data types when converting sql
time column to epoch (ms)
* provisioning: check provisiong before saveCmd
* provisioning: fixes typo
* provisioning: adds error handling
* added @ngInject
* playlist: add missing nginject attribute
* Update annotations.md to contain correct annotations api
path
* removed console.log
* docs: update after #11531
* docs: improves provisoning example text
* fix test
* convert graphite epoch to ms
* skip mssql fix
* add mssql and mysql
* don't convert to uint64
* scrollbar: fix phantomjs rendering error
* prevent angular from evaluating {{hostname}} in tooltip
(#11514)
* using millis for annotations too
* data source: rename direct/proxy access mode in data
source settings
* Fix ResponseParser for InfluxDB to return only string
values
* Conditionally select a field to return in ResponseParser
for InfluxDB
* docs: fixes typo
* docs: updated debian distro in install docs to stretch,
closes #11527
* Revert files
* Fix after merge
* Make dashboard JSON editable
* guardian: when updating permissions should verify existing
permissions
* api: allow authenticated users to search current org users
and teams
* css: quick fix after IE11 changes
* scrollbar: fix add panel height bug
* scrollbar: styles cleanup
* migrating to ts
* fixed sidemenu icon issue created by earlier pr
* added icons for viewer and editor, fixed add permission
team avatar
* singlestat: Fix optimization in
setTableColumnToSensibleDefault
* influxdb: Check before assuming first column to be 'time'
* provisioning: fix tests for save provisioned dashboard
modal
* provisioning: ux fixes when saving provisioned dashboards
* graphite: use a query when testing data source
* migrated metric_segment to ts
* scrollbar: fix search scroller in mobile view
* scrollbar: fix graph legend height
* changelog: adds note for #11165
* migrated dash_class to ts
* migrated segment_srv to ts
* removed indent for manage dashboards
* scrollbar: fix potential memory leaks in event handlers
* skip migration if it is a big number
* Use curly brackets around hyperlink help text #11478
(#11479)
* scrollbar: fix dashboard width updating for different
modes
* scrollbar: remove perfect-scrollbar and add baron to
package list
* scrollbar: fix dashboard width bug
* scrollbar: fix 'legendScrollbar.destroy is not a function'
error
* Alerting: Fixing mobile notifications in Microsoft Teams
* created closeDropdown function, renamed appevent, added
second appevent for open timepicker
* permissions: return user and team avatar in folder
permissions api
* permission: generate team avatar url with default
* migrated playlist-routes to ts
* migrated last all.js to ts
* scrollbar: fix Firefox scroll position restore
* Notes for closing #7119
* changelog: adds note for #11128
* variables: adds test for variable sorting
* Add case-insensitive sort for variables.
* graphite: fixes #11434
* settings: fixes test
* changed from margin to padding
* fixes for avatar on adding permission and size for gicon
* scrollbar: fix side menu on mobile devices
* changed variable for tabbed close btn hover, and changed
text-strong variable for lighttheme, removed commented out
variable
* mssql: typos in help sections
* docs: spelling
* added if to onAppevent, renamed appevent, add appevent to
applyCustom and setRelativeFilter
* Webpack Grafana plugin template project to links (#11457)
* scrollbar: fix Firefox issue (white stripe on the right of
scrollbar)
* scrollbar: fix legend rendering issues
* Initially move to baron scrollbar
* rm panel.type constrain from threshold_mapper.ts (#11448)
* No need for node_modules/bin in npm run-script (#11449)
* changelog: adds note about closing #11555
* add article
* fix some typos
* docker: add users and groups to ldap block
* timepicker now closes without exiting edit/view mode,
close order: modal, timepicker, view
* migrated graph_tooltip to ts
* started migration to ts
* Fix #10555 #6888 Better escape for Prometheus variables
* bounnd the esc key to exit timepicker
* print to stderr since logger might not exist
* settings: return error instead of ignoring it
* docs: adds provisioning examples for all datasources
* Fixed typo in upgrading.md
* docs: rpm install page - update to centos 7
* docs: install pages for v5.0.4
* removed padding for icons and added margin
* changelog: another update for v5.0.4
* changelog: update for v5.0.4
* changelog: adds note about closing issues
* fixed graphpanel editmode and custom width for right side
legend for IE11
* alerting: bad default state for notifiers
* Clarified formatting multiple values doc
* Add Google Hangouts Chat notifier.
* dashboard: allow alerts to be saved for new/provisioned
dashboards
* add response_parser test
* add fallback for gravatar in org/admin view
* tech: migrates to none deprecated mail lib
* docs: not about email notifications and local img store
* alert: fixes broken link back to grafana
* docs: update table plugin documentation with value/range
to text mapping
* cleanup and add more test
* table panel: additional fixes for value to text mapping
* add value to text mapping
* provisioning: better description for provisioned save
modal
* dashboards: reject updates of provisioned dashboards
* notes about closing #9210
* fixed alignment in search + fixed issue ie popup
* changelog: adds note about closing #11102
* sidemenu fix for internet explorer 11, changed icon
width/height to pixels and added height to logo
* docs: prometheus ds, remove 'new in v4.3' note
* remove categories from queryPart
* fix a terms bug and add test
* remove unused import
* handle aggregate functions more generic
* Add new currency - Czech koruna
* docs: update heatmap and prometheus docs, #10009
* provisioning: improve UX when saving provisioned
dashboards
* styled login page for ie11
* - pipeline aggs support - add some test
* support non-nested menu entries
* provisioning: removes id from dashboard.json
* Handle Interval Date Format similar to the JS variant
https://github.com/grafana/grafana/pull/10343/commits/7e14e272fa37df5b4d412c16845d1e525711f726
* Use net.SplitHostPort to support IPv6
* add missing word to graphite docs
* set right series name
* Missed the 'p d' hint in the popup-menu
* Add hints for the 'pd' Duplicate Panel command from PR
#11264
* remove README changes
* finished CODING PHASE 1
* wip
* notes about closing #11306
* cleanup
* changelog: unix socket permissions
* Adjust permissions of unix socket
* docs: fix typos
* docs: update postgres, mysql and mssql documentation
* docs: update graph panel documentation
* docs: tweaks
* changelog: adds note about closing #5855
* remove dashboardId check... i can't figure out how the
tests work
* get circle to run tests again
* add dashboardId to test
* remove api tests
* fix operator
* remove constraint from sqlstore
* move dashboard error to API (not sql)
* legend: small refactoring
* changelog: adds note about closing #11278
* docs: spelling
* docs: add intro paragraph to provisioning page
* Cleanup CircleCI V2 Conversion
* Make golint happier
* dooh
* update the updated column!
* using circle as my tester
* using circle as my tester
* adding tests, but they arent running locally
* changelog: notes for #1271 and #2740
* graph: minor fixes to y-axes alignment feature
* added save icon to save buttons
* removed trash can icon from save buttons
* mysql: skip tests by default
* Return actual user ID in UserProfileDTO
* convert epoch to milliseconds
* adding updated column
* mssql: update query editor help
* mysql: fix precision for the time column in
table/annotation query mode
* postgres: fix precision for the time column in
table/annotation query mode
* mssql: fix precision for the time column in
table/annotation query mode
* mssql: remove UTC conversion in macro functions
* mssql: fix timeGroup macro so that it properly creates
correct groups
* small screen legend right also work like legend under in
render + set scrollbar to undefined in destroyScrollbar so
it doesnt become disabled when toggeling between right and
under
* dashboard version cleanup: more tests and refactor
* Make golint happier
* fixed so legend right works like legend under on small
screens
* adding created column
* Alerting: move getNewState to EvalContext
* minor refactor of dashboard version cleanup
* refactor: dashboard version cleanup
* limit number of rows deleted by dashboard version cleanup
* fix dashboard version cleanup on large datasets
* docs: add variable regex examples (#11327)
* graphite: adds more traces for alerting
* sql datasource: extract common logic for converting time
column to epoch time in ms
* docs: details about provisioning elastic
* update email default year and name
* dataproxy: adds dashboardid and panelid as tags
* Alerting: Add retry mechanism and its unitests
* docs: spelling
* snapshot: fix legend rendering bug
* session: update defaults for ConnMaxLifetime
* snapshots: removes errors for empty values in ViewStore
* Allocated to a separate alignment block. Replaced the
attribute of the second axis by the attribute of the axes.
* Expose option to disable snippets
* changed var to const, changed to string interpolation
* mssql: adds test for time should be ms in table mode
* Remove unused kibana images
* changed var to const
* changelog: adds note about closing #11114 & #11086
* mssql: convert tests to jest
* mssql: fix precision for time column in table mode
* converted file to ts
* changelog: notes about #10093 and #11298
* dashboard: fix phantomjs panel rendering in collapsed row
* Fixed unit test.
* Changed the way this feature was activated. And changed
tolltip.
* Added validation of input parameters.
* converted file to ts
* docs: update using mssql in grafana
* fix: only run gofmt on pkg directory omitting vendor
directory
* fix: dep ensure. now without gofmt on ventor directory
* mssql: add integration test to verify stored procedure
usage
* mssql: encrypt password in database
* mssql: remove dynamic construction of metric column and
other columns
* docker: pin microsoft/mssql-server-linux to 2017-CU4 tag
* docs: improve guide for high availability
* fix: only run gofmt on pkg directory omitting vendor
directory
* test
* mssql: cleanup and minor refactor
* mssql: allow host without port and fallback to default
port 1433
* docker: update test dashboard for mssql tests
* mssql: cleanup and minor changes
* Missed thanks in changelog
* Adds pagerduty api update to changelog.
* mssql: update readme
* mssql: update test dashboard
* docs: Using Microsoft SQL Server in Grafana
* mssql: remove logos for now
* docs: mssql documentation will go into another branch
targeting next minor version
* Updated roadmap for 5.1
* Minor format changes
* Changed Swedish and Icelandic currency
* fix failed tests for dashboard view state
* dashboard: fix rendering link to panel in collapsed row
* docs: update install docs for 5.0.3
* changelog: 5.0.3
* mssql: add alternative logo without text
* mssql: strip inkscape from logo
* mssql: minor improvements of query editor help
* mssql: skip rendering of mssql logos until we have a valid
logo
* docker: add test dashboard for mssql tests based on test
data generated by integration test
* mssql: additional integration tests
* mssql: support money, smallmoney and decimal data types
* mssql: update plugin.json, added description and name
MSSQL -> Microsft SQL Server
* added indent to dashboards inside folder in search
dropdown, and added indent to dashboard icon in search
item
* session: fork Macaron mysql session middleware
* database: expose SetConnMaxLifetime as config setting
* database: fixes after xorm update
* database: update xorm to v0.6.4 and xorm core to v0.5.7
* prometheus editor: variable autocomplete support (PR
#9988)
* made a keyboard shortcut to duplicate panel
* docs: update mssql documentation
* mssql: disable mssql integration tests per default
* mssql: timeGroup fill support added.
* mssql: add timeGroup integration test
* alertmanager: /Creating/Sending/
* mssql: adds fill to timeGroup macro.
* allow any database for influx proxy
* remove
* alertmanager: handle resolved alerts, nodata, and
execution errors
* add regex search of username and password in urls, which
are replaced by strings.Replace
* notitfiers: avoid ShouldNotify duplication
* fix merge error
* alertmanager: if there are no alerts to send, do nothing
* docker: change port for prom random data scrape target
* mssql datasource: wip
* docker: mssql and mssql tests blocks with common build
context
* fix lint problems
* fix lint problems
* fix lint problems
* read aggregate functions from database
* add buildAggregateQuery
* Update README.md
* docker: fake-data-gen:latest updates
* Resolved conflict
* docs: more details about slack notifier
* properly handle IN queries
* docs: updates latest release for docs
* changelog: improve description of closed issues
* renderer: avoid redirect render requests
* changelog: adds notes about 5.0.2
* dashboard: fix import dashboard with alert rule
* middleware: recover and retry on session start
* alerting: supports extracting alerts from collapsed panels
* join multivalue variables with ,
* revert special handling for IN
* put values for IN in parens
* dont quote where constraints
* docker: add test dashboard for mssql for visualizing data
generated by fake-data-gen
* add regex operators
* mssql datasource: support for timeGroup macro function
* Added Kilopascals(kPa) under pressure
* Added W/m2(energy) and l/h(flow)
* folders: should be possible to browse folder using only
uid
* remove unused setting
* dashboards: should be possible to browse dashboard using
only uid
* mssql datasource: additional data type tests
* docker: add mssql block
* Added icon for iOS web app
* changelog: add note about closing #8151
* alerting: adds back the link to grafana.
* Fix CI
* Modify Grafana Pagerduty notifier to use Pagerduty API V2
* graph: minor refactor of histogram mode PR #8613
* changelog: adds note about closing #11220
* style: dont expose func outside package
* teams: removes quota on route
* changelog: adds note about closing #11143
* changelog: adds note about closing #11107
* Second to HH:mm:ss formatter (#11105)
* changelog: adds note about closing #10009
* docs: fix an outdated link to Prometheus's doc
* Added concentration units and 'Normal cubic metre'
* Corrected work for graphs created before this feature.
* Replaced array values to variables yLeft and yRight for
easy reading code.
* Rename test file according module name.
* prometheus: fix bug introduced by #9859 (httpMethod is
undefined)
* prometheus: add tests for heatmap mode
* prometheus: datasource refactor
* Fix urls in plugin update_checker logs
* changelog: adds note about closing #10029
* docs: add team api link from http api reference page
* added test for sorting and filtering
* changelog: adds note about closing #9859
* Refactoring
* set default value of httpMethod
* support POST for query and query_range
* cleanup where segment handling
* remove limit
* handle variables in where constraints
* Adding Timeticks unit
* properly quote where constraint parts
* quote schema and table
* docs: minor fix for dashboard http api documentation
* build: cleanup
* build: removes custom work dir in deploy.
* build: upgrades build pipeline from CircleCI 1.0 -> 2.0
(#11162)
* github: test new issue tempalte
* dev: update dev prometheus2 to 2.2.0
* changelog: adds note about closing #10925
* docs: update latest to 5.0.1
* push 5.0.1 to package cloud
* changelog: adds release date for 5.0.1
* bump master build to 5.1.0-pre1
* move quota to dedicated service
* Fix indent
* docker: add prometheus/example-golang-random to
docker-compose blocks
* Fix the code to match the documentation.
* rename Context to ReqContext
* fix, set default highResolution setting
* changelog: note about closing #11145 and #11127
* docs: adds note about closing #10632
* removes commented code
* removes unused variables
* upgrade to go 1.10
* alerting: fixes validation error when saving alerts in
dash
* add csv templating format
* docs: note about closing #11046
* docs: adds note about #10942
* heatmap: add explanation of Time series buckets mode
* Add color to prefix and postfix in singlestat
* replaced if with classNames
* heatmap: able to set upper/lower bucket bound manually
* heatmap: refactor
* added media breakpoint to legend-right
* Documentation: path '~/go' to '$GOPATH'
* Update ROADMAP.md
* add panel to list now copy, started on jest
* docs: improves docs for alert rules
* heatmap: fix Y axis and tooltip decimals and units issues
* Append test to check not zero level.
* Add bs-tooltip to Y-Align element.
* move Context and session out of middleware
* only use jwt token if it contains an email address
* scrolling: faster wheelspeed
* docs: improves provisioning description
* changelog: adds note about closing #10975.
* changelog: adds note about closing #7107
* changelog: adds note about closing #11103
* changed background for mobile menu background on light
theme, increased font size in and added border-right in
menu
* heatmap: fix tooltip count and bucket bound format
* alerting: Limits telegram captions to 200 chars.
* changelog: note about closing #11097
* hide row actions for viewers
* fixes invalid link to profile pic when gravatar is
disabled
* changelog: adds note about closing #11016
* fix: restores white resize handle for panels, fixes #11103
* changelog: adds note about closing #11063
* fix typo in heatmap rendering.ts (#11101)
* docs: add v5.1 to versions
* docs: fill for mysql/postgres
* ignore iteration property when checking for unsaved
changes
* changelog: notes for #11055 and #9487
* use net/url to generate postgres connection url
* made drop-menu into link
* heatmap: sort series before converting to heatmap.
* use metricColumn in query builder
* set rawSQL when rendering query builder query
* fix group by column
* clean up aggregation functions
* fix variable interpolation
* rename field to column
* Fix Prometheus 2.0 stats (#11048)
* docs: removed beta notice in whats new article
* remove spaces around arguments of macros
* remove spaces around arguments before calling macro
expansion
* docs: update current version to 5.0
* docs: update install pages for v5.0.0
* update version to 5.0.1-pre1
* changelog update for 5.0.0 stable
* Add metrics that triggered alert to description
* build: updated version
* heatmap: hide unused Y axis controls for tsbuckets mode
* heatmap: format numeric tick labels in tsbuckets mode
* heatmap: add rendering tests for tsbuckets mode
* Fix Github OAuth not working with private Organizations
(#11028)
* login: hide sign up if configured so. Fixes #11041
* permissions: fix validation of permissions before update
* dashboard: add permission check for diff api route
* permissions: remove client validation and handle server
validation
* dashboards: change dashboard/folder permission error
messages
* dashboards: handle new guardian error responses and update
tests
* folders: handle new guardian error responses and add tests
* dashboards: don't allow override of permissions with a
lower precedence
* Alerting: Fix OK state doesn't show up in Microsoft Teams
(#11032)
* grammar fix, add dir, and remove redundant info
* heatmap: use series names as top or bottom bounds, depends
of datasource
* heatmap: refactor
* heatmap: add few tests for histogram converter
* fix: changed react-grid-layout to use grafana fork to a
commit before
https://github.com/STRML/react-grid-layout/commit/15503084fb7b0af826427c8c0706901e5745a39f,
this fixes all the panel movement bugs, fixes #10831
* heatmap: fix Y bucket size calculation for 'tsbuckets'
mode
* gave scroll-canvas-dashboard 100% height in kiosk-mode,
fixes #11010 (#11017)
* docs: update to install pages for beta5
* changelog: update for v5.0.0-beta5
* added admin icon and permission member
definitions(role,team,user)
* build: update to version 5.0.0-beta5
* [doc] Fix extra alerting options in
installation->configuration
* yarn: update lock file with tarball change
* build: use tarball instead of git commit for tether drop
* improve maintainability
* docs: fix type in datasource http api
* docs: adds accesskey and secret to securejsonfields
* support [[variable:type]] syntax
* offer template variables for tags
* feature for issue #9911
* Added radiation units
* docs: update shortcut docs
* dashboards: remove non-supported keyboard shortcuts for
delete/collapse row
* dashboards: fix keyboard shortcut for expand/collapse rows
* dashboards: fix keyboard shortcut for remove panel
* snapshots: fixes cleanup of old snapshots
* docs: minor folder http api changes
* Update ROADMAP.md
* Update ROADMAP.md
* heatmap: fix bucket labels shift
* heatmap tooltip: fix bucket bounds for 'tsbuckets' mode
* heatmap tooltip: fix count decimals
* heatmap: fix tooltip histogram for 'tsbuckets' mode
* heatmap: use buckets from histogram with 'tsbuckets' mode
* dashboards: created/updated and createdby/updatedby should
be set before save
* Add unit tests.
* Refactoring code
* Fix save as dashboard from folder to General folder
(#10988)
* changed name of copy tab to paste
* added no copies div
* prometheus: tests for heatmap format
* dashboards: cleanup
* folders: use folder api for retrieving folder
* dashboards: fix batch dashboard/folder delete response
* fix: elasticsearch terms size now allows custom values
again, fixes #10124
* added highlighter, fixed setState and changed back flex to
spacea around
* folders: fix create folder in folder picker
* added tabs and searchfilter to addpanel, fixes#10427
* snapshots: change to snapshot list query
* prometheus: initial heatmap support
* docs: update http api index
* docs: dashboard and folder permissions http api
* docs: folder http api
* permissions: use updated api endpoint for dashboard
permissions
* fix typos in api, acl to permissions
* folders: rename folder_acl in api to folder_permission
* dashboards: change api route for dashboard permissions
* folders: fix typo
* folders: extend folder service tests
* dev: docker-compose setup for prom2.
* folders: folder api tests
* fix: scrollbar position now to max right pos, fixes #10982
* Fixes for heatmap panel in Grafana 5 (#10973)
* docs: updated cloudwatch docs add dimension filter as a
option for dimension_values query.
* folders: folder permissions api tests
* dashboards: make fake dashboard guardian available to
other packages
* fix: added new known data source plugins, and minor
migration fix for v1 dashboards
* folders: folder permission api routes
* folders: fix api error mapping
* folders: basic integration tests for folders
* folders: use new folder service in folder api routes
* folders: new folder service for managing folders
* dashboards: created date should be set when creating a
folder/dashboard
* fix: fixes to signup flow, fixes #9816
* Refactoring code. Change Y-Zero to Y-Level.
* fix: fixed github oauth login with allowed orgs filter,
fixes #10964, reverts #10851
* fix: plugin dashboard did not get plugin id after import
* feat(ldap): Allow use of DN in user attribute filter
(#3132)
* added scroll to org list modal (#10960)
* added an if to check for null to sort null as 0 (#10961)
* fix: alert history list now shows on graphs with manually
added annotation events, fixes #10968
* provisioning: dont ignore sample yaml files
* docs: updated for changelog and docs with beta4
* Correct typo in DashboardInputMissingError
* build: updated build version to v5.0-beta4
* graph: added 0.5 point radius option
* Shouldn't be able to overwrite a dashboard if you don't
have permissions (#10900)
* influxdb: escape backslashes in tag values (for alerting)
* [elasticsearch] Allow nested fields for annotation source
(#10936)
* changed m3 and dm3 to fixedUnit, fixes #10920 (#10944)
* migrate panels in collapsed rows (#10948)
* Share zero between Y axis.
* Add hook processRange to flot plugin.
* login: migration fix.
* login: uses epochs for login throtting.
* fix: fixed redirect after save, fixes #10946
* fix: esc key now closes panel edit/view mode as usual,
fixes #10945
* docs: updated to beta3
* alerts: refactoring tests
* alerting: pausing alerts modifies updated.
* test: added integration test for #10941
* refactoring: alert rule query refactoring (#10941)
* updated version to v5-beta3
* db: reduce name column size in dashboard_provisoning
* teams: adds some validation to the API
* docs: status code changes for Team API
* docker: add test dashboards for mysql and postgres for
visualizing data generated by fake-data-gen
* cli: download latest dependency by default
* Revert 'removes dependencies install for plugins'
* migrate minSpan (#10924)
* Close modal with esc (#10929)
* repeat row: fix panels placement bug (#10932)
* docs: team API. Closes #10832
* Update sample.ini
* Update ldap.toml
* Update ldap.md
* Minor typo fix
* plugins: update meta data for all core plugins
* alert notifiers: better error messages.
* support cloudwatch high resolution query
* chore: adds comment for exported function
* updated download links
* docs: Updated changelog
* updated package.json version
* fix: more phantomjs fixes
* fix: refactoring #10922
* Fix phantomjs legend rendering issue, #10526
* mark redirect_to cookie as http only
* dashboard: whitelist allowed chars for uid
* updates readmes for mysql and postgres (#10913)
* Set default threshold axis to 'left' for panels created
before this feature.
* provisioning: adds setting to disable dashboard deletes
* tech: dont print error message on 500 page
* removes dependencies install for plugins
* tests: makes sure we all migrations are working
* provisioning: uses unix epoch timestamps. (#10907)
* improve error message for invalid/unknown datatypes
(#10834)
* add AWS/States Rekognition (#10890)
* Dashboard acl query fixes (#10909)
* wip: dashboard acl ux2, #10747
* permissions: refactoring of acl api and query
* bug: return correct err message
* initial fixes for dashboard permission acl list query,
fixes #10864
* provisioing: always skip sample.yaml files
* provisioning: handle nil configs
* sql: removes locale from test to mirror prod.
* adds tests that validate that updated is correct
* provisioning: code formating
* provisioning: adds logs about deprecated config format
* provisioning: support camelcase for dashboards configs
* provisioning: support camcelCase provisioning files
* API Integration Tests via jest (#10899)
* ux: refactoring #10884
* Invalid url in docs
* Duplicate typo fixed
* add 13-24 for min width (#10891)
* sass/base: import from current dir in _fonts.scss (#10894)
* fix: removed logging
* fix: sql search permissions filter fix
* provisioning: Warns the user when uid or title is re-used.
(#10892)
* Minor typo fix
* new dashboard is now hidden from viewer, fixes #10815
(#10854)
* fixed bg gradient, fixes #10869 (#10875)
* login: fix broken reset password form (#10881)
* moved div in code
* added buttons and text to empty dashboard list
* docs: spelling.
* docs: update dashboard permissions http api docs
* Cloudwatch dimension_values add dimension filter.
* dashboard: always make sure dashboard exist in dashboard
acl http api (#10856)
* Fix #10823 (#10851)
* provisioning: better variable naming
* ux: minor tweak to grid resize handle color
* teams: use orgId in all team and team member operations
(#10862)
* permissions: might have a solution for search
* Fixes for graphite tags editor (#10861)
* fix: clear items list before fetching permissions list
* provisioning: dont return error unless you want to cancel
all operations
* provisioning: createWalkFn doesnt have to be attached to
the filereader anymore
* provisioning: update sample config to use path
* provisioning: avoid caching and use updated field from db
* update README.md regarding running tests
* update README.md regarding running tests
* docs: minor docs update
* docs: updated docs landing page
* provisioning: delete dashboards before insert/update
* user picker should only include users from current org
(#10845)
* Correct code style.
* db test: allow use of env variable for database engine to
run tests for
* dashboard and folder search with permissions
* provisioning: fixed bug in saving dashboards.
* dashboard: fix delete of folder from folder settings tab.
* append test to thresholds on right axis
* Update logic for create/update dashboard, validation and
plugin dashboard links (#10809)
* added width class to add member choose (#10835)
* add where constraint handling
* add query_builder
* docs: adds uid to dashboard.json reference docs
* Fix #7107
* fix: initial fix for #10822
* fix: folder redirect after creation
* dashfolders: fixes #10820
* fix: fixed bug with redirect after new dashboard saved,
related to buggy angularjs location path/url and base
href, fixes #10817
* docs: describe uid for dashboard provisioning
* fix: removed old shortcut that does not exist, fixes
#10802
* build: fixed recovery test
* fix: css fix, found a better way to fix #10772
* fix: minor build fix
* fix: error handling now displays page correctly, fixes
#10777
* heatmap tooltip: minor refactor
* fix: changed dashboard title length to match slug length,
will fix mysql index size issue, fixes #10779
* docs: added graphite section
* docs: minor update
* graph panel: fix csv export (series as col) (#10769)
* org-switcher: should redirect to home page (#10782)
* embedded panel: hide side menu during init (#10788)
* docs: update http api for api index, dashboard, folder and
dashboard search
* scroll: css for #10722
* dashlist: scroll fix when no header
* docs: video fix
* Update changelog with deprecation notes of http api
* redirect 'permission denied' requests to '/' (#10773)
* docs: fix
* scroll: use wheelpropagation. Ref #10772
* docs: update dashboard model, persistent urls and api
changes in what's new in v5
* docs: fix download link
* docs: minor update
* docs: adds http api dashboard permissions
* docs: updated whats new
* docs: update dashboard model, new url structure and api
changes in what's new in v5
* build: updated publish script
* docs: update docs with download links
* build: increased version to beta1
* fix: fixed permission list caching issue, fixes #10750
* Stale permissions (#10768)
* adds unique index for org_id+folder_id+title on dashboards
(#10766)
* docs: fix links in HTTP API Reference page
* dashboards: render correct link for folder when searching
for dashboards (#10763)
* fix panel menu caret placement (#10759)
* permissions: fix link to folder from permissions list
* dashboard: fix loading of snapshot and scripted dashboard
(#10755)
* changes to new urlformat for home dashboard (#10738)
* fix: alert list links did not work, changed dashboardUri
to Url, this is breaking api change in alert api (#10756)
* docs: typos and wording.
* ux: hide sidemenu in kiosk mode, and while playlist is
playing, fixes #107402
* dashboard: fix redirect of legacy dashboard url's
* make metricColumn functional
* add metric column selector
* docs: add spaces to timeseries example
* fix: restored tags to search
* fix frontend validation for creating new folder and import
dashboard (#10737)
* #10724 Fix whitespace
* poc: merge sync
* #10724 Fix finding the x bucket
* docs: dashboard provisioning
* handle new error message
* removes uid when using 'save as'
* dashfolders: rename Root folder to General. Closes #10692
* Light theme icon color (#10730)
* folders: use new folder api in frontend
* folders: changes and updated tests after merging
permissions and new url structure
* folders: rename api files
* dashboards: revert logic of returning 404 in dashboard api
if it's a folder for now
* db: fix failing integration tests for mysql and postgresql
* docs: add examples for dashboard permissions
* Update search datasource by name API path
* fix for dashboard/folder url's when having a sub path in
root_url config
* ux: added max width to dashboard settings views
* add gofmt as precommit hook
* dashfolders: adds test for permission store
* dashfolders: adds permission modal to dashboard settings
* register handler for get dashboards by slug
* make it easier for dashboards to generate ur;
* changes dashboard url in alertlist
* alert: use new url format
* Improve logging in the phantomjs renderer (#10697)
* route params from angular to view store should be updated
on routeChangeSuccess
* repeat panel: process repeats when row is expanding
(#10712)
* folders: changes needed due to merge
* docs: removed section with session table sql, that is not
needed anymore
* ux: fix for responsive breakpoints and solo mode showing
sidemenu
* support multiple histogram series
* docs: moved whats new article to master
* ux: fixed issue with zoom on graph caused scroll, fixes
#10696
* dashboard: refactor logic for retrieving url for
folder/dashboard
* update text, fix a few typos
* dashboards: update dashboard/folder url if browser url is
not the same as from backend
* dashboards: when restoring a dashboard to an older
version, set current uid
* dashboards: fix updating folder so that correct url is
returned
* dashboards: remove slug property in dashboard search
responses
* folders: change the front end route for browsing folders
* dashboards: add validation to delete dashboard by slug
* dashboards: new route for deleting dashboards by uid
* plugins: return table with empty rows array insteaf of nil
* retry uid generation
* fix: use replace when redirecting to new url
* ux: Change input width of UserPicker and TeamPicker in
AddPermissions component #10676
* viewstore: fix test after merge
* tests: Add TeamPicker test and update
TeamPicker/UserPicker snapshots so they match the latest
classNames update #10676
* dashfolders: fix for folder picker
* ux: Add an optional className to the UserPicker and
TeamPicker #10676
* dashfolders: fixes #10671. Allow Editors default access to
Root.
* docs: added redirect from old provision page, #10691
* tests: Move tests from Permissions to AddPermissions
#10676
* tests: Update tests in PermissionsStore and rem out the
Permissions-tests for now #10676
* docs: added permissions page and updated folder docs
* dashfolders: text change
* dashfolders: special case for folders in root
* add groupby to querybuilder remove unused aggregations
* gofmt...
* spelling
* Verifies requirement of id in dashboards.
* ux: POC - Update 'Add permissions' design and add a fancy
animation #10676
* ensure dashboard title is unique in folder
* docs: Remove obsolete Ansible rule (#10689)
* docs: Fix outdated provisioning link (#10690)
* Renamed 'Period' to 'Min period' in CloudWatch query
editor (#10665)
* created cta-bg variable and changed bg color on light
theme (#10693)
* Repeat panels when row is expanding (#10679)
* dashboards: make scripted dashboards work using the old
legacy urls
* dashboards: redirect from old url used to load dashboard
to new url
* docs: updated whats new
* playlist: fixes #10254
* dashboards: add new default frontend route for rendering a
dashboard panel
* alerting: small refactoring
* dashfolders: POC - Use separate component for 'Add
permission' #10676
* removes uniqnes check on slug when saving dashboards
* Drops unique index orgid_slug from dashboards.
* plugins: return empty tables array insteaf of nil
* url: fix for bsclean querystring parameters
* moved icon (#10681)
* docs: updated whatsnew
* docs: progress on whats new article
* docs: updated version
* docs: fixed order of sidemenu
* test: fixes failing test in go1.10
* dashboards: fix links to recently viewed and starred
dashboards
* dashboards: use new *url* prop from dashboard search for
linking to dashboards
* dashboards: when saving dashboard redirect if url changes
* dashboards: add new default frontend route for loading a
dashboard
* dashboards: return url in response to save dashboard.
#7883
* dashboards: ensure that uid is returned from
getSaveModelClone
* alertlist: disable pause button when user does not have
permission
* dashboards: revert adding api for retrieving uid by slug
* util: remove retry logic in shortid_generator
* dashboards: add url property to dashboard meta and search
api responses
* dashboards: api for retrieving uid by slug. #7883
* dashboards: add support for retrieving a dashboard by uid
* dashboard: change unique index for uid to include org_id
* dashboards: return uid in response to creating/updating a
dashboard. #7883
* dashboards: extract short uid generator to util package.
#7883
* dashboard: fix failing test. #7883
* dashboard: generate and include uid in dashboard model.
#7883
* db: add migrations for creating a unique index for uid.
#7883
* db: add migrations for generating uid for existing
dashboards. #7883
* db: add new column uid to the dashboard table. #7883
* enhance render function
* add postgres_query.ts
* moved icon (#10681)
* dashfolders: remove inline styles
* fixed width of images and removed gifs and fixed text a
bit in search
* docs: fixed order of sidemenu
* test: fixes failing test in go1.10
* new gifs for search
* docs: adds more info about whats new in v5
* docs: updated versions.json
* alerting: add permission check in api for pausing alerts
* query builder changes
* dashfolders: adds comment for dashboard api tests
* more query builder components
* docs: added versions file
* dashfolders: adds comment for dashboard acl test
* api: extract api test code to common_test.go
* repeat panel: minor refactor
* WIP: folder api. #10630
* changed img for shortcuts
* replaced img in export_import and sharing
* Fix horizontal panel repeat. Fix #10672.
* dashfolders: Add min-width to align icons in permissions
list and some margin between icon and text #10275
* ui: Fix Firefox align issue in dropdowns #10527 (#10662)
* fix: InfluxDB Query Editor and selecting template variable
in where clause caused issue, fixes #10402, fixes #10663
* dashfolders: link to folder for inherited permissions
* test: Update Tooltip test to check for className support
* changed img-link for timerange imgs and some text
* fix: remove repeated rows when repeat was disabled.
(#10653)
* test: Update Popover test to check for className support
* dashfolders: Get rid of unused import #10275
* dashfolders: Use grafana's question mark instead of FA's
and use the react tooltip instead of angular's #10275
* dashfolders: Add className to Tooltip component
* fix: don't show manually hidden sidemenu after view mode
toggle (#10659)
* dashfolders: css class as parameter for Picker
* dashfolders: select with description for permissions
* fix: show sidebar after mouse wheel scrolling (#10657)
* fix: tweak of PR #10635
* ux: minor tweak of #10634
* plugins: only set error if errorstring is not empty
* Revert 'Fix typeahead to avoid generating new backend
request on each keypress. (#10596)'
* call render in query
* dashfolders: add help popover. Add folder title for
inherited permissions
* dashfolders: use react component for dashboard permissions
* added hash rate units for monitoring mining processes
* replaced input with gf-form-dropdown
* reverted media queries
* graphite: fix nested alerting queries (#10633)
* fix for sm
* added media break for md and sm
* dashfolders: add disabled Admin permission to list
* tech: upgrade to golang 1.9.3
* Locks down prometheus1 to v1.8.2 in live-test.
* fix typo in parameter. (#10613)
* dashfolders: autosave permissions on change (remove update
button)
* changelog: move all 4.7 changes into 5.0
* changed some img-links, updated text for annotated img,
more work on whats new in v5.0
* changelog: be more explicit about backwards compatibility
* WIP: Protect against brute force (frequent) login attempts
(#10031)
* dashfolders: fix tests for ViewStore after merge
* Fix typeahead to avoid generating new backend request on
each keypress. (#10596)
* fix vertical panel repeat (#10619)
* graph: fix series sorting issue (#10617)
* dashfolders: New snapshot since we changed from
defaultValue to value per latest React documentation
#10275
* refactor: Replace _.find with Array.prototype.find()
* dashfolders: Convert mobx observable to js objects and
remove the observer() since we want to use the component
outside the react/mobx world #10275
* dashfolders: Clean up more variables and move newType,
aclTypes and permissionOptions to the store #10275
* dashfolders: Remove variables not used and pass in the
real dashboardId #10275
* dashfolders: Remove those 2-line-components from
PageHeader to make it easier to read and make sure
components listening to the mobx state are wrapped with
observer() #10275
* dashfolders: Add support for breadcrumbs in NavStore
#10275
* dashfolders: Rename UserPicker folder => Picker. Inject
the permission-store in the FolderPermissions-container
instead of the Permissions component, add the
PermissionsStore to the RootStore and and the
error-message to the Permissions-store #10275
* dashfolders: Add Permissions information box #10275
* dashfolders: Fix page max width #10275
* dashfolders: Update jest tests with backendSrv #10275
* dashfolders: Add a Team Picker component and use it on the
dashboard permissions page #10275
* dashfolders: Working user picker on the dashboard
permissions page #10275
* dashfolders: Send down backendSrv to the react components
#10275
* dashfolders: Re-use the API of the angular user picker
instead, which is reusable #10275
* provisioning: delete dashboards from db when file is
missing
* dashfolders: Remove the PermissionsInner-strategy since we
have a container for this route now #10275
* dashfolders: Permissions are injected via MST so it needs
to be defined as optional #10275
* dashfolders: Add FolderPermissions container and make sure
isFolder is passed to PermissionsStore #10275
* dashfolders: Always get dashboardid and backendsrv from
props #10275
* dashfolders: Rem code to avoid tests to fail #10275
* wip: More on the permissions. Left are team picker and
user picker, tests and error messages #10275
* fix: mobx-react-devtools is a dev dependancy #10275
* dashfolder: wip: More wip on acl.html2permissions.tsx
#10275
* dashfolders: wip - Move Permissions into React #10275
* variables: lint fix
* variables: fix when datasource returns error
* fixes broken phantomjs rendering
* added varibale to table hover, lightend colors for table
light theme, fixes #10609 (#10611)
* added whats new v5, changed link in notifications, removed
row from getting started
* fixes minor typo
* provsioning: dont stop grafana due to missing
* Disable prefix and postfix font size when gauge mode is
enabled (#10573)
* docs: improve docs for image uploaders
* cfg: remove local as default image uploader
* docs: Add haproxy example for running behind reverse-proxy
* provisioning: enables title changes for dashboards
* Cloudwatch: add support for multi instances (#10570)
* ux: minor change, added import dashboard link to dashboard
search side view
* tech: adds/removes in vendor folder according to dep
0.4.0.
* docker: sync local time and timezone to mysql_tests block
* dashfolder: fix for sqlite test
* dashfolder: fix for mysql test
* mysql: pin the mysql dependency
* tech: ignore /public and /node_modules
* tech: ignore /data folder for dep
* docs: first draft of dashboard folders docs
* plugins: map error property on query result
* stats: send amount of stars as stats
* tech: avoid using deprecated functions
* style: minor code style changes
* dashboards: save provisioning meta data
* provisioing: add lookup table provisioned dashboards
* refactor: minor css class naming change of #10505
* refactor: minor refactoring of PR #10560
* cloudwatch: fix ebs_volume_ids by create a client-session
before call ec2:DescribeInstances. (#10566)
* docker: use mysql and postgres from latest fake-data-gen
* Update OpsGenie Notifier to support different api domains.
* 10583 panel resize icon fix (#10585)
* dashboards: Fix issue with first click when expanding
folder in search
* cfg: adds info about local img uploader to docs
* docs: adds info about local img uploader
* changelog: adds note about closing #6922
* changelog: note about closing #9664
* changelog: adds note about closing #9770
* start query builder ui
* Disable instead of hide mode options when line/points is
unchecked
* dashfolders: show folders use can save to in picker
* dashfolders: fix bug in save as modal
* Add lumens unit
* add docs for configuring OAuth with Auth0 and Azure AD
* install dep instead of govendor on setup
* remove unused code from vendor
* migrate from govendor to dep
* fix: cloudwatch corrected error handling so original error
is not thrown away
* go fmt
* support for decoding JWT id tokens
* ds: updated ds nav
* feat: ds edit fix
* feat: ds edit nav
* Generic Oauth Support for ADFS (#9242)
* Recommend a limit on database query
* Adjusted the border color on the buttons in dashboard nav,
fixed alert email text area width, fixed padding-top issue
on dashboard settings aside
* dashfolders: stop user locking themselves out of a folder
* dashfolders: add breadcrumbs to NavStore
* codestyle: extract code into methods
* mysql: convert numbers to text for annotation tooltip
* mysql: update to use ColumnTypes interface in new version
* mysql: update mysql driver to latest master
* gofmt my dear friend
* ux: updated react-layout-grid
* plugins: send secureJsonData unencrypted
* Make file_reader follow symlinks
* dashboards as cfg: property path replaces folder
* moves datasource plugin model to
grafana/grafana_plugin_model
* Update package.json
* fix: fixed build issue
* fix: multi valued query variables did not work correctly,
fixes #10539
* move graphite /functions parsing into gfunc.ts
* remove duplicate sass rules
* fix tests & some display issues
* fix: graphite func editor fixes, this component is messy
and ugly as hell
* fix: minor fixes
* fix: restored previous behavior of form_dropdown, this
fixes all my observerd bugs with the dropdown behavior
* fix: query editor needs to wait for function definitions
to load
* fix issue with metric find & functions being loaded
multiple times
* interpolate variables in tags & values during autocomplete
* fix typo
* update rst2html
* fix line length, run jscs & jshint in precommit
* function description formatting
* tooltips for function definitions
* support specifying tag_values('<tag>') as graphite
template query
* use typeahead value in graphite find requests
* send prefix when auto-completing tags
* add button to trigger evaluation of tag queries
* sync function categories with graphite-web
* work on tag dropdown behavior
* support for loading function definitions from graphite
* Update building_from_source.md
* Update README.md
* Update default_task.js
* Clearer naming for dashboard provisioning config.
* ux: dashboard nav and settings tweaks
* Tag filters in search (#10521)
* fix: save as enter key now works and folder selection also
works, fixes #10464
* use context over golang.org/x/net/context
* docs: small update to IIS proxy docs
* added a variable for grid color and if statment to switch
colors, fixes #10509 (#10517)
* dashboards as cfg: logs error when trying to import
dashboard with id
* code style fixes
* dashfolders: bugfix after rename
* dashfolders: bugfix after rename
* Adds Table in backend datasource contract.
* fix: share snapshot controller was missing ngInject
comment, fixes #10511
* Use URLEncoding instead of StdEncoding to be sure state
value will be corectly decoded (#10512)
* Optimize metrics and notifications docs
* Optimize cli and provisioning docs
* imguploader: Add support for new internal image store
(#6922)
* docs: Guide for IIS reverse proxy
* changelog: adds note about closing #9645
* telegram: Send notifications with an inline image
* telegram: Switch to using multipart form rather than JSON
as a body
* telegram: Fix a typo in variable name
* dashfolder: refactor breadcrumbs in PageHeader
* dashfolders: convert folder settings to React
* Adds Tables types to protobuf
* fix: alert list pause/start toggle was not working
properly
* fix template variable selector overlap by the panel
(#10493)
* Review tsdb protobuf contract
* dashboard: Close/hide 'Add Panel' before saving a
dashboard (#10482)
* supports windows compatible plugin binaries
* fix: removed unused param
* Fix variables values passing when both repeat rows and
panels is used (#10488)
* moved angular-mocks out of dependencies
* ux: minor change to alert list page
* ux: minor word change to alert list
* fix: updated snapshot test
* moves plugin proxy to plugin package
* Add eu-west-3 in cloudwatch datasource default's region
(#10477)
* fix: Make sure orig files are not added to git again
#10289
* improves name for plugin logger
* fix: Remove conflict file #10289
* text panel: fix $apply already in progress error (#10486)
* uses pluginmanagers log instead of global
* 10389 react tooltip components (#10473)
* test: Updated snapshot for UserPicker jest test #10289
* ux: When adding a new panel we should scroll to top until
we figure o… (#10417)
* removes commented code
* naming fixes and added test file
* makes datasource handshake more explicit
* backend plugins: improves logging
* dashfolders: show/hide create folder or dashboard buttons
* dashfolders: fix mergeconflict error
* dashfolders: prettify
* dashfolders: check permissions for new dashboard
* dashfolders: allow any signed in user to get list of teams
* fix gofmt warning
* dashfolders: permissions for saving annotations
* dashfolders: disable save button after save of acl
* dashfolders: on folder page, hide tabs if not has admin
permission
* dashfolders: remove role requirements on dashboard routes
* dashfolders: must have admin permission to save/see dash
acl
* dashfolders: prettify on tests file
* dashfolders: permissions tab in dashboard settings
* dashfolders: permissions tab for dashboard folders
* fix for unsaved changes popup on tab close/refresh
* fix: Clean up logging and remove unused css #10289
* fix: Rename directive user-pickerr (yes two r's) to
select-user-picker
* fix: Accidently added the conflict files (#10289)
* test: Add snapshot tests for UserPicker and
UserPickerOption (#10289)
* fix: Add interface for props to UserPickerOption (#10289)
* ux: POC on new select box for the user picker (#10289)
* dashboard: fix opening links in new tab (#10465)
* alert list: fix rendering timeout when share panel
(#10467)
* fix missing profile icon (#10469)
* More fixes for relative urls when running Grafana under a
different sub path (#10470)
* put this.props.search in the Highlighter
* moved state handling for search to store
* Delete CopyQuery.png
* Delete tgr288gear_line6.pdf
* fix: added back colors to rootScope, fixes #10462
* fixed the subUrl bugs from
https://community.grafana.com/t/suburl-not-work-at-some-links-and-buttons/4701
with folder/settings/teams etc.
* added /** @nginject */
* Fix typo in error message
* updated snapshot
* styling fix
* added highlight to search
* Updates go-stack to v1.7.0.
* docs: adds note about tlsSkipVerify to docs
* fixed regex issue
* made a view of filtered list
* updated jest file and snapshot
* Remove silly noise
* Update tests to match new reality, and rejig the
implementation a bit to truly work as desired
* Align queries to prometheus with the step to ensure 'rate'
type expressions get consistent results
* plugin: fix path for app plugins on windows
* added search function
* new styling and markup
* cleanup: removed unused typescript typings import
* new add alert notification channel icon
* mobx: poc in using each store as individual prop on the
react containers (#10414)
* fix: Change max size of panel JSON editor so button is
shown on smaller screens, #10346 (#10415)
* poc: began react panel experiments, step2
* poc: began react panel experiments, step2
* Add AWS/AmazonMQ namespace metrics to CloudWatch tsdb
(#10407)
* add docs for using oauth login with OneLogin (#10385)
* Update built_in_plugins.ts
* poc: began react panel experiments
* added empty list cta to notification channels, fixes 10393
(#10400)
* mobx: fixed issue with view store, and added missing
snapshot
* tech: enzyme container test working
* tech: enzyme container test working
* react: trying to get enzyme and mobx tests working
* tech: url and query mobx store so now react components and
containers can read and modify url path and query via mobx
store
* tech: alert list react migration progress
* fix info popover, #10302 (#10377)
* fix move dashboard variables, #10347 (#10375)
* dashfolders: relative links should work when root_path is
specified (#10363)
* fix mixed datasource add query button, #10316 (#10361)
* tech: react mobx progress
* Doc version and schemaVersion properties of dashboards
* tech: began reworking alerting list to mobx
* tech: progress on react pages
* prom: fixes broken test
* prom: make $__$interval the first suggested range vector
* fixes log typo
* imguploader: log if the configuration is invalid
* changelog: adds note about closing #8955
* renderer: avoid calling Handle twice
* migrated file to ts
* dashboards as cfg: moves dashcash into its own file
* dashboards as cfg: create dashboard folders if missing
* fixed error
* migrated files to ts
* tests: for skipping with hidden folders
* Implement Azure Blob external image uploader
* migrated datasource to ts
* tech: minor progress on mobx state tree & react
containers, working on unit testing
* Fix tooltip unit when legend isn't shown (#10348)
* refactor: minor refactoring of PR #10236
* don't save dashboard on make editable, #10236
* fix scripted dashboard loader, #10350 (#10351)
* new aws region cn-northwest-1 (#10353)
* Dashboard: View JSON improvements (#10327)
* refactor: tried to simplify and also minimize scope a bit
for #10323
* ignore trailing whitespace (#10344)
* (prometheus) show label name in paren after
by/without/on/ignoring/group_left/group_right
* dont spawn new subprocess while shutting down
* Fix small singlestat value display
* fix: fixed issue with optimized build, fixes #10333
* migrated file to ts (#10328)
* plugins: restart killed plugins
* query result should be a map
* prom: removes limitation of one query per tsdb call
* changelog: adds note about closing #10222
* pagerduty: fixes invalid default value
* fix: remove unused code
* dashboard: copy panel to clipboard
* pagerduty: adds test for reading auto resolve setting
* code formatting fix
* migrated files to ts + fixed specfile
* tech: cleaned up unused stuff
* ux: removed unused stuff form style guide
* prettier: ran on all files again, sorry. now settings are
defined in package.json
* tech: mobx tests
* Add avatar to team and team members page (#10305)
* Various dashboard folders improvements (#10309)
* mobx: progress on poc
* test for plugin path builder
* merge backend datasources and datasources
* use int64 for timestamps
* fixes invalid valud/timestamp order
* fix: unit test fixed
* prettier: change to single quoting
* ux: minor name change to search sections
* db: fix postgres regression when comparing bsclean
columns/values (#10303)
* dashboard: delete row improvements
* poc: mobx test
* fix missing comma in documentation output example
* fix broken link (#10291)
* minor fixes and formatting after review
* dashfolders: use validation service for folder creation
and dashboard import. #10197
* dashfolders: support creating new folder when moving
dashboards. #10197
* dashfolders: support creating new folder when saving a
dashboard. #10197
* dashfolders: support creating new folder in dashboard
settings. #10197
* dashfolders: support creating new folder from the folder
picker. #10197
* poc: mobx poc
* tech: ran prettier on all scss files
* tech: ran pretttier on all typescript files
* search: closes dash search when selecting current
dashboard (#10285)
* fix: Original dashboard link from snapshot should be an
a-tag, not a button (#10269) (#10283)
* dashboard: fixes #10262
* added new to new dahsboard and folder
* test: Update test with new component signature
* pushover: update default message
* delete unused icon files
* fix: The /logout route should always full page reload
(#10277)
* tech: added prettier to precommit
* ux: Add icon to selected option in PageHeader navigation
on small screens, update select boxes for Firefox so the
arrow to the right is aligned with the other select boxes
(#10190)
* ux: Fix color picker positioning when scrolled down to the
bottom of a page (#10258) (#10271)
* test: remove unused code
* alerting: make alert extractor backwards compatible
* alerting: move test json into files
* Use strings.TrimPrefix to make sure relative url doesn't
start with forward slash
* Update README.md
* fix: Navigation on small screens when Grafana is installed
in a sub directory (#10252) (#10261)
* cloudwatch: fixed optimized build issue, fixes #10174
* fix text panel rows limit (#10246)
* use ace editor in panel edit (#10245)
* docs: mysql example with macro
* docs: mysql macros update
* fix: reduced team name column length, fixes #10244
* ux: Add missing icon for login with grafana-com, fixes
#10238 (#10249)
* Kinesis Metric Capitalization
* merge backend-datasource and datasource type
* dashfolder: nginject fix
* teams: missing nginject attribute
* grid: disable resize and drag on non editable dashboards,
closes #10235
* logging: removed logging from panel loader
* menu: fixed create default url
* fix: dont show settings for viewers
* prometheus: change default resolution to 1/1
* fix: viewers can edit now works correctly
* fix: fixed minor ux and firefox issues, fixes #10228
* ux: minor fixes
* profile: use name or fallback for profile page
* fix: sidemenu profile main text is now username instead of
name
* build: update master version to 5.0.0-pre1
* dashfolder: change to migration text
* ux:s sidemenu icon rules
* teams: add team count when searching for team
* changed background color for infobox and new blues in
light theme, light theme now uses blue-dark in panel query
(#10211)
* ux: fixed navbar issue when sidemenu closes
* ux: minor position change for layout selector, fixes
#10217
* fix: view json from share modal now works, #10217
* ux: used new add data sources icon
* dashfolders: styling of selected filters
* dashfolders: styling of selected filters
* dashfolders: fix moving plugin dashboard to folder
* changelog: adds note about closing #9170
* dashfolders: fix folder selection dropdown in dashboard
settings
* fix for merge conflict
* add links for large cta
* resolve merge conflict
* dashfolders: bulk move/delete improvements
* snapshots: fixed snapshot issues, fixes #10214
* docs: include all notifiers type
* replaced old table with filter-table, removed edit button,
made whole rows to links
* playlist: fixed playlist buttons in dashboard header,
fixes #10213
* docs: update latest version to 4.6.3
* ux: minor changes to search input
* Magnifying glass on search fields #10188 (#10206)
* templating: made templateSrv globally accessable as ES6
module, DashboardRow can not interpolate row title
* fix: ignore row clones in schema migration
* proxyds: delete cookies except those listed in keepCookies
* dshttpsettings: Move whitelisted cookies to end of config
page
* proxyds: failing test for keepCookies
* dshttpsettings: add field for cookies that should be kept
* dashfolders: /dashboards should render index page with a
200 OK
* update version for packagecloud
* dashfolders: bulk move/delete improvements
* add release date for 4.6.3
* fix: after removed file
* dashfolder: fix after backendSrv change
* dashboard: fix test after merge conflict
* orgswitcher: update test
* Avoid ID validation before provisioning dashboards
* annotation icon fix
* udpate dark json icon
* dashboard settings icons
* replace icon on dashboard list (fa-th-large - looked
squished) with a smaller version of dashbord icon. This
may not be the best way to do the css, so it's a separate
commit
* new icons created and added to nav
* changelog: adds note about closing #7481
* fixes broken unit test
* alertmanager: endAt should only be used if we have the
correct value
* alertmanager: code style
* alerting: reduce log level for notifiers
* Alertmanager notifier: add 'metric' labels if no tags
* Alertmanager notifier: make it match the new notifier
interface
* support alertmanager
* Replace Read Only Editor role with ViewersCanEdit setting
(#10166)
* dashfolders: bulk move dashboards synchronously
* dashfolders: remove error message when moving to the same
folder. #10135
* teams: Fixes to edit team page
* ux: minor text change to #10177
* made template link look like input (#10198)
* minor tweaks
* execute process directly instead of creating sub shell
* Dashboard grid fixes (#10194)
* refactor: minor change to #10199
* fix broken 'd r' shortcut (refresh dashboard) (#10199)
* ux: updated login page
* fixes switching org when url contains orgId querystring
param
* build: fixed build issue
* ux: refactoring login page change
* navmodel: fix for signout link on pref page
* change protip to go to manage dashboards
* search: worked on search results
* added select-wrapper to where it was missing for unified
look
* changelog: adds note about closing #10151
* ux: wip - Login animation POC (#9879)
* changelog: adds note about closing #9318
* ux: Move 'Sign up' and 'Reset password' to its own pages -
and remove all inline styling (#9879)
* fixes broken alert eval when first condition is using OR
* ux: org user management changes
* removes unused property
* fixed edit team header, fixes #10172
* changed width to input fields (#10184)
* ux: added search box to ds list page, closes #10106
* ux: change members to users
* plugins: fixed plugin edit page and plugin page
* dashfolders: Minor css fixes for bulk edit
* dashfolders: Minor css fixes for bulk edit
* docs: SSL Mode config settings for Postgres
* dashfolder: settings page for folder
* removes verbose logging
* fix: FolderId and IsFolder when saving dashboard
* ux: fixed inactive view mode and removed animation
* removed unused declaration
* updated dashlink editor, now has list
* fix: Handle state when no password is entered on
registration page (#9879)
* adding support for sgl native time datatypes
* added missing cases for DATETIME datatype
* ux: move add member into its own page (#10167)
* Add a per-notifier ShouldNotify()
* minor fix for #10136
* Fix graph legend scroll (#10169)
* fix colorpicker colors order (width issue) (#10170)
* graphite: remove check so that query is sent even for
possible non leaf nodes
* fix: fixed build failure
* ux: Use the previously renamed classes (#9879)
* fix: fixed dashboard api tests
* fix: don't detect graphite version before it's saved
* updated new dashboard folder
* ux: style tweaks
* ux: Update ui of login buttons via third parties and add
link to sign up page (#9879)
* redesigning links editor
* ux: search look update
* tech: updated version for react-grid item
* build: fixed unit test failure
* Extracted row matching function and added comments
* allow overriding dashboards from api
* redesigning links editor
* graphite: minor fix for PR #10142 the query was being sent
for every segmen t you selected before you completed the
metric path
* build: fixed broken test
* refactor: minor change to panel json fix PR #10156
* Move panel JSON editor to modal dialog (#10156)
* ux: minor updates to dashboard settings
* ux: dashboard settings updated
* new dashboard and folder in search (#10152)
* avatar: avoid concurrent map writes
* redesign dashlinks
* fix: fixed issue with optimized build grid directive
missing ngInject comment, fixes #10161
* annotations: allows template variables to be used in tag
filter
* Add default message for Pushover notifications
* refactor: format files by gofmt
* ux: Adjust margins when external auth providers are
enabled (#9879)
* ux: dashboard settings progress
* ux: dashboard settings work progress
* dashfolders: new dashboard with folder selected
* ux: wip - Push pixels for new login, remove inline
styling, change so we use media queries using min-width
instead of max-width and make sure it looks ok across all
screen sizes (#9879)
* ux: dashboard settings work progress
* backend plugins: manage plugins lifecycle with context
* ux: dashboard settings progress
* ux: dashboard settings progress
* ux: dashboard settings progress
* backend plugins: dont swallow errors
* fix: fixed failing test
* backend plugins: cleanup protobuf files
* ux: dashboard settings progress
* backend plugins: add more datasource params
* Type-agnostic row merge in table transform for multiple
queries
* ux: dashboard settings progress
* ux: fixed navbar and sidemenu z-index issue and improved
responsive rules
* code style
* implement upstream changes
* fix: fixed build failure
* changelog: adds note about closing #10131
* Explicitly specify default region in CloudWatch datasource
(#9440)
* add encoding param
* wait for all sub routines to finish
* fix function re-ordering broken in #9436
* add missing value fill code to mysql datasource
* hyphenhyphen
* support metric trees of varying depth, never send '.select
metric' to graphite
* simplify function parameter addition
* ux: dashboard settings progress
* fix typo
* ux: minor changes
* implement missing value fill functionality for postgres
* allow optional 3rd argument to timeGroup to control
filling missing values
* ux: navbar progress
* improve handling of query references
* build: fix for tslint
* ux: form styles polish, improvement but can be better
* pass tsdbQuery to transformToTimeSeries and
transformToTable to get access to selected frontend
timerange
* demonstrate parseTarget issue
* fix: fixed panel size rerendering issues
* pass Query to MacroEngine Interpolate
* ux: work on dashboard settings views
* dashfolders: Do not allow loading a folder as a dashboard
* fix: Remove console.log
* dashfolders: Folder picker should set correct default
values. Fixes #10135
* refactor: user groups to teams, replace rest mentions
* refactor: user groups to teams, rename backend files
* refactor: user groups to teams, rename frontend files
* refactor: rename User Groups to Teams
* changelog: adds ntoe about closing #10111
* ux: forms style font size change
* ux: dashboard settings progress
* postgres: change $__timeGroup macro to include 'AS time'
column alias (#10119)
* new timepicker is working
* dashfolders: Create nav model for folder page client side
#10083
* ux: minor change to new folder page
* fix for search dropdown on small screen + icon overlapping
fix (#10091)
* ux: added react scrollbar component and added it to add
panel panel
* tech: updated ngreact and with custom PR applied
* refactoring: #10130
* Revert 'Don't animate panels on initial render (#10130)'
* Don't animate panels on initial render (#10130)
* refactoring: fixing bug when all values are null
* fixes broken test
* dashfolders: Hide search input area when showing CTA.
#10083
* ux: graph legend refactoring
* improve error handling for datasources as cfg
* improve sample datasource.yaml
* make gitignore more generic
* grid css transforms: minor refactor (#10128)
* dashboard grid: enable CSS transforms (#10125)
* fixes issue with datasource/dash as cfg and gitignore
* refactoring: changing how graph height and legend height
is calculated, using flex box seems to actually work,
#10079
* dashfolders: create folder page
* refactor: removed graph height from legend decimal calc
* dashfolders: css fix
* fixes failing tests
* dashfolders: New Dashboard Folder page
* fix: move components tests to specs folder
* Fix go fmt
* kill plugin processes when grafana shuts down
* fix: v5 sidemenu & link to shortcuts now works, fixes
#10087
* separate plugin impl and proto files
* correct comments
* add hclog wrapper for grafanas logger in plugins
* add go-plugin deps to vendor
* initial version of proto files
* changelog: breaking regardless what your running
* changelog: better styling
* removes last pieces of dashboard.json
* refactor: sidemenu toggle & hiding logic
* changelog: note about closing #5269 and #9654
* dashboards as cfg: update docs to use /provisioning
* dashboards as cfg: move dash/ds config files to
/provisioning/*
* dashboards as cfg: copy dash/ds files if missing
* dashboards as cfg: include cfg files in dist packages
* dashboards as cfg: avoid walking fs in parallel
* dashboards as cfg: type
* dashboards as cfg: disable loading dashboards from disk by
default
* dashboards as cfg: wire up dashboard repo
* dashboards as cfg: use gocache for caching
* dashboards as cfg: expose dashboard service as interface
* dashboards as cfg: move saving logic for dashboards into
its own service
* dashboards as cfg: revert minor changes
* dashboards as cfg: move dashboard saving into its own
service
* dashboards as cfg: minor tweaks
* dashboards as cfg: make dashboard none editable by default
* dashboards as cfg: more tests
* dashboards as cfg: code cleanup
* dashboards as cfg: read first cfg version
* removed row to center footer (#10115)
* ux: minor cleanup
* mysql: pass timerange for template variable queries
(#10071)
* dashboard: fix edge case with keyboard nav in dashboard
search. #10100
* Solves problem with Github authentication restriction by
organization membership when the organization's access
policy is set to 'Access restricted'. 'Access restricted'
policy should not stop user to authenticate.
* graph: fix legend height calculation
* postgres: pass timerange for template variable queries
(#10069)
* graph: move auto decimals calc to ticks.ts and use it for
legend values format.
* Resolves grafana/grafana:#9309
* dashboard: fix linting and formating - #10100
* dashboard: keyboard nav in dashboard search - closes
#10100
* graph: refactor (don't render twice)
* handle native postgres datetime types in annotation
queries (#9986)
* treat any text column in timeseries query as metric name
unless column (#9985)
* Fixing tabs for Grafana 5 - #10082 (#10103)
* other panels now hidden, fixes 10088 (#10102)
* fixed 404 for grafana5 + now responsive (#10101)
* dashboard: fix search results tests #10083
* dashboard: Show CTA for empty lists/folders #10083
* dashboard: Dashboard folder page wip #10083
* prom: enable min interval per panel
* Fix merge issue on multi-query table transforms
* graph: fix karma tests
* graph: render legend before graph
* added tooltip, fixes #10092 (#10097)
* graph: refactor
* graph: convert legend.js to typescript
* fixing a few fromattings
* adding mssql docs
* docs: link from cfg page to provisioning
* reduce app icon by 3px on home dashboard - wasn't lining
up properly with starred/recently viewed dasboard list
properly
* ux: minor style tweaks to cards and sidemenu icons for
white theme
* ux: tweaked light theme and made page container more fluid
* dashboard: dashboard search results component. closes
#10080
* docs: added utm_source for link from ds list page to docs
page
* updating the query editor's syntax highlighting mode to
sqlserver
* fixed grey colors in light-theme, added new variables,
played a bit with blue
* v5: removed permissions from dashboard cog dropdown,
closes #10068
* nav: updated nav item id for manage dashboards
* refactoring PR #10068
* dashboard: migrations for repeat rows (#10070)
* Backwards-compat for multi-query table transform
* graph: make legend scrollable
* removes unused properties
* Making the multi-query table transform the default table
transform
* ux: updated padding
* ux: Add CTA for empty lists
* move import menu item to the original place
* move DashboardImportCtrl tests to jest
* Move import dashboard from modal to the page
* refactor: minor refactoring of #10027
* new grays for light theme
* sidemenu: responsive sidemenu view for smallest breakpoint
* add _tests for mssql data source
* ux: tabs update
* Tests for multi-query table transform
* ux: updated modal header design
* ux: progress on time picker dropdown version
* fix templating undefined error (#10004)
* tweaks to add panel panels
* ux: updated dashboard nav
* MSSQL Data Source
* add server only build target 'build-srv'
* ux: dashboard setings progres
* add Cloud Alchemy Ansible role
* started on dashboard settings refactor
* ux: add new panel and dash nav improvements
* Added basic table transformer test
* typo :bscm:
* influxdb: pass tags to alerting from influxdb client
* ux: dashboard nav update
* ux: new dashnav design
* ignore /conf/**/custom.yaml files
* repeat row: refactor
* Fix dashboard menu overlapping (#10044)
* Add multiquery_table table transform
* typo :bscm:
* move systemd ready notification to server.go
* changelog: adds note about closing #10024
* page header now on 99% of pages
* navigation: more progress on new page header
* ux: new page-header design, most pages beside admin done
* fixed sass warnings
* ux: made plugins page work
* Use systemd notification where applicable
* progress on page header
* tweaked color on heatmap. still not there, but more
vibrant
* ux: new page header progress
* added bundled dashboards
* ux: progress on new page header
* dashboard: when changing route, scroll to top
* grafana-10039: fix query time range ends in the past
* ux: work on page header
* Revert 'prometheus nested query support'
* ux: updating header design for pages
* fix: when navigating, scroll to top
* repeat row: add more tests
* ux: new page header design
* tweak background size
* new test svg background, minor form tweaks
* ux: search filter box
* ux: changed body default font size to 13px
* test: fix failing postgres test
* Added border radius and tightened up the folder boxes.
Still needs to have the bottom margin expanded to 8px when
in opened state (this needs @torkelo)
* test: speedup mysql and postgres integration tests by
10-20x
* repeat row: expose scopedVars to row panels
* ux: search design update
* repeat row: handle collapsed rows
* notifier: Fixes path for uploaded image for Slack notifier
* formatting in build file
* dashboard: initial repeat row implementation
* prometheus nested query support
* fix render http[get] params error
* test: close file before deleting
* Restore Page Footer after migration to new scrollbar #9652
* export view json now templatized, fixes #10001
* dashfolders: Add a helper for creating a dashboard folder
* dashfolders: revert automatic creation of folders for
plugins
* styling changes for light theme
* grid: use single column layout for mobile devices (#9999)
* fix panel solo mode (#10002)
* dashlist: handle recent dashboards removed from backend
* dashfolders: don't create app folder on dashboard import
if already exists
* dashfolders: create app folder on dashboard import
* datasource: fix merge conflict - restore dashboards tab
* search fix and update buttons on dashboard list page
* fix: removed table background
* build: fixed lint issue
* fixed link i specs-file
* Improve dashboard grid layout migration WIP (#9943)
* test fix
* updated libs and fixed new typescript errors
* dashlist: Support for clear all filters
* migrated viewstatesrv to ts
* added yarn.lock file back
* ux: table design work
* panel: open panel menu by click on header
* ux: search progress
* worked on search
* migrated four files from js to ts
* migrated four files to ts, addd some code to config to
make it work (#9980)
* Update NOTICE.md
* Update LICENSE.md
* ux breadcrumb work
* ux: sass fixes and polish
* dashlist: Support for check/uncheck all
* Migrate gfunc to ts (#9973)
* migrated admin files to ts (#9975)
* migration of org files from js to ts (#9974)
* sass tweaks
* dashlist: When searching should reset checked state to
false
* More js to ts (#9966)
* dashlist: change scrollbar to new perfect scroll directive
* docs: Improve delete snapshot documentation
* ux: fixed sass issue
* sass refactoring and updating styles for list item
elements
* dashlist: style list to be same as dash search
* css tweaks and cleanup
* removing gemini scrollbar and replacing with perfect
scrollbar, muuuch better
* dashlist: starred filter search
* ux: tweaked panel color and dashboard background is same
as page background
* removed call to unused function in panel_ctrl
* scrollable panels works better with perfect-scrollbar
* Update latest.json
* Optimized number of lines fetching in log file
initialisation
* work on scrollable panels
* converted 3 .js files to .ts (#9958)
* docs: adds docs for pausing all alerts
* Removing file that got committed by accident
* scrollable panels: fix initial content size (#9960)
* Delete LICENSE.txt
* dashlist: adds tag filter select (GitHub style)
* [GCS] Support for gcs path
* dashlist: toggle folders
* dashboard: fix test for folderIds
* allows head requests for /api/health endpoint
* dashlist: fix tag filtering and some css
* fix: fixed issue with metric segment introduced in
graphite tags query editor PR
* progress on scrollable panels work
* mysql: add data source support for Azure MySql
* fixed unit tests
* fix: alert list panel now works correctly after adding
manual annotation on dashboard, fixes #9951
* Elasticsearch max_concurrent_shard_requests parameter for
es 5.6+
* prom: add prom2 dashboard as bundled dashboard
* show top 5 max scrape durations by job, and fix legend
format
* fix scrape duration, add rule eval iteration stats, and
reorg a bit
* fix data source var and remove node_exporter dependency
* First draft of a Prometheus 2.0 Stats dashboard
* prom: initial docker block for prometheus 2
* tweak tabs:
* color fix
* make grays cooler
* dashlist: started fixing js/css after design changes
* updated search
* more work on search
* minor update to dashboard search
* converted test-files to jest
* improved search srv
* converted influx-series to TS, converted test to jest
* dashboard search
* working on dashboard search
* Move the loading flag to PanelCtrl (#9929)
* graph: disable zoom in non-timeseries modes (#9914)
* changed padding to pixels, fixes #9916 (#9924)
* Use correct moments format for Showing last us time
instead of value test (#9923)
* Don't import JSON dashboards from hidden directories.
* new design for login
* fix: build & tests
* search: add expanded folders
* influxdb: another minor refactor of #9474
* refactor: refactoring InfluxDB query builder with policy
PR #9473
* refactor: refactoring InfluxDB query builder with policy
PR #9473
* docs: added versions_to_keep to config docs, #9671
* refactoring: minor refactor of clean up dashboard history
PR #9882
* fix: fix for avatar images when gzip is turned on, fixes
#5952
* elasticsearch: default version to 5.x
* Adding a user in a specified organisation uses the admin
API
* panels: add css tweaks for scrollable panels
* dashboard history clean up: avoid potential SQL injections
* search: refactor search sql into a builder class
* changelog: note about closing #9798
* removes invalid comment
* api: fix so that datasources functions returns Response
* changelog: note about closing #1789
* fix: Use Response as return type
* fix: return id from api when creating new
annotation/graphite annotation, fixes #9798
* datasources as cfg: adds docs for all jsondata and
secure_json fields
* graphite: minor changes
* text panel: make scrollable
* panels: general property which makes panel scrollable
* datasources as cfg: convert yaml map into json for
jsonData
* fix: fix cloudwatch metricFindQuery error that stopped it
working completely, fixes #9876
* dashlist: css adjustments for scrollbar
* dashlist: fix resizing after mode switching
* dashlist: add scrollbar
* dashlist: fix panel resizing
* docs: update metrics api path
* changelog: adds note about closing #1871
* fixes: #1871 Dropdown starred (#9490)
* dont loose subsecond precision when dealing with timestamp
or (#9851)
* graphite: progress on new query editor
* datasource as cfg: fixes typos
* docs: format cfg mgt tools as table
* docs: adds more info about provisioning
* datasource as cfg: update docs to include globbig
* datasource as cfg: show deletes first in example
* datasource as cfg: support globbing
* datasource as cfg: enable editable ds's
* datasource as cfg: add org_id to example config
* tweak docs
* datasource as cfg: adds readonly datasources
* datasource as cfg: refactor to use bus
* datasource as cfg: test for reading all properties
* datasource as cfg: adds provisioning docs
* datasource as cfg: rename feature to provisioning
* datasource as cfg: improve name for this feature
* datasource as cfg: refactor tests to use yaml files
* datasource as cfg: ignore datasource all ready exist for
inserts
* datasource as cfg: add support for securedata field
* datasource as cfg: setting for purging datasources not in
cfg
* datasources as cfg: tests for insert/updating datasources
* datasource as cfg: basic implementation
* More energy units (#9743)
* Add feet to the length menu (#9889)
* middleware: recovery handles panics in all handlers
* sql: small fix to error handling
* graphite: progress on new query editor
* changelog: make prom fixes more explicit
* dashboard history clean up: add tests
* tech: ignore debug.test file created by VS Code
* dashboard history: refactor after review
* changelog: adds note about closing #9777
* prom: add support for default step param (#9866)
* properly escape components of connection string (#9850)
* refactor: changed string slicing to strings.TrimPrefix,
#9862
* dashboard history: clean up dashboard version history
* build: fixed jshint error
* sync documentation, add remark about to_timestamp and
redshift (#9841)
* fix: Html escaping caused issue in InfluxDB query editor,
could not pick greater than or less then operators, fixes
#9871
* changelog: adds note about closing #8523
* teams: removes print statement
* Add Microsoft Teams notifier
* docs: update building from source doc with node-gyp
* heatmap: fix tooltip in 'Time series bucket' mode, #9332
(#9867)
* fix: Table panel now renders annotations correctly. Fixes
#9842 (#9868)
* build: fixes build and jest tests on Windows
* fix cloudwatch ec2_instance_attribute (#9718)
* graph: the stack & legend sort sync was not working
correctly, the z-index sorting that happened in after the
legend sort order was applied and messed with the order
even though the sort function returned zero for all
entries, combined the sort function to one sort function,
fixes #9789 (#9797)
* not ok option to alert list, fixes: #9754
* changelog: note about closing #9661
* return empty array for no datapoints
* fix query inspector for cloudwatch
* Add AWS/NetworkELB to cloudwatch definitions
* changelog: note about closing #9784
* test: adds tests for password encodiing
* use SHOW RETENTIONS to test influxdb connection (#9824)
* Use hex.EncodeToString to encode to hex
* Added missing documentation for auth.proxy (#9796)
* fix date test (#9811)
* docker: expose statsd endpoint for graphite block
* update lib/pq (#9788)
* Update the config key to database_log_queries so it is
more descriptive, as suggested in #9785.
* graph: don't change original series name in histogram
mode, #8886 (#9782)
* MySQL Performance when using GF_DATABASE_URL Set
MaxIdleConn and MaxOpenConn when using the GF_DATABASE_URL
configuration. Also added GF_DATABASE_DEBUG flag to print
SQL statements and SQL execution times. See #9784 for the
details.
* Update postgres.md
* colorpicker: fix color string change #9769 (#9780)
* refactor: alert list panel fixes and no alerts message,
rewrite of PR #9721
* feat: refactoring hide time picker PR #9756
* search: began writing test for new search
* changed class name for no-alerts
* chore(docs): update the search Query Example
* ux: search progress
* dashfolders: fix for dashlist nav
* reduce docker-compose header version
* ux: progress on new search
* ux: minor changes
* ignore docker-compose.yaml
* docs: update latest release to 4.6.1
* packages: update published package version
* option to hide Time picker, fixes #2013
* fix: panel view now wraps, no scrolling required, fixes
#9746
* changelog: set release date for 4.6.1
* changelog: adds note about closing #9707
* fix default alias
* add period alias
* plugins: fix for loading external plugins behind auth
proxy, fixes #9509
* testdata: added manual entry mode to test data
* new design for no alerts in alert-list, fixes #9721
* fix: fixed compiler error from #9676
* converted ng_model_on_blur.js to ts,
deletedkeyboard_manager.js (#9676)
* docs: update testdata enable explanantion
* MAINTAINER is deprecated, now using LABEL
* Update ROADMAP.md
* Adding energy, area, and acceleration units (#9336)
* tests: migrated tests for link_srv to jest, #9666
* Transitioning fig to docker-compose v3
* tests: migrated tests for link_srv to jest, #9666
* fix for dashboard tag link bug, fixes #9737 (#9739)
* github: dont require bug/fr in title
* changelog: adds note about closing #9713
* converted confirm_click.js to .ts (#9674)
* Update codecov.yml
* change default sslmode for postgres to verify-full (#9736)
* fix: color picker bug at series overrides page, #9715
(#9738)
* Update ROADMAP.md
* tech: switch to golang 1.9.2
* always quote template variables for mysql when multi-value
is allowed (#9712)
* always quote template variables for postgres when
multi-value or include (#9714)
* fix: dashboard links dropdown toggle did not update view,
fixes #9732
* docs: adds prom grafana dashboard
* graphite: tag is required for values autocomplete
* dashfolders: bulk edit tag filtering
* Correct help message of
api_dataproxy_request_all_milliseconds
* changelog: adds note about closing #9645
* changelog: adds note about closing #9698
* ace editor for text panel
* dashboards: bulk edit delete
* tech: add missing include
* dashboards: fix link to bulk edit
* sql: remove title from annotation help
* changelog: adds note about closing #9681
* fix: undefined is not an object evaluating this., #9538
* [Bug Fix] Opentsdb Alias issue (#9613)
* fix: graphite annotation tooltip included undefined, fixes
#9707
* Alertlist: Inform when no alerts in current time range
* save as should only delete threshold for panels with
alerts
* graphite: tags and values autocomplete based on @DanCech
PR to graphite-web
* changelog: note for #9596
* add __timeGroup macro for mysql (#9596)
* updated icons
* docs: fix link
* ux: testing 3px panel border radius
* more link fixes
* fixed link issues
* renamed file
* converted inspect_ctrl.js to ts (#9673)
* converted dashboard_loaders.js to .ts (#9672)
* declared any to info in declaration
* converted analytics.js to ts, minor code formatting fix to
timer.ts (#9663)
* docs: updated download links
* docs: update alerting with new data sources
* changelog: spelling
* plugins: added backward compatible path for rxjs
* ux: updated singlestat default colors
* prometheus: fixed unsaved changes warning when changing
time range due to step option on query model was changed
in datasource.query code, fixes #9675
* docs: updated changelog
* fix: firefox can now create region annotations, fixes
#9638
* changelog: adds note about closing #9639
* set release date for 4.6.0
* grid: work in progress on row repeats
* dashfolders: rough draft of bulk edit
* converted linkSrv.js to linkSrv.ts
* docs: update docker installation docs
* grid: minor changes
* converted outline.js to outline.ts (#9658)
* converted timer.js to timer.ts (#9656)
* datasource as cfg: typo
* Create codecov.yml
* datasource as cfg: explain why cmd.version can be higher
* #edit_grafana_organisation_apis_doc (#9651)
* add a phantomjs execution status to log if errors happens,
e.g. OOM killer kills it (#9644)
* grid: worked on row options modal and row removal
* dashboard: fix home dashboard getting started panel
* Fix typo in template help tab
* replace store.js with store.ts, test for store.ts (#9646)
* tests: added test for DashboardRow
* docs: update first page with data source guides
* docs: document annotations for postgres/mysql
* docs: update for template variables
* changelog: spelling
* Allow for multiple auto interval template variables
(#9216)
* changelog: adds note about closing #9645
* tech: remove rabbitmq event publisher
* changelog: note for #9030
* dont quote variables for mysql and postgres datasource
(#9611)
* asscoiate comment with name
* Update development.md
* ux: row collapse / expand starting to work
* changelog: adds note about closing #9640
* alerting: only editors can pause rules
* prom: adds pre built grafana dashboard
* changelog: adds note about closing #9636
* fix: another fix for playlist view state, #9639
* ux: updated icons
* shore: migrating config/settings.js to typescript
* fix: fixed playlist controls and view state, fixes #9639
* Fixed #9636
* shore: removed unused old system conf file
* Use d3 from node_modules (#9625)
* update log15 (#9622)
* docs: update whats-new-in
* changelog: small text change
* changelog: v4.6.0-beta3 released
* tech: annotations refactor, add tests for regions
processing (#9618)
* Move #9527 to 4.6.0-beta3
* build: disable jest on precommit hook -windows fix
* build: fix all npm run commands for Windows
* plugins: fixes path issue on Windows
* build: tryingt of fix windows build issue
* tests: removes commented tests
* graph: invert order when sorting by legend
* fix: escape series name in graph legend, added
aliasEscaped to time series model to reuse escape, fixes
#9615
* build: fixed gofmt issue and addd mock response feature
* prometheus: enable gzip for /metrics endpoint
* build: split circle test shell scripts
* datasources: change to optimisic concurrency
* build: reduced webpack log output and remove race flag
from go tests
* build: set max workers to 2 for jest
* build: log heap usage
* build: another build fix
* tests: migrated two more tests to jest
* build: fixed build failure
* build: reworking pre commit hook
* build: added precommit
* fix: fixed tslint validation error
* test: added first react snapshot test
* docs: another docs fix
* docs: fix docs redirect for older datasources index page,
fixes #9609
* [Tech]: Start migrating to Jest for tests (#9610)
* Fix typo in init.d script
* graphite: auto detect version
* graphite: improved version comparison
* graphite: split tags and functions into 2 rows when
seriesByTag used
* graphite: add tags to dropdown and switch to tag editor if
selected
* plugins: expose dashboard impression store
* ux: minor ux tweaks
* Sort series in the same order as legend in graph panel
(#9563)
* fix: fixed save to file button in export modal, fixes
#9586
* mysql: add usage stats for mysql
* run go fmt
* Add a setting to allow DB queries
* note for #9527
* modify $__timeGroup macro so it can be used in select
clause (#9527)
* Fix heatmap Y axis rendering (#9580)
* prometheus: add builtin template variable as range vectors
* Note for #5457
* fix: fixed prometheus step issue that caused browser
crash, fixes #9575
* changelog: adds note about closing #9551
* fix: getting started panel and mark adding data source as
done, fixes #9568
* pluginloader: esModule true for systemjs config
* Fixes for annotations API (#9577)
* ux: new fixes
* Grafana5 light (#9559)
* When Messasge field is set for an alert, map it to the
output field in a Sensu check result. If Message is empty,
send 'Grafana Metric Condition Met'
* ux: work on rows
* fix vector range
* allow ':' character for metric name
* build: added imports of rxjs utility functions
* grid: row work
* fix template variable expanding
* annotations: quote reserved fields (#9550)
* fix: fixed color pickers that were broken in minified
builds, fixes #9549
* ux: align alert and btn colors
* docs: doc updates
* remove duplicative prometheus function
* remove label match operator from keyword.operator
* remove label match operator from keyword.operator
* remove extra state push
* fix typo
* newgrid: row progress
* styleguide: fix link in index
* api: fix for dashboard version history
* textpanel: fixes #9491
* graphite: datasource refactor
* csv: fix import for saveAs shim
* grid: minor progress on new row concept
* ux: add panel progress
* alert_tab: clear test result when testing rules
* ux: worked on add panel function
* plugins: expose more util and flot dependencies
* (cloudwatch) fix cloudwatch query error over 24h (#9536)
* Add autofocus tag for username field on login.html (#9526)
* show error message when cloudwatch datasource can't add
* ux: minor button changes
* CloudWatch: Add ALB RequestCountPerTarget metric
* ux: color tweaks
* ux: testing out new icons
* set nightly version to v4.7.0-pre1
* changelog: adds release date for v4.6.0-beta1
* ux: minor fixes
* grid: fixed grid width issues
* grid: repeat refactoring and unit tests
* Missing dot in aws credentials path
* newgrid: added constants, changed grid to 24 cols, added
tests for panel repeats
* docs: doc updates
* grid: minor progress on panel repeats
* changed name back to use underscore instead of camelcase,
need to think more about this
* fixed dashboard sorting
* newgrid: worked panel duplicate
* fix: various fixes for new grid
* dashgrid: fix or skip tests for repeat rows
* dashboardgrid: disable dynamic_dashboard_srv for now
* ux: style tweaks
* newgrid: various fixes
* If retention policy is set for influxDB, preprend that to
the measurement name for exploration queries.
* newgrid: fixed migration code to new grid
* docker: updated our graphite docker container
* grid: edit/view now works
* dashboard: fixes for panels without rows
* webpack: changed devtools setting to stop exceptions
* fix: ignore upgrading dashboard grid when there are no
rows
* grid: fixed migration for rows without height
* ux: minor fix sidemenu
* newgrid: progress on fullscreen/edit view modes
* search: fix search to limit dashboards better
* grid: fixed geting started panel pos
* grid: progress on react grid
* grid: progress on new grid, resize & saving layouts works
* grid: minor progress
* tech: got angular component to load inside react grid
* grid: need to find a way to add angular component inside
react
* ux: initial react grid poc
* graphite-tags: refactor, improve performance - remove
unnecessary parseTarget() calls
* graphite-tags: add tests
* graphite-tags: refactor, use <gf-form-dropdown> instead of
<metric-segment>
* graphite-tags: initial tag editor
* Update kbn.js
* Update kbn.js
* fixes
* Use B/s instead Bps for Bytes per second
* fix merge issue
* develop: fixed more broken tests, couple still failing
* ux: alternative row design
* newgrid: fixes to default home dashboard
* ux: minor fixes
* ux: new grid progress
* grid: minor progres on new grid
* grid: minor progres on new grid
* ux: minor button changes
* ux: minor updates
* ux: changed cta button style
* minor fix
* ux: added scroll to two pages
* minor fix for page-h1
* grid work
* progress on rows as panelsW
* fixed unit tests
* minor user avatar stuff
* started on rows as panels in single grid
* minor user list cahnge
* users view update
* ux: color tweaks
* Moved around the columns a bit
* ux: dashboard stuff
* ux: minor changes
* ux: sidemenu animation duration
* ux: fixed sidenav issues
* ux: sidemenu toggling
* ux: sidenav fixes and dashboard search changes
* ux: switching orgs now works through modal
* ux: making org visibile in profile view
* ux: more nav work
* ux: nav fixes & polish
* ux: more nav work
* ux: more nav work
* ux: navigation work
* ux: sidenav fixes and dashboard search changes
* ux: more work on sidemenu
* Silly gradient added a placeholder. no more
experimentation to be done here until Trent has a pass at
it
* ux: scrollbar stuff
* Added drop shadown for sticky scrolling, moved colors into
dark and light variables
* Reduced size of breadcrumbs, additional form styling.
Colors still need to be adjusted
* Starting to play with new form styles
* ux: minor scroll fix
* ux: removed custom scrollbar look
* ux: reduced size of sidemenu icons a bit
* ux: testing fixed sidemenu and breadcrumbs
* ux: minor navbar update
* ux: new breadcrumb progress
* ux: wip
* ux: new page header look wip
* ux: testing roboto font
* ux: use flexbox for sidenav, put logo in sidenav
* moving panels betwen rows are starting to work
* grid: progress on row support
* grid: new grid fixes
* new-grid: fixed destory issues
* grid: remove panel works
* grid: updated gridstack to use grafana fork
* feat: new grid fixes
* minor fixes
* updated
* feat: new grid system progressW
* ux: minor panel menu fix
* ux: minor panel menu tweaks
* ux: tweaks to new panel menu
* updated
* dashfolders: inherited permissions for dashboards
* dashfolders: handle permission changes when saving/moving
dashboards
* added code from #8504, and #8021
* dashboard folder search fix
* dashfolders: fix user group picker + cleanup
* dashfolders: rename refactor
* dashfolders: validation for duplicates in acl modal
* minor update
* ux: style tweaks, trying out non italic headers
* ux: nav changes
* added sidemeu stuff
* dashfolders: use canadmin permission in settings menu
* dashfolders: tests for permission modal
* dashboard acl fixes
* acl fixes
* dashfolders: new admin permission needed to view/change
acl
* acl: more acl work
* dashfolders: filter search based on child dash permissions
* dashfolders: allows phantomjs rendering for alerting
* dashfolders: allow overflow-y for modals
* dashfolders: security for png rendering
* dashboard acl stuff
* dashboard acl work
* dashboard acl
* working on dashbord acl stuff
* WIP: first draft of permissionlist panel
* dashboard acl
* dashboard acl work
* WIP: fix js tests for acl
* WIP: fix folder-picker for dashlist
* dashboard acl work
* refactoring: dashboard folders
* dashboard acl modal
* WIP: adding roles - not finished
* refactoring: moving dashboards acl migrations to its own
folder
* WIP: fix acl route
* refactoring: renaming
* folders: changed api urls for dashboard acls
* refactoring more renaming
* refactoring renaming dashboard folder operations
* dashboard_folders refactoring
* refactoring dashboard folder security checks
* dashboard guardian refactoring starting to work
* dashboard folders acl work
* refactoring dashoard folder guardian
* WIP: refactor user group modal
* refactoring: Dashboard guardian
* WIP: remove unused test file
* WIP: refactor dash search and remove extra query
* WIP: move guardian logic for search into the sql query
* WIP: remove dashboard children on delete
* dashboard_folders: refactoring picker and folder selection
in dashboard settings & save as menu
* WIP: adds API check to stop folders being included in
folders
* use gf-form-dropdown in user picker
* WIP: add test for add user group permission
* WIP: can edit dashboard permission
* WIP: clean up after user and org user delete
* WIP: remove permissions when deleting global user
* dashboard_folders: updated
* WIP: delete dependent permissions on user group delete
* dashboard_folders: fixes to user picker & group picker
* dashboard_folders: fixes to user & group picker
* minor update
* WIP: permission checking for dash version api methods
* ux: gridstack poc
* Gridstack: testing
* WIP: check permissions for delete/post dashboard
* WIP: fixes after version history merge
* ux: nav experiments
* WIP: add permission check for GetDashboard
* ux: side nav experiments
* WIP: fix test after merge conflict
* WIP: fix go fmt error
* WIP: user + user-group pickers for permissions
* WIP: API - add dash permission
* WIP: user-picker directive
* WIP: Permission Type as string in permission query
* WIP: fixes after navbar changes
* WIP: dashlist in template for new folder
* WIP: refactor folder-picker for dashlist
* WIP: dashboard search by folder + toggle for list or tree
mode
* WIP: adds folder-picker to save as dialog
* WIP: use metric-segment for folder picker
* WIP: add dummy root folder to folder picker
* WIP: Create new dashboard button in dash search
* WIP: permissions moved to settings tab. Adds folder
dropdown to general settings tab
* WIP: add parentid to getdashboard query result
* WIP: dashboard search by type (folder or dash)
* WIP: fix after upstream sqlstore refactoring
* WIP: rollback
* WIP: delete permission in API
* WIP: user group additions
* WIP: remove browse mode for dashboard search
* WIP: get Dashboard Permissions
* WIP: add open/closed folders icons for dash search
* WIP: Can remove dashboard permission - sql
* WIP: limit GetAllowedDashboards sql query with a where in
* WIP: Add or update Dashboard ACL
* WIP: guardian service for search
* dashboard: sort search with dash folder first
* WIP: add some TS types
* WIP: edit user group page
* WIP: API methods for add/remove members to user group
* WIP: add update user group command
* WIP: add new group, needs to be redone
* WIP: add user group search
* WIP: add usergroup commands and queries
* WIP: rough prototype of dashboard folders
* ux: very early start to new sidemenu
* ux: very early start to new sidemenu
* ux: minor tweak to faintness of icons of panel menu caret
* ux: minor progress on panel title menu makover
* use the original options parameter
* use targets[0] as the options
* pass the options along with a _seriesQuery
* pass database parameter in the options
* allow setting the database
* ux: more work on panel menu
* ux: panel title ux improvements poc
* Sending image
* Discord integration
Changes in grafana-natel-discrete-panel:
- Add recompress source service
- Add set_version source service
- Enable changesgenerate for tar_scm source service
- Update to version 0.0.9:
* split commands
* put back the history
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev16:
* VNX: delete the LUN from VNX backend
- Update to version cinder-13.0.10.dev14:
* Fix cross-project incremental backups
- Update to version cinder-13.0.10.dev13:
* Rollback the quota\_usages table when failed to create a incremental backup
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev16:
* VNX: delete the LUN from VNX backend
- Update to version cinder-13.0.10.dev14:
* Fix cross-project incremental backups
- Update to version cinder-13.0.10.dev13:
* Rollback the quota\_usages table when failed to create a incremental backup
Changes in openstack-dashboard:
- Update to version horizon-14.1.1.dev7:
* Fix horizon-nodejs jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev16:
* Retries and timeout for IPA command
- Update to version ironic-11.1.5.dev14:
* Update number of VM on ironic-base
- Update to version ironic-11.1.5.dev12:
* Clean up nodes in DELETING on conductor restart
* Kill misbehaving \`ipmitool\` process
- Update to version ironic-11.1.5.dev9:
* Remove locks before RPC bus is started
- Update to version ironic-11.1.5.dev7:
* Pin ironic-tempest-plugin
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev16:
* Retries and timeout for IPA command
- Update to version ironic-11.1.5.dev14:
* Update number of VM on ironic-base
- Update to version ironic-11.1.5.dev12:
* Clean up nodes in DELETING on conductor restart
* Kill misbehaving \`ipmitool\` process
- Update to version ironic-11.1.5.dev9:
* Remove locks before RPC bus is started
- Update to version ironic-11.1.5.dev7:
* Pin ironic-tempest-plugin
Changes in openstack-ironic-python-agent:
- Update to version ironic-python-agent-3.3.4.dev5:
* Fix TypeError on agent lookup failure
* improve error messages during node lookup failures
- Update to version ironic-python-agent-3.3.4.dev1:
* Pin Ironic Tempest Plugin
3.3.3
Changes in openstack-manila:
- Update to version manila-7.4.2.dev54:
* Fix wrong capacity in pool\_stat for DellEMC manila drivers
- Update to version manila-7.4.2.dev53:
* Fix fallback share group snapshot implementation
- Update to version manila-7.4.2.dev52:
* [ci] Remove explicit compression of log files
* [NetApp] Fix default ipspace deletion issue
* [NetApp] Fix falsely report migration cancelation success
* Harden LVM driver deletion paths
* Update LVM volume extend
- Update to version manila-7.4.2.dev44:
* Get ports filtered by subnet id on share-server cleanup
- Update to version manila-7.4.2.dev42:
* [NetApp] Fix svm scoped account
* [devstack] Allow cephfs daemon port access
- Update to version manila-7.4.2.dev38:
* [extended-maintenance-branches-only] Replace LVM job
* Update NFS helper restart
* Enforce policy checks getting share-type by name
* CIFS extension failing because of volume in use
Changes in openstack-manila:
- Update to version manila-7.4.2.dev54:
* Fix wrong capacity in pool\_stat for DellEMC manila drivers
- Update to version manila-7.4.2.dev53:
* Fix fallback share group snapshot implementation
- Update to version manila-7.4.2.dev52:
* [ci] Remove explicit compression of log files
* [NetApp] Fix default ipspace deletion issue
* [NetApp] Fix falsely report migration cancelation success
* Harden LVM driver deletion paths
* Update LVM volume extend
- Add 0001-Rename-nfs-kernel-server-to-nfs-server.patch
- Update to version manila-7.4.2.dev44:
* Get ports filtered by subnet id on share-server cleanup
- Update to version manila-7.4.2.dev42:
* [NetApp] Fix svm scoped account
* [devstack] Allow cephfs daemon port access
- Update to version manila-7.4.2.dev38:
* [extended-maintenance-branches-only] Replace LVM job
* Update NFS helper restart
* Enforce policy checks getting share-type by name
* CIFS extension failing because of volume in use
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev95:
* Fix deletion of subnet\_id from pd\_subnets
- Update to version neutron-13.0.8.dev93:
* Not remove the running router when MQ is unreachable
- Update to version neutron-13.0.8.dev91:
* [OVS][FW] Remote SG IDs left behind when a SG is removed
- Update to version neutron-13.0.8.dev90:
* [Stable only] Drop \*-master jobs
* port\_forwarding: validate args before invoking db update
- Update to version neutron-13.0.8.dev86:
* Fix validation of IPv6 subnets with external RAs
* Don't check if any bridges were recrected when OVS was restarted
* [Security] fix allowed-address-pair 0.0.0.0/0 issue
* Fix Traceback when running neutron-ipset-cleanup tool
- Update to version neutron-13.0.8.dev79:
* Ensure drop flows on br-int at agent startup for DVR too
- Update to version neutron-13.0.8.dev78:
* [stable only] Configure logging in keepalived\_state\_change
* Don't add arp responder for non tunnel network port
* Add config option \`\`http\_retries\`\`
* Make \_ensure\_default\_security\_group method atomic
* Update the processing of assigned addresses when assigning addresses
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev95:
* Fix deletion of subnet\_id from pd\_subnets
- Remove
0001-Revert-Do-not-block-connection-between-br-int-and-br.patch
(fixed upstream)
- Update to version neutron-13.0.8.dev93:
* Not remove the running router when MQ is unreachable
- Update to version neutron-13.0.8.dev91:
* [OVS][FW] Remote SG IDs left behind when a SG is removed
- Update to version neutron-13.0.8.dev90:
* [Stable only] Drop \*-master jobs
* port\_forwarding: validate args before invoking db update
- Update to version neutron-13.0.8.dev86:
* Fix validation of IPv6 subnets with external RAs
* Don't check if any bridges were recrected when OVS was restarted
* [Security] fix allowed-address-pair 0.0.0.0/0 issue
* Fix Traceback when running neutron-ipset-cleanup tool
- Update to version neutron-13.0.8.dev79:
* Ensure drop flows on br-int at agent startup for DVR too
- Update to version neutron-13.0.8.dev78:
* [stable only] Configure logging in keepalived\_state\_change
* Don't add arp responder for non tunnel network port
* Add config option \`\`http\_retries\`\`
* Make \_ensure\_default\_security\_group method atomic
* Update the processing of assigned addresses when assigning addresses
Changes in openstack-neutron-infoblox:
- Switch to stable/rocky tarball
- Declare LICENSE file correctly
- Add Epoch neccessary due to last version update's jump to 11.0.1 (and subsequent return
to 2.0.3 by upstream)
- Update to 2.0.3~dev102
* Adding the router code back IT got removed in previous commit
* Modified to 14.0.0
* OpenDev Migration Patch
* Replace openstack.org git:// URLs with https://
* Release 13.0.0 Rocky
* upgrading infoblox client to 0.4.21
* Corrected master branch as per neutron master
* Fixed issue of stale entry for dhcp ip if ip allocation strategy is fixed address
* Bumped infoblox-client version to 0.4.19
* Added proper log message which reflects cause of failure
* Removed OS\_REGION\_NAME dependency from sync tools
Changes in openstack-nova:
- Update to version nova-18.3.1.dev54:
* compute: Allow snapshots to be created from PAUSED volume backed instances
- Update to version nova-18.3.1.dev52:
* FUP for in-place numa rebuild
* Disable NUMATopologyFilter on rebuild
* Block rebuild when NUMA topology changed
* Remove 'test\_cold\_migrate\_with\_physnet\_fails' test
- Update to version nova-18.3.1.dev44:
* objects: Update keypairs when saving an instance
- Update to version nova-18.3.1.dev43:
* zuul: remove legacy-tempest-dsvm-neutron-dvr-multinode-full
- Update to version nova-18.3.1.dev42:
* fix scsi disk unit number of the attaching volume when cdrom bus is scsi
* Check cherry-pick hashes in pep8 tox target
* Reject bsct request for unsupported images
Changes in openstack-nova:
- Update to version nova-18.3.1.dev54:
* compute: Allow snapshots to be created from PAUSED volume backed instances
- Add 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch
(bsc#1175484, CVE-2020-17376)
- Update to version nova-18.3.1.dev52:
* FUP for in-place numa rebuild
* Disable NUMATopologyFilter on rebuild
* Block rebuild when NUMA topology changed
* Remove 'test\_cold\_migrate\_with\_physnet\_fails' test
- Update to version nova-18.3.1.dev44:
* objects: Update keypairs when saving an instance
- Update to version nova-18.3.1.dev43:
* zuul: remove legacy-tempest-dsvm-neutron-dvr-multinode-full
- Update to version nova-18.3.1.dev42:
* fix scsi disk unit number of the attaching volume when cdrom bus is scsi
* Check cherry-pick hashes in pep8 tox target
* Reject bsct request for unsupported images
Changes on rubygem-crowbar-client:
- Update to 3.9.3
- Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954)
Changes in python-Flask-Cors:
- Add patches to fix a relative directory traversal issue
(bsc#1175986, CVE-2020-25032):
* 0001-Handle-request_headers-None.patch
* 0002-Fix-request-path-normalization.patch
Changes in storm:
- Fix duplicate BuildRequire on storm-kit
- update to 1.2.3 (SOC-9974, CVE-2019-0202, SOC-9998, CVE-2018-11779):
* 1.2.3
* [STORM-3233] - Upgrade zookeeper client to newest version (3.4.13)
* [STORM-3077] - Upgrade Disruptor version to 3.3.11
* [STORM-3083] - Upgrade HikariCP version to 2.4.7
* [STORM-3094] - Topology name needs to be validated at storm-client
* [STORM-3222] - Fix KafkaSpout internals to use LinkedList instead of ArrayList
* [STORM-3292] - Trident HiveState must flush writers when the batch commits
* [STORM-3013] - Deactivated topology restarts if data flows into Kafka
* [STORM-3028] - HdfsSpout does not handle empty files in case of ack enabled
* [STORM-3046] - Getting a NPE leading worker to die when starting a topology.
* [STORM-3047] - Ensure Trident emitter refreshPartitions is only called with partitions assigned to the emitter
* [STORM-3055] - never refresh connection
* [STORM-3068] - STORM_JAR_JVM_OPTS are not passed to storm-kafka-monitor properly
* [STORM-3082] - NamedTopicFilter can't handle topics that don't exist yet
* [STORM-3087] - FluxBuilder.canInvokeWithArgs is too permissive when the method parameter type is a primitive
* [STORM-3090] - The same offset value is used by the same partition number of different topics.
* [STORM-3097] - Remove storm-druid in 2.x and deprecate support for it in 1.x
* [STORM-3102] - Storm Kafka Client performance issues with Kafka Client v1.0.0
* [STORM-3109] - Wrong canonical path set to STORM_LOCAL_DIR in storm kill_workers
* [STORM-3110] - Supervisor does not kill all worker processes in secure mode in case of user mismatch
* [STORM-3121] - Fix flaky metrics tests in storm-core
* [STORM-3122] - FNFE due to race condition between 'async localizer' and 'update blob' timer thread
* [STORM-3123] - Storm Kafka Monitor does not work with Kafka over two-way SSL
* [STORM-3161] - Local mode should force setting min replication count to 1
* [STORM-3164] - Multilang storm.py uses traceback.format_exc incorrectly
* [STORM-3184] - Storm supervisor log showing keystore and truststore password in plaintext
* [STORM-3201] - kafka spout lag on UI needs some cleanup
* [STORM-3301] - The KafkaSpout can in some cases still replay tuples that were already committed
* [STORM-3381] - Upgrading to Zookeeper 3.4.14 added an LGPL dependency
* [STORM-3384] - storm set-log-level command throws wrong exception when the topology is not running
* [STORM-3086] - Update Flux documentation to demonstrate static factory methods (STORM-2796)
* [STORM-3089] - Document worker hooks on the hooks page
* [STORM-3199] - Metrics-ganglia depends on an LGPL library, so we shouldn't depend on it
* [STORM-3289] - Add note about KAFKA-7044 to storm-kafka-client compatibility docs
* [STORM-3330] - Migrate parts of storm-webapp, and reduce use of mocks for files
* 1.2.2
* [STORM-3026] - Upgrade ZK instance for security
* [STORM-3027] - Make Impersonation Optional
* [STORM-2896] - Support automatic migration of offsets from storm-kafka to storm-kafka-client KafkaSpout
* [STORM-2997] - Add logviewer ssl module in SECURITY.md
* [STORM-3006] - Distributed RPC documentation needs an update
* [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined
* [STORM-3022] - Decouple storm-hive UTs with Hive
* [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology
* [STORM-3069] - Allow users to specify maven local repository directory for storm submit tool
* [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field
* [STORM-2967] - Upgrade jackson to latest version 2.9.4
* [STORM-2968] - Exclude a few unwanted jars from storm-autocreds
* [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka
* [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks
* [STORM-2981] - Upgrade Curator to lastest patch version
* [STORM-2985] - Add jackson-annotations to dependency management
* [STORM-2988] - 'Error on initialization of server mk-worker' when using org.apache.storm.metrics2.reporters.JmxStormReporter on worker
* [STORM-2989] - LogCleaner should preserve current worker.log.metrics
* [STORM-2993] - Storm HDFS bolt throws ClosedChannelException when Time rotation policy is used
* [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets
* [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply()
* [STORM-3052] - Let blobs un archive
* [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE
* [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes
* [STORM-3060] - Configuration mapping between storm-kafka and storm-kafka-client
* [STORM-2952] - Deprecate storm-kafka in 1.x
* [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated
Changes in storm-kit:
- Add _constraints to prevent build from running out of disk space
- Updated kit for storm-1.2.3
Changes in venv-openstack-cinder:
- Ensure that python-swiftclient is pulled into the built venv
via an explicit BuildRequires directive. (SOC-10522)
Changes in venv-openstack-horizon:
- Ensure SOC 9 package obsoletes equivalent HOS 8 package (SOC-11184)
CriticalSUSE bug 1117080SUSE bug 1142617SUSE bug 1143163SUSE bug 1172450SUSE bug 1174583SUSE bug 1175484SUSE bug 1175986CVE-2018-11779 at SUSECVE-2018-11779 at NVDCVE-2018-17954 at SUSECVE-2018-17954 at NVDCVE-2018-18623 at SUSECVE-2018-18623 at NVDCVE-2018-18624 at SUSECVE-2018-18624 at NVDCVE-2018-18625 at SUSECVE-2018-18625 at NVDCVE-2019-0202 at SUSECVE-2019-0202 at NVDCVE-2020-11110 at SUSECVE-2020-11110 at NVDCVE-2020-17376 at SUSECVE-2020-17376 at NVDCVE-2020-25032 at SUSECVE-2020-25032 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tigervnc (Critical)SUSE OpenStack Cloud 9
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate
authorities, allowing malicious owners of these certificates
to impersonate any server after a client had added an exception
(bsc#1176733)
CriticalSUSE bug 1176733CVE-2020-26117 at SUSECVE-2020-26117 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libproxy (Important)SUSE OpenStack Cloud 9
This update for libproxy fixes the following issues:
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
ImportantSUSE bug 1176410SUSE bug 1177143CVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:suse-openstack-cloud:9Recommended update for bind (Moderate)SUSE OpenStack Cloud 9
This update for bind fixes the following issues:
Bind was updated to version 9.11.22
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
This upgrade also fixes the following security issues:
* 5481. [security] 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM. (CVE-2020-8624 bsc#1175443)
* 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623 bsc#1175443)
* 5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622 bsc#1175443)
- Suppress warning message about missing file. (bsc#1092283, bsc#1127583, bsc#1094236, bsc#1173983)
Added */etc/bind.keys* to *NAMED_CONF_INCLUDE_FILES* in */etc/sysconfig/named*.
ModerateSUSE bug 1092283SUSE bug 1094236SUSE bug 1127583SUSE bug 1173983SUSE bug 1175443CVE-2020-8622 at SUSECVE-2020-8622 at NVDCVE-2020-8623 at SUSECVE-2020-8623 at NVDCVE-2020-8624 at SUSECVE-2020-8624 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for freetype2 (Important)SUSE OpenStack Cloud 9
This update for freetype2 fixes the following issues:
- CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).
ImportantSUSE bug 1177914CVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-pip (Moderate)SUSE OpenStack Cloud 9
This update for python-pip fixes the following issues:
- CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262)
ModerateSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libvirt (Important)SUSE OpenStack Cloud 9
This update for libvirt fixes the following issues:
- CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955).
- CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155).
- libxl: Fixed lock manager lock ordering (bsc#1171701).
ImportantSUSE bug 1171701SUSE bug 1174955SUSE bug 1177155CVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.0 ESR
* Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756)
* CVE-2020-15969 Use-after-free in usersctp
* CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
* Fixed: Fixed legacy preferences not being properly applied when set via GPO
ImportantSUSE bug 1176756SUSE bug 1177872CVE-2020-15683 at SUSECVE-2020-15683 at NVDCVE-2020-15969 at SUSECVE-2020-15969 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for spice (Moderate)SUSE OpenStack Cloud 9
This update for spice fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for spice-gtk (Moderate)SUSE OpenStack Cloud 9
This update for spice-gtk fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Important)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).
- CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).
- CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).
ImportantSUSE bug 1173902SUSE bug 1173994SUSE bug 1177613CVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sane-backends (Important)SUSE OpenStack Cloud 9
This update for sane-backends fixes the following issues:
- sane-backends version upgrade to 1.0.31:
* sane-backends version upgrade to 1.0.30
fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862,
CVE-2020-12863, CVE-2020-12864, CVE-2020-12865,
CVE-2020-12866, CVE-2020-12867 (bsc#1172524)
* sane-backends version upgrade to 1.0.31
to further improve hardware enablement for scanner devices
(jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)
* The new escl backend cannot be provided for SLE12 because
it requires more additional software (avahi-client, libcurl,
and libpoppler-glib-devel) where in particular for libcurl
the one that is in SLE12 (via libcurl-devel-7.37.0) is likely
too old because with that building the escl backend fails with
'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH'
undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH'
ImportantSUSE bug 1172524CVE-2017-6318 at SUSECVE-2017-6318 at NVDCVE-2020-12861 at SUSECVE-2020-12861 at NVDCVE-2020-12862 at SUSECVE-2020-12862 at NVDCVE-2020-12863 at SUSECVE-2020-12863 at NVDCVE-2020-12864 at SUSECVE-2020-12864 at NVDCVE-2020-12865 at SUSECVE-2020-12865 at NVDCVE-2020-12866 at SUSECVE-2020-12866 at NVDCVE-2020-12867 at SUSECVE-2020-12867 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache-commons-httpclient (Important)SUSE OpenStack Cloud 9
This update for apache-commons-httpclient fixes the following issues:
- http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262]
- org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a 'CN=' string in a field in the distinguished name (DN)
of a certificate. [bsc#1178171, CVE-2014-3577]
ImportantSUSE bug 1178171SUSE bug 945190CVE-2014-3577 at SUSECVE-2014-3577 at NVDCVE-2015-5262 at SUSECVE-2015-5262 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
- Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)',
introduced in October 2020 CPU.
- Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU,
bsc#1174157, and October 2020 CPU, bsc#1177943)
* New features
+ JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
+ PR3796: Allow the number of curves supported to be specified
* Security fixes
+ JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue)
+ JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString()
+ JDK-8230613: Better ASCII conversions
+ JDK-8231800: Better listing of arrays
+ JDK-8232014: Expand DTD support
+ JDK-8233255: Better Swing Buttons
+ JDK-8233624: Enhance JNI linkage
+ JDK-8234032: Improve basic calendar services
+ JDK-8234042: Better factory production of certificates
+ JDK-8234418: Better parsing with CertificateFactory
+ JDK-8234836: Improve serialization handling
+ JDK-8236191: Enhance OID processing
+ JDK-8236196: Improve string pooling
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
+ JDK-8237592, CVE-2020-14577: Enhance certificate verification
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8238002, CVE-2020-14581: Better matrix operations
+ JDK-8238804: Enhance key handling process
+ JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
+ JDK-8238843: Enhanced font handing
+ JDK-8238920, CVE-2020-14583: Better Buffer support
+ JDK-8238925: Enhance WAV file playback
+ JDK-8240119, CVE-2020-14593: Less Affine Transformations
+ JDK-8240124: Better VM Interning
+ JDK-8240482: Improved WAV file playback
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8241379: Update JCEKS support
+ JDK-8241522: Manifest improved jar headers redux
+ JDK-8242136, CVE-2020-14621: Better XML namespace handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 8 u262 build 01
+ JDK-4949105: Access Bridge lacks html tags parsing
+ JDK-8003209: JFR events for network utilization
+ JDK-8030680: 292 cleanup from default method code assessment
+ JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java
and some tests failed on windows intermittently
+ JDK-8041626: Shutdown tracing event
+ JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
+ JDK-8149338: JVM Crash caused by Marlin renderer not handling
NaN coordinates
+ JDK-8151582: (ch) test java/nio/channels/
/AsyncCloseAndInterrupt.java failing due to 'Connection
succeeded'
+ JDK-8165675: Trace event for thread park has incorrect unit
for timeout
+ JDK-8176182: 4 security tests are not run
+ JDK-8178910: Problemlist sample tests
+ JDK-8183925: Decouple crash protection from watcher thread
+ JDK-8191393: Random crashes during cfree+0x1c
+ JDK-8195817: JFR.stop should require name of recording
+ JDK-8195818: JFR.start should increase autogenerated name by
one
+ JDK-8195819: Remove recording=x from jcmd JFR.check output
+ JDK-8199712: Flight Recorder
+ JDK-8202578: Revisit location for class unload events
+ JDK-8202835: jfr/event/os/TestSystemProcess.java fails on
missing events
+ JDK-8203287: Zero fails to build after JDK-8199712 (Flight
Recorder)
+ JDK-8203346: JFR: Inconsistent signature of
jfr_add_string_constant
+ JDK-8203664: JFR start failure after AppCDS archive created
with JFR StartFlightRecording
+ JDK-8203921: JFR thread sampling is missing fixes from
JDK-8194552
+ JDK-8203929: Limit amount of data for JFR.dump
+ JDK-8205516: JFR tool
+ JDK-8207392: [PPC64] Implement JFR profiling
+ JDK-8207829: FlightRecorderMXBeanImpl is leaking the first
classloader which calls it
+ JDK-8209960: -Xlog:jfr* doesn't work with the JFR
+ JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
+ JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD
1.0.7
+ JDK-8211239: Build fails without JFR: empty JFR events
signatures mismatch
+ JDK-8212232: Wrong metadata for the configuration of the
cutoff for old object sample events
+ JDK-8213015: Inconsistent settings between JFR.configure and
-XX:FlightRecorderOptions
+ JDK-8213421: Line number information for execution samples
always 0
+ JDK-8213617: JFR should record the PID of the recorded process
+ JDK-8213734: SAXParser.parse(File, ..) does not close
resources when Exception occurs.
+ JDK-8213914: [TESTBUG] Several JFR VM events are not covered
by tests
+ JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by
test
+ JDK-8213966: The ZGC JFR events should be marked as
experimental
+ JDK-8214542: JFR: Old Object Sample event slow on a deep heap
in debug builds
+ JDK-8214750: Unnecessary <p> tags in jfr classes
+ JDK-8214896: JFR Tool left files behind
+ JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java
fails with UnsatisfiedLinkError
+ JDK-8214925: JFR tool fails to execute
+ JDK-8215175: Inconsistencies in JFR event metadata
+ JDK-8215237: jdk.jfr.Recording javadoc does not compile
+ JDK-8215284: Reduce noise induced by periodic task
getFileSize()
+ JDK-8215355: Object monitor deadlock with no threads holding
the monitor (using jemalloc 5.1)
+ JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
+ JDK-8215771: The jfr tool should pretty print reference chains
+ JDK-8216064: -XX:StartFlightRecording:settings= doesn't work
properly
+ JDK-8216486: Possibility of integer overflow in
JfrThreadSampler::run()
+ JDK-8216528: test/jdk/java/rmi/transport/
/runtimeThreadInheritanceLeak/
/RuntimeThreadInheritanceLeak.java failing with Xcomp
+ JDK-8216559: [JFR] Native libraries not correctly parsed from
/proc/self/maps
+ JDK-8216578: Remove unused/obsolete method in JFR code
+ JDK-8216995: Clean up JFR command line processing
+ JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some
systems due to process surviving SIGINT
+ JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR
TestShutdownEvent
+ JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
+ JDK-8223147: JFR Backport
+ JDK-8223689: Add JFR Thread Sampling Support
+ JDK-8223690: Add JFR BiasedLock Event Support
+ JDK-8223691: Add JFR G1 Region Type Change Event Support
+ JDK-8223692: Add JFR G1 Heap Summary Event Support
+ JDK-8224172: assert(jfr_is_event_enabled(id)) failed:
invariant
+ JDK-8224475: JTextPane does not show images in HTML rendering
+ JDK-8226253: JAWS reports wrong number of radio buttons when
buttons are hidden.
+ JDK-8226779: [TESTBUG] Test JFR API from Java agent
+ JDK-8226892: ActionListeners on JRadioButtons don't get
notified when selection is changed with arrow keys
+ JDK-8227011: Starting a JFR recording in response to JVMTI
VMInit and / or Java agent premain corrupts memory
+ JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id()
& (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0))
failed: invariant'
+ JDK-8229366: JFR backport allows unchecked writing to memory
+ JDK-8229401: Fix JFR code cache test failures
+ JDK-8229708: JFR backport code does not initialize
+ JDK-8229873: 8229401 broke jdk8u-jfr-incubator
+ JDK-8230448: [test] JFRSecurityTestSuite.java is failing on
Windows
+ JDK-8230707: JFR related tests are failing
+ JDK-8230782: Robot.createScreenCapture() fails if
'awt.robot.gtk' is set to false
+ JDK-8230856: Java_java_net_NetworkInterface_getByName0 on
unix misses ReleaseStringUTFChars in early return
+ JDK-8230947: TestLookForUntestedEvents.java is failing after
JDK-8230707
+ JDK-8231995: two jtreg tests failed after 8229366 is fixed
+ JDK-8233623: Add classpath exception to copyright in
EventHandlerProxyCreator.java file
+ JDK-8236002: CSR for JFR backport suggests not leaving out
the package-info
+ JDK-8236008: Some backup files were accidentally left in the
hotspot tree
+ JDK-8236074: Missed package-info
+ JDK-8236174: Should update javadoc since tags
+ JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
+ JDK-8238452: Keytool generates wrong expiration date if
validity is set to 2050/01/01
+ JDK-8238555: Allow Initialization of SunPKCS11 with NSS when
there are external FIPS modules in the NSSDB
+ JDK-8238589: Necessary code cleanup in JFR for JDK8u
+ JDK-8238590: Enable JFR by default during compilation in 8u
+ JDK-8239055: Wrong implementation of VMState.hasListener
+ JDK-8239476: JDK-8238589 broke windows build by moving
OrderedPair
+ JDK-8239479: minimal1 and zero builds are failing
+ JDK-8239867: correct over use of INCLUDE_JFR macro
+ JDK-8240375: Disable JFR by default for July 2020 release
+ JDK-8241444: Metaspace::_class_vsm not initialized if
compressed class pointers are disabled
+ JDK-8241902: AIX Build broken after integration of
JDK-8223147 (JFR Backport)
+ JDK-8242788: Non-PCH build is broken after JDK-8191393
* Import of OpenJDK 8 u262 build 02
+ JDK-8130737: AffineTransformOp can't handle child raster with
non-zero x-offset
+ JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation
in java/awt/image/Raster/TestChildRasterOp.java
+ JDK-8230926: [macosx] Two apostrophes are entered instead of
one with 'U.S. International - PC' layout
+ JDK-8240576: JVM crashes after transformation in C2
IdealLoopTree::merge_many_backedges
+ JDK-8242883: Incomplete backport of JDK-8078268: backport
test part
* Import of OpenJDK 8 u262 build 03
+ JDK-8037866: Replace the Fun class in tests with lambdas
+ JDK-8146612: C2: Precedence edges specification violated
+ JDK-8150986: serviceability/sa/jmap-hprof/
/JMapHProfLargeHeapTest.java failing because expects HPROF
JAVA PROFILE 1.0.1 file format
+ JDK-8229888: (zipfs) Updating an existing zip file does not
preserve original permissions
+ JDK-8230597: Update GIFlib library to the 5.2.1
+ JDK-8230769: BufImg_SetupICM add
ReleasePrimitiveArrayCritical call in early return
+ JDK-8233880, PR3798: Support compilers with multi-digit major
version numbers
+ JDK-8239852: java/util/concurrent tests fail with
-XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:
verification should have failed
+ JDK-8241638: launcher time metrics always report 1 on Linux
when _JAVA_LAUNCHER_DEBUG set
+ JDK-8243059: Build fails when --with-vendor-name contains a
comma
+ JDK-8243474: [TESTBUG] removed three tests of 0 bytes
+ JDK-8244461: [JDK 8u] Build fails with glibc 2.32
+ JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion()
returns wrong result
* Import of OpenJDK 8 u262 build 04
+ JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't
throw NPE if timeout is less than, or equal to zero when unit
== null
+ JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
+ JDK-8171934:
ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification()
does not recognize OpenJDK's HotSpot VM
+ JDK-8196969: JTreg Failure:
serviceability/sa/ClhsdbJstack.java causes NPE
+ JDK-8243539: Copyright info (Year) should be updated for fix
of 8241638
+ JDK-8244777: ClassLoaderStats VM Op uses constant hash value
* Import of OpenJDK 8 u262 build 05
+ JDK-7147060: com/sun/org/apache/xml/internal/security/
/transforms/ClassLoaderTest.java doesn't run in agentvm mode
+ JDK-8178374: Problematic ByteBuffer handling in
CipherSpi.bufferCrypt method
+ JDK-8181841: A TSA server returns timestamp with precision
higher than milliseconds
+ JDK-8227269: Slow class loading when running with JDWP
+ JDK-8229899: Make java.io.File.isInvalid() less racy
+ JDK-8236996: Incorrect Roboto font rendering on Windows with
subpixel antialiasing
+ JDK-8241750: x86_32 build failure after JDK-8227269
+ JDK-8244407: JVM crashes after transformation in C2
IdealLoopTree::split_fall_in
+ JDK-8244843: JapanEraNameCompatTest fails
* Import of OpenJDK 8 u262 build 06
+ JDK-8246223: Windows build fails after JDK-8227269
* Import of OpenJDK 8 u262 build 07
+ JDK-8233197: Invert JvmtiExport::post_vm_initialized() and
Jfr:on_vm_start() start-up order for correct option parsing
+ JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
+ JDK-8245167: Top package in method profiling shows null in JMC
+ JDK-8246703: [TESTBUG] Add test for JDK-8233197
* Import of OpenJDK 8 u262 build 08
+ JDK-8220293: Deadlock in JFR string pool
+ JDK-8225068: Remove DocuSign root certificate that is
expiring in May 2020
+ JDK-8225069: Remove Comodo root certificate that is expiring
in May 2020
* Import of OpenJDK 8 u262 build 09
+ JDK-8248399: Build installs jfr binary when JFR is disabled
* Import of OpenJDK 8 u262 build 10
+ JDK-8248715: New JavaTimeSupplementary localisation for 'in'
installed in wrong package
* Import of OpenJDK 8 u265 build 01
+ JDK-8249677: Regression in 8u after JDK-8237117: Better
ForkJoinPool behavior
+ JDK-8250546: Expect changed behaviour reported in JDK-8249846
* Import of OpenJDK 8 u272 build 01
+ JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
test/compiler/7177917/Test7177917.java
+ JDK-8035493: JVMTI PopFrame capability must instruct
compilers not to prune locals
+ JDK-8036088: Replace strtok() with its safe equivalent
strtok_s() in DefaultProxySelector.c
+ JDK-8039082: [TEST_BUG] Test java/awt/dnd/
/BadSerializationTest/BadSerializationTest.java fails
+ JDK-8075774: Small readability and performance improvements
for zipfs
+ JDK-8132206: move ScanTest.java into OpenJDK
+ JDK-8132376: Add @requires os.family to the client tests with
access to internal OS-specific API
+ JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
+ JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/
/appletviewer/IOExceptionIfEncodedURLTest/
/IOExceptionIfEncodedURLTest.sh
+ JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/
/MTGraphicsAccessTest.java hangs on Win. 8
+ JDK-8151788: NullPointerException from ntlm.Client.type3
+ JDK-8151834: Test SmallPrimeExponentP.java times out
intermittently
+ JDK-8153430: jdk regression test MletParserLocaleTest,
ParserInfiniteLoopTest reduce default timeout
+ JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary
public
+ JDK-8156169: Some sound tests rarely hangs because of
incorrect synchronization
+ JDK-8165936: Potential Heap buffer overflow when seaching
timezone info files
+ JDK-8166148: Fix for JDK-8165936 broke solaris builds
+ JDK-8167300: Scheduling failures during gcm should be fatal
+ JDK-8167615: Opensource unit/regression tests for JavaSound
+ JDK-8172012: [TEST_BUG] delays needed in
javax/swing/JTree/4633594/bug4633594.java
+ JDK-8177628: Opensource unit/regression tests for ImageIO
+ JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
+ JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/
/AppletContextTest/BadPluginConfigurationTest.sh
+ JDK-8193137: Nashorn crashes when given an empty script file
+ JDK-8194298: Add support for per Socket configuration of TCP
keepalive
+ JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java
throws error
+ JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java
fails
+ JDK-8210147: adjust some WSAGetLastError usages in windows
network coding
+ JDK-8211714: Need to update vm_version.cpp to recognise
VS2017 minor versions
+ JDK-8214862: assert(proj != __null) at compile.cpp:3251
+ JDK-8217606: LdapContext#reconnect always opens a new
connection
+ JDK-8217647: JFR: recordings on 32-bit systems unreadable
+ JDK-8226697: Several tests which need the @key headful
keyword are missing it.
+ JDK-8229378: jdwp library loader in linker_md.c quietly
truncates on buffer overflow
+ JDK-8230303: JDB hangs when running monitor command
+ JDK-8230711: ConnectionGraph::unique_java_object(Node* N)
return NULL if n is not in the CG
+ JDK-8234617: C1: Incorrect result of field load due to
missing narrowing conversion
+ JDK-8235243: handle VS2017 15.9 and VS2019 in
abstract_vm_version
+ JDK-8235325: build failure on Linux after 8235243
+ JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
+ JDK-8237951: CTW: C2 compilation fails with 'malformed
control flow'
+ JDK-8238225: Issues reported after replacing symlink at
Contents/MacOS/libjli.dylib with binary
+ JDK-8239385: KerberosTicket client name refers wrongly to
sAMAccountName in AD
+ JDK-8239819: XToolkit: Misread of screen information memory
+ JDK-8240295: hs_err elapsed time in seconds is not accurate
enough
+ JDK-8241888: Mirror jdk.security.allowNonCaAnchor system
property with a security one
+ JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads
to JVM crash
+ JDK-8243489: Thread CPU Load event may contain wrong data for
CPU time under certain conditions
+ JDK-8244818: Java2D Queue Flusher crash while moving
application window to external monitor
+ JDK-8246310: Clean commented-out code about ModuleEntry
and PackageEntry in JFR
+ JDK-8246384: Enable JFR by default on supported architectures
for October 2020 release
+ JDK-8248643: Remove extra leading space in JDK-8240295 8u
backport
+ JDK-8249610: Make
sun.security.krb5.Config.getBooleanObject(String... keys)
method public
* Import of OpenJDK 8 u272 build 02
+ JDK-8023697: failed class resolution reports different class
name in detail message for the first and subsequent times
+ JDK-8025886: replace [[ and == bash extensions in regtest
+ JDK-8046274: Removing dependency on jakarta-regexp
+ JDK-8048933: -XX:+TraceExceptions output should include the
message
+ JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/
/fileaccess/FontFile.java fails
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8154313: Generated javadoc scattered all over the place
+ JDK-8163251: Hard coded loop limit prevents reading of smart
card data greater than 8k
+ JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java
fails with compiler.whitebox.SimpleTestCaseHelper(int) must be
compiled
+ JDK-8183349: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
+ JDK-8191678: [TESTBUG] Add keyword headful in java/awt
FocusTransitionTest test.
+ JDK-8201633: Problems with AES-GCM native acceleration
+ JDK-8211049: Second parameter of 'initialize' method is not
used
+ JDK-8219566: JFR did not collect call stacks when
MaxJavaStackTraceDepth is set to zero
+ JDK-8220165: Encryption using GCM results in
RuntimeException- input length out of bound
+ JDK-8220555: JFR tool shows potentially misleading message
when it cannot access a file
+ JDK-8224217: RecordingInfo should use textual representation
of path
+ JDK-8231779: crash
HeapWord*ParallelScavengeHeap::failed_mem_allocate
+ JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c
'multiple definition' link errors with GCC10
+ JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/
/SctpNet.c 'multiple definition' link errors with GCC10
+ JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple
definition' link errors with GCC10
+ JDK-8242556: Cannot load RSASSA-PSS public key with non-null
params from byte array
+ JDK-8250755: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java
* Import of OpenJDK 8 u272 build 03
+ JDK-6574989: TEST_BUG:
javax/sound/sampled/Clip/bug5070081.java fails sometimes
+ JDK-8148754: C2 loop unrolling fails due to unexpected graph
shape
+ JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests
fail with error : revokeall.exe: Permission denied
+ JDK-8203357: Container Metrics
+ JDK-8209113: Use WeakReference for lastFontStrike for created
Fonts
+ JDK-8216283: Allow shorter method sampling interval than 10 ms
+ JDK-8221569: JFR tool produces incorrect output when both
--categories and --events are specified
+ JDK-8233097: Fontmetrics for large Fonts has zero width
+ JDK-8248851: CMS: Missing memory fences between free chunk
check and klass read
+ JDK-8250875: Incorrect parameter type for update_number in
JDK_Version::jdk_update
* Import of OpenJDK 8 u272 build 04
+ JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
IllegalArgumentException for flags of type double
+ JDK-8177334: Update xmldsig implementation to Apache
Santuario 2.1.1
+ JDK-8217878: ENVELOPING XML signature no longer works in JDK
11
+ JDK-8218629: XML Digital Signature throws NAMESPACE_ERR
exception on OpenJDK 11, works 8/9/10
+ JDK-8243138: Enhance BaseLdapServer to support starttls
extended request
* Import of OpenJDK 8 u272 build 05
+ JDK-8026236: Add PrimeTest for BigInteger
+ JDK-8057003: Large reference arrays cause extremely long
synchronization times
+ JDK-8060721: Test runtime/SharedArchiveFile/
/LimitSharedSizes.java fails in jdk 9 fcs new
platforms/compiler
+ JDK-8152077: (cal) Calendar.roll does not always roll the
hours during daylight savings
+ JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
+ JDK-8211163: UNIX version of Java_java_io_Console_echo does
not return a clean boolean
+ JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in
docker container only works with debug JVMs
+ JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
+ JDK-8236645: JDK 8u231 introduces a regression with
incompatible handling of XML messages
+ JDK-8240676: Meet not symmetric failure when running lucene
on jdk8
+ JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA
program
+ JDK-8249158: THREAD_START and THREAD_END event posted in
primordial phase
+ JDK-8250627: Use -XX:+/-UseContainerSupport for
enabling/disabling Java container metrics
+ JDK-8251546: 8u backport of JDK-8194298 breaks AIX and
Solaris builds
+ JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
AgeTableTracer::is_tenuring_distribution_event_enabled
* Import of OpenJDK 8 u272 build 06
+ JDK-8064319: Need to enable -XX:+TraceExceptions in release
builds
+ JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11
v2.40 support
+ JDK-8160768: Add capability to custom resolve host/domain
names within the default JNDI LDAP provider
+ JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions()
not working
+ JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface
license
+ JDK-8184762: ZapStackSegments should use optimized memset
+ JDK-8193234: When using -Xcheck:jni an internally allocated
buffer can leak
+ JDK-8219919: RuntimeStub name lost with
PrintFrameConverterAssembly
+ JDK-8220313: [TESTBUG] Update base image for Docker testing
to OL 7.6
+ JDK-8222079: Don't use memset to initialize fields decode_env
constructor in disassembler.cpp
+ JDK-8225695: 32-bit build failures after JDK-8080462 (Update
SunPKCS11 provider with PKCS11 v2.40 support)
+ JDK-8226575: OperatingSystemMXBean should be made container
aware
+ JDK-8226809: Circular reference in printed stack trace is not
correctly indented & ambiguous
+ JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
+ JDK-8233621: Mismatch in jsse.enableMFLNExtension property
name
+ JDK-8238898, PR3801: Missing hash characters for header on
license file
+ JDK-8243320: Add SSL root certificates to Oracle Root CA
program
+ JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest
release 1.8.26
+ JDK-8245467: Remove 8u TLSv1.2 implementation files
+ JDK-8245469: Remove DTLS protocol implementation
+ JDK-8245470: Fix JDK8 compatibility issues
+ JDK-8245471: Revert JDK-8148188
+ JDK-8245472: Backport JDK-8038893 to JDK8
+ JDK-8245473: OCSP stapling support
+ JDK-8245474: Add TLS_KRB5 cipher suites support according to
RFC-2712
+ JDK-8245476: Disable TLSv1.3 protocol in the ClientHello
message by default
+ JDK-8245477: Adjust TLS tests location
+ JDK-8245653: Remove 8u TLS tests
+ JDK-8245681: Add TLSv1.3 regression test from 11.0.7
+ JDK-8251117: Cannot check P11Key size in P11Cipher and
P11AEADCipher
+ JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is
set to either true or false
+ JDK-8251341: Minimal Java specification change
+ JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
* Import of OpenJDK 8 u272 build 07
+ JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
* Import of OpenJDK 8 u272 build 08
+ JDK-8062947: Fix exception message to correctly represent
LDAP connection failure
+ JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed
due to timeout on DeadServerNoTimeoutTest is incorrect
+ JDK-8252573: 8u: Windows build failed after 8222079 backport
* Import of OpenJDK 8 u272 build 09
+ JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java :
Compilation failed
* Import of OpenJDK 8 u272 build 10
+ JDK-8254673: Call to JvmtiExport::post_vm_start() was removed
by the fix for JDK-8249158
+ JDK-8254937: Revert JDK-8148854 for 8u272
* Backports
+ JDK-8038723, PR3806: Openup some PrinterJob tests
+ JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when
JTable contains certain string
+ JDK-8058779, PR3805: Faster implementation of
String.replace(CharSequence, CharSequence)
+ JDK-8130125, PR3806: [TEST_BUG] add @modules to the several
client tests unaffected by the automated bulk update
+ JDK-8144015, PR3806: [PIT] failures of text layout font tests
+ JDK-8144023, PR3806: [PIT] failure of text measurements in
javax/swing/text/html/parser/Parser/6836089/bug6836089.java
+ JDK-8144240, PR3806: [macosx][PIT] AIOOB in
closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8145542, PR3806: The case failed automatically and thrown
java.lang.ArrayIndexOutOfBoundsException exception
+ JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
displaying Devanagari text in JEditorPane
+ JDK-8152358, PR3800: code and comment cleanups found during
the hunt for 8077392
+ JDK-8152545, PR3804: Use preprocessor instead of compiling a
program to generate native nio constants
+ JDK-8152680, PR3806: Regression in
GlyphVector.getGlyphCharIndex behaviour
+ JDK-8158924, PR3806: Incorrect i18n text document layout
+ JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for
javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8166068, PR3806: test/java/awt/font/GlyphVector/
/GetGlyphCharIndexTest.java does not compile
+ JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/
/GlyphPainter2/6427244/bug6427244.java - compilation failed
+ JDK-8191512, PR3806: T2K font rasterizer code removal
+ JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from
JDK sources
+ JDK-8236512, PR3801: PKCS11 Connection closed after
Cipher.doFinal and NoPadding
+ JDK-8254177, PR3809: (tz) Upgrade time-zone data to
tzdata2020b
* Bug fixes
+ PR3798: Fix format-overflow error on GCC 10, caused by
passing NULL to a '%s' directive
+ PR3795: ECDSAUtils for XML digital signatures should support
the same curve set as the rest of the JDK
+ PR3799: Adapt elliptic curve patches to JDK-8245468: Add
TLSv1.3 implementation classes from 11.0.7
+ PR3808: IcedTea does not install the JFR *.jfc files
+ PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has
fixed its use with Shenandoah
+ PR3811: Don't attempt to install JFR files when JFR is
disabled
* Shenandoah
+ [backport] 8221435: Shenandoah should not mark through weak
roots
+ [backport] 8221629: Shenandoah: Cleanup class unloading logic
+ [backport] 8222992: Shenandoah: Pre-evacuate all roots
+ [backport] 8223215: Shenandoah: Support verifying subset of
roots
+ [backport] 8223774: Shenandoah: Refactor
ShenandoahRootProcessor and family
+ [backport] 8224210: Shenandoah: Refactor
ShenandoahRootScanner to support scanning CSet codecache roots
+ [backport] 8224508: Shenandoah: Need to update thread roots
in final mark for piggyback ref update cycle
+ [backport] 8224579: ResourceMark not declared in
shenandoahRootProcessor.inline.hpp with
--disable-precompiled-headers
+ [backport] 8224679: Shenandoah: Make
ShenandoahParallelCodeCacheIterator noncopyable
+ [backport] 8224751: Shenandoah: Shenandoah Verifier should
select proper roots according to current GC cycle
+ [backport] 8225014: Separate ShenandoahRootScanner method for
object_iterate
+ [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't
work for Shenandoah
+ [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to
ensure roots to-space invariant
+ [backport] 8225590: Shenandoah: Refactor
ShenandoahClassLoaderDataRoots API
+ [backport] 8226413: Shenandoah: Separate root scanner for
SH::object_iterate()
+ [backport] 8230853: Shenandoah: replace leftover
assert(is_in(...)) with rich asserts
+ [backport] 8231198: Shenandoah: heap walking should visit all
roots most of the time
+ [backport] 8231244: Shenandoah: all-roots heap walking misses
some weak roots
+ [backport] 8237632: Shenandoah: accept NULL fwdptr to
cooperate with JVMTI and JFR
+ [backport] 8239786: Shenandoah: print per-cycle statistics
+ [backport] 8239926: Shenandoah: Shenandoah needs to mark
nmethod's metadata
+ [backport] 8240671: Shenandoah: refactor
ShenandoahPhaseTimings
+ [backport] 8240749: Shenandoah: refactor ShenandoahUtils
+ [backport] 8240750: Shenandoah: remove leftover files and
mentions of ShenandoahAllocTracker
+ [backport] 8240868: Shenandoah: remove CM-with-UR
piggybacking cycles
+ [backport] 8240872: Shenandoah: Avoid updating new regions
from start of evacuation
+ [backport] 8240873: Shenandoah: Short-cut arraycopy barriers
+ [backport] 8240915: Shenandoah: Remove unused fields in init
mark tasks
+ [backport] 8240948: Shenandoah: cleanup not-forwarded-objects
paths after JDK-8240868
+ [backport] 8241007: Shenandoah: remove
ShenandoahCriticalControlThreadPriority support
+ [backport] 8241062: Shenandoah: rich asserts trigger 'empty
statement' inspection
+ [backport] 8241081: Shenandoah: Do not modify
update-watermark concurrently
+ [backport] 8241093: Shenandoah: editorial changes in flag
descriptions
+ [backport] 8241139: Shenandoah: distribute mark-compact work
exactly to minimize fragmentation
+ [backport] 8241142: Shenandoah: should not use parallel
reference processing with single GC thread
+ [backport] 8241351: Shenandoah: fragmentation metrics overhaul
+ [backport] 8241435: Shenandoah: avoid disabling pacing with
'aggressive'
+ [backport] 8241520: Shenandoah: simplify region sequence
numbers handling
+ [backport] 8241534: Shenandoah: region status should include
update watermark
+ [backport] 8241574: Shenandoah: remove
ShenandoahAssertToSpaceClosure
+ [backport] 8241583: Shenandoah: turn heap lock asserts into
macros
+ [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not
derive from ContiguousSpace
+ [backport] 8241673: Shenandoah: refactor anti-false-sharing
padding
+ [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
shenandoahSupport.cpp:2858 with
java/util/Collections/FindSubList.java
+ [backport] 8241692: Shenandoah: remove
ShenandoahHeapRegion::_reserved
+ [backport] 8241700: Shenandoah: Fold
ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier
+ [backport] 8241740: Shenandoah: remove
ShenandoahHeapRegion::_heap
+ [backport] 8241743: Shenandoah: refactor and inline
ShenandoahHeap::heap()
+ [backport] 8241748: Shenandoah: inline MarkingContext TAMS
methods
+ [backport] 8241838: Shenandoah: no need to trash cset during
final mark
+ [backport] 8241841: Shenandoah: ditch one of allocation type
counters in ShenandoahHeapRegion
+ [backport] 8241842: Shenandoah: inline
ShenandoahHeapRegion::region_number
+ [backport] 8241844: Shenandoah: rename
ShenandoahHeapRegion::region_number
+ [backport] 8241845: Shenandoah: align ShenandoahHeapRegions
to cache lines
+ [backport] 8241926: Shenandoah: only print heap changes for
operations that directly affect it
+ [backport] 8241983: Shenandoah: simplify FreeSet logging
+ [backport] 8241985: Shenandoah: simplify collectable garbage
logging
+ [backport] 8242040: Shenandoah: print allocation failure type
+ [backport] 8242041: Shenandoah: adaptive heuristics should
account evac reserve in free target
+ [backport] 8242042: Shenandoah: tune down
ShenandoahGarbageThreshold
+ [backport] 8242054: Shenandoah: New incremental-update mode
+ [backport] 8242075: Shenandoah: rename
ShenandoahHeapRegionSize flag
+ [backport] 8242082: Shenandoah: Purge Traversal mode
+ [backport] 8242083: Shenandoah: split 'Prepare Evacuation'
tracking into cset/freeset counters
+ [backport] 8242089: Shenandoah: per-worker stats should be
summed up, not averaged
+ [backport] 8242101: Shenandoah: coalesce and parallelise heap
region walks during the pauses
+ [backport] 8242114: Shenandoah: remove
ShenandoahHeapRegion::reset_alloc_metadata_to_shared
+ [backport] 8242130: Shenandoah: Simplify arraycopy-barrier
dispatching
+ [backport] 8242211: Shenandoah: remove
ShenandoahHeuristics::RegionData::_seqnum_last_alloc
+ [backport] 8242212: Shenandoah: initialize
ShenandoahHeuristics::_region_data eagerly
+ [backport] 8242213: Shenandoah: remove
ShenandoahHeuristics::_bytes_in_cset
+ [backport] 8242217: Shenandoah: Enable GC mode to be
diagnostic/experimental and have a name
+ [backport] 8242227: Shenandoah: transit regions to cset state
when adding to collection set
+ [backport] 8242228: Shenandoah: remove unused
ShenandoahCollectionSet methods
+ [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion
liveness-related methods
+ [backport] 8242267: Shenandoah: regions space needs to be
aligned by os::vm_allocation_granularity()
+ [backport] 8242271: Shenandoah: add test to verify GC mode
unlock
+ [backport] 8242273: Shenandoah: accept either SATB or IU
barriers, but not both
+ [backport] 8242301: Shenandoah: Inline LRB runtime call
+ [backport] 8242316: Shenandoah: Turn NULL-check into assert
in SATB slow-path entry
+ [backport] 8242353: Shenandoah: micro-optimize region
liveness handling
+ [backport] 8242365: Shenandoah: use uint16_t instead of
jushort for liveness cache
+ [backport] 8242375: Shenandoah: Remove
ShenandoahHeuristic::record_gc_start/end methods
+ [backport] 8242641: Shenandoah: clear live data and update
TAMS optimistically
+ [backport] 8243238: Shenandoah: explicit GC request should
wait for a complete GC cycle
+ [backport] 8243301: Shenandoah: ditch
ShenandoahAllowMixedAllocs
+ [backport] 8243307: Shenandoah: remove
ShCollectionSet::live_data
+ [backport] 8243395: Shenandoah: demote guarantee in
ShenandoahPhaseTimings::record_workers_end
+ [backport] 8243463: Shenandoah: ditch total_pause counters
+ [backport] 8243464: Shenandoah: print statistic counters in
time order
+ [backport] 8243465: Shenandoah: ditch unused pause_other,
conc_other counters
+ [backport] 8243487: Shenandoah: make _num_phases illegal
phase type
+ [backport] 8243494: Shenandoah: set counters once per cycle
+ [backport] 8243573: Shenandoah: rename GCParPhases and
related code
+ [backport] 8243848: Shenandoah: Windows build fails after
JDK-8239786
+ [backport] 8244180: Shenandoah: carry Phase to
ShWorkerTimingsTracker explicitly
+ [backport] 8244200: Shenandoah: build breakages after
JDK-8241743
+ [backport] 8244226: Shenandoah: per-cycle statistics contain
worker data from previous cycles
+ [backport] 8244326: Shenandoah: global statistics should not
accept bogus samples
+ [backport] 8244509: Shenandoah: refactor
ShenandoahBarrierC2Support::test_* methods
+ [backport] 8244551: Shenandoah: Fix racy update of
update_watermark
+ [backport] 8244667: Shenandoah: SBC2Support::test_gc_state
takes loop for wrong control
+ [backport] 8244730: Shenandoah: gc/shenandoah/options/
/TestHeuristicsUnlock.java should only verify the heuristics
+ [backport] 8244732: Shenandoah: move heuristics code to
gc/shenandoah/heuristics
+ [backport] 8244737: Shenandoah: move mode code to
gc/shenandoah/mode
+ [backport] 8244739: Shenandoah: break superclass dependency
on ShenandoahNormalMode
+ [backport] 8244740: Shenandoah: rename ShenandoahNormalMode
to ShenandoahSATBMode
+ [backport] 8245461: Shenandoah: refine mode name()-s
+ [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings
constructor arguments
+ [backport] 8245464: Shenandoah: allocate collection set
bitmap at lower addresses
+ [backport] 8245465: Shenandoah: test_in_cset can use more
efficient encoding
+ [backport] 8245726: Shenandoah: lift/cleanup
ShenandoahHeuristics names and properties
+ [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch
+ [backport] 8245757: Shenandoah: AlwaysPreTouch should not
disable heap resizing or uncommits
+ [backport] 8245773: Shenandoah: Windows assertion failure
after JDK-8245464
+ [backport] 8245812: Shenandoah: compute root phase parallelism
+ [backport] 8245814: Shenandoah: reconsider format specifiers
for stats
+ [backport] 8245825: Shenandoah: Remove diagnostic flag
ShenandoahConcurrentScanCodeRoots
+ [backport] 8246162: Shenandoah: full GC does not mark code
roots when class unloading is off
+ [backport] 8247310: Shenandoah: pacer should not affect
interrupt status
+ [backport] 8247358: Shenandoah: reconsider free budget slice
for marking
+ [backport] 8247367: Shenandoah: pacer should wait on lock
instead of exponential backoff
+ [backport] 8247474: Shenandoah: Windows build warning after
JDK-8247310
+ [backport] 8247560: Shenandoah: heap iteration holds root
locks all the time
+ [backport] 8247593: Shenandoah: should not block pacing
reporters
+ [backport] 8247751: Shenandoah: options tests should run with
smaller heaps
+ [backport] 8247754: Shenandoah: mxbeans tests can be shorter
+ [backport] 8247757: Shenandoah: split heavy tests by
heuristics to improve parallelism
+ [backport] 8247860: Shenandoah: add update watermark line in
rich assert failure message
+ [backport] 8248041: Shenandoah: pre-Full GC root updates may
miss some roots
+ [backport] 8248652: Shenandoah: SATB buffer handling may
assume no forwarded objects
+ [backport] 8249560: Shenandoah: Fix racy GC request handling
+ [backport] 8249649: Shenandoah: provide per-cycle pacing stats
+ [backport] 8249801: Shenandoah: Clear soft-refs on requested
GC cycle
+ [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests
should account for corner cases
+ Fix slowdebug build after JDK-8230853 backport
+ JDK-8252096: Shenandoah: adjust SerialPageShiftCount for
x86_32 and JFR
+ JDK-8252366: Shenandoah: revert/cleanup changes in
graphKit.cpp
+ Shenandoah: add JFR roots to root processor after JFR
integration
+ Shenandoah: add root statistics for string dedup table/queues
+ Shenandoah: enable low-frequency STW class unloading
+ Shenandoah: fix build failures after JDK-8244737 backport
+ Shenandoah: Fix build failure with +JFR -PCH
+ Shenandoah: fix forceful pacer claim
+ Shenandoah: fix formats in
ShenandoahStringSymbolTableUnlinkTask
+ Shenandoah: fix runtime linking failure due to non-compiled
shenandoahBarrierSetC1
+ Shenandoah: hook statistics printing to PrintGCDetails, not
PrintGC
+ Shenandoah: JNI weak roots are always cleared before Full GC
mark
+ Shenandoah: missing SystemDictionary roots in
ShenandoahHeapIterationRootScanner
+ Shenandoah: move barrier sets to their proper locations
+ Shenandoah: move parallelCleaning.* to shenandoah/
+ Shenandoah: pacer should use proper Atomics for intptr_t
+ Shenandoah: properly deallocates class loader metadata
+ Shenandoah: specialize String Table scans for better pause
performance
+ Shenandoah: Zero build fails after recent Atomic cleanup in
Pacer
* AArch64 port
+ JDK-8161072, PR3797: AArch64: jtreg
compiler/uncommontrap/TestDeoptOOM failure
+ JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java
generates guarantee failure in C1
+ JDK-8183925, PR3797: [AArch64] Decouple crash protection from
watcher thread
+ JDK-8199712, PR3797: [AArch64] Flight Recorder
+ JDK-8203481, PR3797: Incorrect constraint for unextended_sp
in frame:safe_for_sender
+ JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall
fails with SIGILL on aarch64
+ JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command
+ JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java
fails on AArch64
+ JDK-8216989, PR3797:
CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier()
does not check for zero length on AARCH64
+ JDK-8217368, PR3797: AArch64: C2 recursive stack locking
optimisation not triggered
+ JDK-8221658, PR3797: aarch64: add necessary predicate for
ubfx patterns
+ JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a
BufferBlob
+ JDK-8246482, PR3797: Build failures with +JFR -PCH
+ JDK-8247979, PR3797: aarch64: missing side effect of killing
flags for clearArray_reg_reg
+ JDK-8248219, PR3797: aarch64: missing memory barrier in
fast_storefield and fast_accessfield
- Ignore whitespaces after the header or footer in PEM X.509 cert
(bsc#1171352)
ImportantSUSE bug 1171352SUSE bug 1174157SUSE bug 1177943CVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDCVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gcc10 (Moderate)SUSE OpenStack Cloud 9
This update for gcc10 fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
ModerateSUSE bug 1172798SUSE bug 1172846SUSE bug 1173972SUSE bug 1174753SUSE bug 1174817SUSE bug 1175168CVE-2020-13844 at SUSECVE-2020-13844 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode updated to 20201027 prerelease
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
# New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
# Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173594CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943)
* Security fixes
+ JDK-8233624: Enhance JNI linkage
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8240124: Better VM Interning
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 7 u281 build 1
+ JDK-8145096: Undefined behaviour in HotSpot
+ JDK-8215265: C2: range check elimination may allow illegal
out of bound access
* Backports
+ JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool)
ImportantSUSE bug 1177943CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openldap2 (Important)SUSE OpenStack Cloud 9
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
ImportantSUSE bug 1178387CVE-2020-25692 at SUSECVE-2020-25692 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.1 ESR
* Fixed: Security fix
MFSA 2020-49 (bsc#1178588)
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted
for
ImportantSUSE bug 1178588CVE-2020-26950 at SUSECVE-2020-26950 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)SUSE OpenStack Cloud 9
This update changes the internal packaging for postgresql, and so contains
all currently maintained postgresql versions across our SUSE Linux Enterprise 12
products.
* postgresql12 is shipped new in version 12.3 (bsc#1171924).
The server and client packages only on SUSE Linux Enterprise Server 12 SP5,
the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/12/release-12-3.html
* postgresql10 is updated to 10.13 (bsc#1171924).
On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/10/release-10-13.html
* postgresql96 is updated to 9.6.18 (bsc#1171924):
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/9.6/release-9-6-18.html
On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only.
* postgresql 9.4 is updated to 9.4.26:
+ https://www.postgresql.org/about/news/2011/
+ https://www.postgresql.org/docs/9.4/release-9-4-26.html
+ https://www.postgresql.org/about/news/1994/
+ https://www.postgresql.org/docs/9.4/release-9-4-25.html
ModerateSUSE bug 1171924cpe:/o:suse:suse-openstack-cloud:9Security update for raptor (Important)SUSE OpenStack Cloud 9
This update for raptor fixes the following issues:
- Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926).
- Update raptor to version 2.0.15
* Made several fixes to Turtle / N-Triples family of parsers and serializers
* Added utility functions for re-entrant sorting of objects and sequences.
* Made other fixes and improvements including fixing reported issues:
0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584.
ImportantSUSE bug 1178593CVE-2017-18926 at SUSECVE-2017-18926 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for kernel-firmware (Important)SUSE OpenStack Cloud 9
This update for kernel-firmware fixes the following issue:
- CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671).
ImportantSUSE bug 1178671CVE-2020-12321 at SUSECVE-2020-12321 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for krb5 (Moderate)SUSE OpenStack Cloud 9
This update for krb5 fixes the following security issue:
- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
ModerateSUSE bug 1178512CVE-2020-28196 at SUSECVE-2020-28196 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).
Non-security issue fixed:
- Adjusted help for --max_iters, default is 5 (bsc#1177950).
ImportantSUSE bug 1177950SUSE bug 1178591CVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql10 (Important)SUSE OpenStack Cloud 9
This update for postgresql10 fixes the following issues:
Upgrade to version 10.15:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/10/release-10-15.html
Update to 10.14:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/10/release-10-14.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb and mariadb-connector-c fixes the following issues:
- Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the
following security vulnerabilities:
CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180
- Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]
ModerateSUSE bug 1172399SUSE bug 1175596SUSE bug 1177472SUSE bug 1178428CVE-2020-14765 at SUSECVE-2020-14765 at NVDCVE-2020-14776 at SUSECVE-2020-14776 at NVDCVE-2020-14789 at SUSECVE-2020-14789 at NVDCVE-2020-14812 at SUSECVE-2020-14812 at NVDCVE-2020-15180 at SUSECVE-2020-15180 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)
- Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
- CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)
- Release notes:
- Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).
- Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).
- Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173592SUSE bug 1173594SUSE bug 1178971CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bluez (Important)SUSE OpenStack Cloud 9
This update for bluez fixes the following issues:
- CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751).
ImportantSUSE bug 1166751CVE-2020-0556 at SUSECVE-2020-0556 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes.
The following security bugs were fixed:
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
- CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
- CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).
- CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).
- CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011).
- CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206).
- CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
- CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
- CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
- CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
- CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
- CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
- CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).
The following non-security bugs were fixed:
- btrfs: remove root usage from can_overcommit (bsc#1131277).
- hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816).
- hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306).
- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.
- livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability.
- NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
- NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).
- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).
- scsi: qla2xxx: Do not consume srb greedily (bsc#1173233).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).
ImportantSUSE bug 1051510SUSE bug 1058115SUSE bug 1065600SUSE bug 1131277SUSE bug 1160947SUSE bug 1163524SUSE bug 1166965SUSE bug 1168468SUSE bug 1170139SUSE bug 1170232SUSE bug 1170415SUSE bug 1171417SUSE bug 1171675SUSE bug 1172073SUSE bug 1172366SUSE bug 1173115SUSE bug 1173233SUSE bug 1175228SUSE bug 1175306SUSE bug 1175721SUSE bug 1175882SUSE bug 1176011SUSE bug 1176235SUSE bug 1176278SUSE bug 1176381SUSE bug 1176423SUSE bug 1176482SUSE bug 1176485SUSE bug 1176698SUSE bug 1176721SUSE bug 1176722SUSE bug 1176723SUSE bug 1176725SUSE bug 1176732SUSE bug 1176869SUSE bug 1176907SUSE bug 1176922SUSE bug 1176935SUSE bug 1176950SUSE bug 1176990SUSE bug 1177027SUSE bug 1177086SUSE bug 1177121SUSE bug 1177206SUSE bug 1177340SUSE bug 1177410SUSE bug 1177411SUSE bug 1177470SUSE bug 1177511SUSE bug 1177724SUSE bug 1177725SUSE bug 1177766SUSE bug 1177816SUSE bug 1178123SUSE bug 1178330SUSE bug 1178393SUSE bug 1178669SUSE bug 1178765SUSE bug 1178782SUSE bug 1178838CVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0430 at SUSECVE-2020-0430 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14381 at SUSECVE-2020-14381 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
ImportantSUSE bug 1178824CVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2020-16012 at SUSECVE-2020-16012 at NVDCVE-2020-26951 at SUSECVE-2020-26951 at NVDCVE-2020-26953 at SUSECVE-2020-26953 at NVDCVE-2020-26956 at SUSECVE-2020-26956 at NVDCVE-2020-26958 at SUSECVE-2020-26958 at NVDCVE-2020-26959 at SUSECVE-2020-26959 at NVDCVE-2020-26960 at SUSECVE-2020-26960 at NVDCVE-2020-26961 at SUSECVE-2020-26961 at NVDCVE-2020-26965 at SUSECVE-2020-26965 at NVDCVE-2020-26966 at SUSECVE-2020-26966 at NVDCVE-2020-26968 at SUSECVE-2020-26968 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for LibVNCServer (Important)SUSE OpenStack Cloud 9
This update for LibVNCServer fixes the following issues:
- CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
ImportantSUSE bug 1178682CVE-2020-25708 at SUSECVE-2020-25708 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596).
- CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908).
ImportantSUSE bug 1174908SUSE bug 1177596CVE-2020-14360 at SUSECVE-2020-14360 at NVDCVE-2020-25712 at SUSECVE-2020-25712 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-setuptools (Important)SUSE OpenStack Cloud 9
This update for python-setuptools fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gdm (Important)SUSE OpenStack Cloud 9
This update for gdm fixes the following issues:
- CVE-2020-16125: Fixed a privilege escalation (bsc#1178150).
ImportantSUSE bug 1178150CVE-2020-16125 at SUSECVE-2020-16125 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-cryptography (Moderate)SUSE OpenStack Cloud 9
This update for python-cryptography fixes the following issues:
- CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).
ModerateSUSE bug 1178168CVE-2020-25659 at SUSECVE-2020-25659 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql12 (Important)SUSE OpenStack Cloud 9
This update for postgresql12 fixes the following issues:
Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
The previous postgresql12 update already addressed:
Update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mutt (Important)SUSE OpenStack Cloud 9
This update for mutt fixes the following issues:
- Find and display the content of messages properly. (bsc#1179461)
- CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113)
ImportantSUSE bug 1179035SUSE bug 1179113SUSE bug 1179461CVE-2020-28896 at SUSECVE-2020-28896 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414SUSE bug 1178591SUSE bug 1178963CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Important)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssh (Moderate)SUSE OpenStack Cloud 9
This update for openssh fixes the following issues:
- CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513).
- Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684).
- Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566).
ModerateSUSE bug 1148566SUSE bug 1161684SUSE bug 1173513CVE-2020-14145 at SUSECVE-2020-14145 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark (Important)SUSE OpenStack Cloud 9
This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark fixes the following issues:
Security changes included on this update:
grafana:
- CVE-2020-24303: Fixed an XXS with series overides. (bsc#1178243)
influxdb:
- CVE-2019-20933: Fixed an authentication bypass. (bsc#1178988)
python-Jinja2:
- CVE-2019-10906,CVE-2019-8341,CVE-2016-10745: 'SandboxedEnvironment' securely handles 'str.format_map' in order
to prevent code execution through untrusted format strings. (bsc#1132323, bsc#1125815, bsc#1132174)
python-pysaml2:
- CVE-2020-5390: Fixed an issue where there was no check that the signature in a SAML document is enveloped. (bsc#1160851)
python-urllib3:
- CVE-2020-26137: Fixed a CRLF injection via HTTP request method. (bsc#1177120)
Non-security changes included in this update:
Changes in ardana-cassandra:
- Update to version 9.0+git.1600802664.7e480a2:
* Remove freezer related backup/restore code (SOC-7751)
Changes in ardana-mq:
- Update to version 9.0+git.1605174486.a78ddce:
* Re-enable mirroring of fanout and reply queues (bsc#1177611)
Changes in ardana-osconfig:
- Update to version 9.0+git.1601621747.a87e5a0:
* HOS8 check needs to be a shell rather than command (SOC-11184)
Changes in ardana-tempest:
- Update to version 9.0+git.1603378983.fc0bca9:
* Enable VPNaaS testing (SOC-8764)
- Update to version 9.0+git.1599855218.875b2f3:
* unblacklist some revert tests (SOC-9178)
Changes in crowbar-core:
- Update to version 6.0+git.1606314264.bf9ada813:
* ntp: Do not use rate-limiting (bsc#1179161)
- Update to version 6.0+git.1600414599.150832ca2:
* Ignore CVE-2020-15169 (SOC-11391)
Changes in crowbar-openstack:
- Update to version 6.0+git.1604573541.bb18c172d:
* rabbitmq: Fix crm running check (SOC-11240)
- Update to version 6.0+git.1604491402.b4dbba849:
* Remove aspiers from CODEOWNERS
* Remove cmurphy from CODEOWNERS
Changes in grafana:
- Fix bsc#1178243 CVE-2020-24303 by adding
25401-Fix-XSS-vulnerability-with-series-overrides.patch
Changes in influxdb:
- Add CVE-2019-20933.patch (bsc#1178988, CVE-2019-20933) to
fix authentication bypass
- Declare license files correctly
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev20:
* PowerMax Driver - Legacy volumes fail to live migrate
- Update to version cinder-13.0.10.dev19:
* RBD: Cleanup temporary file during exception
- Update to version cinder-13.0.10.dev17:
* Remove experimental job legacy-tempest-dsvm-zeromq-multibackend
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev20:
* PowerMax Driver - Legacy volumes fail to live migrate
- Update to version cinder-13.0.10.dev19:
* RBD: Cleanup temporary file during exception
- Update to version cinder-13.0.10.dev17:
* Remove experimental job legacy-tempest-dsvm-zeromq-multibackend
Changes in openstack-heat:
- Update to version openstack-heat-11.0.4.dev4:
* Check external resources after creation
- Update to version openstack-heat-11.0.4.dev2:
* Don't store signal\_url for ec2 signaling of deployments
* Allow scale-down of ASG as part of update
11.0.3
Changes in openstack-heat:
- Update to version openstack-heat-11.0.4.dev4:
* Check external resources after creation
- Update to version openstack-heat-11.0.4.dev2:
* Don't store signal\_url for ec2 signaling of deployments
* Allow scale-down of ASG as part of update
11.0.3
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-12.0.1.dev2:
* Add support for victoria
- Update to version group-based-policy-automation-12.0.1.dev1:
* Add network\_id field for L2 Policy Heat Extensions
12.0.0
* Add support for ussuri
* Fix master/train gate
* Add support for train
10.0.0
* Upgrade for stable/stein branch
9.0.0
* Updated with 'stable/rocky' branch
* Replace openstack.org URLs with 'git+https://'
* OpenDev Migration Patch
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1605509190.64f020b:
* Fix software config on rdo
* optimize size and time using --no-cache-dir
* add template for servers using Octavia
- Update to version 0.0.0+git.1604032742.c5733ee:
* Move heat-templates-check job to zuul v3
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-12.0.1.dev3:
* Remove mox3 from requirements
- Update to version group-based-policy-ui-12.0.1.dev2:
* Fix python namespacing
* Add stable victoria
12.0.0
* Add support for ussuri
* Fix master/train gate
* Add support for train
10.0.0
* Upgrade for stable/stein branch
9.0.0
* Upgrading for stable/rocky branch
* Added Python3 support
* OpenDev Migration Patch
Changes in openstack-ironic-python-agent:
- Update to version ironic-python-agent-3.3.4.dev6:
* Fix: make Intel CNA hardware manager none generic
Changes in openstack-manila:
- Update to version manila-7.4.2.dev57:
* fix reno file location and indention
- Update to version manila-7.4.2.dev56:
* [Glusterfs] Fix delete share, Couldn't find the 'gluster\_used\_vols'
- Update to version manila-7.4.2.dev55:
* [Glusterfs] Fix delete share, mount point not disconnected
Changes in openstack-manila:
- Update to version manila-7.4.2.dev57:
* fix reno file location and indention
- Update to version manila-7.4.2.dev56:
* [Glusterfs] Fix delete share, Couldn't find the 'gluster\_used\_vols'
- Update to version manila-7.4.2.dev55:
* [Glusterfs] Fix delete share, mount point not disconnected
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev135:
* Rehome api tests for propagate\_uplink\_status
- Update to version neutron-13.0.8.dev134:
* Revert '[Security] fix allowed-address-pair 0.0.0.0/0 issue'
- Update to version neutron-13.0.8.dev132:
* Drop invalid rootwrap filters
* ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled
* Add update\_id for ResourceUpdate
- Update to version neutron-13.0.8.dev126:
* 'ping'/'ping6' command support in rootwrap filters
- Update to version neutron-13.0.8.dev124:
* Import 'oslo\_config.cfg' before 'eventlet'
* [OvS] Handle re\_added multi ports
- Update to version neutron-13.0.8.dev120:
* Local mac direct flow for non-openflow firewall
* Replace ctype.CDLL by ctypes.PyDLL in linux.ip\_lib
- Update to version neutron-13.0.8.dev116:
* Support gateway which is not in subnet CIDR in ha\_router
* Ensure fip ip rules deleted when fip removed
- Update to version neutron-13.0.8.dev112:
* windows: fix terminating processes
* [stable/rocky] Drop rally job
* Don't raise FileNotFoundError during disabling keepalived
* Load the glibc library only once for Pyroute2
- Update to version neutron-13.0.8.dev106:
* Do not fail deleting namespace if it does not exist
- Update to version neutron-13.0.8.dev104:
* Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs
- Update to version neutron-13.0.8.dev103:
* Use dict .get() to avoid a KeyError in the segment plugin
- Update to version neutron-13.0.8.dev101:
* Pass context in l3 flavor notifications
* Handle properly existing LLA address during l3 agent restart
- Update to version neutron-13.0.8.dev97:
* Add 'keepalived\_use\_no\_track' config option
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev135:
* Rehome api tests for propagate\_uplink\_status
- Update to version neutron-13.0.8.dev134:
* Revert '[Security] fix allowed-address-pair 0.0.0.0/0 issue'
- Update to version neutron-13.0.8.dev132:
* Drop invalid rootwrap filters
* ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled
* Add update\_id for ResourceUpdate
- Update to version neutron-13.0.8.dev126:
* 'ping'/'ping6' command support in rootwrap filters
- Update to version neutron-13.0.8.dev124:
* Import 'oslo\_config.cfg' before 'eventlet'
* [OvS] Handle re\_added multi ports
- Update to version neutron-13.0.8.dev120:
* Local mac direct flow for non-openflow firewall
* Replace ctype.CDLL by ctypes.PyDLL in linux.ip\_lib
- Update to version neutron-13.0.8.dev116:
* Support gateway which is not in subnet CIDR in ha\_router
* Ensure fip ip rules deleted when fip removed
- Update to version neutron-13.0.8.dev112:
* windows: fix terminating processes
* [stable/rocky] Drop rally job
* Don't raise FileNotFoundError during disabling keepalived
* Load the glibc library only once for Pyroute2
- Update to version neutron-13.0.8.dev106:
* Do not fail deleting namespace if it does not exist
- Update to version neutron-13.0.8.dev104:
* Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs
- Update to version neutron-13.0.8.dev103:
* Use dict .get() to avoid a KeyError in the segment plugin
- Update to version neutron-13.0.8.dev101:
* Pass context in l3 flavor notifications
* Handle properly existing LLA address during l3 agent restart
- Update to version neutron-13.0.8.dev97:
* Add 'keepalived\_use\_no\_track' config option
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev5:
* Fix ICMP type and ICMP code fields for named and numbered ICMP Protocol
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev4:
* Fix erroneous comma (,) in the LOG.exception call
2014.2rc1
- Update to version group-based-policy-12.0.1.dev3:
* Fix top of tree in gate
* Endpoint level qos changes
12.0.0
* Add support for ussuri
* Update subnets for SVI port corresponding to bound port
* Fix the intermittent QOS UT failure
* Fixed the QOS UT failure
* Use train branch instead of stein
* Add support for train
* Prepare for removal of CommonDbMixin
* Make AIM dsvm job voting
* Add support for upstream Stein release
* Fix python2/3 compatibility
* Fix DNS Domain Name in endpoint file
* When a subnet added to a bound SVI port, ensure it is added to SVI port
* Add support for qos
* Fix DNS issue in endpoint file
* [AIM] Add pre-existing BD to network extension
* Remove get\_current\_session
* Remove get\_current\_session method
* [AIM] Add EPG contract masters to network extension
* Revert 'Remove get\_current\_session method'
* Remove get\_current\_session method
* Support Dual Stack on SVI nets along with BGP
9.0.0
* Add support for upstream Rocky release
* Cleanup Queens (part 2)
* Fix missing DB migration
* Make aim functional gate job voting
* Added Python3 support
* [AIM] Sanitize the AIM tenant description field
* Fix field sizes for VM names
* Bind baremetal VNIC trunk ports
* Fix missing trunk\_details for a trunk without subports
* [AIM] Insert remote\_group\_id to SG rules properly
* Revert '[AIM] Convert remote\_ips for SG rules properly'
* Cleanup Queens
* [AIM] Convert remote\_ips for SG rules properly
* Clean up baremetal port handling
* [AIM] Clean up the mock and stop the looping thread in the UT env
* Don't stop this looping thread when an exception is thrown
* [AIM] Fix router\_id allocation for SVI
* Support non SVI static VLAN type segments with OpFlex agent
* Baremetal VNIC Trunk support
* [AIM] Don't queue notifications (4 of 4)
* [AIM] Don't queue registry callbacks (3 of 4)
* [AIM] Enable Neutron transaction guards (2 of 4)
* Don't call GBP or Neutron APIs from GBP PD precommit methods
* [AIM] Retry L3 Plugin Operations
* [AIM] Fix most common random UT failures
* [AIM] Fixed external subnet ANY\_CIDRs for l3out EPGs for SVI
* Revert 'Nested domain parameters support for openShift networks'
* Fix for unbinding baremetal VNIC ports
* Nested domain parameters support for openShift networks
* Fix tox coverage job
* Add suport for baremetal vnic\_type
2014.2.rc1
Changes in openstack-neutron-vpnaas:
- Remove remove-tempest-entry-point.patch thus enabling the
tempest_vpnaas plugin for tempest testing. (SCRD-8681)
- Package the neutron-vpnaas/tests/ directory contents in a new RPM
RPM package, python-neutron-vpnaas-tempest-plugin, that depend on
python-neutron-vpnaas, which provides the main neutron-vpnaas
code base. Additionally this new package can now safely depend on
the python-neutron-tempest-plugin package, providing the required
neutron_tempest_plugin module, without causing tempest packages
to be installed when python-neutron-vpnaas installed. (SOC-8764)
NOTE: This implicitly enables the neutron_tempest_plugin.
- Corrected LBaaS references to VPNaaS.
Changes in openstack-nova:
- Update to version nova-18.3.1.dev77:
* Follow up for cherry-pick check for merge patch
- Update to version nova-18.3.1.dev76:
* post live migration: don't call Neutron needlessly
- Update to version nova-18.3.1.dev74:
* libvirt: Do not reference VIR\_ERR\_DEVICE\_MISSING when libvirt is smaller than v4.1.0
- Update to version nova-18.3.1.dev72:
* libvirt: Handle VIR\_ERR\_DEVICE\_MISSING when detaching devices
- Update to version nova-18.3.1.dev70:
* compute: Don't delete the original attachment during pre LM rollback
* Add regression tests for bug #1889108
* compute: refactor volume bdm rollback error handling
- Update to version nova-18.3.1.dev64:
* compute: Use source\_bdms to reset attachment\_ids during LM rollback
* Robustify attachment tracking in CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev60:
* Improve CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev58:
* Removed the host FQDN from the exception message
- Update to version nova-18.3.1.dev56:
* libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live migration
Changes in openstack-nova:
- Update to version nova-18.3.1.dev77:
* Follow up for cherry-pick check for merge patch
- Update to version nova-18.3.1.dev76:
* post live migration: don't call Neutron needlessly
- Update to version nova-18.3.1.dev74:
* libvirt: Do not reference VIR\_ERR\_DEVICE\_MISSING when libvirt is smaller than v4.1.0
- Update to version nova-18.3.1.dev72:
* libvirt: Handle VIR\_ERR\_DEVICE\_MISSING when detaching devices
- Update to version nova-18.3.1.dev70:
* compute: Don't delete the original attachment during pre LM rollback
* Add regression tests for bug #1889108
* compute: refactor volume bdm rollback error handling
- Update to version nova-18.3.1.dev64:
* compute: Use source\_bdms to reset attachment\_ids during LM rollback
* Robustify attachment tracking in CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev60:
* Improve CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev58:
* Removed the host FQDN from the exception message
- Rebased patches:
+ 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch dropped (merged upstream)
- Update to version nova-18.3.1.dev56:
* libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live migration
Changes in python-Jinja2:
- Trim bias from descriptions. Make sure % is escaped.
- update to version 2.10.1 (bsc#1132323, CVE-2019-10906, bsc#1125815, CVE-2019-8341):
* 'SandboxedEnvironment' securely handles 'str.format_map' in order
to prevent code execution through untrusted format strings. The
sandbox already handled 'str.format'.
- Activate test suite
- Add minimum build dependency to match runtime dependency
- Fix fdupes call
- Remove superfluous devel dependency for noarch package
- Update to 2.9.5 (bsc#1132174, CVE-2016-10745)
Changes in python-pysaml2:
- Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch
(CVE-2020-5390, bsc#1160851)
Changes in python-pytest:
- update to 3.7.4
- drop 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix possible infinite recursion when writing .pyc files
* Cache plugin now obeys the -q flag when --last-failed and
--failed-first flags are used.
* Fix bad console output when using console_output_style=classic
* Fixtures during teardown can again use capsys and capfd to inspect
output captured during tests.
* Fix bugs where unicode arguments could not be passed to testdir.runpytest
on Python 2.
* Fix double collection of tests within packages when the filename starts
with a capital letter
* Fix collection error when specifying test functions directly in the command
line using test.py::test syntax together with --doctest-modules
* Fix stdout/stderr not getting captured when real-time cli logging is active.
* Fix bug where --show-capture=no option would still show logs printed during
fixture teardown.
* Fix issue where teardown of fixtures of consecutive sub-packages were
executed once, at the end of the outer package.
- update to 3.7.2
- add 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix filterwarnings not being registered as a builtin mark.
* Fix test collection from packages mixed with normal directories.
* Fix infinite recursion during collection if a pytest_ignore_collect
hook returns False instead of None.
* Fix bug where decorated fixtures would lose functionality
* Fix bug where importing modules or other objects with prefix pytest_ prefix
would raise a PluginValidationError.
* Fix AttributeError during teardown of TestCase subclasses which raise
an exception during __init__.
* Fix traceback reporting for exceptions with __cause__ cycles.
Changes in python-pytest:
- update to 3.7.4
- drop 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix possible infinite recursion when writing .pyc files
* Cache plugin now obeys the -q flag when --last-failed and
--failed-first flags are used.
* Fix bad console output when using console_output_style=classic
* Fixtures during teardown can again use capsys and capfd to inspect
output captured during tests.
* Fix bugs where unicode arguments could not be passed to testdir.runpytest
on Python 2.
* Fix double collection of tests within packages when the filename starts
with a capital letter
* Fix collection error when specifying test functions directly in the command
line using test.py::test syntax together with --doctest-modules
* Fix stdout/stderr not getting captured when real-time cli logging is active.
* Fix bug where --show-capture=no option would still show logs printed during
fixture teardown.
* Fix issue where teardown of fixtures of consecutive sub-packages were
executed once, at the end of the outer package.
- update to 3.7.2
- add 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix filterwarnings not being registered as a builtin mark.
* Fix test collection from packages mixed with normal directories.
* Fix infinite recursion during collection if a pytest_ignore_collect
hook returns False instead of None.
* Fix bug where decorated fixtures would lose functionality
* Fix bug where importing modules or other objects with prefix pytest_ prefix
would raise a PluginValidationError.
* Fix AttributeError during teardown of TestCase subclasses which raise
an exception during __init__.
* Fix traceback reporting for exceptions with __cause__ cycles.
Changes in python-urllib3:
- Update urllib3-fix-test-urls.patch. Adjust to match upstream solution.
- Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for
CVE-2019-9740.
- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
method. (bsc#1177120, CVE-2020-26137)
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20200917:
* Change wording to correctly refer to future SES versions
* Update adoc/limitations.adoc
* Add SES version limitation, remove deprecated note about Octavia for Crowbar
- Update to version 9.20200917:
* Announce Upgrade is now available (SOC-9781)
Changes in spark:
- Add _constraints to prevent build from running out of disk space
ImportantSUSE bug 1125815SUSE bug 1132174SUSE bug 1132323SUSE bug 1160851SUSE bug 1177120SUSE bug 1177611SUSE bug 1178243SUSE bug 1178988CVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-20933 at SUSECVE-2019-20933 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-24303 at SUSECVE-2020-24303 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2020-5390 at SUSECVE-2020-5390 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Critical)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2020-55 (bsc#1180039)
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
CriticalSUSE bug 1180039CVE-2020-16042 at SUSECVE-2020-16042 at NVDCVE-2020-26971 at SUSECVE-2020-26971 at NVDCVE-2020-26973 at SUSECVE-2020-26973 at NVDCVE-2020-26974 at SUSECVE-2020-26974 at NVDCVE-2020-26978 at SUSECVE-2020-26978 at NVDCVE-2020-35111 at SUSECVE-2020-35111 at NVDCVE-2020-35112 at SUSECVE-2020-35112 at NVDCVE-2020-35113 at SUSECVE-2020-35113 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Moderate)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115).
- CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322).
- CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325).
- CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324).
- CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348).
- CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358).
- CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359).
- CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477).
- Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782).
- Multiple other bugs (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1176782SUSE bug 1179477SUSE bug 1179496SUSE bug 1179498SUSE bug 1179501SUSE bug 1179502SUSE bug 1179506SUSE bug 1179514SUSE bug 1179516CVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for clamav (Important)SUSE OpenStack Cloud 9
This update for clamav fixes the following issues:
clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.
* clamd can now reload the signature database without blocking
scanning. This multi-threaded database reload improvement was made
possible thanks to a community effort.
- Non-blocking database reloads are now the default behavior. Some
systems that are more constrained on RAM may need to disable
non-blocking reloads as it will temporarily consume two times as
much memory. We added a new clamd config option
ConcurrentDatabaseReload, which may be set to no.
* Fix clamav-milter.service (requires clamd.service to run)
* bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
* Partial sync with SLE15.
Update to version 0.102.4
Accumulated security fixes:
* CVE-2020-3350: Fix a vulnerability wherein a malicious user could
replace a scan target's directory with a symlink to another path
to trick clamscan, clamdscan, or clamonacc into removing or moving
a different file (eg. a critical system file). The issue would
affect users that use the --move or --remove options for clamscan,
clamdscan, and clamonacc. (bsc#1174255)
* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
module in ClamAV 0.102.3 that could cause a Denial-of-Service
(DoS) condition. Improper bounds checking results in an
out-of-bounds read which could cause a crash. The previous fix for
this CVE in 0.102.3 was incomplete. This fix correctly resolves
the issue.
* CVE-2020-3481: Fix a vulnerability in the EGG archive module in
ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)
condition. Improper error handling may result in a crash due to a
NULL pointer dereference. This vulnerability is mitigated for
those using the official ClamAV signature databases because the
file type signatures in daily.cvd will not enable the EGG archive
parser in versions affected by the vulnerability. (bsc#1174250)
* CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
condition. Improper size checking of a buffer used to initialize AES
decryption routines results in an out-of-bounds read which may cause
a crash. (bsc#1171981)
* CVE-2020-3123: A denial-of-service (DoS) condition may occur when
using the optional credit card data-loss-prevention (DLP) feature.
Improper bounds checking of an unsigned variable resulted in an
out-of-bounds read, which causes a crash.
* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may
occur when scanning a specially crafted email file as a result
of excessively long scan times. The issue is resolved by
implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. (bsc#1157763).
* CVE-2019-12900: An out of bounds write in the NSIS bzip2
(bsc#1149458)
* CVE-2019-12625: Introduce a configurable time limit to mitigate
zip bomb vulnerability completely. Default is 2 minutes,
configurable useing the clamscan --max-scantime and for clamd
using the MaxScanTime config option (bsc#1144504)
Update to version 0.101.3:
* ZIP bomb causes extreme CPU spikes (bsc#1144504)
Update to version 0.101.2 (bsc#1118459):
* Support for RAR v5 archive extraction.
* Incompatible changes to the arguments of cl_scandesc,
cl_scandesc_callback, and cl_scanmap_callback.
* Scanning options have been converted from a single flag
bit-field into a structure of multiple categorized flag
bit-fields.
* The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by
2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and
CL_SCAN_HEURISTIC_ENCRYPTED_DOC
* Incompatible clamd.conf and command line interface changes.
* Heuristic Alerts' (aka 'Algorithmic Detection') options have
been changed to make the names more consistent. The original
options are deprecated in 0.101, and will be removed in a
future feature release.
* For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html ImportantSUSE bug 1118459SUSE bug 1119353SUSE bug 1144504SUSE bug 1149458SUSE bug 1157763SUSE bug 1171981SUSE bug 1174250SUSE bug 1174255CVE-2019-12900 at SUSECVE-2019-12900 at NVDCVE-2019-15961 at SUSECVE-2019-15961 at NVDCVE-2020-3123 at SUSECVE-2020-3123 at NVDCVE-2020-3327 at SUSECVE-2020-3327 at NVDCVE-2020-3341 at SUSECVE-2020-3341 at NVDCVE-2020-3350 at SUSECVE-2020-3350 at NVDCVE-2020-3481 at SUSECVE-2020-3481 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cyrus-sasl (Important)SUSE OpenStack Cloud 9
This update for cyrus-sasl fixes the following issues:
- CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635).
ImportantSUSE bug 1159635CVE-2019-19906 at SUSECVE-2019-19906 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dnsmasq (Moderate)SUSE OpenStack Cloud 9
This update for dnsmasq fixes the following issues:
Security issue fixed:
- CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers
to cause denial of service via DHCP response creation (bsc#1154849)
Other issue addressed:
- Removed cache size limit (bsc#1138743).
ModerateSUSE bug 1138743SUSE bug 1154849CVE-2019-14834 at SUSECVE-2019-14834 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
MariaDB was updated to version 10.2.31 GA (bsc#1162388).
Security issues fixed:
- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
- CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895).
- Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878).
- Fixed a permissions issue in /var/lib/mysql (bsc#1077717).
ModerateSUSE bug 1077717SUSE bug 1160878SUSE bug 1160883SUSE bug 1160895SUSE bug 1160912SUSE bug 1162388CVE-2019-18901 at SUSECVE-2019-18901 at NVDCVE-2020-2574 at SUSECVE-2020-2574 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon (Important)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon fixes the following issues:
Security issues fixed:
- CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
- CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to block a large amount of threads (bsc#1158675).
Non-security issues fixed:
Changes in ardana-ansible:
- Update to version 9.0+git.1581611758.f694f7d:
* Don't run deprecated-vhost-removal on localhost (SOC-11098)
- Update to version 9.0+git.1580906085.40eb430:
* simplify glance image upload (SOC-11089)
- Update to version 9.0+git.1580220034.3236aa5:
* Ensure rabbitmq-server started after packages updated (SOC-11070)
- Update to version 9.0+git.1576060554.bdd84e6:
* Fix grep for image details on service-guest-image (SOC-11012)
Changes in ardana-cinder:
- Update to version 9.0+git.1579256229.c8b4b38:
* Add option to flatten snapshots when using SES (SOC-11054)
- Update to version 9.0+git.1574694613.04a8b74:
* Ensure nfs-client installed for NetApp support (SOC-9005)
- Update to version 9.0+git.1574359983.c198cc9:
* Add option for nfs_share configuration (SOC-9005)
Changes in ardana-cobbler:
- Update to version 9.0+git.1574950066.a3c4be4:
* Set root device on SLES autoyast templates (SOC-7365)
- Update to version 9.0+git.1573845154.3545efd:
* Change install_recommended to true (SOC-9005)
Changes in ardana-db:
- Update to version 9.0+git.1578936438.b9a9b95:
* Switch to using override file in my.cnf.d (SOC-11043)
- Update to version 9.0+git.1578595169.57c5911:
* account for pre-update nodes (SOC-11037)
Changes in ardana-horizon:
- Update to version 9.0+git.1575562864.8ed5e10:
* Generate policy for Octavia dashboard (SOC-10883)
- Update to version 9.0+git.1575562860.2ce2851:
* Fix policy configuration generation (SOC-10883)
Changes in ardana-input-model:
- Update to version 9.0+git.1580403439.d425462:
* Enable port security extension neutron (SOC-11027)
- Update to version 9.0+git.1574953363.60cf58f:
* octavia: use lbaasv2-proxy service plugin (SOC-10987)
Changes in ardana-monasca:
- Update to version 9.0+git.1579273481.4b8c46f:
* Leverage schema conversion script for upgrade (SOC-10277)
- Update to version 9.0+git.1575919721.5c42222:
* align Monasca DB schema with upstream prior to upgrade (SOC-10277)
Changes in ardana-mq:
- Update to version 9.0+git.1581024903.8e74867:
* Ensure HA queue sync wait fails (SOC-11083)
- Update to version 9.0+git.1580934283.230ff8b:
* Fix HA policy setting comments (SOC-10317, SOC-11082)
- Update to version 9.0+git.1580746285.da922ce:
* Set HA policy accordingly (SOC-10317, SOC-11082)
- Update to version 9.0+git.1575405552.d84f662:
* Change the HA policy mirror (SOC-10317)
Changes in ardana-nova:
- Update to version 9.0+git.1580304673.6c668eb:
* Set notification_format to unversioned in nova.conf (bsc#1161721)
- Update to version 9.0+git.1575481165.9d3826f:
* Remove duplicate entries for alias configuration for GPU (SOC-10837)
- Update to version 9.0+git.1573764498.ed4098d:
* Pass through gpu device info. (SOC-10837)
Changes in ardana-octavia:
- Update to version 9.0+git.1576074489.62de7e2:
* Add load-balancer roles (SOC-8743)
- Update to version 9.0+git.1575366951.e0216b4:
* Add policy.json to match the neutron lbaasv2 policy (SOC-10987)
- Update to version 9.0+git.1574358661.c976583:
* Change event_streamer_driver to noop (bsc#1154235)
Changes in ardana-osconfig:
- Update to version 9.0+git.1580235830.0dca223:
* Start OVS services before wicked service at boot (SOC-11067)
- Update to version 9.0+git.1579790275.8afb314:
* Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)
Changes in ardana-tempest:
- Update to version 9.0+git.1578932816.e299c08:
* Revert to using cirros image for heat tests (SOC-7028)
- Update to version 9.0+git.1578413400.0614192:
* Create network resources needed by some heat tests (SOC-7028)
- Update to version 9.0+git.1576611974.d17e4df:
* Enable octavia tempest plugin test cases (SOC-8743)
- Update to version 9.0+git.1574955714.5bae846:
* Update lbaas tempest filter for octavia (SOC-10987)
Changes in ardana-tls:
- Update to version 9.0+git.1575296665.3fdfe45:
* Make sure VNC CA file contain our internal CAs (SOC-10968)
- Update to version 9.0+git.1574280348.a306396:
* default the certificate validity to 5 years for the VNC cert (SOC-10973)
Changes in crowbar-core:
- Update to version 6.0+git.1582892022.cbd70e833:
* upgrade: Run DHCP evacuation (SOC-11046)
- Update to version 6.0+git.1582200015.08264d8f9:
* Fix deployment queue display (SOC-10741)
- Update to version 6.0+git.1580144807.7d068caf0:
* network: start OVS before wickedd (SOC-11067)
- Update to version 6.0+git.1578997967.4591670f0:
* dns: add checks to designate migration (SOC-11047)
- Update to version 6.0+git.1578935422.01edb0a9b:
* Do not log an error for a case that is correct (trivial)
- Update to version 6.0+git.1578563578.68beda299:
* Upgrade neutron agent together with nova-compute package (SOC-11031)
- Update to version 6.0+git.1578402096.90d9332d9:
* apache2: Restart after enabling SSL flag (SOC-11029)
* crowbar: add crowbar-pacemaker dependency (SOC-10986)
- Update to version 6.0+git.1576756414.ca49a781d:
* bind9: Add legacy public.foo DNS entries (SOC-11006)
- Update to version 6.0+git.1576662075.88de27567:
* upgrade: Make a check for SLES product version (SOC-3089)
- Update to version 6.0+git.1576493114.5e9534f13:
* upgrade: Stop if nova-compute upgrade fails (SOC-10378)
* upgrade: Fix typo in log message (typo)
- Update to version 6.0+git.1576149781.1ac02ef0d:
* upgrade: add missing exit to Monasca DB dump (trivial)
- Update to version 6.0+git.1576072790.23b58b4a2:
* upgrade: Fix systemd unit listing (trivial)
* Make sure the crowbar migrations are OK (SOC-6849)
- Update to version 6.0+git.1575980638.3cad5a333:
* Ignore CVE-2019-16770 (SOC-10999)
* upgrade: Make cluster health check at the start of services step (SOC-6849)
* upgrade: Remove DRBD specific code from the continuation parts (SOC-10985)
- Update to version 6.0+git.1575628097.5a7475686:
* upgrade: Do not stop and reload nova services in normal mode (SOC-10995)
- Update to version 6.0+git.1574763248.ad958e68c:
* Disable installation repository (bsc#1152007)
* Disable automatic repo services (bsc#1152007)
- Update to version 6.0+git.1574431193.3f5c69937:
* [upgrade] Wait for keystone to be ready after start (bsc#1157206)
- Update to version 6.0+git.1574363439.bc4d86c9b:
* upgrade: Make sure cinder-volume is really stopped (bsc#1156305)
- Update to version 6.0+git.1574270808.e4344109b:
* upgrade: Ignore Cloud repository during repocheck (bsc#1152007)
- Update to version 6.0+git.1574102328.13f0b12bf:
* Ignore CVE-2019-13117 in CI builds (bsc#1157028)
Changes in crowbar-ha:
- Update to version 6.0+git.1574286261.6fd1a34:
* Drop g-haproxy removal code (bsc#1156914)
Changes in crowbar-openstack:
- Update to version 6.0+git.1580922461.67fb3c087:
* Designate: make sure dns-server is active on a non-admin node (SOC-10636)
* Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082)
- Update to version 6.0+git.1580480133.d27bf75d0:
* ec2-api: run keystone_register on cluster founder only (SOC-11079)
- Update to version 6.0+git.1580308069.558c6dd8a:
* rabbitmq: sync startup definitions.json with recipe (SOC-11077)
- Update to version 6.0+git.1579097055.cf15ef22e:
* tempest: enable multiattach for NetApp + LVM (SCPM-97)
* tempest: tempest run filters as templates (SOC-11052)
- Update to version 6.0+git.1578491103.ca03b990c:
* Install openstack client for neutron recipes (SOC-11039)
- Update to version 6.0+git.1576859278.871ed9151:
* octavia: Add topology setting (SOC-10876)
- Update to version 6.0+git.1576769055.cae3ecf9a:
* octavia: Add anti-affinity settings (SOC-11026)
* designate: Fix the migrations of ssl values (SOC-11030)
* octavia: Also delete unused amphora images (SOC-11024)
* octavia: Delete old amphora images (SOC-11024)
* octavia: Install amphora image always (SOC-11024)
- Update to version 6.0+git.1576688912.0cfb42201:
* Do not read data from barclamp that has not been saved (SOC-11028)
* octavia: Add ssh key to health manager (SOC-11025)
- Update to version 6.0+git.1576513513.8456a08f8:
* designate: Mark as user managed (SOC-10233)
- Update to version 6.0+git.1576331976.c068cbe15:
* octavia: Update configuration parameters (SOC-10904)
- Update to version 6.0+git.1576245850.2d50399b5:
* tempest: Update default image on schema (SOC-11023)
- Update to version 6.0+git.1576145909.ec2c5f746:
* octavia: enable octavia tempest plugin test cases (SOC-8743)
- Update to version 6.0+git.1576091112.c802654e0:
* keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
* horizon: add Octavia horizon dashboard (SOC-10833)
- Update to version 6.0+git.1575917420.9a9d1b024:
* Add Crowbar UI options for mgmt net (SOC-10904)
* octavia: configure barbican auth (SOC-10989)
* octavia: fix deprecated config options (SOC-10990)
- Update to version 6.0+git.1574850023.d4c2337fc:
* tempest: create lbaas-octavia filter (SOC-10965)
* octavia: switch to noop event streamer (SOC-10868)
* tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin (SOC-10907)
- Update to version 6.0+git.1574685608.1c9818d53:
* horizon: fix keystone node lookup (SOC-10978)
- Update to version 6.0+git.1574428771.9bd63ba0d:
* designate: declare all mdns servers as master on pool config (SOC-10952)
- Update to version 6.0+git.1574334452.15e0db044:
* designate: add support for SSL (SOC-10877)
* horizon: install lbaas horizon dashboard (SOC-10883)
- Update to version 6.0+git.1574270038.651a48486:
* octavia: add SSL section to the UI (SOC-10906)
- Update to version 6.0+git.1574094012.3c62b569f:
* octavia: Add memcached_servers for token caching (SOC-10905)
Changes in crowbar-ui:
- Update to version 1.3.0+git.1575896697.a01a3a08:
* upgrade: Added missing error title
* travis: Stop testing against nodejs4
Changes in keepalived:
- update to 2.0.19
- new BR pkgconfig(libnftnl) to fix nftables support
- add nftables to the BR
- added patch
* linux-4.15.patch
- add buildrequires for file-devel
- used in the checker to verify scripts
- enable json stats and config dump support
new BR: pkgconfig(json-c)
- enable http regexp support: new BR pcre2-devel
- disable dbus instance creation support as it is marked as
dangerous
- Add BFD build option to keepalived.spec rpm file
Issue #1114 identified that the keepalived.spec file was not being
generated to build BFD support even if keepalived had been
configured to support it.
- full changelog
https://keepalived.org/changelog.html
Changes in openstack-barbican:
- Update to version barbican-7.0.1.dev24:
* Fix the barbicanclient installation not from source
- Update to version barbican-7.0.1.dev23:
* Don't use branch matching
* Make broken fedora\_latest job n-v
Changes in openstack-barbican:
- Update to version barbican-7.0.1.dev24:
* Fix the barbicanclient installation not from source
- Update to version barbican-7.0.1.dev23:
* Don't use branch matching
* Make broken fedora\_latest job n-v
Changes in openstack-ceilometer:
- Update to version ceilometer-11.0.2.dev21:
* Tell reno to ignore the kilo branch
* Run Grenade job under Python 2 for compatibility
- Update to version ceilometer-11.0.2.dev19:
* [stable-only] Cap msgpack
- Update to version ceilometer-11.0.2.dev18:
* Add note for loadbalancer resource type support
- Update to version ceilometer-11.0.2.dev17:
* Fix samples with dots in sample name
- Update to version ceilometer-11.0.2.dev15:
* Add loadbalancer resource type
Changes in openstack-ceilometer:
- Update to version ceilometer-11.0.2.dev21:
* Tell reno to ignore the kilo branch
* Run Grenade job under Python 2 for compatibility
- Update to version ceilometer-11.0.2.dev19:
* [stable-only] Cap msgpack
- Update to version ceilometer-11.0.2.dev18:
* Add note for loadbalancer resource type support
- Update to version ceilometer-11.0.2.dev17:
* Fix samples with dots in sample name
- Update to version ceilometer-11.0.2.dev15:
* Add loadbalancer resource type
Changes in openstack-cinder:
- Update to version cinder-13.0.9.dev11:
* Cinder backup export broken
- Update to version cinder-13.0.9.dev10:
* Support Incremental Backup Completion In RBD
- Update to version cinder-13.0.9.dev8:
* Fix: Create new cache entry when xtremio reaches snap limit
* Tell reno to ignore the kilo branch
- Update to version cinder-13.0.9.dev5:
* Make volume soft delete more thorough
- Update to version cinder-13.0.9.dev4:
* Cap sphinx for py2 to match global reqs
13.0.8
- Update to version cinder-13.0.8.dev12:
* Add 'volume\_attachment' to volume expected attributes
* Fix service\_uuid migration for volumes with no host
- Update to version cinder-13.0.8.dev9:
* Increase cpu limit for image conversion
Changes in openstack-cinder:
- Update to version cinder-13.0.9.dev11:
* Cinder backup export broken
- Update to version cinder-13.0.9.dev10:
* Support Incremental Backup Completion In RBD
- Update to version cinder-13.0.9.dev8:
* Fix: Create new cache entry when xtremio reaches snap limit
* Tell reno to ignore the kilo branch
- Update to version cinder-13.0.9.dev5:
* Make volume soft delete more thorough
- Update to version cinder-13.0.9.dev4:
* Cap sphinx for py2 to match global reqs
13.0.8
- Update to version cinder-13.0.8.dev12:
* Add 'volume\_attachment' to volume expected attributes
* Fix service\_uuid migration for volumes with no host
- Update to version cinder-13.0.8.dev9:
* Increase cpu limit for image conversion
Changes in openstack-dashboard:
- Update to version horizon-14.1.1.dev1:
14.1.0
* Ensure python versions
- Update to version horizon-14.0.5.dev9:
* Fix typo in publicize\_image policy name
- Update to version horizon-14.0.5.dev8:
* Fix 'prev' link pagination for instances with identical timestamps
- Update to version horizon-14.0.5.dev7:
* Fix deleting port from port details page
* Fix tenant floating\_ip\_allocation call in neutron rest api
- Update to version horizon-14.0.5.dev3:
* Add 'prev' link to instance page list pagination
- horizon: Obsolete python-django_openstack_auth (SOC-10228)
port of https://review.opendev.org/#/c/685224
- Update to version horizon-14.0.5.dev2:
* Call Glance list with certain image ids
Changes in openstack-dashboard-theme-SUSE:
- Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)
Changes in openstack-designate:
- Update to version designate-7.0.1.dev23:
* Use Tempest 'all' tox env
Changes in openstack-designate:
- Update to version designate-7.0.1.dev23:
* Use Tempest 'all' tox env
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev31:
* Update Fedora image ref for test jobs
- Update to version openstack-heat-11.0.3.dev29:
* Docs: use extrefs to link to other projects' docs
- Update to version openstack-heat-11.0.3.dev28:
* Use stable constraint for Tempest pinned stable branches
- Update to version openstack-heat-11.0.3.dev27:
* Correct BRANCH\_OVERRIDE for stable/rocky
* Correct availability\_zone to be non-mandatory in heat
- Update to version openstack-heat-11.0.3.dev24:
* Fix the wrong time unit for OS::Octavia::HealthMonitor
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev31:
* Update Fedora image ref for test jobs
- Update to version openstack-heat-11.0.3.dev29:
* Docs: use extrefs to link to other projects' docs
- Update to version openstack-heat-11.0.3.dev28:
* Use stable constraint for Tempest pinned stable branches
- Update to version openstack-heat-11.0.3.dev27:
* Correct BRANCH\_OVERRIDE for stable/rocky
* Correct availability\_zone to be non-mandatory in heat
- Update to version openstack-heat-11.0.3.dev24:
* Fix the wrong time unit for OS::Octavia::HealthMonitor
Changes in openstack-horizon-plugin-designate-ui:
- Update to version designate-dashboard-7.0.1.dev8:
* Fix list zones updated at same time
Changes in openstack-horizon-plugin-ironic-ui:
- Update to version ironic-ui-3.3.1.dev14:
* Fix horizon dependency
* OpenDev Migration Patch
Changes in openstack-horizon-plugin-neutron-lbaas-ui:
- Update to version neutron-lbaas-dashboard-5.0.1.dev8:
* Fix auth url for Barbican client
- Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883)
The .pyc file needs to be removed when the package is uninstalled,
otherwise the panel will remain enabled in the dashboard and cause
errors.
Changes in openstack-ironic:
- Update to version ironic-11.1.4.dev22:
* Change MTU logic to allow for lower MTUs automatically
* Do not ignore 'fields' query parameter when building next url
* Ensure pagination marker is always set
- Update to version ironic-11.1.4.dev17:
* grub configuration should use user kernel and ramdisk
- Update to version ironic-11.1.4.dev16:
* Change log level based on node status
Changes in openstack-ironic:
- Remove rootwrap.d/ironic-lib.filters. This file is included in
python-ironic-lib >= 2.14.2.
- Update to version ironic-11.1.4.dev22:
* Change MTU logic to allow for lower MTUs automatically
* Do not ignore 'fields' query parameter when building next url
* Ensure pagination marker is always set
- Update to version ironic-11.1.4.dev17:
* grub configuration should use user kernel and ramdisk
- Update to version ironic-11.1.4.dev16:
* Change log level based on node status
Changes in openstack-ironic-python-agent:
- Update to version ironic-python-agent-3.3.3.dev6:
* Fix tox.ini to correctly test lower-constraints
Changes in openstack-keystone:
- Update to version keystone-14.1.1.dev36:
* Tell reno to ignore the kilo branch
- Update to version keystone-14.1.1.dev35:
* Always have username in CADF initiator
- Update to version keystone-14.1.1.dev33:
* Fix role\_assignments role.id filter
* Ensure bootstrap handles multiple roles with the same name
- Update to version keystone-14.1.1.dev29:
* Add the missing packages when install keystone
Changes in openstack-keystone:
- Update to version keystone-14.1.1.dev36:
* Tell reno to ignore the kilo branch
- Update to version keystone-14.1.1.dev35:
* Always have username in CADF initiator
- Update to version keystone-14.1.1.dev33:
* Fix role\_assignments role.id filter
* Ensure bootstrap handles multiple roles with the same name
- Update to version keystone-14.1.1.dev29:
* Add the missing packages when install keystone
Changes in openstack-magnum:
- Update to version magnum-7.2.1.dev1:
* Remove buildimage jobs
7.2.0
- Update to version magnum-7.1.1.dev38:
* k8s\_fedora: Move rp\_filter=1 for calico up
* k8s\_fedora\_atomic: Add PodSecurityPolicy
* k8s: Clear cni configuration
* fix: Deploy enable\_service last (rocky only)
- Update to version magnum-7.1.1.dev34:
* k8s\_fedora: Label master nodes with kubectl
* k8s: stop introspecting instance name
* Fix proportional autoscaler image
* Using Fedora Atomic 29 as default image
Changes in openstack-magnum:
- Update to version magnum-7.2.1.dev1:
* Remove buildimage jobs
7.2.0
- Update to version magnum-7.1.1.dev38:
* k8s\_fedora: Move rp\_filter=1 for calico up
* k8s\_fedora\_atomic: Add PodSecurityPolicy
* k8s: Clear cni configuration
* fix: Deploy enable\_service last (rocky only)
- Update to version magnum-7.1.1.dev34:
* k8s\_fedora: Label master nodes with kubectl
* k8s: stop introspecting instance name
* Fix proportional autoscaler image
* Using Fedora Atomic 29 as default image
Changes in openstack-monasca-agent:
- update to version 2.8.1~dev13
- add X.509 certificate check plugin
- update to version 2.8.1~dev12
- Update hacking version to 1.1.x
- OpenDev Migration Patch
Changes in openstack-neutron:
- Update to version neutron-13.0.7.dev48:
* Do not initialize snat-ns twice
* Fix bug: AttributeError arises while sorting with standard attributes
- Update to version neutron-13.0.7.dev44:
* ovs agent: signal to plugin if tunnel refresh needed
* Mock check if ipv6 is enabled in L3 agent unit tests
* Fix resource schemas and releated \`get\_sorts\` test cases
* Remove sleep command when retrieving OVS dp
- Update to version neutron-13.0.7.dev36:
* Remove Floating IP DNS record upon associated port deletion
* Trigger router update only when gateway port IP changed
* Re-use existing ProcessLauncher from wsgi in RPC workers
- Update to version neutron-13.0.7.dev30:
* Check SG members instead of ports to skip flow update
* Ensure driver error preventing trunk port deletion is logged
* [L3] Switch order of processing added and removed router ports
- Update to version neutron-13.0.7.dev24:
* dhcp-agent: equalize port create\_low/update/delete priority
* Catch OVSFWTagNotFound in update\_port\_filter
* [OVS] Handle added/removed ports in the same polling iteration
* DVR: Ignore DHCP port during DVR host query
* Improve 'OVSFirewallDriver.process\_trusted\_ports'
* List SG rules which belongs to tenant's SG
* Fix py3 compatibility
- Update to version neutron-13.0.7.dev10:
* Define orm relationships after db classes
* Add retries to update trunk port
- Update to version neutron-13.0.7.dev6:
* Allow to kill keepalived state change monitor process
- Update to version neutron-13.0.7.dev4:
* Always set ovs bridge name in vif:binding-details
- Update to version neutron-13.0.7.dev2:
* don't clear skb mark when ovs is hw-offload enabled
- Update to version neutron-13.0.7.dev1:
* Use constraints for docs tox target and cap hacking
13.0.6
- Update to version neutron-13.0.6.dev21:
* Set DB retry for quota\_enforcement pecan\_wsgi hook
- Update to version neutron-13.0.6.dev20:
* [OVS FW] Clean port rules if port not found in ovsdb
* Add more condition to check sg member exist
- Update to version neutron-13.0.6.dev17:
* Fix race condition when getting cmdline
- Update to version neutron-13.0.6.dev15:
* Run revision bump operations en masse
- Update to version neutron-13.0.6.dev13:
* Add extra unit test for get\_cmdline\_from\_pid function
- Update to version neutron-13.0.6.dev11:
* Switch to use cast method in dhcp\_ready\_on\_ports method
- Update to version neutron-13.0.6.dev10:
* Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron:
- Update to version neutron-13.0.7.dev48:
* Do not initialize snat-ns twice
* Fix bug: AttributeError arises while sorting with standard attributes
- Update to version neutron-13.0.7.dev44:
* ovs agent: signal to plugin if tunnel refresh needed
* Mock check if ipv6 is enabled in L3 agent unit tests
* Fix resource schemas and releated \`get\_sorts\` test cases
* Remove sleep command when retrieving OVS dp
- Update to version neutron-13.0.7.dev36:
* Remove Floating IP DNS record upon associated port deletion
* Trigger router update only when gateway port IP changed
* Re-use existing ProcessLauncher from wsgi in RPC workers
- Update to version neutron-13.0.7.dev30:
* Check SG members instead of ports to skip flow update
* Ensure driver error preventing trunk port deletion is logged
* [L3] Switch order of processing added and removed router ports
- Update to version neutron-13.0.7.dev24:
* dhcp-agent: equalize port create\_low/update/delete priority
* Catch OVSFWTagNotFound in update\_port\_filter
* [OVS] Handle added/removed ports in the same polling iteration
* DVR: Ignore DHCP port during DVR host query
* Improve 'OVSFirewallDriver.process\_trusted\_ports'
* List SG rules which belongs to tenant's SG
* Fix py3 compatibility
- Update neutron-ha-tool to latest version:
* Add DHCP agent evacuation (SOC-11046)
- Update to version neutron-13.0.7.dev10:
* Define orm relationships after db classes
* Add retries to update trunk port
- Update to version neutron-13.0.7.dev6:
* Allow to kill keepalived state change monitor process
- Update to version neutron-13.0.7.dev4:
* Always set ovs bridge name in vif:binding-details
- Update to version neutron-13.0.7.dev2:
* don't clear skb mark when ovs is hw-offload enabled
- Update to version neutron-13.0.7.dev1:
* Use constraints for docs tox target and cap hacking
13.0.6
- Update to version neutron-13.0.6.dev21:
* Set DB retry for quota\_enforcement pecan\_wsgi hook
- Update to version neutron-13.0.6.dev20:
* [OVS FW] Clean port rules if port not found in ovsdb
* Add more condition to check sg member exist
- Update to version neutron-13.0.6.dev17:
* Fix racondition when getting cmdline
- Update to version neutron-13.0.6.dev15:
* Run revision bump operations en masse
- neutron: Remove stop action from ovs-cleanup (bsc#1157482)
backport of https://review.opendev.org/#/c/695867/
- Update to version neutron-13.0.6.dev13:
* Add extra unit test for get\_cmdline\_from\_pid function
- Update to version neutron-13.0.6.dev11:
* Switch to use cast method in dhcp\_ready\_on\_ports method
- Update to version neutron-13.0.6.dev10:
* Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron-fwaas:
- Update to version neutron-fwaas-13.0.3.dev4:
* Fix sorting of filter rules in legacy\_conntrack module
- Update to version neutron-fwaas-13.0.3.dev3:
* Fix list\_entries for netlink\_lib when running on py3
Changes in openstack-neutron-fwaas:
- Update to version neutron-fwaas-13.0.3.dev4:
* Fix sorting of filter rules in legacy\_conntrack module
- Update to version neutron-fwaas-13.0.3.dev3:
* Fix list\_entries for netlink\_lib when running on py3
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-5.0.1.dev491:
* Refactor static path code
- Update to version group-based-policy-5.0.1.dev490:
* Support named ip protocols for SecurityGroupRules
- Update to version group-based-policy-5.0.1.dev488:
* Enable SVI networks with hosts running opflex agent
- Update to version group-based-policy-5.0.1.dev486:
* Allow both FIP and SNAT on a single port
- Update to version group-based-policy-5.0.1.dev485:
* Fix active-active AAP RPC query
- Update to version group-based-policy-5.0.1.dev484:
* [AIM] Add extra provided/consumed contracts to network extension
* Active active AAP feature
- Update to version group-based-policy-5.0.1.dev481:
* Support cache option for legacy GBP driver
- Update to version group-based-policy-5.0.1.dev480:
* Fix host ID length in VM names table
- Update to version group-based-policy-5.0.1.dev479:
* Update\_proj\_descr in apic when project description is updated in os
- Update to version group-based-policy-5.0.1.dev477:
* Fix ambiguity in mapping to domain in port pair workflow
Changes in openstack-neutron-vpnaas:
- Update to version neutron-vpnaas-13.0.2.dev6:
* Add iptables command filter for functional test
- Update to version neutron-vpnaas-13.0.2.dev5:
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
Changes in openstack-neutron-vpnaas:
- Update to version neutron-vpnaas-13.0.2.dev6:
* Add iptables command filter for functional test
- Update to version neutron-vpnaas-13.0.2.dev5:
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
Changes in openstack-nova:
- Update to version nova-18.2.4.dev63:
* Mask the token used to allow access to consoles
- Update to version nova-18.2.4.dev61:
* Use stable constraint for Tempest pinned stable branches
- Update to version nova-18.2.4.dev60:
* tox: Stop build \*all\* docs in 'docs'
- Update to version nova-18.2.4.dev59:
* Block deleting compute services with in-progress migrations
* Cache security group driver
* Join migration\_context and flavor in Migration.instance
- Update to version nova-18.2.4.dev53:
* Improve metadata server performance with large security groups
- Update to version nova-18.2.4.dev51:
* Add functional recreate revert resize test for bug 1852610
* Add functional recreate test for bug 1852610
- Update to version nova-18.2.4.dev47:
* Zuul v3: use devstack-plugin-nfs-tempest-full
- Update to version nova-18.2.4.dev46:
* Add BFV wrinkle to TestNovaManagePlacemenalAllocations
* Add --instance option to heal\_allocations
* Add --dry-run option to heal\_allocations CLI
- Update to version nova-18.2.4.dev40:
* Add functional recreate test for bug 1829479 and bug 1817833
- Update to version nova-18.2.4.dev38:
* Do not update root\_device\_name during guest config
* compute: Use long\_rpc\_timeout in reserve\_block\_device\_name
- Update to version nova-18.2.4.dev35:
* compute: Take an instance.uuid lock when rebooting
- Update to version nova-18.2.4.dev33:
* Replace time.sleep(10) with service forced\_down in tests
- Update to version nova-18.2.4.dev31:
* Nova compute: add in log exception to help debug failures
- Update to version nova-18.2.4.dev29:
* Fix false ERROR message at compute restart
- Update to version nova-18.2.4.dev27:
* Fix listing deleted servers with a marker
- Update to version nova-18.2.4.dev25:
* Add functional regression test for bug 1849409
- Update to version nova-18.2.4.dev23:
* Don't delete compute node, when deleting service other than nova-compute
Changes in openstack-nova:
- Update to version nova-18.2.4.dev63:
* Mask the token used to allow access to consoles
- Update to version nova-18.2.4.dev61:
* Use stable constraint for Tempest pinned stable branches
- Update to version nova-18.2.4.dev60:
* tox: Stop build \*all\* docs in 'docs'
- Update to version nova-18.2.4.dev59:
* Block deleting compute services with in-progress migrations
* Cache security group driver
* Join migration\_context and flavor in Migration.instance
- Update to version nova-18.2.4.dev53:
* Improve metadata server performance with large security groups
- Update to version nova-18.2.4.dev51:
* Add functional recreate revert resize test for bug 1852610
* Add functional recreate test for bug 1852610
- Update to version nova-18.2.4.dev47:
* Zuul v3: use devstack-plugin-nfs-tempest-full
- Update to version nova-18.2.4.dev46:
* Add BFV wrinkle to TestNovaManagePlacementHealAllocations
* Add --instance option to heal\_allocations
* Add --dry-run option to heal\_allocations CLI
- Update to version nova-18.2.4.dev40:
* Add functional recreate test for bug 1829479 and bug 1817833
- Update to version nova-18.2.4.dev38:
* Do not update root\_device\_name during guest config
* compute: Use long\_rpc\_timeout in reserve\_block\_device\_name
- Update to version nova-18.2.4.dev35:
* compute: Take an instance.uuid lock when rebooting
- Update to version nova-18.2.4.dev33:
* Replace time.sleep(10) with service forced\_down in tests
- Update to version nova-18.2.4.dev31:
* Nova compute: add in log exception to help debug failures
- Update to version nova-18.2.4.dev29:
* Fix false ERROR message at compute restart
- Update to version nova-18.2.4.dev27:
* Fix listing deleted servers with a marker
- Update to version nova-18.2.4.dev25:
* Add functional regression test for bug 1849409
- Update to version nova-18.2.4.dev23:
* Don't delete compute node, when deleting service other than nova-compute
Changes in openstack-octavia:
- Update to version octavia-3.2.2.dev8:
* Fix uncaught DB exception when trying to get a spare amphora
- Update to version octavia-3.2.2.dev7:
* Fix house keeping graceful shutdown
- Update to version octavia-3.2.2.dev5:
* Fix pep8 failures on stable/rocky branch
- Update to version octavia-3.2.2.dev4:
* Use stable upper-constraints.txt in Amphora builds
- Update to version octavia-3.2.2.dev3:
* Add listener and pool protocol validation
- Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2
3.2.1
- Update to version octavia-3.2.1.dev10:
* Accept oslopolicy-policy-generator path arguments
- Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch
https://review.opendev.org/#/c/698433
- Update to version octavia-3.2.1.dev9:
* Fix controller worker graceful shutdown
- Update to version octavia-3.2.1.dev7:
* Fix a potential race condition with certs-ramfs
- Update to version octavia-3.2.1.dev5:
* Fix issues with unavailable secrets
Changes in openstack-octavia-amphora-image:
- Updated updateBuildRequires.pl script for SP4 build
- Update image to 0.1.2 to include latest changes
- Add keepalived service
Changes in openstack-sahara:
- Update to version sahara-9.0.2.dev15:
* Run sahara-scenario using Python 3
Changes in openstack-sahara:
- Update to version sahara-9.0.2.dev15:
* Run sahara-scenario using Python 3
Changes in openstack-swift:
- Update to version swift-2.19.2.dev48:
2.19.2 (rocky stable backports)
* Sharding improvements
* The container-replicator now only attempts to fetch shard ranges if
the remote indicates that it has shard ranges. Further, it does so
with a timeout to prevent the process from hanging in certain cases.
* The container-replicator now correctly enqueues container-reconciler
work for sharded containers.
* S3 API improvements
* Fixed an issue where v4 signatures would not be validated against
the body of the request, allowing a replay attack if request headers
were captured by a malicious third party. Note that unsigned payloads
still function normally.
* CompleteMultipartUpload requests with a Content-MD5 now work.
* Fixed v1 listings that end with a non-ASCII object name.
* Multipart object segments are now actually deleted when the
multipart object is deleted via the S3 API.
* Fixed an issue that caused Delete Multiple Objects requests with
large bodies to 400. This was previously fixed in 2.20.0.
* Fixed an issue where non-ASCII Keystone EC2 credentials would not get
mapped to the correct account. This was previously fixed in 2.20.0.
Changes in openstack-swift:
- Update to version swift-2.19.2.dev48:
2.19.2 (rocky stable backports)
* Sharding improvements
* The container-replicator now only attempts to fetch shard ranges if
the remote indicates that it has shard ranges. Further, it does so
with a timeout to prevent the process from hanging in certain cases.
* The container-replicator now correctly enqueues container-reconciler
work for sharded containers.
* S3 API improvements
* Fixed an issue where v4 signatures would not be validated against
the body of the request, allowing a replay attack if request headers
were captured by a malicious third party. Note that unsigned payloads
still function normally.
* CompleteMultipartUpload requests with a Content-MD5 now work.
* Fixed v1 listings that end with a non-ASCII object name.
* Multipart object segments are now actually deleted when the
multipart object is deleted via the S3 API.
* Fixed an issue that caused Delete Multiple Objects requests with
large bodies to 400. This was previously fixed in 2.20.0.
* Fixed an issue where non-ASCII Keystone EC2 credentials would not get
mapped to the correct account. This was previously fixed in 0.0.
Changes in python-amqp:
- Added pyOpenSSL build dependency
- Update to 2.4.2:
- Added support for the Cygwin platform
- Correct offset incrementation when parsing bitmaps.
- Consequent bitmaps are now parsed correctly.
- Removed patches that are already included in 2.4.2
- 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch
- Better call of py.test
- Add versions to dependencies
- Remove python-sasl from build dependencies
- Update to version 2.4.1
* To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
* Fix crash in basic_publish when broker does not support connection.blocked
capability.
* read_frame() is now Python 3 compatible for large payloads.
* Support float read_timeout/write_timeout.
* Always treat SSLError timeouts as socket timeouts.
* Treat EWOULDBLOCK as timeout.
- from 2.4.0
* Fix inconsistent frame_handler return value.
The function returned by frame_handler is meant to return True
once the complete message is received and the callback is called,
False otherwise.
This fixes the return value for messages with a body split across
multiple frames, and heartbeat frames.
* Don't default content_encoding to utf-8 for bytes.
This is not an acceptable default as the content may not be
valid utf-8, and even if it is, the producer likely does not
expect the message to be decoded by the consumer.
* Fix encoding of messages with multibyte characters.
Body length was previously calculated using string length,
which may be less than the length of the encoded body when
it contains multibyte sequences. This caused the body of
the frame to be truncated.
* Respect content_encoding when encoding messages.
Previously the content_encoding was ignored and messages
were always encoded as utf-8. This caused messages to be
incorrectly decoded if content_encoding is properly respected
when decoding.
* Fix AMQP protocol header for AMQP 0-9-1.
Previously it was set to a different value for unknown reasons.
* Add support for Python 3.7.
Change direct SSLSocket instantiation with wrap_socket.
* Add support for field type 'x' (byte array).
* If there is an exception raised on Connection.connect or
Connection.close, ensure that the underlying transport socket
is closed. Adjust exception message on connection errors as well.
* TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD platforms.
* Handle negative acknowledgments.
* Added integration tests.
* Fix basic_consume() with no consumer_tag provided.
* Improved empty AMQPError string representation.
* Drain events before publish.
This is needed to capture out of memory messages for clients that only
publish. Otherwise on_blocked is never called.
* Don't revive channel when connection is closing.
When connection is closing don't raise error when Channel.Close
method is received.
Changes in python-ironic-lib:
- update to version 2.14.2
- Replace openstack.org git:// URLs with https://
- OpenDev Migration Patch
- Include partiton name and flags from parted output
Changes in python-keystoneauth1:
- switch to tracking stable/rocky tarball
- disable renderspec
- update to version 3.10.1.dev10
* Make tests pass in 2020
* OpenDev Migration Patch
* Revert 'Change log hashing to SHA256'
* import zuul job settings from project-config
* Change log hashing to SHA256
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
* Update .gitreview ftable/rocky
Changes in python-keystoneclient:
- switch to tracking stable/rocky tarball
- disable renderspec
- update to version 3.17.0.dev5
* Make tests pass in 2020
* OpenDev Migration Patch
* import zuul job settings from project-config
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
* Update .gitreview for stable/rocky
Changes in python-keystonemiddleware:
- Use version_unconverted for documentation build
- Update to version keystonemiddleware-5.2.2.dev3:
* Make tests pass in 2022
* Make sure audit middleware use own context
Changes in python-ovs:
- add 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch (bsc#1158581)
Changes in supportutils-plugin-suse-openstack-cloud:
- Update to version 9.0.1574431436.987b47d:
* Add services from SOC/HOS8
* Fix handling of ardana 'config' dir and conf files in /opt/stack/service
* Fix more failures of censoring passwords
* Include configs and logs for neutron HA
Changes in rubygem-crowbar-client:
- Update to 3.9.1
- Fix repocheck table output (SOC-10718)
- Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)
Changes in rubygem-puma:
- Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770)
This patch fixes a DoS vulnerability a malicious client could use to
block a large amount of threads.
Changes in venv-openstack-horizon:
- replace neutron-lbaas dashboard with octavia dashboard (SOC-10883)
ImportantSUSE bug 1117080SUSE bug 1152007SUSE bug 1154235SUSE bug 1156305SUSE bug 1156914SUSE bug 1157028SUSE bug 1157206SUSE bug 1157482SUSE bug 1158581SUSE bug 1158675SUSE bug 1161351SUSE bug 1161721CVE-2018-17954 at SUSECVE-2018-17954 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-16770 at SUSECVE-2019-16770 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openstack-manila (Important)SUSE OpenStack Cloud 9
This update for openstack-manila fixes the following issues:
- CVE-2020-9543: Fixed an issue where other project users to view, update,
delete, or share resources that do not belong to them, due to a
context-free lookup of a UUID (bsc#1165643)
ImportantSUSE bug 1165643CVE-2020-9543 at SUSECVE-2020-9543 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libzypp (Moderate)SUSE OpenStack Cloud 9
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
ModerateSUSE bug 1158763CVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for fwupdate (Important)SUSE OpenStack Cloud 9
This update for fwupdate fixes the following issues:
- Add SBAT section to EFI images (bsc#1182057)
ImportantSUSE bug 1182057cpe:/o:suse:suse-openstack-cloud:9Security update for spamassassin (Important)SUSE OpenStack Cloud 9
This update for spamassassin fixes the following issues:
- spamassassin was updated to version 3.4.5
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
ImportantSUSE bug 1159133SUSE bug 1184221CVE-2019-12420 at SUSECVE-2019-12420 at NVDCVE-2020-1946 at SUSECVE-2020-1946 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glibc (Important)SUSE OpenStack Cloud 9
This update for glibc fixes the following issues:
- CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386)
- CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694)
- CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721)
- Check vector support in memmove ifunc-selector (bsc#1184034)
ImportantSUSE bug 1178386SUSE bug 1179694SUSE bug 1179721SUSE bug 1184034CVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128)
ImportantSUSE bug 1180128CVE-2021-3472 at SUSECVE-2021-3472 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for clamav (Important)SUSE OpenStack Cloud 9
This update for clamav fixes the following issues:
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533)
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)
- Fix errors when scanning files > 4G (bsc#1181256)
- Update clamav.keyring
- Update to 0.103.2
ImportantSUSE bug 1181256SUSE bug 1184532SUSE bug 1184533SUSE bug 1184534CVE-2021-1252 at SUSECVE-2021-1252 at NVDCVE-2021-1404 at SUSECVE-2021-1404 at NVDCVE-2021-1405 at SUSECVE-2021-1405 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for qemu (Important)SUSE OpenStack Cloud 9
This update for qemu fixes the following issues:
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
ImportantSUSE bug 1112499SUSE bug 1119115SUSE bug 1172383SUSE bug 1172384SUSE bug 1172385SUSE bug 1172386SUSE bug 1172478SUSE bug 1173612SUSE bug 1174386SUSE bug 1174641SUSE bug 1175441SUSE bug 1176673SUSE bug 1176682SUSE bug 1176684SUSE bug 1178174SUSE bug 1178934SUSE bug 1179466SUSE bug 1179467SUSE bug 1179468SUSE bug 1180523SUSE bug 1181108SUSE bug 1181639SUSE bug 1181933SUSE bug 1182137SUSE bug 1182425SUSE bug 1182577SUSE bug 1182968CVE-2020-11947 at SUSECVE-2020-11947 at NVDCVE-2020-12829 at SUSECVE-2020-12829 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13765 at SUSECVE-2020-13765 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15469 at SUSECVE-2020-15469 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-25084 at SUSECVE-2020-25084 at NVDCVE-2020-25624 at SUSECVE-2020-25624 at NVDCVE-2020-25625 at SUSECVE-2020-25625 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27617 at SUSECVE-2020-27617 at NVDCVE-2020-28916 at SUSECVE-2020-28916 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29443 at SUSECVE-2020-29443 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431)
- CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846)
ImportantSUSE bug 1178591SUSE bug 1182431SUSE bug 1182846CVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-27379 at SUSECVE-2021-27379 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sudo (Important)SUSE OpenStack Cloud 9
This update for sudo fixes the following issues:
- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)
ImportantSUSE bug 1183936CVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.10.0 ESR (bsc#1184960)
* CVE-2021-23994: Out of bound write due to lazy initialization
* CVE-2021-23995: Use-after-free in Responsive Design Mode
* CVE-2021-23998: Secure Lock icon could have been spoofed
* CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
* CVE-2021-23999: Blob URLs may have been granted additional privileges
* CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
* CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
* CVE-2021-29946: Port blocking could be bypassed
ImportantSUSE bug 1184960CVE-2021-23961 at SUSECVE-2021-23961 at NVDCVE-2021-23994 at SUSECVE-2021-23994 at NVDCVE-2021-23995 at SUSECVE-2021-23995 at NVDCVE-2021-23998 at SUSECVE-2021-23998 at NVDCVE-2021-23999 at SUSECVE-2021-23999 at NVDCVE-2021-24002 at SUSECVE-2021-24002 at NVDCVE-2021-29945 at SUSECVE-2021-29945 at NVDCVE-2021-29946 at SUSECVE-2021-29946 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libnettle (Important)SUSE OpenStack Cloud 9
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835).
ImportantSUSE bug 1183835SUSE bug 1184401CVE-2021-20305 at SUSECVE-2021-20305 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gdm (Important)SUSE OpenStack Cloud 9
This update for gdm fixes the following issues:
- Avoid the signal SIGTRAP when gdm exits (bsc#1184456).
ImportantSUSE bug 1184456cpe:/o:suse:suse-openstack-cloud:9Security update for permissions (Important)SUSE OpenStack Cloud 9
This update for permissions fixes the following issues:
- Update to version 20170707:
* make btmp root:utmp (bsc#1050467, bsc#1182899)
ImportantSUSE bug 1050467SUSE bug 1182899cpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_0-openjdk (Moderate)SUSE OpenStack Cloud 9
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters
* Import of OpenJDK 7 u291 build 1
+ JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
+ JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
+ JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
ModerateSUSE bug 1181239cpe:/o:suse:suse-openstack-cloud:9Security update for cups (Important)SUSE OpenStack Cloud 9
This update for cups fixes the following issues:
- CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)
ImportantSUSE bug 1184161CVE-2021-25317 at SUSECVE-2021-25317 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bind (Important)SUSE OpenStack Cloud 9
This update for bind fixes the following issues:
- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495).
ImportantSUSE bug 1181495SUSE bug 1185345CVE-2021-25214 at SUSECVE-2021-25214 at NVDCVE-2021-25215 at SUSECVE-2021-25215 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Important)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).
ImportantSUSE bug 1178469SUSE bug 1179156SUSE bug 1184677CVE-2021-20254 at SUSECVE-2021-20254 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for avahi (Important)SUSE OpenStack Cloud 9
This update for avahi fixes the following issues:
- CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521).
ImportantSUSE bug 1184521CVE-2021-3468 at SUSECVE-2021-3468 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).
- CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).
- CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).
- CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
- CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).
- CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).
- CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
- CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
- CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
- CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
- CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).
- CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).
- CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).
- CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
- CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
- CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198).
- CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).
- CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).
- CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).
- CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
- CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).
- CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).
- CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
- CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
- CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).
- CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
- CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).
- CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).
The following non-security bugs were fixed:
- Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194).
- dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
- ext4: check journal inode extents more carefully (bsc#1173485).
- ext4: do not allow overlapping system zones (bsc#1173485).
- ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
- handle also the opposite type of race condition
- hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032).
- hv_netvsc: remove ndo_poll_controller (bsc#1185248).
- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
- ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: enhance resetting status check during module exit (bsc#1065729).
- ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
ImportantSUSE bug 1040855SUSE bug 1044767SUSE bug 1047233SUSE bug 1065729SUSE bug 1094840SUSE bug 1152457SUSE bug 1171078SUSE bug 1173485SUSE bug 1175873SUSE bug 1176700SUSE bug 1176720SUSE bug 1176855SUSE bug 1177411SUSE bug 1177753SUSE bug 1178181SUSE bug 1179454SUSE bug 1181032SUSE bug 1181960SUSE bug 1182194SUSE bug 1182672SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1183022SUSE bug 1183063SUSE bug 1183069SUSE bug 1183509SUSE bug 1183593SUSE bug 1183646SUSE bug 1183686SUSE bug 1183696SUSE bug 1183738SUSE bug 1183775SUSE bug 1184120SUSE bug 1184167SUSE bug 1184168SUSE bug 1184170SUSE bug 1184192SUSE bug 1184193SUSE bug 1184194SUSE bug 1184196SUSE bug 1184198SUSE bug 1184208SUSE bug 1184211SUSE bug 1184388SUSE bug 1184391SUSE bug 1184393SUSE bug 1184397SUSE bug 1184509SUSE bug 1184511SUSE bug 1184512SUSE bug 1184514SUSE bug 1184583SUSE bug 1184650SUSE bug 1184942SUSE bug 1185113SUSE bug 1185244SUSE bug 1185248CVE-2020-0433 at SUSECVE-2020-0433 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2021-20219 at SUSECVE-2021-20219 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
Security issues fixed:
- CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009)
Other fixes:
- Make sure to close the 'import_failed.map' file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block
ImportantCVE-2020-27619 at SUSECVE-2020-27619 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for djvulibre (Important)SUSE OpenStack Cloud 9
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
- CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
- CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
ImportantSUSE bug 1185900SUSE bug 1185904SUSE bug 1185905CVE-2019-18804 at SUSECVE-2019-18804 at NVDCVE-2021-32491 at SUSECVE-2021-32491 at NVDCVE-2021-32492 at SUSECVE-2021-32492 at NVDCVE-2021-32493 at SUSECVE-2021-32493 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for graphviz (Critical)SUSE OpenStack Cloud 9
This update for graphviz fixes the following issues:
- CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833).
CriticalSUSE bug 1185833CVE-2020-18032 at SUSECVE-2020-18032 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104)
- Make sure xencommons is in a format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
- A recent systemd update caused a regression in xenstored.service
systemd now fails to track units that use systemd-notify (bsc#1183790)
- Added a delay between the call to systemd-notify and the final exit
of the wrapper script (bsc#1185021, bsc#1185196)
ImportantSUSE bug 1183790SUSE bug 1185021SUSE bug 1185104SUSE bug 1185196SUSE bug 1185682CVE-2021-28689 at SUSECVE-2021-28689 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libxml2 (Important)SUSE OpenStack Cloud 9
This update for libxml2 fixes the following issues:
Security issues fixed:
CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
ImportantSUSE bug 1185408SUSE bug 1185409SUSE bug 1185410SUSE bug 1185698CVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dnsmasq (Important)SUSE OpenStack Cloud 9
This update for dnsmasq fixes the following issues:
- bsc#1177077: Fixed DNSpooq vulnerabilities
- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:
Fixed multiple Cache Poisoning attacks.
- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:
Fixed multiple potential Heap-based overflows when DNSSEC is
enabled.
- Retry query to other servers on receipt of SERVFAIL rcode
(bsc#1176076)
ImportantSUSE bug 1176076SUSE bug 1177077CVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for flac (Moderate)SUSE OpenStack Cloud 9
This update for flac fixes the following issues:
- CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099).
ModerateSUSE bug 1180099CVE-2020-0499 at SUSECVE-2020-0499 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-httplib2 (Moderate)SUSE OpenStack Cloud 9
This update for python-httplib2 contains the following fixes:
Security fixes included in this update:
- CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053).
- CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998).
Non security fixes included in this update:
- Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)
- update to 0.19.0:
* auth: parse headers using pyparsing instead of regexp
* auth: WSSE token needs to be string not bytes
- update to 0.18.1: (bsc#1171998, CVE-2020-11078)
* explicit build-backend workaround for pip build isolation bug
* IMPORTANT security vulnerability CWE-93 CRLF injection
Force %xx quote of space, CR, LF characters in uri.
* Ship test suite in source dist
- update to 0.17.3:
* bugfixes
- Update to 0.17.1
* python3: no_proxy was not checked with https
* feature: Http().redirect_codes set, works after follow(_all)_redirects check
This allows one line workaround for old gcloud library that uses 308
response without redirect semantics.
* IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects
* proxy: username/password as str compatible with pysocks
* python2: regression in connect() error handling
* add support for password protected certificate files
* feature: Http.close() to clean persistent connections and sensitive data
- Update to 0.14.0:
* Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError
- version update to 0.13.1
0.13.1
* Python3: Use no_proxy
https://github.com/httplib2/httplib2/pull/140
0.13.0
* Allow setting TLS max/min versions
https://github.com/httplib2/httplib2/pull/138
0.12.3
* No changes to library. Distribute py3 wheels.
0.12.1
* Catch socket timeouts and clear dead connection
https://github.com/httplib2/httplib2/issues/18
https://github.com/httplib2/httplib2/pull/111
* Officially support Python 3.7 (package metadata)
https://github.com/httplib2/httplib2/issues/123
0.12.0
* Drop support for Python 3.3
* ca_certs from environment HTTPLIB2_CA_CERTS or certifi
https://github.com/httplib2/httplib2/pull/117
* PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required
https://github.com/httplib2/httplib2/pull/115
* Revert http:443->https workaround
https://github.com/httplib2/httplib2/issues/112
* eliminate connection pool read race
https://github.com/httplib2/httplib2/pull/110
* cache: stronger safename
https://github.com/httplib2/httplib2/pull/101
0.11.3
* No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis.
0.11.2
* proxy: py3 NameError basestring
https://github.com/httplib2/httplib2/pull/100
0.11.1
* Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info
https://github.com/httplib2/httplib2/pull/97
0.11.0
* Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5
https://github.com/httplib2/httplib2/pull/91
* python3 proxy support
https://github.com/httplib2/httplib2/pull/90
* If no_proxy environment value ends with comma then proxy is not used
https://github.com/httplib2/httplib2/issues/11
* fix UnicodeDecodeError using socks5 proxy
https://github.com/httplib2/httplib2/pull/64
* Respect NO_PROXY env var in proxy_info_from_url
https://github.com/httplib2/httplib2/pull/58
* NO_PROXY=bar was matching foobar (suffix without dot delimiter)
New behavior matches curl/wget:
- no_proxy=foo.bar will only skip proxy for exact hostname match
- no_proxy=.wild.card will skip proxy for any.subdomains.wild.card
https://github.com/httplib2/httplib2/issues/94
* Bugfix for Content-Encoding: deflate
https://stackoverflow.com/a/22311297
- deleted patches
- httplib2 started to use certifi and this is already bent to
use system certificate bundle.
ModerateSUSE bug 1171998SUSE bug 1182053CVE-2020-11078 at SUSECVE-2020-11078 at NVDCVE-2021-21240 at SUSECVE-2021-21240 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for curl (Moderate)SUSE OpenStack Cloud 9
This update for curl fixes the following issues:
- CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114)
- CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933)
- CVE-2020-8286: Inferior OCSP verification (bsc#1179593)
- CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399)
- CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398)
- CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109)
- Fix: SFTP uploads result in empty uploaded files (bsc#1177976)
ModerateSUSE bug 1175109SUSE bug 1177976SUSE bug 1179398SUSE bug 1179399SUSE bug 1179593SUSE bug 1183933SUSE bug 1186114CVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dovecot22 (Important)SUSE OpenStack Cloud 9
This update for dovecot22 fixes the following issues:
- CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405).
ImportantSUSE bug 1180405CVE-2020-24386 at SUSECVE-2020-24386 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for djvulibre (Important)SUSE OpenStack Cloud 9
This update for djvulibre fixes the following issues:
- CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253)
ImportantSUSE bug 1186253CVE-2021-3500 at SUSECVE-2021-3500 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dhcp (Important)SUSE OpenStack Cloud 9
This update for dhcp fixes the following issues:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382)
ImportantSUSE bug 1186382CVE-2021-25217 at SUSECVE-2021-25217 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libwebp (Critical)SUSE OpenStack Cloud 9
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
CriticalSUSE bug 1185652SUSE bug 1185654SUSE bug 1185673SUSE bug 1185674SUSE bug 1185685SUSE bug 1185686SUSE bug 1185690SUSE bug 1185691SUSE bug 1186247CVE-2018-25009 at SUSECVE-2018-25009 at NVDCVE-2018-25010 at SUSECVE-2018-25010 at NVDCVE-2018-25011 at SUSECVE-2018-25011 at NVDCVE-2018-25012 at SUSECVE-2018-25012 at NVDCVE-2018-25013 at SUSECVE-2018-25013 at NVDCVE-2020-36329 at SUSECVE-2020-36329 at NVDCVE-2020-36330 at SUSECVE-2020-36330 at NVDCVE-2020-36331 at SUSECVE-2020-36331 at NVDCVE-2020-36332 at SUSECVE-2020-36332 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for polkit (Important)SUSE OpenStack Cloud 9
This update for polkit fixes the following issues:
- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).
ImportantSUSE bug 1186497CVE-2021-3560 at SUSECVE-2021-3560 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gstreamer-plugins-bad (Important)SUSE OpenStack Cloud 9
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255).
ImportantSUSE bug 1181255CVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.11.0 ESR (bsc#1186696)
* CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29967: Memory safety bugs fixed in Firefox
ImportantSUSE bug 1185633SUSE bug 1186696CVE-2021-29951 at SUSECVE-2021-29951 at NVDCVE-2021-29964 at SUSECVE-2021-29964 at NVDCVE-2021-29967 at SUSECVE-2021-29967 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
- net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081).
- net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
- net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- net: Do not set transport offset to invalid value (bsc#1176081).
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
ImportantSUSE bug 1176081SUSE bug 1180846SUSE bug 1183947SUSE bug 1184611SUSE bug 1184675SUSE bug 1185642SUSE bug 1185677SUSE bug 1185680SUSE bug 1185724SUSE bug 1185859SUSE bug 1185860SUSE bug 1185862SUSE bug 1185863SUSE bug 1185898SUSE bug 1185899SUSE bug 1185901SUSE bug 1185938SUSE bug 1185950SUSE bug 1185987SUSE bug 1186060SUSE bug 1186061SUSE bug 1186062SUSE bug 1186111SUSE bug 1186285SUSE bug 1186390SUSE bug 1186484SUSE bug 1186498CVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2021-23133 at SUSECVE-2021-23133 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libX11 (Important)SUSE OpenStack Cloud 9
This update for libX11 fixes the following issues:
- Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643)
ImportantSUSE bug 1186643CVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781
CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class Libraries:
- Z/OS specific C function send_file is changing the file pointer position
* Security:
- Add the new oracle signer certificate
- Certificate parsing error
- JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider
- Remove check for websphere signed jars
- sessionid.hashcode generates too many collisions
- The Java 8 IBM certpath provider does not honor the user
specified system property for CLR connect timeout
ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2-mod_auth_openidc (Important)SUSE OpenStack Cloud 9
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291).
ImportantSUSE bug 1186291CVE-2021-20718 at SUSECVE-2021-20718 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for spice (Important)SUSE OpenStack Cloud 9
This update for spice fixes the following issues:
- CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686)
ImportantSUSE bug 1181686CVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Important)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
ImportantSUSE bug 1179833SUSE bug 1179836SUSE bug 1179837SUSE bug 1179839CVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Pillow (Important)SUSE OpenStack Cloud 9
This update for python-Pillow fixes the following issues:
- CVE-2020-35655: Fixed a buffer over-read when decoding crafted SGI RLE image files (bsc#1180832).
- CVE-2021-25293: Fixed an out-of-bounds read in SGIRleDecode.c (bsc#1183102).
- CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c (bsc#1183105).
- CVE-2021-25292: Fixed a backtracking regex in PDF parser could be used as a DOS attack (bsc#1183101).
- CVE-2021-27921,CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image (bsc#1183110,bsc#1183108,bsc#1183107)
- CVE-2020-35653: Fixed buffer over-read in PcxDecode when decoding a crafted PCX file (bsc#1180834).
- CVE-2021-25287: Fixed out-of-bounds read in J2kDecode in j2ku_graya_la (bsc#1185805).
- CVE-2021-25288: Fixed out-of-bounds read in J2kDecode in j2ku_gray_i (bsc#1185803).
- CVE-2021-28675: Fixed DoS in PsdImagePlugin (bsc#1185804).
- CVE-2021-28678: Fixed improper check in BlpImagePlugin (bsc#1185784).
- CVE-2021-28677: Fixed DoS in the open phase via a malicious EPS file (bsc#1185785).
- CVE-2021-28676: Fixed infinite loop in FliDecode.c (bsc#1185786).
ImportantSUSE bug 1180832SUSE bug 1180834SUSE bug 1183101SUSE bug 1183102SUSE bug 1183105SUSE bug 1183107SUSE bug 1183108SUSE bug 1183110SUSE bug 1185784SUSE bug 1185785SUSE bug 1185786SUSE bug 1185803SUSE bug 1185804SUSE bug 1185805CVE-2020-35653 at SUSECVE-2020-35653 at NVDCVE-2020-35655 at SUSECVE-2020-35655 at NVDCVE-2021-25287 at SUSECVE-2021-25287 at NVDCVE-2021-25288 at SUSECVE-2021-25288 at NVDCVE-2021-25290 at SUSECVE-2021-25290 at NVDCVE-2021-25292 at SUSECVE-2021-25292 at NVDCVE-2021-25293 at SUSECVE-2021-25293 at NVDCVE-2021-27921 at SUSECVE-2021-27921 at NVDCVE-2021-27922 at SUSECVE-2021-27922 at NVDCVE-2021-27923 at SUSECVE-2021-27923 at NVDCVE-2021-28675 at SUSECVE-2021-28675 at NVDCVE-2021-28676 at SUSECVE-2021-28676 at NVDCVE-2021-28677 at SUSECVE-2021-28677 at NVDCVE-2021-28678 at SUSECVE-2021-28678 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for caribou (Important)SUSE OpenStack Cloud 9
This update for caribou fixes the following issues:
Security issue fixed:
- CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617).
ImportantSUSE bug 1186617CVE-2021-3567 at SUSECVE-2021-3567 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for qemu (Important)SUSE OpenStack Cloud 9
This update for qemu fixes the following issues:
- Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382)
- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380)
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,
CVE-2021-3419, bsc#1182975)
ImportantSUSE bug 1149813SUSE bug 1163019SUSE bug 1172380SUSE bug 1172382SUSE bug 1175534SUSE bug 1178683SUSE bug 1178935SUSE bug 1179477SUSE bug 1179484SUSE bug 1182846SUSE bug 1182975CVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-13754 at SUSECVE-2020-13754 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for freeradius-server (Moderate)SUSE OpenStack Cloud 9
This update for freeradius-server fixes the following issues:
- Do not log passwords in logfiles (bsc#1184016)
ModerateSUSE bug 1184016cpe:/o:suse:suse-openstack-cloud:9Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)SUSE OpenStack Cloud 9
This update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone contains the following fixes:
Security fixes included in this update:
cassandra:
- CVE-2020-17516: Fixed an issue where encryption between nodes was not enforced
correctly for certain internode_encryption settings (bsc#1181689)
grafana:
- CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple cross
site scripting vulnerabilities in the dashboard. (bsc#1172450)
- CVE-2021-27358: Fixed a denial of service via remote API call. (bsc#1183803)
- CVE-2019-15043: Fixed a denial of service by an unauthenticated user
in the snapshot HTTP API (bsc#1148383)
- CVE-2020-13379: Fixed an information leak to unauthenticated users. (bsc#1172409)
- CVE-2020-12052: Fixed a cross site scripting vulnerability with the annotation
popup (bsc#1170657)
- CVE-2018-19039: Fixed an issue where a privileged user could
exfiltrate files (bsc#1115960)
- CVE-2020-11110: Fixed a stored cross site scripting vulnerability. (bsc#1174583)
- CVE-2020-24303: Fixed a cross site scripting vulnerability in a query alias for
ElasticSearch datasources (bsc#1178243)
kibana:
- CVE-2017-11499: Fixed a vulnerability in nodejs, related to the HashTable
implementation, which could cause a denial of service. (bsc#1044849)
- CVE-2017-11481: Fixed a cross site scripting vulnerability via via URL fields.
(bsc#1044849)
- CVE-2020-10743: Fixed a clickjacking issue because X-Frame-Option was not used
by default. (bsc#1171909)
python-Django:
- CVE-2021-23336: Fixed a web cache poisoning via django.utils.http.limited_parse_qsl().
(bsc#1182433)
- CVE-2021-28658: Fixed a directory traversal via uploaded files. (bsc#1184148)
- CVE-2021-31542: Fixed a directory traversal via uploaded files with suitably crafted
file names. (bsc#1185623)
- CVE-2021-33203: Fixed potential path-traversal via admindocs' TemplateDetailView.
(bsc#1186608)
- CVE-2021-33571: Tighten validator checks to not allow leading zeros in IPv4 addresses,
which potentially leads to further attacks. (bsc#1186611)
python-py:
- CVE-2020-29651: Fixed a denial of service via regular expressions. (bsc#1179805)
python-pysaml2:
- CVE-2021-21238: Fixed improper verification of cryptographic signatures for signed
SAML documents. (bsc#1181277)
- CVE-2021-21239: Fixed improper verification of cryptographic signatures when using
CryptoBackendXmlSec1(). (bsc#1181278)
rubygem-activerecord-session_store:
- CVE-2019-25025: Fixed a timing attacks targeting the session id which could allow
an attack to hijack sessions. (bsc#1183174)
Non-security changes included in this update:
Changes in ardana-neutron:
- Update to version 9.0+git.1615223676.777f0b3:
* Allow users to stop monitoring rootwrap daemon (bsc#1182317)
Changes in ardana-swift:
- Update to version 9.0+git.1618235096.90974ed:
* Run swiftlm-scan in the UTC timezone (bsc#1181690)
Changes in cassandra:
- update to 3.11.10 (bsc#1181689, CVE-2020-17516)
* Fix digest computation for queries with fetched but non queried columns (CASSANDRA-15962)
* Reduce amount of allocations during batch statement execution (CASSANDRA-16201)
* Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393)
* Fix DecimalDeserializer#toString OOM (CASSANDRA-14925)
* Rate limit validation compactions using compaction_throughput_mb_per_sec (CASSANDRA-16161)
* SASI's `max_compaction_flush_memory_in_mb` settings over 100GB revert to default of 1GB (CASSANDRA-16071)
* Prevent unbounded number of pending flushing tasks (CASSANDRA-16261)
* Improve empty hint file handling during startup (CASSANDRA-16162)
* Allow empty string in collections with COPY FROM in cqlsh (CASSANDRA-16372)
* Fix skipping on pre-3.0 created compact storage sstables due to missing primary key liveness (CASSANDRA-16226)
* Extend the exclusion of replica filtering protection to other indices instead of just SASI (CASSANDRA-16311)
* Synchronize transaction logs for JBOD (CASSANDRA-16225)
* Fix the counting of cells per partition (CASSANDRA-16259)
* Fix serial read/non-applying CAS linearizability (CASSANDRA-12126)
* Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294)
* Improved check of num_tokens against the length of initial_token (CASSANDRA-14477)
* Fix a race condition on ColumnFamilyStore and TableMetrics (CASSANDRA-16228)
* Remove the SEPExecutor blocking behavior (CASSANDRA-16186)
* Fix invalid cell value skipping when reading from disk (CASSANDRA-16223)
* Prevent invoking enable/disable gossip when not in NORMAL (CASSANDRA-16146)
* Wait for schema agreement when bootstrapping (CASSANDRA-15158)
* Fix the histogram merge of the table metrics (CASSANDRA-16259)
* Synchronize Keyspace instance store/clear (CASSANDRA-16210)
* Fix ColumnFilter to avoid querying cells of unselected complex columns (CASSANDRA-15977)
* Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
* Don't attempt value skipping with mixed version cluster (CASSANDRA-15833)
* Avoid failing compactions with very large partitions (CASSANDRA-15164)
* Make sure LCS handles duplicate sstable added/removed notifications correctly (CASSANDRA-14103)
* Fix OOM when terminating repair session (CASSANDRA-15902)
* Avoid marking shutting down nodes as up after receiving gossip shutdown message (CASSANDRA-16094)
* Check SSTables for latest version before dropping compact storage (CASSANDRA-16063)
* Handle unexpected columns due to schema races (CASSANDRA-15899)
* Add flag to ignore unreplicated keyspaces during repair (CASSANDRA-15160)
* Package tools/bin scripts as executable (CASSANDRA-16151)
* Fixed a NullPointerException when calling nodetool enablethrift (CASSANDRA-16127)
* Correctly interpret SASI's `max_compaction_flush_memory_in_mb` setting in megabytes not bytes (CASSANDRA-16071)
* Fix short read protection for GROUP BY queries (CASSANDRA-15459)
* Frozen RawTuple is not annotated with frozen in the toString method (CASSANDRA-15857)
Merged from 3.0:
* Use IF NOT EXISTS for index and UDT create statements in snapshot schema files (CASSANDRA-13935)
* Fix gossip shutdown order (CASSANDRA-15816)
* Remove broken 'defrag-on-read' optimization (CASSANDRA-15432)
* Check for endpoint collision with hibernating nodes (CASSANDRA-14599)
* Operational improvements and hardening for replica filtering protection (CASSANDRA-15907)
* stop_paranoid disk failure policy is ignored on CorruptSSTableException after node is up (CASSANDRA-15191)
* Forbid altering UDTs used in partition keys (CASSANDRA-15933)
* Fix empty/null json string representation (CASSANDRA-15896)
* 3.x fails to start if commit log has range tombstones from a column which is also deleted (CASSANDRA-15970)
* Handle difference in timestamp precision between java8 and java11 in LogFIle.java (CASSANDRA-16050)
Merged from 2.2:
* Fix CQL parsing of collections when the column type is reversed (CASSANDRA-15814)
* Only allow strings to be passed to JMX authentication (CASSANDRA-16077)
* Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905)
* Upgrade Jackson to 2.9.10 (CASSANDRA-15867)
* Fix CQL formatting of read command restrictions for slow query log (CASSANDRA-15503)
* Allow sstableloader to use SSL on the native port (CASSANDRA-14904)
* Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948)
* Avoid hinted handoff per-host throttle being arounded to 0 in large cluster (CASSANDRA-15859)
* Avoid emitting empty range tombstones from RangeTombstoneList (CASSANDRA-15924)
* Avoid thread starvation, and improve compare-and-swap performance, in the slab allocators (CASSANDRA-15922)
* Add token to tombstone warning and error messages (CASSANDRA-15890)
* Fixed range read concurrency factor computation and capped as 10 times tpc cores (CASSANDRA-15752)
* Catch exception on bootstrap resume and init native transport (CASSANDRA-15863)
* Fix replica-side filtering returning stale data with CL > ONE (CASSANDRA-8272, CASSANDRA-8273)
* Fix duplicated row on 2.x upgrades when multi-rows range tombstones interact with collection ones (CASSANDRA-15805)
* Rely on snapshotted session infos on StreamResultFuture.maybeComplete to avoid race conditions (CASSANDRA-15667)
* EmptyType doesn't override writeValue so could attempt to write bytes when expected not to (CASSANDRA-15790)
* Fix index queries on partition key columns when some partitions contains only static data (CASSANDRA-13666)
* Avoid creating duplicate rows during major upgrades (CASSANDRA-15789)
* liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if IndexSummaryRedistribution gets interrupted (CASSANDRA-15674)
* Fix Debian init start/stop (CASSANDRA-15770)
* Fix infinite loop on index query paging in tables with clustering (CASSANDRA-14242)
* Fix chunk index overflow due to large sstable with small chunk length (CASSANDRA-15595)
* Allow selecting static column only when querying static index (CASSANDRA-14242)
* cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623)
* Don't skip sstables in slice queries based only on local min/max/deletion timestamp (CASSANDRA-15690)
* Memtable memory allocations may deadlock (CASSANDRA-15367)
* Run evictFromMembership in GossipStage (CASSANDRA-15592)
* Fix nomenclature of allow and deny lists (CASSANDRA-15862)
* Remove generated files from source artifact (CASSANDRA-15849)
* Remove duplicated tools binaries from tarballs (CASSANDRA-15768)
* Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501)
* Disable JMX rebinding (CASSANDRA-15653)
* Fix writing of snapshot manifest when the table has table-backed secondary indexes (CASSANDRA-10968)
* Fix parse error in cqlsh COPY FROM and formatting for map of blobs (CASSANDRA-15679)
* Fix Commit log replays when static column clustering keys are collections (CASSANDRA-14365)
* Fix Red Hat init script on newer systemd versions (CASSANDRA-15273)
* Allow EXTRA_CLASSPATH to work on tar/source installations (CASSANDRA-15567)
* Fix bad UDT sstable metadata serialization headers written by C* 3.0 on upgrade and in sstablescrub (CASSANDRA-15035)
* Fix nodetool compactionstats showing extra pending task for TWCS - patch implemented (CASSANDRA-15409)
* Fix SELECT JSON formatting for the 'duration' type (CASSANDRA-15075)
* Fix LegacyLayout to have same behavior as 2.x when handling unknown column names (CASSANDRA-15081)
* Update nodetool help stop output (CASSANDRA-15401)
* Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
* Include updates to static column in mutation size calculations (CASSANDRA-15293)
* Fix point-in-time recoevery ignoring timestamp of updates to static columns (CASSANDRA-15292)
* GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
* Fix sstabledump's position key value when partitions have multiple rows (CASSANDRA-14721)
* Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364)
* Bump generations and document changes to system_distributed and system_traces in 3.0, 3.11
(CASSANDRA-15441)
* Fix system_traces creation timestamp; optimise system keyspace upgrades (CASSANDRA-15398)
* Fix various data directory prefix matching issues (CASSANDRA-13974)
* Minimize clustering values in metadata collector (CASSANDRA-15400)
* Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
* validate value sizes in LegacyLayout (CASSANDRA-15373)
* Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by default (CASSANDRA-15385)
* Make sure index summary redistribution does not start when compactions are paused (CASSANDRA-15265)
* Ensure legacy rows have primary key livenessinfo when they contain illegal cells (CASSANDRA-15365)
* Fix race condition when setting bootstrap flags (CASSANDRA-14878)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
* In-JVM DTest: Set correct internode message version for upgrade test (CASSANDRA-15371)
* In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SASI non-literal string comparisons (range operators) (CASSANDRA-15169)
* Make sure user defined compaction transactions are always closed (CASSANDRA-15123)
* Fix cassandra-env.sh to use $CASSANDRA_CONF to find cassandra-jaas.config (CASSANDRA-14305)
* Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
* Add flag to disable SASI indexes, and warnings on creation (CASSANDRA-14866)
* Add ability to cap max negotiable protocol version (CASSANDRA-15193)
* Gossip tokens on startup if available (CASSANDRA-15335)
* Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340)
* Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289)
* Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172)
* Fix NPE when using allocate_tokens_for_keyspace on new DC/rack (CASSANDRA-14952)
* Filter sstables earlier when running cleanup (CASSANDRA-15100)
* Use mean row count instead of mean column count for index selectivity calculation (CASSANDRA-15259)
* Avoid updating unchanged gossip states (CASSANDRA-15097)
* Prevent recreation of previously dropped columns with a different kind (CASSANDRA-14948)
* Prevent client requests from blocking on executor task queue (CASSANDRA-15013)
* Toughen up column drop/recreate type validations (CASSANDRA-15204)
* LegacyLayout should handle paging states that cross a collection column (CASSANDRA-15201)
* Prevent RuntimeException when username or password is empty/null (CASSANDRA-15198)
* Multiget thrift query returns null records after digest mismatch (CASSANDRA-14812)
* Skipping illegal legacy cells can break reverse iteration of indexed partitions (CASSANDRA-15178)
* Handle paging states serialized with a different version than the session's (CASSANDRA-15176)
* Throw IOE instead of asserting on unsupporter peer versions (CASSANDRA-15066)
* Update token metadata when handling MOVING/REMOVING_TOKEN events (CASSANDRA-15120)
* Add ability to customize cassandra log directory using $CASSANDRA_LOG_DIR (CASSANDRA-15090)
* Skip cells with illegal column names when reading legacy sstables (CASSANDRA-15086)
* Fix assorted gossip races and add related runtime checks (CASSANDRA-15059)
* Fix mixed mode partition range scans with limit (CASSANDRA-15072)
* cassandra-stress works with frozen collections: list and set (CASSANDRA-14907)
* Fix handling FS errors on writing and reading flat files - LogTransaction and hints (CASSANDRA-15053)
* Avoid double closing the iterator to avoid overcounting the number of requests (CASSANDRA-15058)
* Improve `nodetool status -r` speed (CASSANDRA-14847)
* Improve merkle tree size and time on heap (CASSANDRA-14096)
* Add missing commands to nodetool_completion (CASSANDRA-14916)
* Anti-compaction temporarily corrupts sstable state for readers (CASSANDRA-15004)
* Catch non-IOException in FileUtils.close to make sure that all resources are closed (CASSANDRA-15225)
* Handle exceptions during authentication/authorization (CASSANDRA-15041)
* Support cross version messaging in in-jvm upgrade dtests (CASSANDRA-15078)
* Fix index summary redistribution cancellation (CASSANDRA-15045)
* Fixing invalid CQL in security documentation (CASSANDRA-15020)
* Allow instance class loaders to be garbage collected for inJVM dtest (CASSANDRA-15170)
* Add support for network topology and query tracing for inJVM dtest (CASSANDRA-15319)
* Correct sstable sorting for garbagecollect and levelled compaction (CASSANDRA-14870)
* Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser
* Add a script to make running the cqlsh tests in cassandra repo easier (CASSANDRA-14951)
* If SizeEstimatesRecorder misses a 'onDropTable' notification, the size_estimates table will never be cleared for that table. (CASSANDRA-14905)
* Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters (CASSANDRA-14958)
* Streaming needs to synchronise access to LifecycleTransaction (CASSANDRA-14554)
* Fix cassandra-stress write hang with default options (CASSANDRA-14616)
* Differentiate between slices and RTs when decoding legacy bounds (CASSANDRA-14919)
* Netty epoll IOExceptions caused by unclean client disconnects being logged at INFO (CASSANDRA-14909)
* Unfiltered.isEmpty conflicts with Row extends AbstractCollection.isEmpty (CASSANDRA-14588)
* RangeTombstoneList doesn't properly clean up mergeable or superseded rts in some cases (CASSANDRA-14894)
* Fix handling of collection tombstones for dropped columns from legacy sstables (CASSANDRA-14912)
* Throw exception if Columns serialized subset encode more columns than possible (CASSANDRA-14591)
* Drop/add column name with different Kind can result in corruption (CASSANDRA-14843)
* Fix missing rows when reading 2.1 SSTables with static columns in 3.0 (CASSANDRA-14873)
* Move TWCS message 'No compaction necessary for bucket size' to Trace level (CASSANDRA-14884)
* Sstable min/max metadata can cause data loss (CASSANDRA-14861)
* Dropped columns can cause reverse sstable iteration to return prematurely (CASSANDRA-14838)
* Legacy sstables with multi block range tombstones create invalid bound sequences (CASSANDRA-14823)
* Expand range tombstone validation checks to multiple interim request stages (CASSANDRA-14824)
* Reverse order reads can return incomplete results (CASSANDRA-14803)
* Avoid calling iter.next() in a loop when notifying indexers about range tombstones (CASSANDRA-14794)
* Fix purging semi-expired RT boundaries in reversed iterators (CASSANDRA-14672)
* DESC order reads can fail to return the last Unfiltered in the partition (CASSANDRA-14766)
* Fix corrupted collection deletions for dropped columns in 3.0 <-> 2.{1,2} messages (CASSANDRA-14568)
* Fix corrupted static collection deletions in 3.0 <-> 2.{1,2} messages (CASSANDRA-14568)
* Handle failures in parallelAllSSTableOperation (cleanup/upgradesstables/etc) (CASSANDRA-14657)
* Improve TokenMetaData cache populating performance avoid long locking (CASSANDRA-14660)
* Backport: Flush netty client messages immediately (not by default) (CASSANDRA-13651)
* Fix static column order for SELECT * wildcard queries (CASSANDRA-14638)
* sstableloader should use discovered broadcast address to connect intra-cluster (CASSANDRA-14522)
* Fix reading columns with non-UTF names from schema (CASSANDRA-14468)
* Don't enable client transports when bootstrap is pending (CASSANDRA-14525)
* MigrationManager attempts to pull schema from different major version nodes (CASSANDRA-14928)
* Fix incorrect cqlsh results when selecting same columns multiple times (CASSANDRA-13262)
* Returns null instead of NaN or Infinity in JSON strings (CASSANDRA-14377)
* Paged Range Slice queries with DISTINCT can drop rows from results (CASSANDRA-14956)
Changes in crowbar-openstack:
- Update to version 6.0+git.1616146717.a89ae0f4e:
* monasca: restart Kibana on update (bsc#1044849)
Changes in grafana
- Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358)
* Prevent unauthenticated remote attackers from causing a DoS through the
snapshots API.
Changes in kibana:
- Ensure /etc/sysconfig/kibana is present
- Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14, ESA-2017-16)
* [4.6] ignore forked code for babel transpile build phase (#13483)
* Allow more than match queries in custom filters (#8614) (#10857)
* [state] don't make extra $location.replace() calls (#9954)
* [optimizer] move to querystring-browser package for up-to-date api
* [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
* server: refactor log_interceptor to be more DRY (#9617)
* server: downgrade ECANCELED logs to debug (#9616)
* server: do not treat logged warnings as errors (#8746) (#9610)
* [server/logger] downgrade EPIPE errors to debug level (#9023)
* Add basepath when redirecting from a trailling slash (#9035)
* [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
* [server/shortUrl] validate urls before shortening them
- Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
* This fixes an XSS vulnerability in URL fields
- Remove %dir declaration from /opt/kibana/optimize to ensure
no files owned by root end up in there
- Exclude /opt/kibana/optimize from %fdupes
- Restart service on upgrade
- Do not copy LICENSE.txt and README.txt to /opt/kibana
- Fix rpmlint warnings/errors
- Switch to explicit patch application
- Fix source URL
- Fix logic for systemd/systemv detection
- Add 0001-Configurable-custom-response-headers-for-server.patch
(bsc#1171909, CVE-2020-10743)
- Added kibana.yml symlink (bsc#1048688, FATE#323204)
Changes in openstack-dashboard:
- Update to version horizon-14.1.1.dev11:
* Consume tempest-horizon from PyPI release
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev17:
* Remove lower-constraints job
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev17:
* Remove lower-constraints job
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev164:
* Schedule networks to new segments if needed
- Update to version neutron-13.0.8.dev162:
* Fix invalid JSON generated by quota details
- Update to version neutron-13.0.8.dev160:
* Fix deletion of rfp interfaces when router is re-enabled
- Update to version neutron-13.0.8.dev159:
* [OVS FW] Allow egress ICMPv6 only for know addresses
* [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID
- Update to version neutron-13.0.8.dev155:
* Fix removal of dvr-src mac flows when non-gateway port on router is deleted
- Update to version neutron-13.0.8.dev153:
* Add some wait time between stopping and starting again ovsdb monitor
* Workaround for TCP checksum issue with ovs-dpdk and veth pair
- Update to version neutron-13.0.8.dev149:
* Fix wrong packet\_type set for IPv6 GRE tunnels in OVS
- Update to version neutron-13.0.8.dev148:
* Fix losses of ovs flows when ovs is restarted
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev164:
* Schedule networks to new segments if needed
- Update to version neutron-13.0.8.dev162:
* Fix invalid JSON generated by quota details
- Update to version neutron-13.0.8.dev160:
* Fix deletion of rfp interfaces when router is re-enabled
- Update to version neutron-13.0.8.dev159:
* [OVS FW] Allow egress ICMPv6 only for know addresses
* [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID
- Update to version neutron-13.0.8.dev155:
* Fix removal of dvr-src mac flows when non-gateway port on router is deleted
- Update to version neutron-13.0.8.dev153:
* Add some wait time between stopping and starting again ovsdb monitor
* Workaround for TCP checksum issue with ovs-dpdk and veth pair
- Update to version neutron-13.0.8.dev149:
* Fix wrong packet\_type set for IPv6 GRE tunnels in OVS
- Update to version neutron-13.0.8.dev148:
* Fix losses of ovs flows when ovs is restarted
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev29:
* gbp-validate: Tenant and resource level scoping
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev27:
* Import data\_utils from the new location
- Update to version group-based-policy-12.0.1.dev26:
* Add SNAT port's Mac Address to the host\_snat\_ips dictionary
- Update to version group-based-policy-12.0.1.dev25:
* Add support for victoria
2014.2.rc1
- Update to version group-based-policy-12.0.1.dev24:
* Fix deletion of SVI networks
- Update to version group-based-policy-12.0.1.dev23:
* Allow per-port qos configuration on dhcp port
2014.2rc1
- Update to version group-based-policy-12.0.1.dev22:
* Add connectivity parameter to driver
* [AIM] Fix ERSPAN extension
2014.2.rc1
- Update to version group-based-policy-12.0.1.dev19:
* Fix exception with cleanup
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev18:
* Add workaround to get\_subnets
Changes in openstack-nova:
- Update to version nova-18.3.1.dev82:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
* Change default num\_retries for glance to 3
Changes in openstack-nova:
- Update to version nova-18.3.1.dev82:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
* Change default num\_retries for glance to 3
Changes in python-Django1:
- Add CVE-2021-33203.patch (bsc#1186608, CVE-2021-33203)
* Fixed potential path-traversal via admindocs' TemplateDetailView.
- Add CVE-2021-33571.patch (bsc#1186611, CVE-2021-33571)
* Prevented leading zeros in IPv4 addresses.
- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
* Fixed CVE-2021-31542 -- Tightened path and file name sanitation in file
uploads.
- Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
* Fixed potential directory-traversal via uploaded files
- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
* Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Changes in python-py:
- Add CVE-2020-29651.patch ((bsc#1179805, CVE-2020-29651)
* svnwc: fix regular expression vulnerable to DoS in blame
functionality
Changes in python-pysaml2:
- Fix patches (SOC-11453)
* 0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch
- rename saml2.xml to saml2.samlxml to avoid overriding
the xml module in the system module path
- add missing __init__.py files
- add missing saml2/data package to setup.py
* 0007-Make-previous-commits-python2-compatible.patch so as not to
- Adjust to saml2.xml to saml2.samlxml changes
- Fix a few more syntax errors and Python2-isms.
- Fix CVE-2021-21238, bsc#1181277 with
0002-Strengthen-XSW-tests.patch ,
0003-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
0004-Add-xsd-schemas.patch ,
0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch .
This adds a dependency on python-xmlschema, which depends on
python-elementpath, thus both need to be added for this to work.
The used python-xmlschema needs to support the sandbox argument
which was added in 1.2.0 and refined in 1.2.1, but that version
doesn't support python2, so a patched version that does both is
needed.
Add 0007-Make-previous-commits-python2-compatible.patch to
not add a dependency on reportlib_resources and make other
changes python2 compatible.
. Fix CVE-2021-21239, bsc#1181278 with
0006-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch
Changes in python-xmlschema:
- Add 3 patches to backport sandbox argument, which is needed by a security fix
in python-pysaml2 and one patch to make backport python2 compatible.
- Upstream url changed
- Add rpmlintrc to make it work on Leap 42.3
- Update to 1.0.18:
* Fix for *ModelVisitor.iter_unordered_content()*
* Fixed default converter, AbderaConverter and JsonMLConverter for xs:anyType decode
* Fixed validation tests with all converters
* Added UnorderedConverter to validation tests
- Update to 1.0.17:
* Enhancement of validation-only speed (~15%)
* Added *is_valid()* and *iter_errors()* to module API
- Update to 1.0.16:
* Improved XMLResource class for working with compressed files
* Fix for validation with XSD wildcards and 'lax' process content
* Fix ambiguous items validation for xs:choice and xs:sequence models
- Handle UnicodeDecodeErrors during build process
- Update to 1.0.15:
* Improved XPath 2.0 bindings
* Added logging for schema initialization and building (handled with argument loglevel)
* Update encoding of collapsed contents with a new model based reordering method
* Removed XLink namespace from meta-schema (loaded from a fallback location like XHTML)
* Fixed half of failed W3C instance tests (remain 255 over 15344 tests)
- Initial commit, needed by pytest 5.1.2
Changes in python-elementpath:
- Update to 1.3.1:
* Improved schema proxy
* Improved XSD type matching using paths
* Cached parent path for XPathContext (only Python 3)
* Improve typed selection with TypedAttribute and TypedElement named-tuples
* Add iter_results to XPathContext
* Remove XMLSchemaProxy from package
* Fix descendant shortcut operator '//'
* Fix text() function
* Fix typed select of '(name)' token
* Fix 24-hour time for DateTime
- Skip test_hashing to fix 32bit builds
- Initial commit needed by python-xmlschema
Changes in rubygem-activerecord-session_store:
- added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174)
* This requires CVE-2019-16782.patch to be included in
rubygem-actionpack-4_2 to work correctly.
Changes in venv-openstack-keystone
- Add python-xmlschema and python-elementpath for new python-pysaml2 version.
ModerateSUSE bug 1044849SUSE bug 1048688SUSE bug 1115960SUSE bug 1148383SUSE bug 1170657SUSE bug 1171909SUSE bug 1172409SUSE bug 1172450SUSE bug 1174583SUSE bug 1178243SUSE bug 1179805SUSE bug 1181277SUSE bug 1181278SUSE bug 1181689SUSE bug 1181690SUSE bug 1182317SUSE bug 1182433SUSE bug 1183174SUSE bug 1183803SUSE bug 1184148SUSE bug 1185623SUSE bug 1186608SUSE bug 1186611CVE-2017-11481 at SUSECVE-2017-11481 at NVDCVE-2017-11499 at SUSECVE-2017-11499 at NVDCVE-2018-18623 at SUSECVE-2018-18623 at NVDCVE-2018-18624 at SUSECVE-2018-18624 at NVDCVE-2018-18625 at SUSECVE-2018-18625 at NVDCVE-2018-19039 at SUSECVE-2018-19039 at NVDCVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2019-25025 at SUSECVE-2019-25025 at NVDCVE-2020-10743 at SUSECVE-2020-10743 at NVDCVE-2020-11110 at SUSECVE-2020-11110 at NVDCVE-2020-12052 at SUSECVE-2020-12052 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDCVE-2020-17516 at SUSECVE-2020-17516 at NVDCVE-2020-24303 at SUSECVE-2020-24303 at NVDCVE-2020-29651 at SUSECVE-2020-29651 at NVDCVE-2021-21238 at SUSECVE-2021-21238 at NVDCVE-2021-21239 at SUSECVE-2021-21239 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-27358 at SUSECVE-2021-27358 at NVDCVE-2021-28658 at SUSECVE-2021-28658 at NVDCVE-2021-31542 at SUSECVE-2021-31542 at NVDCVE-2021-33203 at SUSECVE-2021-33203 at NVDCVE-2021-33571 at SUSECVE-2021-33571 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u292 (icedtea 3.19.0).
- CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).
ModerateSUSE bug 1185055CVE-2021-2163 at SUSECVE-2021-2163 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ImageMagick (Important)SUSE OpenStack Cloud 9
This update for ImageMagick fixes the following issues:
- CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103).
- CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).
- CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).
- CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).
- CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).
- CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).
- CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
- CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260).
- CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).
- CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).
- CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).
- CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).
- CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).
- CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
- CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).
- CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).
- CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).
- CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).
- CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).
- CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).
- CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).
- CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).
- CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).
- CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
- CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).
- CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).
- CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).
- CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).
- CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).
- CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).
- CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).
- CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).
ImportantSUSE bug 1179103SUSE bug 1179202SUSE bug 1179208SUSE bug 1179212SUSE bug 1179223SUSE bug 1179240SUSE bug 1179244SUSE bug 1179260SUSE bug 1179268SUSE bug 1179269SUSE bug 1179278SUSE bug 1179281SUSE bug 1179285SUSE bug 1179311SUSE bug 1179312SUSE bug 1179313SUSE bug 1179315SUSE bug 1179317SUSE bug 1179321SUSE bug 1179322SUSE bug 1179327SUSE bug 1179333SUSE bug 1179336SUSE bug 1179338SUSE bug 1179339SUSE bug 1179343SUSE bug 1179345SUSE bug 1179346SUSE bug 1179347SUSE bug 1179361SUSE bug 1179362SUSE bug 1179397CVE-2020-19667 at SUSECVE-2020-19667 at NVDCVE-2020-25664 at SUSECVE-2020-25664 at NVDCVE-2020-25665 at SUSECVE-2020-25665 at NVDCVE-2020-25666 at SUSECVE-2020-25666 at NVDCVE-2020-25674 at SUSECVE-2020-25674 at NVDCVE-2020-25675 at SUSECVE-2020-25675 at NVDCVE-2020-25676 at SUSECVE-2020-25676 at NVDCVE-2020-27750 at SUSECVE-2020-27750 at NVDCVE-2020-27751 at SUSECVE-2020-27751 at NVDCVE-2020-27752 at SUSECVE-2020-27752 at NVDCVE-2020-27753 at SUSECVE-2020-27753 at NVDCVE-2020-27754 at SUSECVE-2020-27754 at NVDCVE-2020-27755 at SUSECVE-2020-27755 at NVDCVE-2020-27757 at SUSECVE-2020-27757 at NVDCVE-2020-27759 at SUSECVE-2020-27759 at NVDCVE-2020-27760 at SUSECVE-2020-27760 at NVDCVE-2020-27761 at SUSECVE-2020-27761 at NVDCVE-2020-27762 at SUSECVE-2020-27762 at NVDCVE-2020-27763 at SUSECVE-2020-27763 at NVDCVE-2020-27764 at SUSECVE-2020-27764 at NVDCVE-2020-27765 at SUSECVE-2020-27765 at NVDCVE-2020-27766 at SUSECVE-2020-27766 at NVDCVE-2020-27767 at SUSECVE-2020-27767 at NVDCVE-2020-27768 at SUSECVE-2020-27768 at NVDCVE-2020-27769 at SUSECVE-2020-27769 at NVDCVE-2020-27770 at SUSECVE-2020-27770 at NVDCVE-2020-27771 at SUSECVE-2020-27771 at NVDCVE-2020-27772 at SUSECVE-2020-27772 at NVDCVE-2020-27773 at SUSECVE-2020-27773 at NVDCVE-2020-27774 at SUSECVE-2020-27774 at NVDCVE-2020-27775 at SUSECVE-2020-27775 at NVDCVE-2020-27776 at SUSECVE-2020-27776 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.1:
+ Improve handling of Media Capture devices.
+ Improve WebAudio playback.
+ Improve video orientation handling.
+ Improve seeking support for MSE playback.
+ Improve flush support in EME decryptors.
+ Fix HTTP status codes for requests done through a custom URI handler.
+ Fix the Bubblewrap sandbox in certain 32-bit systems.
+ Fix inconsistencies between the WebKitWebView.is-muted property
state and values returned by
webkit_web_view_is_playing_audio().
+ Fix the build with ENABLE_VIDEO=OFF.
+ Fix wrong timestamps for long-lived cookies.
+ Fix UI process crash when failing to load favicons.
+ Fix several crashes and rendering issues.
- Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871,
CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983,
CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951.
ImportantSUSE bug 1177087SUSE bug 1179122SUSE bug 1179451SUSE bug 1182286SUSE bug 1184155SUSE bug 1184262CVE-2020-13543 at SUSECVE-2020-13543 at NVDCVE-2020-13558 at SUSECVE-2020-13558 at NVDCVE-2020-13584 at SUSECVE-2020-13584 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9983 at SUSECVE-2020-9983 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1789 at SUSECVE-2021-1789 at NVDCVE-2021-1799 at SUSECVE-2021-1799 at NVDCVE-2021-1801 at SUSECVE-2021-1801 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1870 at SUSECVE-2021-1870 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
ImportantSUSE bug 1186922SUSE bug 1186923SUSE bug 1186924SUSE bug 1187017SUSE bug 1187174CVE-2020-35452 at SUSECVE-2020-35452 at NVDCVE-2021-26690 at SUSECVE-2021-26690 at NVDCVE-2021-26691 at SUSECVE-2021-26691 at NVDCVE-2021-30641 at SUSECVE-2021-30641 at NVDCVE-2021-31618 at SUSECVE-2021-31618 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xterm (Important)SUSE OpenStack Cloud 9
This update for xterm fixes the following issues:
- CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091)
ImportantSUSE bug 1182091CVE-2021-27135 at SUSECVE-2021-27135 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libnettle (Important)SUSE OpenStack Cloud 9
This update for libnettle fixes the following issues:
- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).
ImportantSUSE bug 1187060CVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ovmf (Important)SUSE OpenStack Cloud 9
This update for ovmf fixes the following issues:
- Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
ImportantSUSE bug 1186151cpe:/o:suse:suse-openstack-cloud:9Security update for libgcrypt (Important)SUSE OpenStack Cloud 9
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
ImportantSUSE bug 1187212CVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openexr (Important)SUSE OpenStack Cloud 9
This update for openexr fixes the following issues:
- Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer
- Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
- Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
ImportantSUSE bug 1184354SUSE bug 1187310SUSE bug 1187395CVE-2021-3479 at SUSECVE-2021-3479 at NVDCVE-2021-3598 at SUSECVE-2021-3598 at NVDCVE-2021-3605 at SUSECVE-2021-3605 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql, postgresql12, postgresql13 (Important)SUSE OpenStack Cloud 9
This update for postgresql, postgresql12, postgresql13 fixes the following issues:
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
Changes in postgresql:
- Bump postgresql major version to 13.
Changes in postgresql12:
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix a DST problem in the test suite.
Changes in postgresql13:
- Add postgresql-icu68.patch: fix build with ICU 68
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
- Fix a DST problem in the test suite.
ImportantSUSE bug 1178666SUSE bug 1178667SUSE bug 1178668SUSE bug 1178961SUSE bug 1179765CVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for arpwatch (Important)SUSE OpenStack Cloud 9
This update for arpwatch fixes the following issues:
- CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).
ImportantSUSE bug 1186240CVE-2021-25321 at SUSECVE-2021-25321 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libsolv (Important)SUSE OpenStack Cloud 9
This update for libsolv fixes the following issues:
Security issues fixed:
- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)
Other issues fixed:
- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
ImportantSUSE bug 1161510SUSE bug 1186229CVE-2019-20387 at SUSECVE-2019-20387 at NVDCVE-2021-3200 at SUSECVE-2021-3200 at NVDcpe:/o:suse:suse-openstack-cloud:9Recommended update for the Azure and AWS SDKs (Important)SUSE OpenStack Cloud 9
This update for the SLE Public Cloud module provides the following fixes:
Azure SDK update:
This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit).
(bsc#1176784, jsc#ECO-3105)
AWS SDK update:
This update for the AWS SDK updates python-boto3 to version 1.17.9 and aws-cli to 1.19.9.
(bsc#1182421, jsc#ECO-3352)
Security fix for python-urllib3:
- Improve performance of sub-authority splitting in URL. (bsc#1187045, CVE-2021-33503)
ImportantSUSE bug 1125671SUSE bug 1154393SUSE bug 1175289SUSE bug 1176784SUSE bug 1176785SUSE bug 1182421SUSE bug 1187045CVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-rsa (Important)SUSE OpenStack Cloud 9
This update for python-rsa fixes the following issues:
- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)
ImportantSUSE bug 1172389CVE-2020-13757 at SUSECVE-2020-13757 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sudo (Important)SUSE OpenStack Cloud 9
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges
[bsc#1181090,CVE-2021-3156]
- It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
- A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685,
CVE-2021-23240]
- It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
ImportantSUSE bug 1180684SUSE bug 1180685SUSE bug 1180687SUSE bug 1181090CVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-pip (Moderate)SUSE OpenStack Cloud 9
This update for python-pip fixes the following issues:
- CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819).
ModerateSUSE bug 1186819CVE-2021-3572 at SUSECVE-2021-3572 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-29 (bsc#1188275)
* CVE-2021-29970: Use-after-free in accessibility features of a document
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
ImportantSUSE bug 1188275CVE-2021-29970 at SUSECVE-2021-29970 at NVDCVE-2021-29976 at SUSECVE-2021-29976 at NVDCVE-2021-30547 at SUSECVE-2021-30547 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414)
* CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements
* CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been
* CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC
* CVE-2021-23964: Fixed Memory safety bugs
ImportantSUSE bug 1181414CVE-2020-26976 at SUSECVE-2020-26976 at NVDCVE-2021-23953 at SUSECVE-2021-23953 at NVDCVE-2021-23954 at SUSECVE-2021-23954 at NVDCVE-2021-23960 at SUSECVE-2021-23960 at NVDCVE-2021-23964 at SUSECVE-2021-23964 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116).
- CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062).
- CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215).
- CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554).
- CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601).
- CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595).
- CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463).
- CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452).
- CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463).
- CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861).
- CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484).
The following non-security bugs were fixed:
- block: do not use blocking queue entered for recursive bio (bsc#1104967).
- s390/stack: fix possible register corruption with stack switch helper (git-fixes).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
ImportantSUSE bug 1104967SUSE bug 1174978SUSE bug 1179610SUSE bug 1185701SUSE bug 1185861SUSE bug 1186463SUSE bug 1186484SUSE bug 1187038SUSE bug 1187050SUSE bug 1187215SUSE bug 1187452SUSE bug 1187554SUSE bug 1187595SUSE bug 1187601SUSE bug 1187934SUSE bug 1188062SUSE bug 1188116CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for systemd (Important)SUSE OpenStack Cloud 9
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063)
Other fixes:
- mount-util: shorten the loop a bit (#7545)
- mount-util: do not use the official MAX_HANDLE_SZ (#7523)
- mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
- mount-util: fix bad indenting
- mount-util: EOVERFLOW might have other causes than buffer size issues
- mount-util: fix error propagation in fd_fdinfo_mnt_id()
- mount-util: drop exponential buffer growing in name_to_handle_at_loop()
- udev: port udev_has_devtmpfs() to use path_get_mnt_id()
- mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
- mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
- mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
- basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- sysusers: use the usual comment style
- test/TEST-21-SYSUSERS: add tests for new functionality
- sysusers: allow admin/runtime overrides to command-line config
- basic/strv: add function to insert items at position
- sysusers: allow the shell to be specified
- sysusers: move various user credential validity checks to src/basic/
- man: reformat table in sysusers.d(5)
- sysusers: take configuration as positional arguments
- sysusers: emit a bit more info at debug level when locking fails
- sysusers: allow force reusing existing user/group IDs (#8037)
- sysusers: ensure GID in uid:gid syntax exists
- sysusers: make ADD_GROUP always create a group
- test: add TEST-21-SYSUSERS test
- sysuser: use OrderedHashmap
- sysusers: allow uid:gid in sysusers.conf files
- sysusers: fix memleak (#4430)
- These commits implement the option '--replace' for systemd-sysusers
so %sysusers_create_package can be introduced in SLE and packages
can rely on this rpm macro without wondering whether the macro is
available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- systemctl: add --value option
- execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
- rlimit-util: introduce setrlimit_closest_all()
- system-conf: drop reference to ShutdownWatchdogUsec=
- core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
- Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
- write_net_rules: set execute bits (bsc#1178561)
- udev: rework network device renaming
- Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available''
ImportantSUSE bug 1178561SUSE bug 1184761SUSE bug 1184967SUSE bug 1185046SUSE bug 1185331SUSE bug 1185807SUSE bug 1188063CVE-2021-33910 at SUSECVE-2021-33910 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for curl (Moderate)SUSE OpenStack Cloud 9
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
ModerateSUSE bug 1188217SUSE bug 1188218SUSE bug 1188219SUSE bug 1188220CVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for linuxptp (Important)SUSE OpenStack Cloud 9
This update for linuxptp fixes the following issues:
- CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)
ImportantSUSE bug 1187646CVE-2021-3570 at SUSECVE-2021-3570 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for qemu (Important)SUSE OpenStack Cloud 9
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)
- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)
- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)
- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)
- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)
ImportantSUSE bug 1187364SUSE bug 1187365SUSE bug 1187366SUSE bug 1187367SUSE bug 1187529CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDCVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dbus-1 (Important)SUSE OpenStack Cloud 9
This update for dbus-1 fixes the following issues:
- CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105)
- CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505)
ImportantSUSE bug 1172505SUSE bug 1187105CVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.32.3:
- CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697)
- CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697)
- CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697)
- CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697)
- CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697)
- CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697)
- CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
ImportantSUSE bug 1188697CVE-2021-21775 at SUSECVE-2021-21775 at NVDCVE-2021-21779 at SUSECVE-2021-21779 at NVDCVE-2021-30663 at SUSECVE-2021-30663 at NVDCVE-2021-30665 at SUSECVE-2021-30665 at NVDCVE-2021-30689 at SUSECVE-2021-30689 at NVDCVE-2021-30720 at SUSECVE-2021-30720 at NVDCVE-2021-30734 at SUSECVE-2021-30734 at NVDCVE-2021-30744 at SUSECVE-2021-30744 at NVDCVE-2021-30749 at SUSECVE-2021-30749 at NVDCVE-2021-30758 at SUSECVE-2021-30758 at NVDCVE-2021-30795 at SUSECVE-2021-30795 at NVDCVE-2021-30797 at SUSECVE-2021-30797 at NVDCVE-2021-30799 at SUSECVE-2021-30799 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libsndfile (Critical)SUSE OpenStack Cloud 9
This update for libsndfile fixes the following issues:
- CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167)
- CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993)
- CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540)
- CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954)
CriticalSUSE bug 1100167SUSE bug 1116993SUSE bug 1117954SUSE bug 1188540CVE-2018-13139 at SUSECVE-2018-13139 at NVDCVE-2018-19432 at SUSECVE-2018-19432 at NVDCVE-2018-19758 at SUSECVE-2018-19758 at NVDCVE-2021-3246 at SUSECVE-2021-3246 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for djvulibre (Important)SUSE OpenStack Cloud 9
This update for djvulibre fixes the following issues:
- CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869)
ImportantSUSE bug 1187869CVE-2021-3630 at SUSECVE-2021-3630 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Pillow (Important)SUSE OpenStack Cloud 9
This update for python-Pillow fixes the following issues:
- CVE-2021-34552: Fixed a buffer overflow in Convert.c (bsc#1188574)
ImportantSUSE bug 1188574CVE-2021-34552 at SUSECVE-2021-34552 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Important)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
- Update to 10.2.39 (bsc#1182739)
- CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870)
- CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872)
- CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868)
- CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770)
ImportantSUSE bug 1182739SUSE bug 1183770SUSE bug 1185868SUSE bug 1185870SUSE bug 1185872SUSE bug 1188300CVE-2021-2154 at SUSECVE-2021-2154 at NVDCVE-2021-2166 at SUSECVE-2021-2166 at NVDCVE-2021-2180 at SUSECVE-2021-2180 at NVDCVE-2021-27928 at SUSECVE-2021-27928 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cpio (Important)SUSE OpenStack Cloud 9
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
ImportantSUSE bug 1189206CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libcares2 (Important)SUSE OpenStack Cloud 9
This update for libcares2 fixes the following issues:
- CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881).
ImportantSUSE bug 1188881CVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891):
- CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
- CVE-2021-29988: Memory corruption as a result of incorrect style treatment
- CVE-2021-29984: Incorrect instruction reordering during JIT optimization
- CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
- CVE-2021-29985: Use-after-free media channels
- CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
ImportantSUSE bug 1188891CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for fetchmail (Moderate)SUSE OpenStack Cloud 9
This update for fetchmail fixes the following issues:
- CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875)
- Change PASSWORDLEN from 64 to 256 [bsc#1188034]
- Set the hostname for SNI when using TLS [bsc#1182807]
- Allow --syslog option in daemon mode. (bsc#1033081)
- Set the hostname for SNI when using TLS. (bsc#1182807)
- Change PASSWORDLEN from 64 to 256 (bsc#1188034)
ModerateSUSE bug 1033081SUSE bug 1182807SUSE bug 1188034SUSE bug 1188875CVE-2021-36386 at SUSECVE-2021-36386 at NVDcpe:/o:suse:suse-openstack-cloud:9Recommended update for cpio (Critical)SUSE OpenStack Cloud 9
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
CriticalSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u302 (icedtea 3.20.0)
- CVE-2021-2341: Improve file transfers. (bsc#1188564)
- CVE-2021-2369: Better jar file validation. (bsc#1188565)
- CVE-2021-2388: Enhance compiler validation. (bsc#1188566)
- CVE-2021-2161: Less ambiguous processing. (bsc#1185056)
ImportantSUSE bug 1185056SUSE bug 1188564SUSE bug 1188565SUSE bug 1188566CVE-2021-2161 at SUSECVE-2021-2161 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2388 at SUSECVE-2021-2388 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cpio (Important)SUSE OpenStack Cloud 9
This update for cpio fixes the following issues:
- A patch previously applied to remedy CVE-2021-38185 introduced a regression
that had the potential to cause a segmentation fault in cpio. [bsc#1189465]
ImportantSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-PyYAML (Important)SUSE OpenStack Cloud 9
This update for python-PyYAML fixes the following issues:
- Update to 5.3.1.
- CVE-2020-14343: A vulnerability was discovered in the PyYAML library,
where it was susceptible to arbitrary code execution when it processes
untrusted YAML files through the full_load method or with the FullLoader
loader. Applications that use the library to process untrusted input
may be vulnerable to this flaw. This flaw allows an attacker to
execute arbitrary code on the system by abusing the python/object/new
constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
ImportantSUSE bug 1174514CVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code could
lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189520SUSE bug 1189521CVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for unrar (Moderate)SUSE OpenStack Cloud 9
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
- CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
ModerateSUSE bug 1046882SUSE bug 1054038SUSE bug 1187974CVE-2012-6706 at SUSECVE-2012-6706 at NVDCVE-2017-12938 at SUSECVE-2017-12938 at NVDCVE-2017-12940 at SUSECVE-2017-12940 at NVDCVE-2017-12941 at SUSECVE-2017-12941 at NVDCVE-2017-12942 at SUSECVE-2017-12942 at NVDCVE-2017-20006 at SUSECVE-2017-20006 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for aspell (Important)SUSE OpenStack Cloud 9
This update for aspell fixes the following issues:
- CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576).
ImportantSUSE bug 1188576CVE-2019-25051 at SUSECVE-2019-25051 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mysql-connector-java (Moderate)SUSE OpenStack Cloud 9
This update for mysql-connector-java fixes the following issues:
- CVE-2020-2875: Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors. (bsc#1173600)
- CVE-2020-2934: Fixed a vulnerability which could cause a partial denial of service of MySQL Connectors. (bsc#1173600)
- CVE-2020-2933: Fixed a vulnerability which could allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. (bsc#1173600)
ModerateSUSE bug 1173600CVE-2020-2875 at SUSECVE-2020-2875 at NVDCVE-2020-2933 at SUSECVE-2020-2933 at NVDCVE-2020-2934 at SUSECVE-2020-2934 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openexr (Important)SUSE OpenStack Cloud 9
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
ImportantSUSE bug 1188457SUSE bug 1188458SUSE bug 1188459SUSE bug 1188460SUSE bug 1188461SUSE bug 1188462CVE-2021-20298 at SUSECVE-2021-20298 at NVDCVE-2021-20299 at SUSECVE-2021-20299 at NVDCVE-2021-20300 at SUSECVE-2021-20300 at NVDCVE-2021-20302 at SUSECVE-2021-20302 at NVDCVE-2021-20303 at SUSECVE-2021-20303 at NVDCVE-2021-20304 at SUSECVE-2021-20304 at NVDCVE-2021-3476 at SUSECVE-2021-3476 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libesmtp (Important)SUSE OpenStack Cloud 9
This update for libesmtp fixes the following issues:
- CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).
ImportantSUSE bug 1160462SUSE bug 1189097CVE-2019-19977 at SUSECVE-2019-19977 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for file (Important)SUSE OpenStack Cloud 9
This update for file fixes the following issues:
- CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661).
ImportantSUSE bug 1154661CVE-2019-18218 at SUSECVE-2019-18218 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).
- CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376).
- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
- CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380).
- CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429)
- CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434)
- CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433)
- CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654)
- CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369).
- CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378).
- CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376).
- CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254).
- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
ImportantSUSE bug 1181254SUSE bug 1182654SUSE bug 1186429SUSE bug 1186433SUSE bug 1186434SUSE bug 1187369SUSE bug 1187376SUSE bug 1187378SUSE bug 1189373SUSE bug 1189376SUSE bug 1189378SUSE bug 1189380SUSE bug 1189882CVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-3308 at SUSECVE-2021-3308 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openvswitch (Important)SUSE OpenStack Cloud 9
This update for openvswitch fixes the following issues:
- openvswitch was updated to 2.8.10
- CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345)
A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of
the openvswitch.rpm file in order to obtain a list of all changes.
ImportantSUSE bug 1117483SUSE bug 1181345CVE-2020-27827 at SUSECVE-2020-27827 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Low)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Low)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
Update to version 10.2.40 [bsc#1189320]:
- fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389
ModerateSUSE bug 1182255SUSE bug 1189320CVE-2021-2372 at SUSECVE-2021-2372 at NVDCVE-2021-2389 at SUSECVE-2021-2389 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Moderate)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issue:
- CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602).
ModerateSUSE bug 1179602CVE-2020-17527 at SUSECVE-2020-17527 at NVDcpe:/o:suse:suse-openstack-cloud:9Recommended update for mozilla-nspr, mozilla-nss (Moderate)SUSE OpenStack Cloud 9
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ModerateSUSE bug 1029961SUSE bug 1174697SUSE bug 1176206SUSE bug 1176934SUSE bug 1179382SUSE bug 1188891CVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for transfig (Moderate)SUSE OpenStack Cloud 9
This update for transfig fixes the following issues:
Update to version 3.2.8, including fixes for
- CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).
- CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325).
- CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346).
- CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345).
- CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343).
- CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293).
- CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).
- CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).
ModerateSUSE bug 1136882SUSE bug 1159130SUSE bug 1159293SUSE bug 1161698SUSE bug 1186329SUSE bug 1189325SUSE bug 1189343SUSE bug 1189345SUSE bug 1189346CVE-2019-19555 at SUSECVE-2019-19555 at NVDCVE-2019-19746 at SUSECVE-2019-19746 at NVDCVE-2019-19797 at SUSECVE-2019-19797 at NVDCVE-2020-21680 at SUSECVE-2020-21680 at NVDCVE-2020-21681 at SUSECVE-2020-21681 at NVDCVE-2020-21682 at SUSECVE-2020-21682 at NVDCVE-2020-21683 at SUSECVE-2020-21683 at NVDCVE-2021-3561 at SUSECVE-2021-3561 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gtk-vnc (Moderate)SUSE OpenStack Cloud 9
This update for gtk-vnc fixes the following issues:
- CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268).
- CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266).
- Fix crash when opening connection from a GSocketAddress (bsc#1046782).
- Fix possible crash on connection failure (bsc#1188292).
ModerateSUSE bug 1024266SUSE bug 1024268SUSE bug 1046782SUSE bug 1188292CVE-2017-5884 at SUSECVE-2017-5884 at NVDCVE-2017-5885 at SUSECVE-2017-5885 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ghostscript (Critical)SUSE OpenStack Cloud 9
This update for ghostscript fixes the following issues:
- CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)
CriticalSUSE bug 1190381CVE-2021-3781 at SUSECVE-2021-3781 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779
CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class libraries:
- SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time
that the set timeout
- Z/OS specific C function send_file is changing the file pointer
position
* Java Virtual Machine:
- Crash on iterate java stack
- Java process hang on SIGTERM
* JIT Compiler:
- JMS performance regression from JDK8 SR5 FP40 TO FP41
* Class Libraries:
- z15 high utilization following Z/VM and Linux migration from
z14 To z15
* Java Virtual Machine:
- Assertion failed when trying to write a class file
- Assertion failure at modronapi.cpp
- Improve the performance of defining and finding classes
* JIT Compiler:
- An assert in ppcbinaryencoding.cpp may trigger when running
with traps disabled on power
- AOT field offset off by n bytes
- Segmentation fault in jit module on ibm z platform ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sqlite3 (Important)SUSE OpenStack Cloud 9
This update for sqlite3 fixes the following issues:
sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).
The following CVEs have been fixed in upstream releases up to
this point, but were not mentioned in the change log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2020-13434 bsc#1172115: integer overflow in
sqlite3_str_vappendf
* CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow
* CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed
to one of its shadow tables
* CVE-2020-13632 bsc#1172240: NULL pointer dereference via
crafted matchinfo() query
* CVE-2020-13435: Malicious SQL statements could have crashed the
process that is running SQLite (bsc#1172091)
ImportantSUSE bug 1157818SUSE bug 1158812SUSE bug 1158958SUSE bug 1158959SUSE bug 1158960SUSE bug 1159491SUSE bug 1159715SUSE bug 1159847SUSE bug 1159850SUSE bug 1160309SUSE bug 1160438SUSE bug 1160439SUSE bug 1164719SUSE bug 1172091SUSE bug 1172115SUSE bug 1172234SUSE bug 1172236SUSE bug 1172240SUSE bug 1173641SUSE bug 928700SUSE bug 928701CVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2016-6153 at SUSECVE-2016-6153 at NVDCVE-2017-10989 at SUSECVE-2017-10989 at NVDCVE-2017-2518 at SUSECVE-2017-2518 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-8457 at SUSECVE-2019-8457 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Pillow (Important)SUSE OpenStack Cloud 9
This update for python-Pillow fixes the following issues:
- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).
ImportantSUSE bug 1190229CVE-2021-23437 at SUSECVE-2021-23437 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud 9
This update for python-urllib3 fixes the following security issue:
- CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120)
Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking.
ModerateSUSE bug 1177120CVE-2020-26137 at SUSECVE-2020-26137 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glibc (Moderate)SUSE OpenStack Cloud 9
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489)
ModerateSUSE bug 1186489CVE-2021-33574 at SUSECVE-2021-33574 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
ImportantSUSE bug 1188697SUSE bug 1190701CVE-2021-21806 at SUSECVE-2021-21806 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
ImportantSUSE bug 1190666SUSE bug 1190669SUSE bug 1190703CVE-2021-34798 at SUSECVE-2021-34798 at NVDCVE-2021-39275 at SUSECVE-2021-39275 at NVDCVE-2021-40438 at SUSECVE-2021-40438 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for curl (Moderate)SUSE OpenStack Cloud 9
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
ModerateSUSE bug 1190373SUSE bug 1190374CVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud 9
This update for python-urllib3 fixes the following issues:
- CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211).
ModerateSUSE bug 1177211CVE-2020-26116 at SUSECVE-2020-26116 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-45 (bsc#1191332)
* CVE-2021-38496: Use-after-free in MessageTask
* CVE-2021-38497: Validation message could have been overlaid on another origin
* CVE-2021-38498: Use-after-free of nsLanguageAtomService object
* CVE-2021-32810: Fixed Data race in crossbeam-deque
* CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
* CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
- Fixed crash in FIPS mode (bsc#1190710)
ImportantSUSE bug 1190710SUSE bug 1191332CVE-2021-32810 at SUSECVE-2021-32810 at NVDCVE-2021-38496 at SUSECVE-2021-38496 at NVDCVE-2021-38497 at SUSECVE-2021-38497 at NVDCVE-2021-38498 at SUSECVE-2021-38498 at NVDCVE-2021-38500 at SUSECVE-2021-38500 at NVDCVE-2021-38501 at SUSECVE-2021-38501 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)SUSE OpenStack Cloud 9
This update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags contains the following fixes:
Changes in mysql-connector-java:
- Restrict license to GPL-2.0-only
- Fix README adjustments
- Depend on log4j rather than log4j-mini and adjust log4j dependencies to
account for the lack of log4j12 Provides in some code streams.
- Add missing Group tag
- Update to 8.0.25 (SOC-11543)
Changes in 8.0.25
* No functional changes: version alignment with MySQL Server 8.0.25.
Changes in 8.0.24
* Bug#102188 (32526663), AccessControlException with AuthenticationLdapSaslClientPlugin.
* Bug#22508715, SETSESSIONMAXROWS() CALL ON CLOSED CONNECTION RESULTS IN NPE.
* Bug#102131 (32338451), UPDATABLERESULTSET NPE WHEN USING DERIVED QUERIES OR VIEWS.
* Bug#101596 (32151143), GET THE 'HOST' PROPERTY ERROR AFTER CALLING TRANSFORMPROPERTIES() METHOD.
* Bug#20391832, SETOBJECT() FOR TYPES.TIME RESULTS IN EXCEPTION WHEN VALUE HAS FRACTIONAL PART.
* Bug#97730 (31699993), xdev api: ConcurrentModificationException at Session.close.
* Bug#99708 (31510398), mysql-connector-java 8.0.20 ASSERTION FAILED: Unknown message type: 57 s.close.
* Bug#32122553, EXTRA BYTE IN COM_STMT_EXECUTE.
* Bug#101558 (32141210), NULLPOINTEREXCEPTION WHEN EXECUTING INVALID QUERY WITH USEUSAGEADVISOR ENABLED.
* Bug#102076 (32329915), CONTRIBUTION: MYSQL JDBC DRIVER RESULTSET.GETLONG() THROWS NUMBEROUTOFRANGE.
* Bug#31747910, BUG 30474158 FIX IMPROVES JDBC COMPLIANCE BUT CHANGES DEFAULT RESULTSETTYPE HANDLING.
* Bug#102321 (32405590), CALLING RESULTSETMETADATA.GETCOLUMNCLASSNAME RETURNS WRONG VALUE FOR DATETIME.
* WL#14453, Pluggable authentication: new default behavior & user-less authentications.
* WL#14392, Improve timeout error messages [classic].
* WL#14202, XProtocol: Support connection close notification.
Changes in 8.0.23
* Bug#21789378, FORCED TO SET SERVER TIMEZONE IN CONNECT STRING.
* Bug#95644 (30573281), JDBC GETDATE/GETTIME/GETTIMESTAMP INTERFACE BEHAVIOR CHANGE AFTER UPGRADE 8.0.
* Bug#94457 (29402209), CONNECTOR/J RESULTSET.GETOBJECT( ..., OFFSETDATETIME.CLASS ) THROWS.
* Bug#76775 (20959249), FRACTIONAL SECONDS IN TIME VALUES ARE NOT AVAILABLE VIA JDBC.
* Bug#99013 (31074051), AN EXTRA HOUR GETS ADDED TO THE TIMESTAMP WHEN SUBTRACTING INTERVAL 'N' DAYS.
* Bug#98695 (30962953), EXECUTION OF 'LOAD DATA LOCAL INFILE' COMMAND THROUGH JDBC FOR DATETIME COLUMN.
* Bug#101413 (32099505), JAVA.TIME.LOCALDATETIME CANNOT BE CAST TO JAVA.SQL.TIMESTAMP.
* Bug#101242 (32046007), CANNOT USE BYTEARRAYINPUTSTREAM AS ARGUMENTS IN PREPARED STATEMENTS AN MORE.
* WL#14274, Support for authentication_ldap_sasl_client(SCRAM-SHA-256) authentication plugin.
* WL#14206, Support for authentication_ldap_sasl_client(GSSAPI) authentication plugin.
* WL#14207, Replace language in APIs and source code/docs.
Changes in 8.0.22
* Bug#98667 (31711961), 'All pipe instances are busy' exception on multiple connections to named Pipe.
* Bug#96309 (31699357), MultiHost in loadbalance may lead to a TPS reduction during a quick switch.
* Bug#99076 (31083755), Unclear exception/error when connecting with jdbc:mysql to a mysqlx port.
* Bug#96870 (30304764), Contribution: Allow to disable AbandonedConnectionCleanupThread completely.
* WL#14115, Support for authentication_ldap_sasl_client (SCRAM-SHA-1) authentication plugin.
* WL#14096, Add option to specify LOAD DATA LOCAL allow list folder.
* WL#13780, Skip system-wide trust and key stores (incl. X DevAPI client certs).
* WL#14017, XProtocol -- support for configurable compression algorithms.
* Bug#92903 (28834903), MySQL Connector/j should support wildcard names or alternative names.
* Bug#99767 (31443178), Contribution: Check SubjectAlternativeName for TLS instead of commonName.
* Bug#93444 (29015453), LOCALDATETIME PARAMETER VA UES ALTERED WHEN CLIENT AND SERVER TIMEZONES DIFFER.
* WL#14052, Remove asynchronous variant of X Protocol.
* Bug#99713 (31418928), NPE DURING COM.MYSQL.CJ.SERVERPREPAREDQUERYBINDVALUE.STOREDATE().
* WL#14068, Remove legacy integration with JBoss.
Changes in 8.0.21
* WL#14051, Upgrade Protocol Buffers dependency to protobuf-java-3.11.4.
* WL#14042, Upgrade testsuite to JUnit 5.
* Bug#98237 (30911870), PREPAREDSTATEMENT.SETOBJECT(I, 'FALSE', TYPES.BOOLEAN) ALWAYS SETS TRUE OR 1.
* WL#13008, DevAPI: Add schema validation to create collection.
Changes in 8.0.20
* Bug#30805426, IN CASE OF ISAUTHMETHODSWITCHREQUESTPACKET , TOSERVERS > 1 ARE IGNORED.
* Bug#97714 (30570249), Contribution: Expose elapsed time for query interceptor
* Bug#97724 (30570721), Contribution: Allow \'3.\' formatted numbers.
* Bug#98536 (30877755), SIMPLEDATEFORMAT COULD CACHE A WRONG CALENDAR.
Fix for Bug#91112 (28125069), AGAIN WRONG JAVA.SQL.DATE.
* Bug#30474158, CONNECTOR/J 8 DOES NOT HONOR THE REQUESTED RESULTSETTYPE SCROLL_INSENSITIVE ETC.
* Bug#98445 (30832513), Connection option clientInfoProvider=ClientInfoProviderSP causes NPE.
* WL#12248, DevAPI: Connection compression.
* Bug#30636056, ResultSetUtil.resultSetToMap() can be unsafe to use.
* Bug#97757 (30584907), NULLPOINTEREXCEPTION WITH CACHERESULTSETMETADATA=TRUE AND EXECUTEQUERY OF 'SET'.
Changes in 8.0.19
* WL#13346, Support for mult-host and failover.
* Bug#97413 (30477722), DATABASEMETADATA IS BROKEN AFTER SERVER WL#13528.
* WL#13367, DNS SRV support.
* WL#12736, DevAPI: Specify TLS ciphers to be used by a client or session.
* Bug#96383 (30119545) RS.GETTIMESTAMP() HAS * DIFFERENT RESULTS FOR TIME FIELDS WITH USECURSORFETCH=TRUE.
* Bug#96059 (29999318), ERROR STREAMING MULTI RESULTSETS WITH MYSQL-CONNECTOR-JAVA 8.0.X.
* Bug#96442 (30151808), INCORRECT DATE ERROR WHEN CALLING GETMETADATA ON PREPARED STATEMENT.
Changes in 8.0.18
* WL#13347, Connectors should handle expired password sandbox without SET operations.
* Bug#84098 (25223123), endless loop in LoadBalancedAutoCommitInterceptor.
* Bug#23721537, MULTI-SELECT WITH EXECUTEASYNC() GIVES IMPROPER ERROR.
* Bug#95741 (29898567), METADATA QUERY USES UPPER() AROUND NUMERIC EXPRESSION.
* Bug#20913289, PSTMT.EXECUTEUPDATE() FAILS WHEN SQL MODE IS NO_BACKSLASH_ESCAPES.
* Bug#80441 (22850444), SYNTAX ERROR ON RESULTSET.UPDATEROW() WITH SQL_MODE NO_BACKSLASH_ESCAPES.
Changes in 8.0.17
* WL#13210, Generate Javadocs via ant.
* WL#12247, DevAPI: indexing array fields.
* WL#12726, DevAPI: Add overlaps and not_overlaps as operator.
* Bug#95503 (29821029), Operator IN not mapping consistently to the right X Plugin operation.
* WL#12942, Update README.md and add new CONTRIBUTING.md.
* WL#13125, Support fully qualified hostnames longer than 60 characters.
* Bug#95210 (29807741), ClassCastException in BlobFromLocator when connecting as jdbc:mysql:replication.
* Bug#29591275, THE JAR FILE NEEDS TO CONTAIN A README AND LICENSE FILE.
* WL#13124, Support new utf8mb4 bin collation.
* WL#13009, DevAPI: Deprecate methods.
* WL#11101, Remove de-cache and close of SSPSs on double call to close().
* Bug#89133 (27356869) CONTRIBUTION: UPDATE DA ABASEMETADATA.JAVA.
* Bug#11891000, DABATASEMETADATA.GETTABLES() IGNORES THE SCHEMA_PATTERN ARGUMENT.
* Bug#94101 (29277648), SETTING LOGSLOWQUERIES SHOULD NOT AUTOMATICALLY ENABLE PROFILESQL FOR QUERIES.
* Bug#74690 (20010454), PROFILEREVENT HOSTNAME HAS NO GETTER().
* Bug#70677 (17640628), CONNECTOR J WITH PROFILESQL - LOG CONTAINS LOTS OF STACKTRACE DATA.
* Bug#41172 (11750577), PROFILEREVENT.PACK() THROWS ARRAYINDEXOUTOFBOUNDSEXCEPTION.
* Bug#27453692, CHARACTERS GET GARBLED IN CONCAT() IN PS WHEN USECURSORFETCH=TRUE.
* Bug#94585 (29452669), GETTABLENAME() RETURNS NULL FOR A QUERY HAVING COUNT(*) WITH JDBC DRIVER V8.0.12.
* Bug#94442 (29446059), RESULTSETIMPL.GETDOUBLE IS INEFFICIENT BECAUSE OF BIGDECIMAL (RE)CONSTRUCTIONS.
Changes in 8.0.16
* WL#12825, Remove third-party libraries from sources and bundles.
* Bug#93590 (29054329), javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify.
* Bug#94414 (29384853), Connector/J RPM package have version number in path.
* Bug#27786499, REDUNDANT FILES IN DEBIAN PACKAGE FOR DEBIAN9(COMMUNITY PACKAGE) FOR CJAVA.
* WL#12246, DevAPI: Prepared statement support.
* WL#10839, Adjust c/J tests to the new 'ON' default for explicit_defaults_for_timestamp.
* Bug#29329326, PLEASE AVOID SHOW PROCESSLIST IF POSSIBLE.
* WL#12460, DevAPI: Support new session reset functionality.
* WL#12459, DevAPI: Support connection-attributes.
* Bug#25650385, GETBYTE() RETURNS ERROR FOR BINARY() FLD.
* Bug#27784363, MYSQL 8.0 JDBC DRIVER THROWS NUMBERFORMATEXCEPTION FOR TEXT DATA
* Bug#93007 (28860051), LoadBalancedConnectionProxy.getGlobalBlacklist bug.
* Bug#29186870, CONNECTOR/J REGRESSION: NOT RETURNING PRECISION GETPROCEDURECOLUMNS.
* Bug#22038729, X DEVAPI: ANY API CALL AFTER A FAILED CALL PROC() RESULTS IN HANG.
* Bug#29244101, ADD MAPPING FOR UTF8MB4_ZH_0900_AS_CS COLLATION.
* Bug#92819 (28834959), EXPRPARSER THROWS WRONGARGUMENTEXCEPTION WHEN PARSING EMPTY JSON ARRAY.
* Bug#21921956, X DEVAPI: EXPRESSION PARSE ERROR WITH UNARY OPERATOR.
* Bug#94031 (29257922), WRONG JSON_UNQUOTE WORKAROUND.
* Bug#22931700, BINDINGS.GETBOOLEAN() ALWAYS RETURNS FALSE.
* Bug#25650912, ERROR MESSAGE NOT CLEAR WHEN WE PASS A CHAR DATA TO ANY TABLE API.
* Bug#25642021, CHANGEUSER() FAILS WHEN ENABLEPACKETDEBUG=TRUE.
Changes in 8.0.15
* Bug#94051 (29261254), Not recommended default for 'allowLoadLocalInfile'.
Changes in 8.0.14
* WL#12298, Connectors: Expose metadata about source and binaries in unified way.
* Bug#93111 (28894344), ConnectionUrl.java contains char U+00A7 (section sign).
* WL#12621, DevAPI: Handling of Default Schema.
* Bug#93340 (28970166), C/J BUILD SCRIPT IS TOO VERBOSE
* WL#12462, DevAPI: Be prepared for initial notice on connection.
* Bug#28924137, WL#12463:IF COLLECTION DOESN'T EXIST, COLL.COUNT() IS GIVING A WRONG ERROR MESSAGE.
* WL#12463, DevAPI: Standardize count method.
* Bug#92508 (28747636), mysql-connector in bootclasspath causing memory leak.
* Bug#25650514, UPDATEROW() CALL FAILS WITH NPE WHEN SSPS=TRUE AND TABLE HAS MULTI-FLD KEY.
* Bug#25650482, REFRESHROW() CALL AFTER UPDATEROW() API FAILS WHEN USESERVERPREPSTMTS=TRUE.
* Bug#92536 (28692243), UPDATEING SERVER SIDE PREPSTMTS RESULTSET FAIL.
* Bug#92625 (28731795), CONTRIBUTION: FIX OBSERVED NPE IN CLEARINPUTSTREAM.
* Bug#23045642, ADDING NO-DOC (MYSQLCONNJ-696) RESULTS IN EXCEPTION.
* Bug#91065 (28101003), ZERODATETIMEBEHAVIOR=CONVERT_TO_NULL SHOULD NOT APPLY TO 00:00:00 TIME COLUMNS.
* Bug#92574 (28706219), WHEN CONVERTING FROM VARCHAR TO JAVA BOOLEAN, 'N' IS NOT SUPPORTED.
* Bug#25642226, CHANGEUSER() NOT SETTING THE DATABASE PROPERLY WITH SHA USER.
* Bug#28606708, NAMED PIPE CONNECTION FOR X PROTOCOL RETURNS NPE, EXPECTED PROPER ERROR MESSAGE.
Changes in 8.0.13
* Bug#91317 (28207422), Wrong defaults on collation mappings.
* WL#12245, DevAPI: Implement connect timeout.
* Bug#21774249, UNIT TEST FAILS WITH ERROR ' 'CEST' IS UNRECOGNIZED TIME ZONE'.
* WL#11857, DevAPI: Implement connection pooling for xprotocol.
* Bug#91873 (28444461), REMOVE USEOLDUTF8BEHAVIOR CONNECTION PROPERTY.
* Bug#92264 (28594434), JSONPARSER PUTS UNNECESSARY MAXIMUM LIMIT ON JSONNUMBER TO 10 DIGITS.
* WL#12110, Extend PropertyDefinitions.PropertyKey usage.
* Bug#81063 (23098159), w/ rewriteBatchedStatements, when 2 tables involved, the rewriting not correct.
* Bug#84813 (25501750), rewriteBatchedStatements fails in INSERT.
* Bug#81196 (23227334), CONNECTOR/J NOT FOLLOWING DATABASE CHARACTER SET.
* Bug#72609 (18749544), SETDATE() NOT USING A PROLEPTIC GREGORIAN CALENDAR.
* Bug#87534 (26730196), UNION ALL query fails when useServerPrepStmts=true on database connection.
* Bug#89948 (27658489), Batched statements are not committed for useLocalTransactionState=true.
* BUG#22305979, WRONG RECORD UPDATED IF SENDFRACTIONALSECONDS=FALSE AND SMT IS SCROLLABLE.
* Bug#27102307, CHANGE USESSL AND VERIFYSERVERCERTIFICATE TO SSLMODE OPTION.
* Bug#28150662, CONNECTOR/J 8 MALFORMED DATABASE URL EXCEPTION WHIT CORRECT URL STRING.
* Bug#91421 (28246270), ALLOWED VALUES FOR ZERODATETIMEBEHAVIOR ARE INCOMPATIBLE WITH NETBEANS.
* Bug#23045604, XSESSION.GETURI() RETURNS NPE.
* Bug#21914769, NPE WHEN TRY TO EXECUTE INVALID JSON STRING.
* Bug#BUG#90887 (28034570), DATABASEMETADATAUSINGINFOSCHEMA#GETTABLES FAILS IF METHOD ARGUMENTS ARE NULL.
* Bug#28207088, C/JAVA: UPDATECLOB(INT COLUMNLABEL, JAVA.SQL.CLOB CLOB) IS FAILING.
* Bug#27629553, NPE FROM GETSESSION() FOR SSL CONNECTION WHEN NO PASSWORD PASSED.
Changes in 8.0.12
* Bug#28208000, MASTER : HANG IN ASYNCHRONOUS SELECT TEST.
* WL#10544, Update MySQL 8.0 keywords list.
* WL#11858, DevAPI: Core API v1 alignment.
* Bug#27652379, NPE FROM GETSESSION(PROPERTIES) WHEN HOST PARAMETER IS GIVEN IN SMALL LETTER.
* BUG#87600 (26724154), CONNECTOR THROWS 'MALFORMED DATABASE URL' ON NON MYSQL CONNECTION-URLS.
* BUG#26089880, GETCONNECTION('MYSQLX://..') RETURNS NON-X PROTOCOL CONNECTION.
* WL#11876, Improve connection properties design.
* WL#11933, Connector/J 8.0 X DevAPI reference documentation update.
* WL#11860, Ensure >= 75% code coverage.
* Bug#90753 (27977617), WAIT_TIMEOUT EXCEEDED MESSAGE NOT TRIGGERED.
* Bug#85941 (25924324), WASNULL NOT SET AFTER GETBYTES IS CALLED.
* Bug#28066709, COLLECTION.CREATEINDEX() TEST IS BROKEN AFTER WL#11808 IMPLEMENTATION.
* Bug#90872 (28027459), FILTERPARAMS CLASS IS NOT NEEDED.
* Bug#27522054, POSSIBLE ASYNC XPROTOCOL MESSAGE HANDLING PERF ISSUE.
The 'xdevapi.useAsyncProtocol' connection property default value is changed to 'false'.
Changes in 8.0.11
* WL#11293, DevAPI: Support new locking modes : NOWAIT and SKIP LOCKED.
* Bug#90029 (27678308), FAILURE WHEN GETTING GEOMCOLLECTION COLUMN TYPE.
* BUG#90024 (27677574), SOME TESTS FAILED AGAINST MYSQL 8.0.5 BECAUSE OF DEPRECATED FEATURES REMOVAL.
* Bug#86741 (26314325), Multi-Host connection with autocommit=0 getAutoCommit maybe wrong.
* Bug#27231383, PROVIDE MAVEN-FRIENDLY COMMERCIAL PACKAGES WITHOUT '-BIN'.
* Bug#26819691, SETTING PACKETDEBUGBUFFERSIZE=0 RESULTS IN CONNECTION FAILURE.
* Bug#88227 (27029657), Connector/J 5.1.44 cannot be used against MySQL 5.7.20 without warnings.
* Bug#27374581, CONNECTION FAILS WHEN GPL SERVER STARTED WITH TLS-VERSION=TLSV1.2.
* WL#11419, DevAPI: New document _id generation support.
* WL#11620, Change caching_sha2_password padding.
* WL#11604, DevAPI: Add SHA256_MEMORY support.
* BUG#86278 (26092824), SUPPORT CUSTOM CONSTRUCTION OF SSLSOCKET DURING CONNECTION ESTABLISHMENT.
* BUG#27226293, JSONNUMBER.GETINTEGER() & NUMBERFORMATEXCEPTION.
* WL#10527, Clean up Protocol and Session interfaces.
Changes in 8.0.9
* WL#11469, Update license header in GPL packages.
* BUG#27247349, WL#11208 : UNIQUE DOES NOT GIVE ERROR EVEN THOUGH IT IS NOT SUPPORTED.
* WL#11208, DevAPI: Collection.createIndex.
* WL#10156, Add setters/getters for connection properties to MysqlDataSource,
MysqlXADataSource and MysqlConnectionPoolDataSource.
* WL#11401, DevAPI: Remove configuration API.
* WL#10619, Ensure compatibility with new data dictionary.
* BUG#27217264, WL#10937: NULL POINTER EXCEPTION WHEN NULL IS PASSED AS _ID IN COLL.REPLACEONE.
* WL#10937, DevAPI: ReplaceOne, AddOrReplaceOne, GetOne, RemoveOne.
* Bug#26723646, JSON_MERGE() FUNCTION IS DEPRECATED IN MYSQL 8.0.
* Bug#27185332, WL#11210:ERROR IS THROWN WHEN NESTED EMPTY DOCUMENTS ARE INSERTED TO COLLECTION.
* Bug#27151601, WL#11210: DOCUMENT PATCH EXPRESSIONS ARE NOT SUPPORTED.
* WL#11210, DevAPI: Modify/MergePatch.
* Bug#79612 (22362474), CONNECTION ATTRIBUTES LOST WHEN CONNECTING WITHOUT DEFAULT DATABASE.
* WL#10152, Enable TLSv1.2 on mysqlx.
* Bug#27131768, NULL POINTER EXCEPTION IN CONNECTION.
* Bug#88232 (27047676), c/J does not rollback transaction when autoReconnect=true.
* Bug#88242 (27040063), autoReconnect and socketTimeout JDBC option makes wrong order of client packet.
* Bug#88021 (26939943), High GC pressure when driver configured with serversideprepared statements.
* Bug#26724085, CHARSET MAPPING TO BE UPDATED FOR MYSQL 8.0.3.
* Bug#87704 (26771560), THE STREAM GETS THE RESULT SET ?THE DRIVER SIDE GET WRONG ABOUT GETLONG().
* Bug#24924097, SERVER GREETING ERROR ISN'T RECOGNIZED DURING HANDSHAKE.
* Bug#26748909, MASTER : ERROR - NO OPERATIONS ALLOWED AFTER STATEMENT CLOSED FOR TOSTRING().
* Bug#26266731, CONCUR_UPDATABLE RESULTSET OPERATIONS FAIL AGAINST 8.0 FOR BOOLEAN COLUMN.
* WL#11239, DevAPI: Remove create table implementation.
* Bug#27131100, WL#11212 : SAVEPOINT CREATING WITH EMPTY STRING AND SPACE AS NAME.
* WL#11212, DevAPI: transaction save-points.
* WL#11060, Support new SHA-256 authentication system.
* Bug#87826 (26846249), MYSQL JDBC CONNECTOR/J DATABASEMETADATA NULL PATTERN HANDLING IS NON-COMPLIANT.
* WL#11163, Extract parameter setters, serverPrepare() and serverExecute() to core classes.
* BUG#26995710, WL#11161 : NULL POINTER EXCEPTION IN EXECUTEBATCH() AND CLOSE().
* WL#11161, Unify query bindings.
* WL#8469, Don't extract query text from packets when possible.
Changes in 8.0.8
* BUG#26722030, TEST FAILING DUE TO BINARY LOGGING ENABLED BY DEFAULT IN MYSQL 8.0.3.
* BUG#26722018, TESTS FAILING DUE TO CHANGE IN INFORMATION_SCHEMA.INNODB_SYS_* NAMING.
* BUG#26750807, MASTER : NULL POINTER EXCEPTION IN SCHEMA.DROPVIEW(NULL).
* BUG#26750705, MASTER : ERROR - UNSUPPORTED CONVERSION FROM TIME TO JAVA.SQL.DATE.
* WL#10620, DevAPI: SHA256 Authentication support.
* WL#10936, DevAPI: Row locking for Crud.Find.
* WL#9868, DevAPI: Configuration handling interface.
* WL#10935, DevAPI: Array or Object 'contains' operator.
* WL#9875, Prepare c/J 8.0 for DEB and RPM builds.
* BUG#26259384, CALLABLE STATEMENT GIVES ERROR IN C/JAVA WHEN RUN AGAINST MYSQL 8.0.
* Bug#26393132, NULLPOINTEREXCEPTION IS THROWN WHEN TRIED TO DROP A NULL COLLECTION.
* WL#10532, DevAPI: Cleanup Drop APIs.
* Bug#87429 (26633984), repeated close of ServerPreparedStatement causes memory leak.
* Bug#87379 (26646676), Perform actual TLS capabilities check when restricting TLSv1.2.
* Bug#85601 (25777822), Unit notation is missing in the description of the property involved in the time.
* Bug#87153 (26501245), INCORRECT RESULT OF DBMD.GETVERSIONCOLUMNS() AGAINST MYSQL 8.0.2+.
* Bug#78313 (21931572), proxies not handling Object.equals(Object) calls correctly.
* Bug#85885 (25874048), resultSetConcurrency and resultSetType are swapped in call to prepareStatement.
* Bug#74932 (20066806), ConnectionImp Doesn't Close Server Prepared Statement (PreparedStatement Leak).
* WL#10536, Deprecating COM_SHUTDOWN.
* Bug#25946965, UPDATE THE TIME ZONE MAPPINGS WITH LATEST TZ DATABASES.
* Bug#20182108, INCLUDE CUSTOM LOAD BALANCING STRATEGY USING PLUGIN API.
* Bug#26440544, CONNECTOR/J SHOULD NOT USE TX_{READ_ONLY,ISOLATION} WHICH IS PLANNED FOR REMOVAL.
* Bug#26399958, UNABLE TO CONNECT TO MYSQL 8.0.3.
* Bug#25650305, GETDATE(),GETTIME() AND GETTIMESTAMP() CALL WITH NULL CALENDAR RETURNS NPE.
Changes in 8.0.7
* Bug#26227653, WL#10528 DIFF BEHAVIOUR WHEN SYSTEM PROP JAVAX.NET.SSL.TRUSTSTORETYPE IS SET.
* WL#10528, DevAPI: Ensure all connectors are secure by default.
* WL#8305, Remove internal dependency on connection objects.
* Bug#22972057, X DEVAPI: CLIENT HANGS AFTER CONNECTION FAILURE.
* Bug#26140577, GIS TESTS ARE FAILING WITH MYSQL 8.0.1.
* WL#10765, DevAPI: Forbid modify() and remove() with no condition.
* Bug#26090721, CONNECTION FAILING WHEN SERVER STARTED WITH COLLATION UTF8MB4_DE_PB_0900_AI_CI.
* WL#10781, enum-based connection properties.
* Bug#73775 (19531384), DBMD.getProcedureColumns()/.getFunctionColumns() fail to filter by columnPattern.
* Bug#84324 (25321524), CallableStatement.extractProcedureName() not work when catalog name with dash.
* Bug#79561 (22333996), NullPointerException when calling a fully qualified stored procedure.
* Bug#84783 (25490163), query timeout is not working(thread hang).
* Bug#70704 (17653733), Deadlock using UpdatableResultSet.
* Bug#66430 (16714868), setCatalog on connection leaves ServerPreparedStatement cache for old catalog.
* Bug#70808 (17757070), Set sessionVariables in a single query.
* Bug#77192 (21170603), Description for the Property replicationConnetionGroup Missing from the Manual.
* Bug#83834 (25101890), Typo in Connector/J error message.
* WL#10531, Support utf8mb4 as default charset.
* Bug#85555 (25757019), useConfigs Can't find configuration template named, in mysql-connector-java 6.x
* WL#10529, Move version number to 8.0.
* WL#10530, DevAPI: Remove XSession, rename NodeSession to Session.
* Bug#23510958, CONCURRENT ASYNC OPERATIONS RESULT IN HANG.
* Bug#23597281, GETNODESESSION() CALL WITH SSL PARAMETERS RETURNS CJCOMMUNICATIONSEXCEPTION.
* Bug#25207784, C/J DOESN'T FOLLOW THE FINAL X DEVAPI MY-193 SPECIFICATION.
* Bug#25494338, ENABLEDSSLCIPHERSUITES PARAMETER NOT WORKING AS EXPECTED WITH X-PLUGIN.
* Bug#84084 (25215008), JAVA.LANG.ARRAYINDEXOUTOFBOUNDSEXCEPTION ON ATTEMPT TO GET VALUE FROM RESULTSET.
* WL#10553, Add mapping for Japanese utf8mb4 collation.
* Bug#25575103, NPE FROM CREATETABLE() WHEN SOME OF THE INPUTS ARE NULL.
* Bug#25575156, NPE FROM CREATEVIEW() WHEN SOME OF THE INPUTS ARE NULL.
* Bug#25636947, CONNECTION USING MYSQL CLIENT FAILS IF WE USE THE SSL CERTIFICATES FROM C/J SRC.
* Bug#25687718, INCORRECT TIME ZONE IDENTIFIER IN STATEMENTREGRESSIONTEST.
* Bug#25556597, RESULTSETTEST.TESTPADDING UNIT TEST IS FAILING IN 5.1.41 RELEASE PACKAGE.
* Bug#25517837, CONNECT PERFORMNACE DEGRADED BY 10% IN 5.1.41.
* Bug#25504578, CONNECT FAILS WHEN CONNECTIONCOLLATION=ISO-8859-13.
* Bug#25438355, Improper automatic deserialization of binary data.
* Bug#70785 (17756825), MySQL Connector/J inconsistent init state for autocommit.
* Bug#66884: Property 'elideSetAutoCommits' temporarily defaults to 'false' until this bug is fixed.
* Bug#75615 (21181249), Incorrect implementation of Connection.setNetworkTimeout().
* Bug#81706 (23535001), NullPointerException in driver.
* Bug#83052 (25048543), static method in com.mysql.jdbc.Util relies on null object.
* Bug#69526 (17035755), 'Abandoned connection cleanup thread' at mysql-connector-java-5.1.25.
* Bug#82826 (24942672), Unneeded version requirement for javax.net.ssl Import-Package on OSGi MANIFEST.MF.
Changes in 6.0.6
* Added Core TLS/SSL options for the mysqlx URI scheme.
* Updated collations map.
* Bug#24350526, UNEXPECTED BEHAVIOUR OF IS_NUMBER_SIGNED API IN C/JAVA.
* Bug#82707 (24512766), WRONG MILLI SECOND VALUE RETURNED FROM TIMESTAMP COLUMN.
* Bug#82005 (23702040), JDBCDATEVALUEFACTORY FAILS TO PARSE SOME DATES.
* Bug#83725 (25056803), NPE IN XPROTOCOL.GETPLUGINVERSION() WITH MYSQL 5.7.17.
* Bug#24525461, UPDATABLE RESULTSET FEATURE FAILS WHEN USESERVERPREPSTMTS=TRUE.
* Bug#24527173, QUERY EXECUTION USING PREPARED STMT FAILS WHEN USECURSORFETCH=TRUE.
* Bug#82964 (24658016), JSR-310 DATA TYPES CREATED THROUGH JAVA.SQL TYPES.
* Bug#81202 (23188159), RESULTSETIMPL.GETOBJECT THROWS NULLPOINTEREXCEPTION WHEN FIELD IS NULL.
* Bug#22931277, COLUMN.GETTYPE() RETURNS ERROR FOR VALID DATATYPES.
* BUG#24471057, UPDATE FAILS WHEN THE NEW VALUE IS OF TYPE DBDOC WHICH HAS ARRAY IN IT.
* Bug#81691 (23519211), GETLASTDOCUMENTIDS() DOESN'T REPORT IDS PROVIDED BY USER.
* Bug#82826 (24942672), Unneeded version requirement for javax.net.ssl Import-Package on OSGi MANIFEST.MF.
Changes in 6.0.5
* BUG#82896 (24613062), Unexpected behavior on attempt to connect to JDBC driver with unsupported URL.
* Added client-side failover during XSession initialization for multi-router configuration.
* Removed Extension interface. All extension classes now implement their specific interfaces.
* Bug#22988922, GETLENGTH() RETURNS -1 FOR LONGBLOB AND LONGTEXT FIELDS.
* Bug#24619829, NEW FAILURES IN C/JAVA UNITTESTS AGAINST MYSQL 8.0.
* Bug#75209 (20212882), Set useLocalTransactionState may result in partially committed transaction.
* Bug#48346 (11756431), Communications link failure when reading compressed data with compressed=true.
* Bug#80631 (22891845), ResultSet.getString return garbled result with json type data.
* Bug#64188 (13702433), MysqlXAConnection.MYSQL_ERROR_CODES_TO_XA_ERROR_CODES is missing XA error codes.
* Bug#72632 (18759269), NullPointerException for invalid JDBC URL.
* Bug#82115 (23743956), Some exceptions are intercepted twice or fail to set the init cause.
* Bug#78685 (21938551), Wrong results when retrieving the value of a BIT column as an integer.
* Bug#80615 (22954007), prepared statement leak when rewriteBatchedStatements=true and useServerPrepStmt.
* Extended X DevAPI with flexible parameter lists.
* Added a virtual NodeSession to X DevAPI.
Changes in 6.0.4
* X DevAPI URL prefix changed from 'mysql:x:' to 'mysqlx:'.
* Bug#24301468 X DEVAPI SSL CONNECTION FAILS ON WINDOWS
* The X DevAPI Table object now represents both database tables and views.
* Added support for matching against pattern for X DevAPI list_objects calls.
* Added Schema.getCollections(String pattern) and Schema.getTables(String pattern) interface methods.
* Switched to 'mysqlx' namespace for X DevAPI StmtExecute messages.
This change is incompatible to MySQL server versions < 5.7.14.
* Bug#82046 (23743947), MYSQL CONNECTOR JAVA OSGI METADATA BROKEN.
* Bug#21690043, CONNECT FAILS WHEN PASSWORD IS BLANK.
* Bug#22931433, GETTING VALUE OF BIT COLUMN RESULTS IN EXCEPTION.
Changes in 6.0.3
* Bug#23535571, EXCESSIVE MEMORY USAGE WHEN ENABLEPACKETDEBUG=TRUE.
* Bug#23212347, ALL API CALLS ON RESULTSET METADATA RESULTS IN NPE WHEN USESERVERPREPSTMTS=TRUE.
* Bug#23201930, CLIENT HANG WHEN RSLT CUNCURRENCY=CONCUR_UPDATABLE AND RSLTSET TYPE=FORWARD_ONLY.
* Bug#23188498, CLIENT HANG WHILE USING SERVERPREPSTMT WHEN PROFILESQL=TRUE AND USEIS=TRUE.
* Bug#22678872, NPE DURING UPDATE WITH FABRIC.
* Bug#71131 (18068303), Poor error message in CallableStatement.java.
* Bug#59462 (16736619), ConcurrentModificationException inside ConnectionImpl.closeAllOpenStatements().
* Bug#22848249, LOADBALANCECONNECTIONGROUPMANAGER.REMOVEHOST() NOT WORKING AS EXPECTED.
* Bug#22730682, ARRAYINDEXOUTOFBOUNDSEXCEPTION FROM CONNECTIONGROUPMANAGER.REMOVEHOST().
* Bug#77171 (21181466), On every connect getting sql_mode from server creates unnecessary exception.
* Bug#79343 (22353759), NPE in TimeUtil.loadTimeZoneMappings causing server time zone value unrecognized.
* Bug#22038729, X DevAPI: Any API call after a failed CALL PROC() results in hang
* Replace Schema.drop(), Collection.drop() by X DevAPI's session.dropSchema() and session.dropCollection().
* Added session.dropTable().
* Bug#22932078, GETTIMESTAMP() RETURNS WRONG VALUE FOR FRACTIONAL PART
* Extracted packet readers from MysqlaProtocol.
* Bug#22972057, X protocol CLIENT HANGS AFTER CONNECTION FAILURE
* Bug#23044312, NullPointerException in X protocol AsyncMessageReader due to race condition
* Returned support for MySQL 5.5 and 5.6.
Changes in 6.0.2
* Deprecate the EOF packet.
* Bug#75956, Inserting timestamps using a server PreparedStatement and useLegacyDatetimeCode=false
* Bug#22385172, CONNECTOR/J MANIFEST DOES NOT EXPOSE FABRIC (OSGi).
* Bug#22598938, FABRICMYSQLDATASOURCE.GETCONNECTION() NPE AFTER SWITCHOVER.
* Bug#21286268, CONNECTOR/J REPLICATION USE MASTER IF SLAVE IS UNAVAILABLE.
* Bug#21296840 & Bug#17910835, Server information in a group from Fabric is not refreshed after expired TTL.
* Bug#56122 (11763419), JDBC4 functionality failure when using replication connections.
* Added support for TLSv1.1 and TLSv1.2
* Bug#78961 (22096981), Can't call MySQL procedure with InOut parameters in Fabric environment.
* Bug#56100 (11763401), Replication driver routes DML statements to read-only slaves.
* StandardSSLSocketFactory implements SocketMetadata.
* Bug#21978216, GETTYPEINFO REPORT MAXIMUM PRECISION OF 255 FOR VARBINARY.
* Bug#78706 (21947042), Prefer TLS where supported by MySQL Server.
* Bug#21934573, FABRIC CODE INVOLVED IN THREAD DEADLOCK.
* Bug#21876798, CONNECTOR/J WITH MYSQL FABRIC AND SPRING PRODUCES PROXY ERROR.
Changes in 6.0.1
* Removed useJvmCharsetConverters connection property. JVM charset converters are now used in all cases.
* Refactored value decoding and removed all date/time connection properties
* Refactored connection properties
* Assume existence of INFORMATION_SCHEMA.PARAMETERS (and thus MySQL 5.5) when preparing stored procedure calls.
* Removed retainStatementAfterResultSetClose connection property.
* Null-merge of Bug#54095 (11761585) fix.
* Removed support code for MySQL server versions < 5.7.
* Bug#76859 (20969312), DBMD getColumns using I_S doesn't have column IS_GENERATEDCOLUMN as per JDBC 4.1.
* Added support for GENERATED COLUMNS.
* Update Time Zone mappings with IANA Time Zone database tsdata2015f and Unicode CLDR v.28.
* Update DatabaseMetaData SQL keywords.
* Added tests for Optimizer hints syntax introduced in MySQL 5.7.7.
* Bug#21860833, JSON DATA TYPE DOESN'T WORK WITH SSPS.
* Added support for JSON data type.
* Added support for JDBC 4.2 new features.
* Bug#16634180, LOCK WAIT TIMEOUT EXCEEDED CAUSES SQLEXCEPTION, SHOULD CAUSE SQLTRANSIENTEXCEPTION
* Bug#75849 (20536592), NPE in abortInternal() method on line 1358 of ConnectionImpl.
* Bug#78106 (21648826), Potential memory leak with inflater.
* Bug#78225 (21697684), DEFAULT NO_AUTO_CREATE_USER SQL_MODE BEHAVIOR BROKE SOME TESTS
* Bug#77665 (21415165), JDBC fails to connect with MySQL 5.0.
* Bug#77681 (21429909), rewrite replace sql like insert when rewriteBatchedStatements=true (contribution).
* Bug#77449 (21304726) Add 'truncateFractionalSeconds=true|false' property (contribution).
* Bug#50348 (11758179), mysql connector/j 5.1.10 render the wrong value for dateTime column in GMT DB.
* Bug#75670 (20433047), Connection fails with 'Public Key Retrieval is not allowed' for native auth.
* Bug#76187 (20675539), getTypeInfo report maximum precision of 255 for varchar.
* Add test for new syntax 'ALTER TABLE ... DISCARD|IMPORT PARTITION ...' introduced in MySQL 5.7.4.
* Bug#20727196, GETPROCEDURECOLUMNS() RETURNS EXCEPTION FOR FUNCTION WHICH RETURNS ENUM/SET TYPE.
* Bug#19803348, GETPROCEDURES() RETURNS INCORRECT OUTPUT WHEN USEINFORMATIONSCHEMA=FALSE.
* Bug#21215151, DATABASEMETADATA.GETCATALOGS() FAILS TO SORT RESULTS.
* Bug#72630 (18758686), NullPointerException during handshake in some situations
* Bug#20825727, CONNECT FAILURE WHEN TRY TO CONNECT SHA USER WITH DIFFERENT CHARSET.
* Flag RowDataDynamic.isInterrupted removed as it isn't needed.
* Bug#20518653, XSL FILES IN PACKAGES
* Bug#20804635, GETTIME() AND GETDATE() FUNCTIONS FAILS WHEN FRACTIONAL PART EXISTS
* Bug#62452 (16444069), NPE thrown in JDBC4MySQLPooledException when statement is closed.
* BUG#70927 (17810800), Connector/J COM_CHANGE_USER handling is broken
* Bug#75335 (20283655), Maven artifact for Connector/J is missing source jar.
* BUG#75592 (20408891), 'SHOW VARIABLES WHERE' is expensive.
* Bug#75113 (20821888), Fail in failover of the connection in MySQL fabric
* Bug#72077 (18425861), Fabric connection with username to a server with disabled auth throws NPE
* Add test for already fixed Bug#72546 (18719760), C/J Fabric createGroup() throws ClassCastException
* Bug#77217 (21184949), ClassCastException when executing a streaming PreparedStatement with Fabric
* Bug#19536760, GETSTRING() CALL AFTER RS.RELATIVE() RETURNS NULLPOINTEREXCEPTION
* BUG#20453712, CLOB.SETSTRING() WITH VALID INPUT RETURNS EXCEPTION
* BUG#20453671, CLOB.POSITION() API CALL WITH CLOB INPUT RETURNS EXCEPTION
* Bug#20685022, SSL CONNECTION TO MYSQL 5.7.6 COMMUNITY SERVER FAILS.
* Bug#20606107, TEST FAILURES WHEN RUNNING AGAINST 5.7.6 SERVER VERSION
* Bug#20533907, BUG#20204783 FIX EXPOSES WRONG BEAHAVIORS IN FAILOVER CONNECTIONS.
* Bug#20504139, GETFUNCTIONCOLUMNS() AND GETPROCEDURECOLUMNS() RETURNS ERROR FOR VALID INPUTS.
* Expose PreparedStatment.ParseInfo for external usage, with no capture of the connection
* Bug#75309 (20272931), mysql connector/J driver in streaming mode will in the blocking state.
* New property 'readOnlyPropagatesToServer' controls the implicit propagation of read only transaction access mode to server.
* Bug#54095 (11761585), Unnecessary call in newSetTimestampInternal.
* Bug#67760 (15936413), Deadlock when concurrently executing prepared statements with Timestamp objects.
* Bug#71084 (18028319), Wrong java.sql.Date stored if client and server time zones differ.
* Bug#75080 (20217686), NullPointerException during setTimestamp on Fabric connection.
* Bug#75168 (20204783), loadBalanceExceptionChecker interface cannot work using JDBC4/JDK7.
* Bug#73595 (19465516), Replace usage of StringBuffer in JDBC driver.
* Bug#18925727, SQL INJECTION IN MYSQL JDBC DRIVER.
* Bug#74998 (20112694), readRemainingMultiPackets not computed correctly for rows larger than 16 MB.
* Bug#73012 (19219158), Precedence between timezone options is unclear.
* Implement support for connecting through SOCKS proxies (WL#8105).
* Ant buildfile reworked to fix incompatibilities with latest Eclipse
* Bug#18474141, TESTSUITE.FABRIC TEST CASES FAIL IF NO FABRIC.TESTSUITE PROPERTIES PROVIDED
* Bug#19383371, CONNECT USING MYSQL_OLD_PASSWORD USER FAILS WHEN PWD IS BLANK
* Bug#17441747, C/J DOESN'T SUPPORT XA RECOVER OUTPUT FORMAT CHANGED IN MYSQL 5.7.
* Bug#19145408, Error messages may not be interpreted according to the proper character set
* Bug#19505524, UNIT TEST SUITE DOES NOT CONSIDER ALL THE PARAMETERS PASSED TO BUILD.XML.
* Bug#73474 (19365473), Invalid empty line in MANIFEST.MF
* Bug#70436 (17527948), Incorrect mapping of windows timezone to Olson timezone.
* Bug73163 (19171665), IndexOutOfBoundsException thrown preparing statement.
* Added support for gb18030 character set
* Bug#73663 (19479242), utf8mb4 does not work for connector/j >=5.1.13
* Bug#73594 (19450418), ClassCastException in MysqlXADataSource if pinGlobalTxToPhysicalConnection=true
* Bug#19354014, changeUser() call results in 'packets out of order' error when useCompression=true.
* Bug#73577 (19443777), CHANGEUSER() CALL WITH USECOMPRESSION=TRUE COULD LEAD TO IO FREEZE
* Bug#19172037, TEST FAILURES WHEN RUNNING AGAINST 5.6.20 SERVER VERSION
* Bug#71923 (18344403), Incorrect generated keys if ON DUPLICATE KEY UPDATE not exact.
* Bug#72502 (18691866), NullPointerException in isInterfaceJdbc() when using DynaTrace
* Bug#72890 (18970520), Java jdbc driver returns incorrect return code when it's part of XA transaction.
* Fabric client now supports Fabric 1.5. Older versions are no longer supported.
* Bug#71672 (18232840), Every SQL statement is checked if it contains 'ON DUPLICATE KEY UPDATE' or not.
* Bug#73070 (19034681), Preparing a stored procedure call with Fabric results in an exception
* Bug#73053 (19022745), Endless loop in MysqlIO.clearInputStream due to Linux kernel bug.
* Bug#18869381, CHANGEUSER() FOR SHA USER RESULTS IN NULLPOINTEREXCEPTION
* Bug#62577 (16722757), XA connection fails with ClassCastException
* Bug#18852587, CONNECT WITH A USER CREATED USING SHA256_PASSWORD PLUGIN FAILS WHEN PWD IS BLANK
* Bug#18852682, TEST TESTSHA256PASSWORDPLUGIN FAILS WHEN EXECUTE AGAINST COMMERCIAL SERVER
* failing tests when running test suite with Java 6+.
* Bug#72712 (18836319), No way to configure Connector JDBC to not do extra queries on connection
- Adjust log4j/log4j-mini dependencies to account for the lack of
log4j12/log4jmini12 Provides in some code streams.
Changes in javapackages-tools:
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
- Fix typo in spec file sitearch -> sitelib
- Fix the python subpackage generation
gh#openSUSE/python-rpm-macros#79
- Support python subpackages for each flavor
gh#openSUSE/python-rpm-macros#66
- Replace old nose with pytest gh#fedora-java/javapackages#86
- when building extra flavor, BuildRequire javapackages-filesystem:
/etc/java is being cleaned out of the filesystems package.
- Upgrade to version 5.3.1
- Define _rpmmacrodir for distributions that don't have it
- Use %{_rpmmacrodir} instead of %{_libexecdir}/rpm/macros.d: this
just happens to overlap in some distros.
- Rename gradle-local and ivy-local to javapackages-gradle and
javapackages-ivy and let them depend only on javapackages-tools
and javapackages-local. These packages only install files
produced during the javapackages-tools build. The dependencies
will be pulled by gradle-local, ivy-local and maven-local
meta-packages built in a separate spec file.
- Split maven-local meta-package out of javapackages-tools spec
file
- Make the ivy-local and maven-local sub-packages depend on the
right stuff, so that they actually can be used for building
- Provide both com.sun:tools and sun.jdk:jconsole that are part of
standard OpenJDK installation. These provides cannot be generated
from metadata due to build sequence.
+ fix directories for eclipse.conf too
- Make the javapackages-local package depend on java-devel. It is
used for package building and this avoids each package to require
java-devel itself.
- Replace the occurences of /usr/lib by libdir in configuration
files too
- Update to version 5.3.0
- Modified patch:
- Build the :extras flavour as noarch
+ we did not bump epoch of OpenJDK packages in SUSE
+ fix a potential generation of unresolvable requires
+ adapt the tests to not expect the epoch
- Switch to multibuild layout
- Update to version 5.2.0+git20180620.70fa2258:
* Rename the async kwarg in call_script to wait (reverses the logic)
* Actually bump version to 5.3.0 snapshot
* Bump version in VERSION file
* [man] s/Pacakge/Package/g
* Fix typos in README
* Fix configure-base.sh after filesystem macro split
* Split filesystem macros to separate macro file
* Introduce javapackages-filesystem package
* [java-functions] extend ABRT Java agent options
* change abrt-java-connector upstream URL
* Remove resolverSettings/prefixes from XMvn config
* Add macros to allow passing arbitrary options to XMvn
* [spec] Bump package version to 5.1.0
* Allow specifying custom repo when calling xmvn-install
- Update to version 5.0.0+git20180104.9367c8f6:
* [java-functions] Avoid colons in jar names
* Workaround for SCL enable scripts not working with -e
* Second argument to pom_xpath_inject is mandatory
* [mvn_artifact] Provide more helpful error messages
* Fix traceback on corrupt zipfile
* [test] Add reproducer for rhbz#1481005
* [spec] Fix default JRE path
* [readme] Fix typo
* Add initial content to README.md (#21)
* Decouple JAVA_HOME setting from java command alternatives
- Fix url to correct one https://github.com/fedora-java/javapackages
- Split to python and non-python edition for smaller depgraph
- Fix abs2rel shebang:
- Fix Requires on subpackages to point to javapackages-tools proper
- Update to version 4.7.0+git20170331.ef4057e7:
* Reimplement abs2rel in Python
* Don't expand {scl} in macro definitions
* Install expanded rpmfc attr files
* [spec] Avoid file conflicts between in SCL
* Fix macros.d directory ownership
* Make %ant macro enable SCL when needed
* [spec] Fix file conflicts between SCL and non-SCL packages
* Fix ownership of ivyxmldir
* [test] Force locale for python processes
* Don't include timestamp in generated pom.properties
* We switch to /usr/lib/ location for macros
- Try to reduce some dependencies bsc#1036025
- python-lxml 3.5.0 introduces validation for xml comments, and
one of the comments created in this package were not valid.
This patch fixes the problem. It backported from upstream and
should be in the next release.
https://github.com/mizdebsk/javapackages/commit/84211c0ee761e93ee507f5d37e9fc80ec377e89d
- Version update to 4.6.0:
* various bugfixes for maven tooling
* introduction to gradle-local package for gradle packaging
- Drop dependency over source-highlight as it causes build cycle
- Try to break buildcycle detected on Factory
- Fix build on SLE11
- Use python-devel instead of pkgconfig to build on sle11
- Add python-javapackages as requirement for main package
- Update requires on python packages to properly have all the needed
dependencies on runtime
- Install macros to /etc/rpm as we do in SUSE:
- Cleanup with spec-cleaner
- Fix rpmlint errors
- Enable maven-local
- Avoid unsatisfiable dependencies
- Enable unit tests
- Update to version 4.4.0
- create directories for java, so that ant build works
- Add virtual provide jpackage-utils-java9 to be able to
distinguish the presence of java9 compatibility
- fix bashisms
- SLES patch for ZipFile, having no attribute '__exit__' which was causing
ecj build failures
- set correct libxslt package when building for SLES
Changes in javassist:
+ Add OSGi manifest to the javassist.jar
- Allow building on systems that do not have java 9 or higher
- Install and package the maven pom and metadata files
- BuildRequire at least Java 9. This version uses APIs introduced
in Java 9
- Replace old $RPM_* shell vars by macros.
- Version update to 3.23.1:
* 3.23.1 Github PR #171
* 3.23 Fix leaking file handlers in ClassPool and removed
ClassPath.close(). Github issue #165
* 3.22 Java 9 supports.
JIRA JASSIST-261.
- Specify java target and source version 1.6 in order to allow
building with jdk9
- fix javadoc errors that are fatal with jdk9
- Version update to 3.21.0:
* various compiler settings
* Require java >= 1.6
- Update to version 3.19.0
* Including a number of bug fixes and Java 8 supports.
- Clean up specfile
- Remove redundant %clean section
- Build for java API 1.5
- Remove unzip requirement
- Update home page and download source Urls
Changes in protobuf:
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General
* Support M1 (#8557)
- Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
- update to 3.15.7:
C++
* Remove the ::pb namespace (alias) (#8423)
Ruby
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
- update to 3.15.6:
Ruby
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
- Update to v3.14.0
Protocol Compiler
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
- from version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
- Fix the python subpackage generation
gh#openSUSE/python-rpm-macros#79
- Support multiple python3 flavors gh#openSUSE/python-rpm-macros#66
- Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
if p['result'] == 'FAIL':
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript
* Fix js message pivot selection (#6813)
PHP
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
- Python: Add requirement on python-six
- Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Use tarball provided by upstream
- Small package cleanup
- Updated to version 3.9.2 (bsc#1162343)
(Objective-C)
* Remove OSReadLittle* due to alignment requirements. (#6678)
* Don't use unions and instead use memcpy for the type swaps. (#6672)
- Package also the protobuf-bom pom file
- Update to new upstream release 3.9.1
* Optimized the implementation of RepeatedPtrFieldBase.
* Added delimited parse and serialize util.
* Added FieldDescriptor::PrintableNameForExtension() and
DescriptorPool::FindExtensionByPrintableName(). The latter
will replace Reflection::FindKnownExtensionByName().
* Created a new Add method in repeated field that allows adding
a range of elements all at once.
* Drop building wheel for Python 3.4.
- Specify java source and target levels in order to build
compatible protobuf-java binaries
- Update to new upstream release 3.8.0
* Introduced new MOMI (maybe-outside-memory-interval) parser.
* Added use of C++ override keyword where appropriate.
* Always declare enums to be int-sized.
* Append '_' to C++ reserved keywords for message, enum, extension.
- Disable LTO (boo#1133277).
- fixes build with Bazel 0.22.0.
- Add protobuf-source package - some programs using gRPC and
protobuf need protobuf definitions which are included inside the
source code, but are not included in the devel package.
- Add maven pom files to the protobuf-java package
- update to version v3.6.1:
* PHP namespaces for nested messages and enums (#4536)
* Allows the json marshaller to be passed json marshal options (#4252)
* Make sure to delete temporary maps used by FileDescriptorTables
* fix python cpp kokoro build
* Change C# reflection to avoid using expression trees
* Updated checked-in generated code
* Removed unused variables in repeated_scalar_container.cc
* Removed unused code pertaining to shared_ptr
* Include no_package.proto in Python test
* Only check filenames when end with .py in _CalledFromGeneratedFile() (#4262)
* Convert descriptortype to type for upb_msgval_sizeof (#4357)
* Removed duplicate using statement from ReflectionUtil.cs
* Add support for power ppc64le
* Cat the test-suite.log on errors for presubits
* Address review comments
* Add third-party RPC implementation: raster - a network framework supports pbrpc by 'service' keyword.
* Delete javanano kokoro build configs.
* Updated Ruby conformance test failure list
* Removed use of some type traits
* Adopt php_metadata_namespace in php code generator (#4622)
* Move to Xcode 9.3 which also means a High Sierra image.
* Add protoc release script for Linux build.
* protoc-artifacts: Avoid storing temporary files and use fewer layers
* Rewrite go_benchmark
* Add files to build ruby artifact for mac on kokoro (#4814)
* Remove javanano.
* Comment out unused command from release script.
* Avoid direct check of class name (#4601)
* The JsonParseOptions::ignore_unknown_fields option behavior treats
* Fix php memory leak test (#4692)
* Fix benchmark build
* Add VS2017 optional component dependency details to the C# readme (#4128)
* Fix initialization with Visual Studio
* For windows, all python version should use /MT (#4468)
* use brew install instead of easy_install in OSX (#4537)
* Sync upb change (#4373)
* Always add -std=c++11 for mac (#4684)
* Add kokoro build status badges.
* Removed unrecognized option from no_package.proto
* Fixed up proto3_lite_unittest.cc
* Update Xcode settings
* Cleanup LICENSE file.
* Remove js_embed binary. (#4709)
* Fixed JS parsing of unspecified map keys
* Update version number to 3.6.0
* Deliberately call simple code to avoid Unity linker pruning
* Revert 'Move `compiler/plugin.pb.cc` to libprotobuf with the other WKT sources.'
* protoc-artifacts: Use ENTRYPOINT to enable devtoolset-1.1
* MinGW build failed
* Support using MSVC intrinsics in Log2FloorNonZero
* Fix array constructor in c extension for compatibility (#4667)
* Add space between class name and concat message (#4577)
* fix python
* Add performance.md and add instruction for linking tcmalloc
* Add script for run and upload the benchmark result to bq
* Add test for failing write of raw pointer to output stream
* [objectivec] Fix memory leak of exceptions raised by RaiseException() (#4556)
* Remove stray indent on normal imports.
* Fix python ext build on kokoro (#4527)
* Add compile test sources for to test include order.
* Fixed a Visual Studio 2017 build error. (#4488)
* fix linux kokoro build in docker
* Fixes MSVC compiler warning C4800 'Forcing value to bool 'true' or 'false'' (#4350)
* Updated Docker setup to use GCC 4.8
* Remove broken build status icons.
* Run autogen.sh in release script.
* Output *_pb2_grpc.py when use_grpc_plugin=True
* Adopt ruby_package in ruby generated code. (#4627)
* Cygwin build failed
* Work around an 'old runtime' issue with reflection
* Added Kokoro protoc release build for OS X (#4770)
* Updated change log for 3.6.1 release
* Move methods out of class (#4697)
* Fix to allow AOT compilers to play nicely with reflection
* Update Makefile.am for Java lite files.
* Added map_lite_test.proto to fix LiteTest
* Introduce a compatiblity shim to support .NET 3.5 delegate creation
* Revert 'Removed mention of Buffer in byteSourceToUint8Array'
* Add gogo benchmark
* Set ext.no_native = true for non mac platform
* Removed atomicops.h since it is no longer used
* Rename a shadowed variable.
* Add kokoro bazel configs for 3.6.x branch.
* Deleted scoped_ptr.h
* Check the message to be encoded is the wrong type. (#4885) (#4949)
* protoc-artifacts: Avoid checking out protobuf code
* Add conformance test for null value in list JSON
* Build ruby gem on kokoro (#4819)
* Try using a new version of Visual Studio on AppVeyor
* Make ruby release configs consistent with protoc.
* fix for API change in PHP 7.3 (#4898)
* Add .proto files to extract_includes.bat
* Update protoc build scripts.
* Blacklist all WELL_KNOWN_PROTOS from Bazel C++ code generation.
* Additional support for building and deploying ppcle_64 artifacts
* Fix php tests
* Cleanup + documentation for Java Lite runtime.
* Added Kokoro Windows release build config for protoc (#4766)
* typo
* fix golang kokoro linux build
* Fix spelling error of __GNUC_MINOR__
* Update code to work for Xcode 10b1 (#4729)
* Added pyext/thread_unsafe_shared_ptr.h
* Added missing .inc files to BUILD
* js message support for jstype string on integers (#4332)
* Improve error message when googletest is missing.
* Make assertEquals pass for message (#4947)
* Sync internal benchmark changes
* Removed some unused C++ source files
* Fix missing LIBPROTOC_EXPORT.
* Added new test source files to Makefile.am
* Update php version to 3.6.0 (#4736)
* Fix RepeatedField#delete_if (#4292)
* Merge branch (#4466)
* Implement array constructor in php c extension.
* protoc-artifacts: Update centos base from 6.6 to 6.9
* PHP array constructors for protobuf messages (#4530)
* Fix problem: cmake build failed in c++11 by clang
* Don't assume Windows builds use MSVC.
* Use legacy name in php runtime (#4741)
* Add file option php_metadata_namespace and ruby_package (#4609)
* Fix cpp benchmark dependency on mac
* Use the first enum value instead of 0 in DefaultValueObjectWriter::FindEnumDefault
* Check return value on write of raw pointer
* Delete unused directories.
* Replace //:protoc and similar default macro arguments with
* Add extra C# file to Makefile.am
* includes the expected class in the exception, otherwise the error is harder to track down (#3371)
* Update instructions about getting protobuf source.
* Add cpp tests under release docker image.
* fix java benchmark, fix dashboard build
* `update_file_lists.sh` depends on Bash features, thus needs Bash sebang.
* Rename build_artifacts.cfg to release.cfg (#4818)
* Fix bug: whether always_print_enums_as_ints is true or false, it always print the default value of enums as strings
* source code info for interpreted options; fix source code info for extension range options (#4342)
* Updated version numbers to 3.6.1
* Trim imports for bundled generated protos.
* Require C++11 and pass -std=c++11
* Remove the iOS Test App.
* fix duplicate mkdir in update_file_lists.sh
* Updated csharp/README.md to reflect testing changes
* Fix bazel build of examples.
* Add missing ruby/tests/test_ruby_package.proto
* Fix cpp_distcheck
* Updated the change log with changes for 3.6.0
* some fix
* CMake: Update CXX Standard management
* Add the files added in #4485.
* Change to deal all messages in one loop
* Fix php conformance test.
* Add __init__.py files to compiler and util subpackages (#4117)
* Updated .gitignore to exclude downloaded gmock/ directory
* Fix error in Clang UndefinedBehaviorSanitizer
* Work around MSVC issue with std::atomic initialization (#4777)
* Updated conformance failure lists
* Add back GeneratedClassName to public (#4686)
* Add continuous test for ruby 2.3, 2.4 and 2.5 (#4829)
* Throw error if user want to access message properties (#4603)
* fix json_decode call parameters (#4381)
* Move `compiler/plugin.pb.cc` to libprotobuf with the other WKT sources.
* PHP: fixed typo in message.c
* Add go benchmark
* Allow list values to be null when parsing
* Added instruction for existing ZLIB configuration
* Fix 32bit php tests
* Removed javanano from post_process_dist.sh
* Don't generate imports for the WKTs unless generating the WKTs.
* For encoding upb needs descriptor type instead of type. (#4354)
* Include googletest as a submodule (#3993)
* Write messages to backing field in generated C# cloning code (#4440)
* Integrated internal changes from Google
- bump soname version
update to version v3.5.2:
* Update release date
* Disable pip cache when testing uploaded packages
* Replace private timelib_update_ts with public date_timestamp_get
* Remove py2.6 support.
* Cherrypick for csharp, including:
* Update changelog
* Update changelog for 3.5.1
* Fix uploading binary wheel.
* Fix memory leak when creating map field via array.
* Update rake file to build of 2.1.6.
* Avoid using php_date_get_date_ce() in case date extension is not
* Update protoc-artfacts
* Fix string::back() usage in googletest.cc
* Fix memory leak in php7
* Support ruby2.5
* io_win32: support non-ASCII paths
* Explicitly propagate the status of Flush().
* Add discard unknown API in ruby. (#3990)
* Update version for 3.5.0.post1
* remove nullptr
* Fix more memory leak for php c extension (#4211)
* Bumping number to fix ruby 2.1 on mac
* io_win32_unittest: remove incorrect error check
* Fix memory leak when creating repeated field via array.
* Update version number for php c extension (#3896)
* Fix file permission for python package.
* Create containing directory before generating well_known_types_embed.cc
* Replace C++11 only method std::map::at
* Recursively clear unknown fields in submessages. (#3982)
* Update version number to 3.5.1
* io_win32_unittest: fix condition in GetCwdAsUtf8
* Add release log
* io_win32_unittest: use CWD as last tempdir
* Add PROTOBUF_ENABLE_TIMESTAMP to let user decide whether timestamp util
* Add support for Windows ARM64 build
* Add protobuf-all in post release
* Use fully qualifed name for DescriptorPool in Any.php to avoid name (#3886)
* Add _file_desc_by_toplevel_extension back
* Fix setup.py for windows build.
* io_win32_unittest: make //:win32_test run again
* Provide discardUnknonwnFields API in php (#3976)
* Update php c extension version number to 3.5.0.1
* Fix ruby gc_test in ruby 2.4 (#4011)
* Remove duplicate typedef. (#3975)
* Accept DatetimeInterface in fromDatetime
* io_win32: add more encoding-related tests
* Bump version number to 3.5.2
* Bump protoc-artifact version for a patch rebuild
* Call php method via function name instead of calling directly.
* Well known types are not initialized properly. (#4139)
* Use matching enum type for IsPOD.
* Fix several more memory leak
* Fix for php5.5
* Add backslach to make class explict in global namespace
* Fix compile error undefined reference to
`google::protobuf::internal::Release_CompareAndSwap(long volatile*, long, long)'
on s390x https://github.com/google/protobuf/issues/3937
- Conditionalize python2 and python3 in order to be able to build
without python2 present in distribution
* Use singlespec macros to simplify the logic
- Run fdupes on python modules to avoid duplicates
- Remove shebangs from import-only code
- Update to new upstream release 3.5.0
* Proto3 messages are now preserving unknown fields by default.
If you rely on unknowns fields being dropped, use
DiscardUnknownFields() explicitly.
* Deprecated the unsafe_arena_release_* and
unsafe_arena_add_allocated_* methods for string fields.
* Added move constructor and move assignment to RepeatedField,
RepeatedPtrField and google::protobuf::Any.
* Added perfect forwarding in Arena::CreateMessage.
* In-progress experimental support for implicit weak fields
with lite protos. This feature allows the linker to strip out
more unused messages and reduce binary size.
- Rename %soname to %sover to better reflect its use.
- Install LICENSE
- Update to 3.3.0 :
* C++:
* Fixed map fields serialization of DynamicMessage to correctly serialize
both key and value regardless of their presence.
* Parser now rejects field number 0 correctly.
* New API Message::SpaceUsedLong() that’s equivalent to
Message::SpaceUsed() but returns the value in size_t.
* JSON support
- New flag always_print_enums_as_ints in JsonPrintOptions.
- New flag preserve_proto_field_names in JsonPrintOptions. It will instruct
the JSON printer to use the original field name declared in the .proto
file instead of converting them to lowerCamelCase when printing JSON.
- JsonPrintOptions.always_print_primtive_fields now works for oneof message
fields.
- Fixed a bug that doesn’t allow different fields to set the same json_name
value.
- Fixed a performance bug that causes excessive memory copy when printing
large messages.
* Various performance optimizations.
* Java:
* Map field setters eagerly validate inputs and throw NullPointerExceptions
as appropriate.
* Added ByteBuffer overloads to the generated parsing methods and the Parser
interface.
* proto3 enum's getNumber() method now throws on UNRECOGNIZED values.
* Output of JsonFormat is now locale independent.
* Python:
* Added FindServiceByName() in the pure-Python DescriptorPool. This works only
for descriptors added with DescriptorPool.Add(). Generated descriptor_pool
does not support this yet.
* Added a descriptor_pool parameter for parsing Any in text_format.Parse().
* descriptor_pool.FindFileContainingSymbol() now is able to find nested
extensions.
* Extending empty [] to repeated field now sets parent message presence.
- Update to 3.2.0 :
* Added protoc version number to protoc plugin protocol. It can be used by
protoc plugin to detect which version of protoc is used with the plugin and
mitigate known problems in certain version of protoc.
* C++:
* The default parsing byte size limit has been raised from 64MB to 2GB.
* Added rvalue setters for non-arena string fields.
* Enabled debug logging for Android.
* Fixed a double-free problem when using Reflection::SetAllocatedMessage()
with extension fields.
* Fixed several deterministic serialization bugs:
* MessageLite::SerializeAsString() now respects the global deterministic
serialization flag.
* Extension fields are serialized deterministically as well. Fixed protocol
compiler to correctly report importing-self as an error.
* Fixed FileDescriptor::DebugString() to print custom options correctly.
* Various performance/codesize optimizations and cleanups.
* Java:
* The default parsing byte size limit has been raised from 64MB to 2GB.
* Added recursion limit when parsing JSON.
* Fixed a bug that enumType.getDescriptor().getOptions() doesn't have custom
options.
* Fixed generated code to support field numbers up to 2^29-1.
* Python:
* You can now assign NumPy scalars/arrays (np.int32, np.int64) to protobuf
fields, and assigning other numeric types has been optimized for
performance.
* Pure-Python: message types are now garbage-collectable.
* Python/C++: a lot of internal cleanup/refactoring.
- Increase soname to 13
- Generate python2-protobuf and python3-protobuf packages in Factory
- Make the python2-protobuf package provide and obsolete python-protobuf
to make the transition smooth in Tumbleweed
- Fix an issue with setup.py where some files are built on the
first invocation, but only copied on the second. This resulted
in an incomplete protobuf-python package.
- Update to protobuf v3.1.0. Protobuf v3.0.0 introduceced a new
version of the protocol buffer language, proto3, which supersedes
proto2.
The protoc compiler is able to read old proto2 protocol definitions,
and defaults to the proto2 syntax if a syntax is not specified, thus
packages can be recompiled to link to the new library. For backwards
compatibility, the old library version is available from the
protobuf2 package.
As the API for proto2 is not compatible to the proto3 API, proto3
should only be used for new Protocol Buffers, whereas current users
are advised to keep using proto2. For a detailed list of changes,
see https://github.com/google/protobuf/releases
- Use py_sitedir for library installation with setup.py install
- Drop protobuf-libs as it is just workaround for rpmlint issue
- Cleanup specfile:
* remove any conditionals for versions predating SLES 12/Leap 42.x
* add Provides: protobuf-libs to fix rpmlint warning
Changes in python-python-gflags:
- Don't provide python2-gflags, singlespec packages should use
correct name.
- Provide python-gflags in the python2 package
- Fix URL.
- Update to version 3.1.1
* Added PEP8 style method/function aliases.
- Update to version 3.1.0
* Python3 compatibility
* Removed UnrecognizedFlag exception.
* Replaced flags.DuplicateFlag with flags.DuplicateFlagError.
* Moved the validators.Error class to exceptions.ValidationError.
* Renamed IllegalFlagValue to IllegalFlagValueError.
* Removed MutualExclusionValidator class, in favor of flags.MarkFlagsAsMutualExclusive.
* Removed FlagValues.AddValidator method.
* Removed _helpers.GetMainModule.
* Use xml.dom.minidom to create XML strings, instead of manual crafting.
* Declared PEP8-style names.
* Added examples.
- Update to version 3.0.7
* Removed the unused method ShortestUniquePrefixes.
* Removed _GetCallingModule function alias.
- Update to version 3.0.6
* Declared pypi package classifiers.
* Added support for CLIF flag processing (not included in python-gflags repo
yet).
- Update to version 3.0.5
* Added a warning when FLAGS.SetDefault is used after flags were parsed.
* Added new function: MarkFlagsAsRequired.
- Update to version 3.0.4
* One more fix for setup.py - this time about third_party package.
- Update to version 3.0.3
* Fixed setup.py.
* --noflag if argument is given is no longer allowed.
* Python3 compatibility: removed need for cgi import.
* Disallowed unparsed flag usage after FLAGS.Reset()
- Update to version 3.0.2
* Fix MANIFEST.in to include all relevant files.
- Update to version 3.0.1
* Some changes for python3 compatibility.
* Automatically generate ordering operations for Flag.
* Add optional comma compatibility to whitespace-separated list flags.
* A lot of potentially backwards incompatible changes since 2.0.
* This version is NOT recommended to use in production. Some of the files and
documentation has been lost during export; this will be fixed in next
versions.
- Fix source URL
- Implement single-spec version
ImportantSUSE bug 1036025SUSE bug 1133277SUSE bug 1162343cpe:/o:suse:suse-openstack-cloud:9Security update for strongswan (Important)SUSE OpenStack Cloud 9
This update for strongswan fixes the following issues:
- CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435)
ImportantSUSE bug 1191435CVE-2021-41991 at SUSECVE-2021-41991 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql10 (Important)SUSE OpenStack Cloud 9
This update for postgresql10 fixes the following issues:
- Fix for build with llvm12 on s390x. (bsc#1185952)
- Re-enable 'icu' for PostgreSQL 10. (bsc#1179945)
- Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751)
- Upgrade to version 10.18. (bsc#1190177)
Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5):
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
- Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961)
- Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix recently-added timetz test case so it works when the USA is not observing daylight savings time.
ImportantSUSE bug 1178961SUSE bug 1179765SUSE bug 1179945SUSE bug 1183118SUSE bug 1183168SUSE bug 1185924SUSE bug 1185925SUSE bug 1185952SUSE bug 1187751SUSE bug 1190177CVE-2021-32027 at SUSECVE-2021-32027 at NVDCVE-2021-32028 at SUSECVE-2021-32028 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for opensc (Important)SUSE OpenStack Cloud 9
This update for opensc fixes the following issues:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
ImportantSUSE bug 1191957SUSE bug 1191992SUSE bug 1192000SUSE bug 1192005CVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for transfig (Important)SUSE OpenStack Cloud 9
This update for transfig fixes the following issues:
Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)
- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
- bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
- bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
- bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c
ImportantSUSE bug 1190607SUSE bug 1190611SUSE bug 1190612SUSE bug 1190615SUSE bug 1190616SUSE bug 1190617SUSE bug 1190618SUSE bug 1192019CVE-2020-21529 at SUSECVE-2020-21529 at NVDCVE-2020-21530 at SUSECVE-2020-21530 at NVDCVE-2020-21531 at SUSECVE-2020-21531 at NVDCVE-2020-21532 at SUSECVE-2020-21532 at NVDCVE-2020-21533 at SUSECVE-2020-21533 at NVDCVE-2020-21534 at SUSECVE-2020-21534 at NVDCVE-2020-21535 at SUSECVE-2020-21535 at NVDCVE-2021-32280 at SUSECVE-2021-32280 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for binutils (Moderate)SUSE OpenStack Cloud 9
This update for binutils fixes the following issues:
Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
--gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
--sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses 'no
symbols' diagnostic.
Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
-march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the 'variable section' from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
--no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
Update to binutils 2.35.1:
* This is a point release over the previous 2.35 version, containing bug
fixes, and as an exception to the usual rule, one new feature. The
new feature is the support for a new directive in the assembler:
'.nop'. This directive creates a single no-op instruction in whatever
encoding is correct for the target architecture. Unlike the .space or
.fill this is a real instruction, and it does affect the generation of
DWARF line number tables, should they be enabled.
Update to binutils 2.35:
* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
* Readelf will now display '[...]' when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to 'no'.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
--dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
--syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
--disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
The following security fixes are addressed by the update:
- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).
- CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768).
- CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770).
- CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826).
- CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829).
- CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831).
- CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126).
- CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609).
- CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649).
ModerateSUSE bug 1126826SUSE bug 1126829SUSE bug 1126831SUSE bug 1140126SUSE bug 1142649SUSE bug 1143609SUSE bug 1153768SUSE bug 1153770SUSE bug 1157755SUSE bug 1160254SUSE bug 1160590SUSE bug 1163333SUSE bug 1163744SUSE bug 1179036SUSE bug 1179341SUSE bug 1179898SUSE bug 1179899SUSE bug 1179900SUSE bug 1179901SUSE bug 1179902SUSE bug 1179903SUSE bug 1180451SUSE bug 1180454SUSE bug 1180461SUSE bug 1181452SUSE bug 1182252SUSE bug 1183511SUSE bug 1184620SUSE bug 1184794CVE-2019-12972 at SUSECVE-2019-12972 at NVDCVE-2019-14250 at SUSECVE-2019-14250 at NVDCVE-2019-14444 at SUSECVE-2019-14444 at NVDCVE-2019-17450 at SUSECVE-2019-17450 at NVDCVE-2019-17451 at SUSECVE-2019-17451 at NVDCVE-2019-9074 at SUSECVE-2019-9074 at NVDCVE-2019-9075 at SUSECVE-2019-9075 at NVDCVE-2019-9077 at SUSECVE-2019-9077 at NVDCVE-2020-16590 at SUSECVE-2020-16590 at NVDCVE-2020-16591 at SUSECVE-2020-16591 at NVDCVE-2020-16592 at SUSECVE-2020-16592 at NVDCVE-2020-16593 at SUSECVE-2020-16593 at NVDCVE-2020-16598 at SUSECVE-2020-16598 at NVDCVE-2020-16599 at SUSECVE-2020-16599 at NVDCVE-2020-35448 at SUSECVE-2020-35448 at NVDCVE-2020-35493 at SUSECVE-2020-35493 at NVDCVE-2020-35496 at SUSECVE-2020-35496 at NVDCVE-2020-35507 at SUSECVE-2020-35507 at NVDCVE-2021-20197 at SUSECVE-2021-20197 at NVDCVE-2021-20284 at SUSECVE-2021-20284 at NVDCVE-2021-3487 at SUSECVE-2021-3487 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat, javapackages-tools fixes the following issue:
Security issue fixed:
- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).
Non-security issues fixed:
- Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476)
- Rebuild javapackages-tools to fix a missing package on s390.
ImportantSUSE bug 1185476SUSE bug 1188278SUSE bug 1188279SUSE bug 1190558CVE-2021-30640 at SUSECVE-2021-30640 at NVDCVE-2021-33037 at SUSECVE-2021-33037 at NVDCVE-2021-41079 at SUSECVE-2021-41079 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for qemu (Important)SUSE OpenStack Cloud 9
This update for qemu fixes the following issues:
Security issues fixed:
- Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748)
- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713)
- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682)
- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
- NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503)
- eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255)
- usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)
ImportantSUSE bug 1180432SUSE bug 1180433SUSE bug 1180434SUSE bug 1180435SUSE bug 1182651SUSE bug 1186012SUSE bug 1189145SUSE bug 1189702SUSE bug 1189938CVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for binutils (Moderate)SUSE OpenStack Cloud 9
This update for binutils fixes the following issues:
- For compatibility on old code stream that expect 'brcl 0,label' to
not be disassembled as 'jgnop label' on s390x. (bsc#1192267)
This reverts IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).
Security issue fixed:
- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)
ModerateSUSE bug 1183909SUSE bug 1184519SUSE bug 1188941SUSE bug 1191473SUSE bug 1192267CVE-2021-20294 at SUSECVE-2021-20294 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for pcre (Moderate)SUSE OpenStack Cloud 9
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).
ModerateSUSE bug 1025709SUSE bug 1030066SUSE bug 1030803SUSE bug 1030805SUSE bug 1030807SUSE bug 1172973SUSE bug 1172974CVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to Extended Support Release 91.3.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-49 (bsc#1192250)
* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
* CVE-2021-38504: Use-after-free in file picker dialog
* CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
* CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
* CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
* CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
* CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
* CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
* MOZ-2021-0008: Use-after-free in HTTP2 Session object
* MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
ImportantSUSE bug 1192250CVE-2021-38503 at SUSECVE-2021-38503 at NVDCVE-2021-38504 at SUSECVE-2021-38504 at NVDCVE-2021-38505 at SUSECVE-2021-38505 at NVDCVE-2021-38506 at SUSECVE-2021-38506 at NVDCVE-2021-38507 at SUSECVE-2021-38507 at NVDCVE-2021-38508 at SUSECVE-2021-38508 at NVDCVE-2021-38509 at SUSECVE-2021-38509 at NVDCVE-2021-38510 at SUSECVE-2021-38510 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma (Moderate)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma contains the following fixes:
Security fixes included in this update:
kibana:
CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868).
python-eventlet:
CVE-2021-21419: Fixed improper handling of highly compressed data and memory allocation with excessive size value. (bsc#1185836)
rubygem-redcarpet:
CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837)
rubygem-puma:
CVE-2021-41136: Fixes build of the Java state machine for parsing HTTP. (bsc#1191681)
Non-security fixes included in this update:
Changes in ardana-ansible:
* Patch service.py to skip blank lines.
Changes in ardana-monasca:
* Use specific TLS versions for monasca-thresh DB connections. (SOC-11543)
Changes in crowbar-openstack:
* keystone wakeup: get new session on any error. (bsc#1189052)
Changes in influxdb:
- Set GO111MODULE=auto to fix build with go1.16 and later where default is GO111MODULE=on
Canges in kibana:
- Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868)
Changes in openstack-cinder:
* Fix typo in Dell EMC Unity driver documentation.
* Drop lower-constraints job.
* [stable-only] Cap bandit to v1.6.2 and fix constraints.
Changes in openstack-ec2-api:
* Remove jobs corresponds to obselete featuresets.
* OpenDev Migration Patch.
Changes in openstack-heat-gbp:
* Add support for Wallaby.
* Fix upstream gate.
Changes in openstack-heat-templates:
* [ussuri][goal] Update contributor documentation.
* Fix zuul config for heat-templates-check.
* Remove testr.
Changes in openstack-horizon-plugin-gbp-ui:
* Add support for Wallaby.
* Fix upstream gate.
Changes in openstack-keystone:
* Retry update\_user when sqlalchemy raises StaleDataErrors.
* Pin keystone-tempest-plugin for py27 compatibility.
Changes in openstack-neutron-gbp:
* Fix update router API.
* Fix HA IP DB migration.
* Revert 'Fix HA IP DB migration'.
* Fix HA IP DB migration.
* Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table.
* Use custom converter for extra attributes.
* Validate network before creating or updating router.
* Fix Data Migration query for HA IP table.
* System security grp:Add system sg in port sg list.
* Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table.
* [apic\_aim]: Fix HA IP UTs.
* Fixing the exception msg for IPAddressGenerationFailure.
* Enhancement regarding router/instance attachment to an external network floating ip and snat subnets.
* Setting legacy-group-based-policy-dsvm-aim to non-voting gate.
* Add support for Wallaby.
* Bug fixes for gbp-validate.
* [apic\_aim]: Filter endpoint details.
* Bugfix: Policy Enforcement Pref.
* Fix unit-tests for tenant-scope validation.
* [AIM] Add Policy Enforcement Pref to network extension.
Changes in openstack-nova:
* [neutron] Get only ID and name of the SGs from Neutron.
* Remove allocations before setting vm\_status to SHELVED\_OFFLOADED.
* libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available.
* Update pci stat pools based on PCI device changes.
* Use subqueryload() instead of joinedload() for (system\_)metadata.
Changes in python-eventlet:
Websocket: Limit maximum uncompressed frame length to 8MiB. (bsc#1185836 CVE-2021-21419)
ModerateSUSE bug 1180837SUSE bug 1185836SUSE bug 1186868SUSE bug 1189052SUSE bug 1191681CVE-2020-26298 at SUSECVE-2020-26298 at NVDCVE-2021-21419 at SUSECVE-2021-21419 at NVDCVE-2021-22141 at SUSECVE-2021-22141 at NVDCVE-2021-41136 at SUSECVE-2021-41136 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Important)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
ImportantSUSE bug 1014440SUSE bug 1192284CVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql, postgresql13, postgresql14 (Important)SUSE OpenStack Cloud 9
This update for postgresql, postgresql13 and postgresql14 fixes the following issues:
Security issues fixed:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673)
On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants.
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql10 (Important)SUSE OpenStack Cloud 9
This update for postgresql10 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937).
ImportantSUSE bug 1191937CVE-2021-42762 at SUSECVE-2021-42762 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version OpenJDK 8u312 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191903SUSE bug 1191904SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35567 at SUSECVE-2021-35567 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_7_0-openjdk fixes the following issues:
Update to OpenJDK 7u321 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ruby2.1 (Important)SUSE OpenStack Cloud 9
This update for ruby2.1 fixes the following issues:
- CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125).
- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
ImportantSUSE bug 1177125SUSE bug 1188160SUSE bug 1188161SUSE bug 1190375CVE-2020-25613 at SUSECVE-2020-25613 at NVDCVE-2021-31799 at SUSECVE-2021-31799 at NVDCVE-2021-31810 at SUSECVE-2021-31810 at NVDCVE-2021-32066 at SUSECVE-2021-32066 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Moderate)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).
- Integrate bugfixes (bsc#1189373, bsc#1189378)
ModerateSUSE bug 1189373SUSE bug 1189378SUSE bug 1189632SUSE bug 1192554SUSE bug 1192557SUSE bug 1192559CVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for clamav (Moderate)SUSE OpenStack Cloud 9
This update for clamav fixes the following issues:
- CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032).
- Update to 0.103.4 (bsc#1192346).
- Update to 0.103.3 (bsc#1188284).
ModerateSUSE bug 1103032SUSE bug 1188284SUSE bug 1192346CVE-2018-14679 at SUSECVE-2018-14679 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
- CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
ImportantSUSE bug 1192063CVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssh (Important)SUSE OpenStack Cloud 9
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).
ImportantSUSE bug 1190975CVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud 9
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
ImportantSUSE bug 1193170CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
The following security bugs were fixed:
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961)
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
- CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351).
- CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898).
- CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374).
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
- CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724).
The following non-security bugs were fixed:
- Add arch-dependent support markers in supported.conf (bsc#1186672)
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- Use /usr/lib/modules as module dir when usermerge is active in the target distro.
- UsrMerge the kernel (boo#1184804)
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- drop debugging statements
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- handle also race conditions in /proc/net/tcp code
- hisax: fix spectre issues (bsc#1192802).
- hv: adjust mana_select_queue to old ndo_select_queue API
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue (bsc#1192802).
- memcg: enable accounting for file lock caches (bsc#1190115).
- mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050).
- mpt3sas: fix spectre issues (bsc#1192802).
- net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855).
- net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802).
- net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
- objtool: Do not fail on missing symbol table (bsc#1192379).
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass (bsc#1190601).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601).
- scripts/git_sort/git_sort.py: add bpf git repo
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802).
- x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400).
- x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
ImportantSUSE bug 1087082SUSE bug 1100416SUSE bug 1108488SUSE bug 1129735SUSE bug 1129898SUSE bug 1133374SUSE bug 1153720SUSE bug 1171420SUSE bug 1176724SUSE bug 1176931SUSE bug 1180624SUSE bug 1181854SUSE bug 1181855SUSE bug 1183050SUSE bug 1183861SUSE bug 1184673SUSE bug 1184804SUSE bug 1185377SUSE bug 1185677SUSE bug 1185726SUSE bug 1185727SUSE bug 1185758SUSE bug 1185973SUSE bug 1186063SUSE bug 1186482SUSE bug 1186483SUSE bug 1186672SUSE bug 1188026SUSE bug 1188172SUSE bug 1188563SUSE bug 1188601SUSE bug 1188613SUSE bug 1188838SUSE bug 1188842SUSE bug 1188876SUSE bug 1188983SUSE bug 1188985SUSE bug 1189057SUSE bug 1189262SUSE bug 1189278SUSE bug 1189291SUSE bug 1189399SUSE bug 1189400SUSE bug 1189418SUSE bug 1189420SUSE bug 1189706SUSE bug 1189846SUSE bug 1189884SUSE bug 1190023SUSE bug 1190025SUSE bug 1190067SUSE bug 1190115SUSE bug 1190117SUSE bug 1190118SUSE bug 1190159SUSE bug 1190276SUSE bug 1190349SUSE bug 1190350SUSE bug 1190351SUSE bug 1190432SUSE bug 1190479SUSE bug 1190534SUSE bug 1190601SUSE bug 1190717SUSE bug 1191193SUSE bug 1191315SUSE bug 1191317SUSE bug 1191318SUSE bug 1191529SUSE bug 1191530SUSE bug 1191628SUSE bug 1191660SUSE bug 1191790SUSE bug 1191801SUSE bug 1191813SUSE bug 1191961SUSE bug 1192036SUSE bug 1192045SUSE bug 1192048SUSE bug 1192267SUSE bug 1192379SUSE bug 1192400SUSE bug 1192444SUSE bug 1192549SUSE bug 1192775SUSE bug 1192781SUSE bug 1192802CVE-2018-13405 at SUSECVE-2018-13405 at NVDCVE-2018-9517 at SUSECVE-2018-9517 at NVDCVE-2019-3874 at SUSECVE-2019-3874 at NVDCVE-2019-3900 at SUSECVE-2019-3900 at NVDCVE-2020-0429 at SUSECVE-2020-0429 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Update to Extended Support Release 91.4.0 (bsc#1193485):
- CVE-2021-43536: URL leakage when navigating while executing asynchronous function
- CVE-2021-43537: Heap buffer overflow when using structured clone
- CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
- CVE-2021-43539: GC rooting failure when calling wasm instance methods
- CVE-2021-43541: External protocol handler parameters were unescaped
- CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
- CVE-2021-43543: Bypass of CSP sandbox directive when embedding
- CVE-2021-43545: Denial of Service when using the Location API in a loop
- CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
- Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)
ImportantSUSE bug 1193321SUSE bug 1193485CVE-2021-43536 at SUSECVE-2021-43536 at NVDCVE-2021-43537 at SUSECVE-2021-43537 at NVDCVE-2021-43538 at SUSECVE-2021-43538 at NVDCVE-2021-43539 at SUSECVE-2021-43539 at NVDCVE-2021-43541 at SUSECVE-2021-43541 at NVDCVE-2021-43542 at SUSECVE-2021-43542 at NVDCVE-2021-43543 at SUSECVE-2021-43543 at NVDCVE-2021-43545 at SUSECVE-2021-43545 at NVDCVE-2021-43546 at SUSECVE-2021-43546 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glib-networking (Important)SUSE OpenStack Cloud 9
This update for glib-networking fixes the following issues:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
ImportantSUSE bug 1172460CVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030).
ImportantSUSE bug 1193030CVE-2021-4008 at SUSECVE-2021-4008 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for storm-kit (Critical)SUSE OpenStack Cloud 9
This update for storm-kit fixes the following issues:
- Remove JndiLookup from log4j 2.x jars during build to
prevent 'log4shell' code injection. (bsc#1193641, bsc#1193611, CVE-2021-44228)
- Remove JMSAppender from log4j 1.2.x jars during build to prevent attacks when JMS is enabled (bsc#1193641, bsc#1193662, CVE-2021-4104)
CriticalSUSE bug 1193611SUSE bug 1193641SUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDCVE-2021-44228 at SUSECVE-2021-44228 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for log4j (Important)SUSE OpenStack Cloud 9
This update for log4j fixes the following issue:
- CVE-2021-4104: Disable the JMSAppender class from log4j to protect against
the log4jshell vulnerability. [bsc#1193662]
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading to out of
bounds memory write. (bsc#1190487)
- CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write. (bsc#1190489)
ImportantSUSE bug 1190487SUSE bug 1190489CVE-2021-4009 at SUSECVE-2021-4009 at NVDCVE-2021-4011 at SUSECVE-2021-4011 at NVDcpe:/o:suse:suse-openstack-cloud:9Recommended update for samba (Important)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
The username map advice from the CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails (bsc#1192849).
ImportantSUSE bug 1192849CVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for chrony (Moderate)SUSE OpenStack Cloud 9
This update for chrony fixes the following issues:
Chrony was updated to 4.1:
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
- Enable syscallfilter unconditionally (bsc#1181826).
Chrony was updated to 4.0:
Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Chrony was updated to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Update clknetsim to version 79ffe44 (fixes bsc#1162964).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272)
- Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.
- Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529)
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*'
- Enable pps support
Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
ModerateSUSE bug 1063704SUSE bug 1069468SUSE bug 1082318SUSE bug 1083597SUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1156884SUSE bug 1159840SUSE bug 1161119SUSE bug 1162964SUSE bug 1171806SUSE bug 1172113SUSE bug 1173277SUSE bug 1173760SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1183783SUSE bug 1184400SUSE bug 1187906SUSE bug 1190926CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh (Important)SUSE OpenStack Cloud 9
This update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh fixes the following issues:
Fixed vulnerability related to log4j version 1.2.x:
- CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662)
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
Update to 10.2.41:
- CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497).
ModerateSUSE bug 1192497CVE-2021-35604 at SUSECVE-2021-35604 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Important)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- buffer overflow in PyCArg_repr in _ctypes/callproc.c,
which may lead to remote code execution (bsc#1181126, CVE-2021-3177).
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686SUSE bug 1181126CVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).
- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
- CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
- CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).
- CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
- CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
- CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
- CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
- CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
- CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
- CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
- CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).
The following non-security bugs were fixed:
- blk-mq: improve heavily contended tag case (bsc#1178198).
- debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
- epoll: Keep a reference on files added to the check list (bsc#1180031).
- fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).
- HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
- iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191).
- kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
- locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032).
- md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
- md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
- md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
- md/cluster: block reshape with remote resync job (bsc#1163727).
- md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
- md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727).
- md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
- md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
- md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
- Move upstreamed bt fixes into sorted section
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- net/x25: prevent a couple of overflows (bsc#1178590).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).
- s390/dasd: fix hanging device offline processing (bsc#1144912).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
- SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191).
- x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
- x86/traps: Simplify pagefault tracing logic (bsc#1179895).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
ImportantSUSE bug 1144912SUSE bug 1149032SUSE bug 1158775SUSE bug 1163727SUSE bug 1171979SUSE bug 1176395SUSE bug 1176846SUSE bug 1176962SUSE bug 1177304SUSE bug 1177666SUSE bug 1178036SUSE bug 1178182SUSE bug 1178198SUSE bug 1178372SUSE bug 1178589SUSE bug 1178590SUSE bug 1178684SUSE bug 1178886SUSE bug 1179107SUSE bug 1179140SUSE bug 1179141SUSE bug 1179419SUSE bug 1179429SUSE bug 1179508SUSE bug 1179509SUSE bug 1179601SUSE bug 1179616SUSE bug 1179663SUSE bug 1179666SUSE bug 1179745SUSE bug 1179877SUSE bug 1179878SUSE bug 1179895SUSE bug 1179960SUSE bug 1179961SUSE bug 1180008SUSE bug 1180027SUSE bug 1180028SUSE bug 1180029SUSE bug 1180030SUSE bug 1180031SUSE bug 1180032SUSE bug 1180052SUSE bug 1180086SUSE bug 1180559SUSE bug 1180562SUSE bug 1180676SUSE bug 1181001SUSE bug 1181158SUSE bug 1181349SUSE bug 1181504SUSE bug 1181553SUSE bug 1181645CVE-2019-20934 at SUSECVE-2019-20934 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for wpa_supplicant (Important)SUSE OpenStack Cloud 9
This update for wpa_supplicant fixes the following issues:
- CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).
- CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)
ImportantSUSE bug 1150934SUSE bug 1181777CVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openvswitch (Important)SUSE OpenStack Cloud 9
This update for openvswitch fixes the following issues:
- CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742).
ImportantSUSE bug 1181742CVE-2020-35498 at SUSECVE-2020-35498 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for jasper (Important)SUSE OpenStack Cloud 9
This update for jasper fixes the following issues:
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
- bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode
ImportantSUSE bug 1179748SUSE bug 1181483CVE-2020-27828 at SUSECVE-2020-27828 at NVDCVE-2021-3272 at SUSECVE-2021-3272 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for screen (Important)SUSE OpenStack Cloud 9
This update for screen fixes the following issues:
- CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092).
ImportantSUSE bug 1182092CVE-2021-26937 at SUSECVE-2021-26937 at NVDcpe:/o:suse:suse-openstack-cloud:9Recommended update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, release-notes-suse-openstack-cloud, sleshammer (Important)SUSE OpenStack Cloud 9
This update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, release-notes-suse-openstack-cloud, sleshammer fixes the following issues:
Security fix included in this update:
python-Django1
- CVE-2021-3281: Fixed a potential directory traversal when extracting
archives (bsc#1181379).
Non-security fixes included in this update
Changes in ardana-db:
- Update to version 9.0+git.1611600773.5f1de5f:
* Add tasks to check for the TLS certificate expiry (bsc#1181040)
Changes in ardana-horizon:
- Update to version 9.0+git.1610491814.38661c2:
* Add Fix for logfile permissions (bsc#1179189)
Changes in ardana-logging:
- Update to version 9.0+git.1610490922.d5f9813:
* Remove some files and fix mysql logs locations (bsc#1179189)
Changes in ardana-monasca:
- Update to version 9.0+git.1610547641.d79ecfd:
* Add Fix for logfile permissions (bsc#1179189)
Changes in ardana-opsconsole-ui:
- Update to version 9.0+git.1611867924.eb82818:
* Adjust period used to query monasca summary metrics (bsc#1181521)
Changes in ardana-osconfig:
- Update to version 9.0+git.1610634027.5934cf8:
* Fix logrotate code that needs to silence the grep (bsc#1179189)
Changes in crowbar-core:
- Update to version 6.0+git.1611320924.849e748ff:
* avoid v4.1.5 of delayed_job_active_record (noref)
* add CVE-2020-26247 to travis ignore list (bsc#1180507)
Changes in crowbar-openstack:
- Update to version 6.0+git.1610402342.21499240d:
* neutron: Fix handling of networks with non-ascii names (SOC-11429)
- Update to version 6.0+git.1610374680.e68ff27d2:
* Terminate ssl on haproxy for cinder (bsc#1149535)
* Terminate ssl on haproxy for nova (bsc#1149535)
Changes in kibana:
- Added kibana.yml symlink (bsc#1048688, FATE#323204)
Changes in openstack-dashboard:
- add 0001-Fix-network_topology-view-memory-and-file-leaks.patch
- Update to version horizon-14.1.1.dev10:
* Fix open redirect (OSSA-2020-008, CVE-2020-29565)
- Update to version horizon-14.1.1.dev8:
* Cap bandit for python 2.7 env
Changes in openstack-manila:
- Update to version manila-7.4.2.dev60:
* [stable/rocky] Adjust CI jobs
* [NetApp] Fix CIFS promote back issue
- Update to version manila-7.4.2.dev58:
* [stable/rocky] Adjust CI jobs
Changes in openstack-manila:
- Update to version manila-7.4.2.dev60:
* [stable/rocky] Adjust CI jobs
* [NetApp] Fix CIFS promote back issue
- Update to version manila-7.4.2.dev58:
* [stable/rocky] Adjust CI jobs
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev147:
* Improve DHCP agent's debug messages
- Update to version neutron-13.0.8.dev145:
* Use consistent filter API syntax
- Update to version neutron-13.0.8.dev144:
* Improve the CIDRs overlap check method for router add interface
- Update to version neutron-13.0.8.dev142:
* [GRE] Add possibility to create GRE tunnels over IPv6
- Update to version neutron-13.0.8.dev140:
* Fix migration from the HA to non-HA routers
- Update to version neutron-13.0.8.dev138:
* Dropping lower constraints testing (stable Rocky)
* Fix calling of add\_tunnel\_port method from sanity checks module
- Update to version neutron-13.0.8.dev136:
* Dropping lower constraints testing (stable Rocky)
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev147:
* Improve DHCP agent's debug messages
- Update to version neutron-13.0.8.dev145:
* Use consistent filter API syntax
- Update to version neutron-13.0.8.dev144:
* Improve the CIDRs overlap check method for router add interface
- Update to version neutron-13.0.8.dev142:
* [GRE] Add possibility to create GRE tunnels over IPv6
- Update to version neutron-13.0.8.dev140:
* Fix migration from the HA to non-HA routers
- Update to version neutron-13.0.8.dev138:
* Dropping lower constraints testing (stable Rocky)
* Fix calling of add\_tunnel\_port method from sanity checks module
- Update to version neutron-13.0.8.dev136:
* Dropping lower constraints testing (stable Rocky)
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev16:
* [AIM] Add extension for ERSPAN
2014.2.rc1
- Update to version group-based-policy-12.0.1.dev15:
* Fix QoS unit tests
2014.2rc1
- Update to version group-based-policy-12.0.1.dev14:
* Fix session handling
* Fix DB query call
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev11:
* Fix bug where security-group rule config doesn't reflect new VMs addition
* Fix DB performance with sessions
2014.2rc1
- Update to version group-based-policy-12.0.1.dev8:
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev11:
* Fix bug where security-group rule config doesn't reflect new VMs addition
* Fix DB performance with sessions
2014.2rc1
- Update to version group-based-policy-12.0.1.dev8:
* Fix upstream gate
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev7:
* Block qos config in floating ip
* Fix upstream gate
2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev78:
* [stable-only] Cap bandit and make lower-constraints job non-voting
Changes in openstack-nova:
- Update to version nova-18.3.1.dev78:
* [stable-only] Cap bandit and make lower-constraints job non-voting
Changes in python-Django1:
- Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281)
* Fixes a potential directory traversal when extracting archives
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20201214:
* Add workaround for secure boot issue when shim package is updated. Removed deprecated note about Crowbar Octavia plugin. (bsc#1179955)
ImportantSUSE bug 1048688SUSE bug 1149535SUSE bug 1179189SUSE bug 1179955SUSE bug 1180507SUSE bug 1181040SUSE bug 1181379SUSE bug 1181521CVE-2021-3281 at SUSECVE-2021-3281 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bind (Important)SUSE OpenStack Cloud 9
This update for bind fixes the following issues:
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625]
ImportantSUSE bug 1182246CVE-2020-8625 at SUSECVE-2020-8625 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for krb5-appl (Important)SUSE OpenStack Cloud 9
This update for krb5-appl fixes the following issues:
- CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
- CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).
ImportantSUSE bug 1131109CVE-2019-25017 at SUSECVE-2019-25017 at NVDCVE-2019-25018 at SUSECVE-2019-25018 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u282 (icedtea 3.18.0)
* January 2021 CPU (bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)
* Import of OpenJDK 8 u282 build 01
+ JDK-6962725: Regtest javax/swing/JFileChooser/6738668/
/bug6738668.java fails under Linux
+ JDK-8025936: Windows .pdb and .map files does not have proper
dependencies setup
+ JDK-8030350: Enable additional compiler warnings for GCC
+ JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/
/DisposeFrameOnDragTest.java fails by Timeout on Windows
+ JDK-8036122: Fix warning 'format not a string literal'
+ JDK-8051853: new
URI('x/').resolve('..').getSchemeSpecificPart() returns null!
+ JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/
/DefaultNoDrop.java locks on Windows
+ JDK-8134632: Mark javax/sound/midi/Devices/
/InitializationHang.java as headful
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8148916: Mark bug6400879.java as intermittently failing
+ JDK-8148983: Fix extra comma in changes for JDK-8148916
+ JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java
fails
+ JDK-8165808: Add release barriers when allocating objects
with concurrent collection
+ JDK-8185003: JMX: Add a version of
ThreadMXBean.dumpAllThreads with a maxDepth argument
+ JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on
windows with VS2017
+ JDK-8207766: [testbug] Adapt tests for Aix.
+ JDK-8212070: Introduce diagnostic flag to abort VM on failed
JIT compilation
+ JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
+ JDK-8215727: Restore JFR thread sampler loop to old /
previous behavior
+ JDK-8220657: JFR.dump does not work when filename is set
+ JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
+ JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java
fails with access issues and OOM
+ JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes()
can be quicker for self thread
+ JDK-8231968: getCurrentThreadAllocatedBytes default
implementation s/b getThreadAllocatedBytes
+ JDK-8232114: JVM crashed at imjpapi.dll in native code
+ JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect
numbers for Compiler area
+ JDK-8234339: replace JLI_StrTok in java_md_solinux.c
+ JDK-8238448: RSASSA-PSS signature verification fail when
using certain odd key sizes
+ JDK-8242335: Additional Tests for RSASSA-PSS
+ JDK-8244225: stringop-overflow warning on strncpy call from
compile_the_world_in
+ JDK-8245400: Upgrade to LittleCMS 2.11
+ JDK-8248214: Add paddings for TaskQueueSuper to reduce
false-sharing cache contention
+ JDK-8249176: Update GlobalSignR6CA test certificates
+ JDK-8250665: Wrong translation for the month name of May in
ar_JO,LB,SY
+ JDK-8250928: JFR: Improve hash algorithm for stack traces
+ JDK-8251469: Better cleanup for
test/jdk/javax/imageio/SetOutput.java
+ JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData
should not be in make/mapfiles/libawt_xawt/mapfile-vers
+ JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider
rather than JRE
+ JDK-8252395: [8u] --with-native-debug-symbols=external
doesn't include debuginfo files for binaries
+ JDK-8252497: Incorrect numeric currency code for ROL
+ JDK-8252754: Hash code calculation of JfrStackTrace is
inconsistent
+ JDK-8252904: VM crashes when JFR is used and JFR event class
is transformed
+ JDK-8252975: [8u] JDK-8252395 breaks the build for
--with-native-debug-symbols=internal
+ JDK-8253284: Zero OrderAccess barrier mappings are incorrect
+ JDK-8253550: [8u] JDK-8252395 breaks the build for make
STRIP_POLICY=no_strip
+ JDK-8253752: test/sun/management/jmxremote/bootstrap/
/RmiBootstrapTest.java fails randomly
+ JDK-8254081: java/security/cert/PolicyNode/
/GetPolicyQualifiers.java fails due to an expired certificate
+ JDK-8254144: Non-x86 Zero builds fail with return-type
warning in os_linux_zero.cpp
+ JDK-8254166: Zero: return-type warning in
zeroInterpreter_zero.cpp
+ JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/
/WorkerDeadlockTest.java fails
+ JDK-8255003: Build failures on Solaris
ModerateSUSE bug 1181239CVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Jinja2 (Important)SUSE OpenStack Cloud 9
This update for python-Jinja2 fixes the following issues:
- CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex
backtracking. Email matching requires a word character at the start of the
domain part, and only word characters in the TLD. (bsc#1181944)
ImportantSUSE bug 1181944CVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 25
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for open-iscsi (Important)SUSE OpenStack Cloud 9
This update for open-iscsi fixes the following issues:
Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):
- check for TCP urgent pointer past end of frame
- check for u8 overflow when processing TCP options
- check for header length underflow during checksum calculation
ImportantSUSE bug 1179908CVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for perl-XML-Twig (Moderate)SUSE OpenStack Cloud 9
This update for perl-XML-Twig fixes the following issues:
- Security fix [bsc#1008644, CVE-2016-9180]
* Added: the no_xxe option to XML::Twig::new, which causes the
parse to fail if external entities are used (to prevent
malicious XML to access the filesystem).
* Setting expand_external_ents to 0 or -1 currently doesn't work
as expected; To completely turn off expanding external entities
use no_xxe.
* Update documentation for XML::Twig to mention problems with
expand_external_ents and add information about new no_xxe argument
ModerateSUSE bug 1008644CVE-2016-9180 at SUSECVE-2016-9180 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
ImportantSUSE bug 1182357SUSE bug 1182614CVE-2021-23968 at SUSECVE-2021-23968 at NVDCVE-2021-23969 at SUSECVE-2021-23969 at NVDCVE-2021-23973 at SUSECVE-2021-23973 at NVDCVE-2021-23978 at SUSECVE-2021-23978 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-cryptography (Important)SUSE OpenStack Cloud 9
This update for python-cryptography fixes the following issues:
- CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte
values could result in an integer overflow and buffer overflow (bsc#1182066).
ImportantSUSE bug 1182066CVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-cryptography (Important)SUSE OpenStack Cloud 9
This update for python-cryptography fixes the following issues:
- CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte
values could result in an integer overflow and buffer overflow (bsc#1182066).
ImportantSUSE bug 1182066CVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for grub2 (Important)SUSE OpenStack Cloud 9
This update for grub2 fixes the following issues:
grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)
Following security issues are fixed that can violate secure boot constraints:
- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
- CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)
ImportantSUSE bug 1175970SUSE bug 1176711SUSE bug 1177883SUSE bug 1179264SUSE bug 1179265SUSE bug 1182057SUSE bug 1182262SUSE bug 1182263CVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openldap2 (Important)SUSE OpenStack Cloud 9
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
ImportantSUSE bug 1182279SUSE bug 1182408SUSE bug 1182411SUSE bug 1182412SUSE bug 1182413SUSE bug 1182415SUSE bug 1182416SUSE bug 1182417SUSE bug 1182418SUSE bug 1182419SUSE bug 1182420CVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- cifs: check all path components in resolved dfs target (bsc#1180906).
- cifs: fix check of tcon dfs in smb1 (bsc#1180906).
- cifs: fix nodfs mount option (bsc#1180906).
- cifs: introduce helper for finding referral server (bsc#1180906).
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
- rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886)
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- scsi: fc: add FPIN ELS definition (bsc#1181441).
- scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441)
- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441).
- scsi: Fix trivial spelling (bsc#1181441).
- scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441).
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441).
- scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441).
- scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441).
- scsi: qla2xxx: Add SLER and PI control support (bsc#1181441).
- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441).
- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441).
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441).
- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441).
- scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441).
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441).
- scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441).
- scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441).
- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441).
- scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441).
- scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441).
- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441).
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441).
- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441).
- scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441).
- scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441).
- scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441).
- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441).
- scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441).
- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441).
- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441).
- scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441).
- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441).
- scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441).
- scsi: qla2xxx: Fix login timeout (bsc#1181441).
- scsi: qla2xxx: Fix memory size truncation (bsc#1181441).
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441).
- scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441).
- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441).
- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441).
- scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441).
- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441).
- scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441).
- scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441).
- scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441).
- scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441).
- scsi: qla2xxx: Fix the return value (bsc#1181441).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441).
- scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441).
- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441).
- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441).
- scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441).
- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441).
- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441).
- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441).
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441).
- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441).
- scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441).
- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441).
- scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441).
- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441).
- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441).
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441).
- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441).
- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441).
- scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441).
- scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441).
- scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441).
- scsi: qla2xxx: Performance tweak (bsc#1181441).
- scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441).
- scsi: qla2xxx: Reduce noisy debug message (bsc#1181441).
- scsi: qla2xxx: Remove an unused function (bsc#1181441).
- scsi: qla2xxx: Remove a superfluous cast (bsc#1181441).
- scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441).
- scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1181441).
- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441).
- scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441).
- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441).
- scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441).
- scsi: qla2xxx: SAN congestion management implementation (bsc#1181441).
- scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441).
- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441).
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441).
- scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441).
- scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441).
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use constant when it is known (bsc#1181441).
- scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441).
- scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441).
- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441).
- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441).
- scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441).
- scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441).
- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441).
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
ImportantSUSE bug 1065600SUSE bug 1163592SUSE bug 1176831SUSE bug 1178401SUSE bug 1178762SUSE bug 1179014SUSE bug 1179015SUSE bug 1179045SUSE bug 1179082SUSE bug 1179428SUSE bug 1179660SUSE bug 1180058SUSE bug 1180906SUSE bug 1181441SUSE bug 1181747SUSE bug 1181753SUSE bug 1181843SUSE bug 1182140SUSE bug 1182175CVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29374 at SUSECVE-2020-29374 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for wpa_supplicant (Important)SUSE OpenStack Cloud 9
This update for wpa_supplicant fixes the following issues:
- CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805)
ImportantSUSE bug 1182805CVE-2021-27803 at SUSECVE-2021-27803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for git (Important)SUSE OpenStack Cloud 9
This update for git fixes the following issues:
- On case-insensitive filesystems, with support for symbolic links,
if Git is configured globally to apply delay-capable clean/smudge
filters (such as Git LFS), Git could be fooled into running
remote code during a clone. (bsc#1183026, CVE-2021-21300)
ImportantSUSE bug 1183026CVE-2021-21300 at SUSECVE-2021-21300 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Moderate)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- python27 was upgraded to 2.7.18
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
ModerateSUSE bug 1182379CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.1 ESR
* Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
* CVE-2020-16044
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
ImportantSUSE bug 1180623CVE-2020-16044 at SUSECVE-2020-16044 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glib2 (Important)SUSE OpenStack Cloud 9
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
ImportantSUSE bug 1182328SUSE bug 1182362CVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for wavpack (Important)SUSE OpenStack Cloud 9
This update for wavpack fixes the following issues:
- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414).
ImportantSUSE bug 1180414CVE-2020-35738 at SUSECVE-2020-35738 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for nghttp2 (Important)SUSE OpenStack Cloud 9
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
ImportantSUSE bug 1082318SUSE bug 1088639SUSE bug 1112438SUSE bug 1125689SUSE bug 1134616SUSE bug 1146182SUSE bug 1146184SUSE bug 1181358SUSE bug 962914SUSE bug 964140SUSE bug 966514CVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
ImportantSUSE bug 1183852CVE-2021-3449 at SUSECVE-2021-3449 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
- CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
ImportantSUSE bug 1182909SUSE bug 1182912CVE-2021-25122 at SUSECVE-2021-25122 at NVDCVE-2021-25329 at SUSECVE-2021-25329 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
ImportantSUSE bug 1183942CVE-2021-23981 at SUSECVE-2021-23981 at NVDCVE-2021-23982 at SUSECVE-2021-23982 at NVDCVE-2021-23984 at SUSECVE-2021-23984 at NVDCVE-2021-23987 at SUSECVE-2021-23987 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openvpn (Important)SUSE OpenStack Cloud 9
This update for openvpn fixes the following issues:
- CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
ImportantSUSE bug 1197341CVE-2022-0547 at SUSECVE-2022-0547 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
Non-securtiy fix:
- Fixed a broken symlink for javaws (bsc#1195146).
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195146SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Important)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2021-45115: Fixed denial-of-service possibility in UserAttributeSimilarityValidator (bsc#1194115).
- CVE-2021-45116: Fixed potential information disclosure in dictsort template filter (bsc#1194117).
- CVE-2021-45452: Fixed potential directory-traversal via Storage.save() (bsc#1194116).
ImportantSUSE bug 1194115SUSE bug 1194116SUSE bug 1194117CVE-2021-45115 at SUSECVE-2021-45115 at NVDCVE-2021-45116 at SUSECVE-2021-45116 at NVDCVE-2021-45452 at SUSECVE-2021-45452 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for zlib (Important)SUSE OpenStack Cloud 9
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
- CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902)
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904)
ImportantSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1191902SUSE bug 1191904SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35560 at SUSECVE-2021-35560 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for util-linux (Important)SUSE OpenStack Cloud 9
This update for util-linux fixes the following issues:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)
- CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921)
- Prevent outdated pam files (bsc#1082293, bsc#1081947#c68).
- Do not trim read-only volumes (bsc#1106214).
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add `RemainAfterExit=yes` (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196)
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235)
- nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708)
- Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389)
- libblkid: Do not trigger CDROM autoclose. (bsc#1084671)
- Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514)
- Build with libudev support to support non-root users. (bsc#1169006)
- lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to CIFS with mount –a. (bsc#1174942)
ImportantSUSE bug 1081947SUSE bug 1082293SUSE bug 1084671SUSE bug 1085196SUSE bug 1106214SUSE bug 1122417SUSE bug 1125886SUSE bug 1135534SUSE bug 1135708SUSE bug 1151708SUSE bug 1168235SUSE bug 1168389SUSE bug 1169006SUSE bug 1172427SUSE bug 1174942SUSE bug 1175514SUSE bug 1175623SUSE bug 1178236SUSE bug 1178554SUSE bug 1178825SUSE bug 1188921SUSE bug 1194642CVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud 9
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.8.0 ESR (bsc#1197903):
MFSA 2022-14 (bsc#1197903)
* CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use
* CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions
* CVE-2022-1196: Fixed a use-after-free after VR Process destruction
* CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument
* CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen
* CVE-2022-28286: Fixed that iframe contents could be rendered outside the border
* CVE-2022-24713: Fixed a denial of service via complex regular expressions
* CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-1196 at SUSECVE-2022-1196 at NVDCVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2022-28281 at SUSECVE-2022-28281 at NVDCVE-2022-28282 at SUSECVE-2022-28282 at NVDCVE-2022-28285 at SUSECVE-2022-28285 at NVDCVE-2022-28286 at SUSECVE-2022-28286 at NVDCVE-2022-28289 at SUSECVE-2022-28289 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openjpeg2 (Important)SUSE OpenStack Cloud 9
This update for openjpeg2 fixes the following issues:
- CVE-2016-1924: Fixed heap buffer overflow (bsc#980504).
- CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617).
- CVE-2016-4797: Fixed heap buffer overflow (bsc#980504).
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016).
- CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
- CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130).
- CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205).
- CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457).
- CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
- CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
ImportantSUSE bug 1102016SUSE bug 1106881SUSE bug 1106882SUSE bug 1140130SUSE bug 1140205SUSE bug 1162090SUSE bug 1173578SUSE bug 1180457SUSE bug 1184774SUSE bug 1197738SUSE bug 971617SUSE bug 980504CVE-2016-1924 at SUSECVE-2016-1924 at NVDCVE-2016-3183 at SUSECVE-2016-3183 at NVDCVE-2016-4797 at SUSECVE-2016-4797 at NVDCVE-2018-14423 at SUSECVE-2018-14423 at NVDCVE-2018-16375 at SUSECVE-2018-16375 at NVDCVE-2018-16376 at SUSECVE-2018-16376 at NVDCVE-2018-20845 at SUSECVE-2018-20845 at NVDCVE-2018-20846 at SUSECVE-2018-20846 at NVDCVE-2020-15389 at SUSECVE-2020-15389 at NVDCVE-2020-27823 at SUSECVE-2020-27823 at NVDCVE-2020-8112 at SUSECVE-2020-8112 at NVDCVE-2021-29338 at SUSECVE-2021-29338 at NVDCVE-2022-1122 at SUSECVE-2022-1122 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Moderate)SUSE OpenStack Cloud 9
This update for python rebuilds python against a symbol versioned openssl 1.0.2
to allow usage with openssl 1.1.1.
Also the following security issues are fixed:
- CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396).
- CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146).
ModerateSUSE bug 1187784SUSE bug 1194146SUSE bug 1195396CVE-2021-4189 at SUSECVE-2021-4189 at NVDCVE-2022-0391 at SUSECVE-2022-0391 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mysql-connector-java (Moderate)SUSE OpenStack Cloud 9
This update for mysql-connector-java fixes the following issues:
- CVE-2021-2471: Fixed unauthorized access to critical data or complete access to all MySQL Connectors (bsc#1195557).
ModerateSUSE bug 1195557CVE-2021-2471 at SUSECVE-2021-2471 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547).
- CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547).
- CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547).
- CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547).
- CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547).
- CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547).
- CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547).
- CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547).
- CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547).
- CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547).
- CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
ImportantSUSE bug 1194547CVE-2021-4140 at SUSECVE-2021-4140 at NVDCVE-2022-22737 at SUSECVE-2022-22737 at NVDCVE-2022-22738 at SUSECVE-2022-22738 at NVDCVE-2022-22739 at SUSECVE-2022-22739 at NVDCVE-2022-22740 at SUSECVE-2022-22740 at NVDCVE-2022-22741 at SUSECVE-2022-22741 at NVDCVE-2022-22742 at SUSECVE-2022-22742 at NVDCVE-2022-22743 at SUSECVE-2022-22743 at NVDCVE-2022-22744 at SUSECVE-2022-22744 at NVDCVE-2022-22745 at SUSECVE-2022-22745 at NVDCVE-2022-22746 at SUSECVE-2022-22746 at NVDCVE-2022-22747 at SUSECVE-2022-22747 at NVDCVE-2022-22748 at SUSECVE-2022-22748 at NVDCVE-2022-22751 at SUSECVE-2022-22751 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xz (Important)SUSE OpenStack Cloud 9
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libexif (Important)SUSE OpenStack Cloud 9
This update for libexif fixes the following issues:
- CVE-2020-0181: Fixed an integer overflow that could lead to denial of service
(bsc#1172802).
- CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial
of service (bsc#1172768).
- CVE-2020-0452: Fixed a buffer overflow check that could be optimized away
by the compiler (bsc#1178479).
ImportantSUSE bug 1172768SUSE bug 1172802SUSE bug 1178479CVE-2020-0181 at SUSECVE-2020-0181 at NVDCVE-2020-0198 at SUSECVE-2020-0198 at NVDCVE-2020-0452 at SUSECVE-2020-0452 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1198136cpe:/o:suse:suse-openstack-cloud:9Security update for sssd (Important)SUSE OpenStack Cloud 9
This update for sssd fixes the following issues:
- CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492).
- Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773).
Non-security fixes:
- Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564).
ImportantSUSE bug 1183735SUSE bug 1189492SUSE bug 1196564CVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
The following non-security bugs were fixed:
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- sr9700: sanity check for packet length (bsc#1196836).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- x86/tsc: Make calibration refinement more robust (bsc#1196573).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
ImportantSUSE bug 1180153SUSE bug 1189562SUSE bug 1193738SUSE bug 1194943SUSE bug 1195051SUSE bug 1195353SUSE bug 1196018SUSE bug 1196114SUSE bug 1196468SUSE bug 1196488SUSE bug 1196514SUSE bug 1196573SUSE bug 1196639SUSE bug 1196761SUSE bug 1196830SUSE bug 1196836SUSE bug 1196942SUSE bug 1196973SUSE bug 1197211SUSE bug 1197227SUSE bug 1197331SUSE bug 1197366SUSE bug 1197391SUSE bug 1197462SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-39713 at SUSECVE-2021-39713 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gzip (Important)SUSE OpenStack Cloud 9
This update for gzip fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
- CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue
mitigations (bsc#1196915).
ImportantSUSE bug 1196915SUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dnsmasq (Important)SUSE OpenStack Cloud 9
This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant
outgoing port being used when for certain use cases of the --server option
(bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1183709SUSE bug 1197872CVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for git (Important)SUSE OpenStack Cloud 9
This update for git fixes the following issues:
- CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234).
ImportantSUSE bug 1198234CVE-2022-24765 at SUSECVE-2022-24765 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libxml2 (Important)SUSE OpenStack Cloud 9
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490)
ImportantSUSE bug 1196490CVE-2022-23308 at SUSECVE-2022-23308 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for SDL (Important)SUSE OpenStack Cloud 9
This update for SDL fixes the following issues:
- CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202)
- CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201)
- CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001)
ImportantSUSE bug 1181201SUSE bug 1181202SUSE bug 1198001CVE-2020-14409 at SUSECVE-2020-14409 at NVDCVE-2020-14410 at SUSECVE-2020-14410 at NVDCVE-2021-33657 at SUSECVE-2021-33657 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openstack-monasca-agent, spark, spark-kit, zookeeper (Important)SUSE OpenStack Cloud 9
This update for openstack-monasca-agent, spark, spark-kit, zookeeper fixes the following issues:
- CVE-2021-4104: Remove JMSAppender from log4j jars (bsc#1193662)
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.34.3 (bsc#1194019).
- CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content.
- CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content.
ImportantSUSE bug 1194019CVE-2018-8518 at SUSECVE-2018-8518 at NVDCVE-2018-8523 at SUSECVE-2018-8523 at NVDCVE-2019-8551 at SUSECVE-2019-8551 at NVDCVE-2019-8558 at SUSECVE-2019-8558 at NVDCVE-2019-8559 at SUSECVE-2019-8559 at NVDCVE-2019-8563 at SUSECVE-2019-8563 at NVDCVE-2019-8674 at SUSECVE-2019-8674 at NVDCVE-2019-8681 at SUSECVE-2019-8681 at NVDCVE-2019-8684 at SUSECVE-2019-8684 at NVDCVE-2019-8687 at SUSECVE-2019-8687 at NVDCVE-2019-8688 at SUSECVE-2019-8688 at NVDCVE-2019-8689 at SUSECVE-2019-8689 at NVDCVE-2019-8690 at SUSECVE-2019-8690 at NVDCVE-2019-8707 at SUSECVE-2019-8707 at NVDCVE-2019-8719 at SUSECVE-2019-8719 at NVDCVE-2019-8726 at SUSECVE-2019-8726 at NVDCVE-2019-8733 at SUSECVE-2019-8733 at NVDCVE-2019-8763 at SUSECVE-2019-8763 at NVDCVE-2019-8765 at SUSECVE-2019-8765 at NVDCVE-2019-8766 at SUSECVE-2019-8766 at NVDCVE-2019-8768 at SUSECVE-2019-8768 at NVDCVE-2019-8782 at SUSECVE-2019-8782 at NVDCVE-2019-8808 at SUSECVE-2019-8808 at NVDCVE-2019-8815 at SUSECVE-2019-8815 at NVDCVE-2019-8821 at SUSECVE-2019-8821 at NVDCVE-2019-8822 at SUSECVE-2019-8822 at NVDCVE-2020-10018 at SUSECVE-2020-10018 at NVDCVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-3885 at SUSECVE-2020-3885 at NVDCVE-2020-3894 at SUSECVE-2020-3894 at NVDCVE-2020-3895 at SUSECVE-2020-3895 at NVDCVE-2020-3897 at SUSECVE-2020-3897 at NVDCVE-2020-3900 at SUSECVE-2020-3900 at NVDCVE-2020-3901 at SUSECVE-2020-3901 at NVDCVE-2020-3902 at SUSECVE-2020-3902 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9952 at SUSECVE-2020-9952 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1817 at SUSECVE-2021-1817 at NVDCVE-2021-1820 at SUSECVE-2021-1820 at NVDCVE-2021-1825 at SUSECVE-2021-1825 at NVDCVE-2021-1826 at SUSECVE-2021-1826 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDCVE-2021-30661 at SUSECVE-2021-30661 at NVDCVE-2021-30666 at SUSECVE-2021-30666 at NVDCVE-2021-30682 at SUSECVE-2021-30682 at NVDCVE-2021-30761 at SUSECVE-2021-30761 at NVDCVE-2021-30762 at SUSECVE-2021-30762 at NVDCVE-2021-30809 at SUSECVE-2021-30809 at NVDCVE-2021-30818 at SUSECVE-2021-30818 at NVDCVE-2021-30823 at SUSECVE-2021-30823 at NVDCVE-2021-30836 at SUSECVE-2021-30836 at NVDCVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30848 at SUSECVE-2021-30848 at NVDCVE-2021-30849 at SUSECVE-2021-30849 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDCVE-2021-30884 at SUSECVE-2021-30884 at NVDCVE-2021-30887 at SUSECVE-2021-30887 at NVDCVE-2021-30888 at SUSECVE-2021-30888 at NVDCVE-2021-30889 at SUSECVE-2021-30889 at NVDCVE-2021-30890 at SUSECVE-2021-30890 at NVDCVE-2021-30897 at SUSECVE-2021-30897 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cifs-utils (Important)SUSE OpenStack Cloud 9
This update for cifs-utils fixes the following issues:
- CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).
ImportantSUSE bug 1197216CVE-2022-27239 at SUSECVE-2022-27239 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for aide (Important)SUSE OpenStack Cloud 9
This update for aide fixes the following issues:
- CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735)
ImportantSUSE bug 1194735CVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Moderate)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issues:
- CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP
request smuggling. (bsc#1198086)
ModerateSUSE bug 1198086CVE-2022-24801 at SUSECVE-2022-24801 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for zsh (Important)SUSE OpenStack Cloud 9
This update for zsh fixes the following issues:
- CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294)
- CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294)
ImportantSUSE bug 1107294SUSE bug 1107296CVE-2018-0502 at SUSECVE-2018-0502 at NVDCVE-2018-13259 at SUSECVE-2018-13259 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 5 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
ModerateSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1188568SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2432 at SUSECVE-2021-2432 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gzip (Important)SUSE OpenStack Cloud 9
This update for gzip fixes the following issues:
- CVE-2022-1271: Add hardening for zgrep. (bsc#1198062)
ImportantCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.0 (bsc#1198290):
- CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution.
- CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error.
Missing CVE reference for the update to 2.34.6 (bsc#1196133):
- CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
ImportantSUSE bug 1196133SUSE bug 1198290CVE-2022-22594 at SUSECVE-2022-22594 at NVDCVE-2022-22624 at SUSECVE-2022-22624 at NVDCVE-2022-22628 at SUSECVE-2022-22628 at NVDCVE-2022-22629 at SUSECVE-2022-22629 at NVDCVE-2022-22637 at SUSECVE-2022-22637 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for e2fsprogs (Important)SUSE OpenStack Cloud 9
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud (Important)SUSE OpenStack Cloud 9
This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:
Security fixes included on the update:
ardana-barbican:
- Update policies to protect container secret access (SOC-11621)
- Update policies to protect secret metadata access (SOC-11620)
openstack-neutron:
- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).
rubygem-sinatra:
- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).
python-XStatic-jquery-ui:
- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)
- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)
- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)
python-lxml:
- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).
- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).
- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).
- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).
openstack-barbican:
- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).
- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954).
grafana:
- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).
openstack-keystone:
- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).
Non-security fixes included on the update:
Changes in ardana-barbican:
- Update to version 9.0+git.1644879908.8a641c1:
* Update policies to protect container secret access (SOC-11621)
- Update to version 9.0+git.1643052417.9a3348e:
* update policies to protect secret metadata access (SOC-11620)
Changes in grafana:
- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)
* directory traversal vulnerability for .md files
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache
Changes in openstack-barbican:
- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch
and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix
the legacy policy rules for adding a secret to a container and removing
a secret from a container. bsc#1194954,CVE-2022-23452
- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the
legacy policy rules for accessing secret metadata by checking that
the user making the request is authenticated for the project that
owns the secret. bsc#1194952,CVE-2022-23451
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev4:
* Add support for yoga
- Update to version group-based-policy-automation-14.0.1.dev3:
* Python2/3 compatibility fixes
- Update to version group-based-policy-automation-14.0.1.dev2:
* Add support for xena
- Update to version group-based-policy-automation-14.0.1.dev1:
* Remove py27 from gate jobs
14.0.0
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev3:
* Add support for yoga
- Update to version group-based-policy-ui-14.0.1.dev2:
* Python2/3 compatibility changes
- Update to version group-based-policy-ui-14.0.1.dev1:
* Add support for xena
14.0.0
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-keystone:
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-keystone:
- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix
the problem where AccountLocked exception discloses sensitive information.
bsc#1189390,CVE-2021-38155
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev33:
* Populate network mtu for erspan
- Update to version group-based-policy-14.0.1.dev32:
* ERSPAN config error when Openstack port is created in a different project than network it belongs to
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev31:
* Python2/3 compatibility fixes
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev29:
* Fix oslo\_i18n usage
- Update to version group-based-policy-14.0.1.dev27:
* Update mechanism\_driver cache
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev26:
* Add support for xena
- Update to version group-based-policy-14.0.1.dev24:
* update\_floatingip\_status\_while\_deleting\_the\_vm
- Update to version group-based-policy-14.0.1.dev22:
* Updating host id by appending pid in existing host id
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev20:
* Revert 'Add workaround to get\_subnets'
Changes in python-lxml:
- Fix bsc#1179534 (CVE-2020-27783)
mXSS due to the use of improper parser
Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch
- Fix bsc#1118088 (CVE-2018-19787)
lxml/html/clean.py in the lxml.html.clean module does not remove
javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks
Patch file: 0001-CVE-2018-19787.patch
- Fix bsc#1184177 (CVE-2021-28957)
missing input sanitization for formaction HTML5 attributes may lead to XSS
Patch file: 0001-CVE-2021-28957.patch
- Fix bsc#1193752 (CVE-2021-43818)
Cleaner: Remove SVG image data URLs since they can embed script content.
Reported as GHSL-2021-1037 and GHSL-2021-1038
Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch
Changes in openstack-neutron-doc:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Remove cve-2021-40085-stable-rocky.patch (merged upstream)
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085)
* Remove dhcp_extra_opt value after first newline character
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in python-Pillow:
- Add 030-CVE-2022-22817.patch
* From upstream, backported
* Fixes CVE-2022-22817, bsc#1194521
* test from upstream updated for python2
- Add 028-CVE-2022-22815.patch
* From upstream, backported
* Fixes CVE-2022-22815, bsc#1194552
- Add 029-CVE-2022-22816.patch
* From upstream, backported
* Fixes CVE-2022-22816, bsc#1194551
Changes in python-XStatic-jquery-ui:
- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,
CVE-2021-41184, bsc#1192075, CVE-2021-41183)
* Fix XSS in the altField option of the Datepicker widget
(CVE-2021-41182)
* Fix XSS in *Text options of the Datepicker widget
(CVE-2021-41183)
* Fix XSS in the of option of the .position() util
(CVE-2021-41184)
* Drop support for Query 1.7
* Accordion: allow function parameter for selecting header
elements
* Datepicker: add optional onUpdateDatepicker callback
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20220413:
* Update release notes to indicate support for SES7
- Update to version 9.20220112:
* Add reference to keystone bcrypt issue to known limitations (bsc#1186380)
Changes in rubygem-sinatra:
- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)
ImportantSUSE bug 1118088SUSE bug 1179534SUSE bug 1184177SUSE bug 1186380SUSE bug 1189390SUSE bug 1189794SUSE bug 1192070SUSE bug 1192073SUSE bug 1192075SUSE bug 1193597SUSE bug 1193688SUSE bug 1193752SUSE bug 1194521SUSE bug 1194551SUSE bug 1194552SUSE bug 1194952SUSE bug 1194954SUSE bug 1199138CVE-2018-19787 at SUSECVE-2018-19787 at NVDCVE-2020-27783 at SUSECVE-2020-27783 at NVDCVE-2021-28957 at SUSECVE-2021-28957 at NVDCVE-2021-38155 at SUSECVE-2021-38155 at NVDCVE-2021-40085 at SUSECVE-2021-40085 at NVDCVE-2021-41182 at SUSECVE-2021-41182 at NVDCVE-2021-41183 at SUSECVE-2021-41183 at NVDCVE-2021-41184 at SUSECVE-2021-41184 at NVDCVE-2021-43813 at SUSECVE-2021-43813 at NVDCVE-2021-43818 at SUSECVE-2021-43818 at NVDCVE-2021-44716 at SUSECVE-2021-44716 at NVDCVE-2022-22815 at SUSECVE-2022-22815 at NVDCVE-2022-22816 at SUSECVE-2022-22816 at NVDCVE-2022-22817 at SUSECVE-2022-22817 at NVDCVE-2022-23451 at SUSECVE-2022-23451 at NVDCVE-2022-23452 at SUSECVE-2022-23452 at NVDCVE-2022-29970 at SUSECVE-2022-29970 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423)
Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).
ModerateSUSE bug 1198717SUSE bug 1199423CVE-2022-21151 at SUSECVE-2022-21151 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
ImportantSUSE bug 1198970CVE-2022-29909 at SUSECVE-2022-29909 at NVDCVE-2022-29911 at SUSECVE-2022-29911 at NVDCVE-2022-29912 at SUSECVE-2022-29912 at NVDCVE-2022-29914 at SUSECVE-2022-29914 at NVDCVE-2022-29916 at SUSECVE-2022-29916 at NVDCVE-2022-29917 at SUSECVE-2022-29917 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glib2 (Low)SUSE OpenStack Cloud 9
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openldap2 (Important)SUSE OpenStack Cloud 9
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
- Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383).
ImportantSUSE bug 1198383SUSE bug 1199240CVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for expat (Important)SUSE OpenStack Cloud 9
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
ImportantSUSE bug 1194251SUSE bug 1194362SUSE bug 1194474SUSE bug 1194476SUSE bug 1194477SUSE bug 1194478SUSE bug 1194479SUSE bug 1194480CVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql10 (Important)SUSE OpenStack Cloud 9
This update for postgresql10 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
ImportantSUSE bug 1199768CVE-2022-1529 at SUSECVE-2022-1529 at NVDCVE-2022-1802 at SUSECVE-2022-1802 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-requests (Moderate)SUSE OpenStack Cloud 9
This update for python-requests fixes the following issues:
- CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI
upon receiving a same-hostname https-to-http redirect. (bsc#1111622)
ModerateSUSE bug 1111622CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libxml2 (Important)SUSE OpenStack Cloud 9
This update for libxml2 fixes the following issues:
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132).
- CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689).
ImportantSUSE bug 1069689SUSE bug 1199132CVE-2017-16932 at SUSECVE-2017-16932 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for pcre2 (Important)SUSE OpenStack Cloud 9
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for kernel-firmware (Moderate)SUSE OpenStack Cloud 9
This update for kernel-firmware fixes the following issues:
Update AMD ucode and SEV firmware
- (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744,
bsc#1199459, bsc#1199470)
ModerateSUSE bug 1199459SUSE bug 1199470CVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for wpa_supplicant (Important)SUSE OpenStack Cloud 9
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733)
- CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777)
- Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805)
- Limit P2P_DEVICE name to appropriate ifname size
- Enable SAE support(jsc#SLE-14992).
- Fix wicked wlan (bsc#1156920)
- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
network. Fix WLAN config on boot with wicked. (bsc#1166933)
- Adjust the service to start after network.target wrt bsc#1165266
Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
- SAE/EAP-pwd side-channel attack update
[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] ImportantSUSE bug 1131644SUSE bug 1131868SUSE bug 1131870SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874SUSE bug 1133640SUSE bug 1144443SUSE bug 1156920SUSE bug 1165266SUSE bug 1166933SUSE bug 1167331SUSE bug 1182805SUSE bug 1194732SUSE bug 1194733CVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql14 (Important)SUSE OpenStack Cloud 9
This update for postgresql14 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ImageMagick (Important)SUSE OpenStack Cloud 9
This update for ImageMagick fixes the following issues:
- CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351).
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
ImportantSUSE bug 1198351SUSE bug 1199350CVE-2022-1270 at SUSECVE-2022-1270 at NVDCVE-2022-28463 at SUSECVE-2022-28463 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mailman (Important)SUSE OpenStack Cloud 9
This update for mailman fixes the following issues:
- CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316).
- CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741).
- CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735).
- CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959).
ImportantSUSE bug 1191959SUSE bug 1192735SUSE bug 1192741SUSE bug 1193316CVE-2021-42096 at SUSECVE-2021-42096 at NVDCVE-2021-43331 at SUSECVE-2021-43331 at NVDCVE-2021-43332 at SUSECVE-2021-43332 at NVDCVE-2021-44227 at SUSECVE-2021-44227 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for polkit (Important)SUSE OpenStack Cloud 9
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).
ImportantSUSE bug 1194568CVE-2021-4034 at SUSECVE-2021-4034 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for librelp (Moderate)SUSE OpenStack Cloud 9
This update for librelp fixes the following issues:
- CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730).
ModerateSUSE bug 1086730CVE-2018-1000140 at SUSECVE-2018-1000140 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027)
- CVE-2022-31736: Cross-Origin resource's length leaked
- CVE-2022-31737: Heap buffer overflow in WebGL
- CVE-2022-31738: Browser window spoof using fullscreen mode
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
- CVE-2022-31740: Register allocation problem in WASM on arm64
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
- CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
ImportantSUSE bug 1200027CVE-2022-31736 at SUSECVE-2022-31736 at NVDCVE-2022-31737 at SUSECVE-2022-31737 at NVDCVE-2022-31738 at SUSECVE-2022-31738 at NVDCVE-2022-31739 at SUSECVE-2022-31739 at NVDCVE-2022-31740 at SUSECVE-2022-31740 at NVDCVE-2022-31741 at SUSECVE-2022-31741 at NVDCVE-2022-31742 at SUSECVE-2022-31742 at NVDCVE-2022-31747 at SUSECVE-2022-31747 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for strongswan (Important)SUSE OpenStack Cloud 9
This update for strongswan fixes the following issues:
- CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471)
ImportantSUSE bug 1194471CVE-2021-45079 at SUSECVE-2021-45079 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud 9
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.4 (bsc#1200027)
* CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
ImportantSUSE bug 1200027CVE-2022-31741 at SUSECVE-2022-31741 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for grub2 (Important)SUSE OpenStack Cloud 9
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
ImportantSUSE bug 1191184SUSE bug 1191185SUSE bug 1191186SUSE bug 1193282SUSE bug 1197948SUSE bug 1198460SUSE bug 1198493SUSE bug 1198496SUSE bug 1198581CVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
- CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516)
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- debug: Lock down kgdb (bsc#1199426).
- dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
- lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124).
- lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
- linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124).
- linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
- linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
- linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124).
- net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124).
- net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124).
- net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124).
- net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124).
- net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124).
- net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124).
- net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
- net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124).
- net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124).
- net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124).
- net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124).
- net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124).
- net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124).
- net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124).
- net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124).
- net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124).
- net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
- net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
- net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124).
- net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124).
- net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
- net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
- net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124).
- net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124).
- net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124).
- net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124).
- net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124).
- net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124).
- net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124).
- net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124).
- net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124).
- net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124).
- net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124).
- net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124).
- net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124).
- net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124).
- net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
- net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124).
- net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124).
- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124).
- net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
- net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
- net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124).
- net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
- net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124).
- net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124).
- net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124).
- net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
- net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124).
- net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124).
- net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- x86/pm: Save the MSR validity status at context setup (bsc#1114648).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).
ImportantSUSE bug 1028340SUSE bug 1065729SUSE bug 1071995SUSE bug 1114648SUSE bug 1172456SUSE bug 1182171SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1191958SUSE bug 1195651SUSE bug 1196426SUSE bug 1197099SUSE bug 1197219SUSE bug 1197343SUSE bug 1198400SUSE bug 1198516SUSE bug 1198660SUSE bug 1198687SUSE bug 1198742SUSE bug 1198825SUSE bug 1199012SUSE bug 1199063SUSE bug 1199314SUSE bug 1199399SUSE bug 1199426SUSE bug 1199505SUSE bug 1199605SUSE bug 1199650CVE-2019-20811 at SUSECVE-2019-20811 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-39711 at SUSECVE-2021-39711 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
ImportantSUSE bug 1199287SUSE bug 1200106CVE-2022-26700 at SUSECVE-2022-26700 at NVDCVE-2022-26709 at SUSECVE-2022-26709 at NVDCVE-2022-26716 at SUSECVE-2022-26716 at NVDCVE-2022-26717 at SUSECVE-2022-26717 at NVDCVE-2022-26719 at SUSECVE-2022-26719 at NVDCVE-2022-30293 at SUSECVE-2022-30293 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
ImportantSUSE bug 1200338SUSE bug 1200340SUSE bug 1200341SUSE bug 1200345SUSE bug 1200348SUSE bug 1200350SUSE bug 1200352CVE-2022-26377 at SUSECVE-2022-26377 at NVDCVE-2022-28614 at SUSECVE-2022-28614 at NVDCVE-2022-28615 at SUSECVE-2022-28615 at NVDCVE-2022-29404 at SUSECVE-2022-29404 at NVDCVE-2022-30522 at SUSECVE-2022-30522 at NVDCVE-2022-30556 at SUSECVE-2022-30556 at NVDCVE-2022-31813 at SUSECVE-2022-31813 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
ImportantSUSE bug 1199166CVE-2022-1292 at SUSECVE-2022-1292 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Important)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issues:
- CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739).
ImportantSUSE bug 1196739CVE-2022-21716 at SUSECVE-2022-21716 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for log4j (Important)SUSE OpenStack Cloud 9
This update for log4j fixes the following issues:
- CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844)
- CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843)
- CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
ImportantSUSE bug 1194842SUSE bug 1194843SUSE bug 1194844CVE-2022-23302 at SUSECVE-2022-23302 at NVDCVE-2022-23305 at SUSECVE-2022-23305 at NVDCVE-2022-23307 at SUSECVE-2022-23307 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for SUSE Manager Client Tools (Important)SUSE OpenStack Cloud 9
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update required Go version to 1.16
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error patch that is already included upstream
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
grafana:
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams
API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
ImportantSUSE bug 1181223SUSE bug 1181400SUSE bug 1190462SUSE bug 1190535SUSE bug 1193600SUSE bug 1194873SUSE bug 1195726SUSE bug 1195727SUSE bug 1195728SUSE bug 1196338SUSE bug 1196704SUSE bug 1197507SUSE bug 1197689CVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-39226 at SUSECVE-2021-39226 at NVDCVE-2021-41174 at SUSECVE-2021-41174 at NVDCVE-2021-41244 at SUSECVE-2021-41244 at NVDCVE-2021-43798 at SUSECVE-2021-43798 at NVDCVE-2021-43813 at SUSECVE-2021-43813 at NVDCVE-2021-43815 at SUSECVE-2021-43815 at NVDCVE-2022-21673 at SUSECVE-2022-21673 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-21702 at SUSECVE-2022-21702 at NVDCVE-2022-21703 at SUSECVE-2022-21703 at NVDCVE-2022-21713 at SUSECVE-2022-21713 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for fwupdate (Important)SUSE OpenStack Cloud 9
This update of fwupdate fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Important)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-21427 (bsc#1199928)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27445 (bsc#1198629)
ImportantSUSE bug 1198603SUSE bug 1198604SUSE bug 1198606SUSE bug 1198607SUSE bug 1198610SUSE bug 1198611SUSE bug 1198612SUSE bug 1198613SUSE bug 1198629SUSE bug 1199928CVE-2021-46669 at SUSECVE-2021-46669 at NVDCVE-2022-21427 at SUSECVE-2022-21427 at NVDCVE-2022-27377 at SUSECVE-2022-27377 at NVDCVE-2022-27378 at SUSECVE-2022-27378 at NVDCVE-2022-27380 at SUSECVE-2022-27380 at NVDCVE-2022-27381 at SUSECVE-2022-27381 at NVDCVE-2022-27383 at SUSECVE-2022-27383 at NVDCVE-2022-27384 at SUSECVE-2022-27384 at NVDCVE-2022-27386 at SUSECVE-2022-27386 at NVDCVE-2022-27387 at SUSECVE-2022-27387 at NVDCVE-2022-27445 at SUSECVE-2022-27445 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1070738SUSE bug 1198511SUSE bug 1199441CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl (Moderate)SUSE OpenStack Cloud 9
This update for openssl fixes the following issues:
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1200550CVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1185637SUSE bug 1199166SUSE bug 1200550CVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for oracleasm (Important)SUSE OpenStack Cloud 9
This update of oracleasm fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud:9Security update for python (Important)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1198511CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sysstat (Moderate)SUSE OpenStack Cloud 9
This update for sysstat fixes the following issues:
Security issue fixed:
- CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104).
Bug fixes:
- Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958)
ModerateSUSE bug 1144923SUSE bug 1159104CVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dpdk (Important)SUSE OpenStack Cloud 9
This update of dpdk fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793):
- CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381)
- CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604)
- CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537)
- CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951)
- CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123)
- CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717)
- CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595)
- CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246)
- CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651)
ImportantSUSE bug 1200793CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-31744 at SUSECVE-2022-31744 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
ImportantSUSE bug 1201099CVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for crash (Important)SUSE OpenStack Cloud 9
This update of crash fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud:9Security update for rsyslog (Important)SUSE OpenStack Cloud 9
This update for rsyslog fixes the following issues:
- CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061)
ImportantSUSE bug 1199061CVE-2022-24903 at SUSECVE-2022-24903 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for pcre (Important)SUSE OpenStack Cloud 9
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
- CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
ImportantSUSE bug 1194179SUSE bug 1194181CVE-2022-2319 at SUSECVE-2022-2319 at NVDCVE-2022-2320 at SUSECVE-2022-2320 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for squid (Important)SUSE OpenStack Cloud 9
This update for squid fixes the following issues:
- CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436)
- CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921)
- CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907)
ImportantSUSE bug 1183436SUSE bug 1185921SUSE bug 1200907CVE-2020-25097 at SUSECVE-2020-25097 at NVDCVE-2021-28651 at SUSECVE-2021-28651 at NVDCVE-2021-46784 at SUSECVE-2021-46784 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144).
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143).
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577).
- CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426).
- CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266).
The following non-security bugs were fixed:
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- exec: Force single empty string when argv is empty (bsc#1200571).
ImportantSUSE bug 1158266SUSE bug 1162338SUSE bug 1162369SUSE bug 1173871SUSE bug 1177282SUSE bug 1194013SUSE bug 1196901SUSE bug 1198577SUSE bug 1199426SUSE bug 1199487SUSE bug 1199507SUSE bug 1199657SUSE bug 1200059SUSE bug 1200143SUSE bug 1200144SUSE bug 1200249SUSE bug 1200571SUSE bug 1200599SUSE bug 1200604SUSE bug 1200605SUSE bug 1200608SUSE bug 1200619SUSE bug 1200692SUSE bug 1200762SUSE bug 1201050SUSE bug 1201080SUSE bug 1201251CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.4 (bsc#1201221):
- CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information.
- CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted.
- CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantSUSE bug 1201221CVE-2022-22662 at SUSECVE-2022-22662 at NVDCVE-2022-22677 at SUSECVE-2022-22677 at NVDCVE-2022-26710 at SUSECVE-2022-26710 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-M2Crypto (Important)SUSE OpenStack Cloud 9
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).
ImportantSUSE bug 1178829CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gpg2 (Important)SUSE OpenStack Cloud 9
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
ImportantSUSE bug 1201225CVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)
- CVE-2022-21426: Better XPath expression handling (bsc#1198672)
- CVE-2022-21443: Improved Object Identification (bsc#1198675)
- CVE-2022-21434: Better invocation handler handling (bsc#1198674)
- CVE-2022-21476: Improve Santuario processing (bsc#1198671)
- CVE-2022-21496: Improve URL supports (bsc#1198673)
And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes.
ImportantSUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nspr, mozilla-nss (Moderate)SUSE OpenStack Cloud 9
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to fix various issues:
FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15.
- FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
- FISP: remove hard disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
Version update to NSS 3.79
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Update to NSS 3.78.1
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
update to NSS 3.78
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Update to NSS 3.77:
- resolve mpitests build failure on Windows.
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Add a CI Target for gcc-11.
- Change to makefiles for gcc-4.8.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
update to NSS 3.76.1
- Remove token member from NSSSlot struct.
NSS 3.76
- Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake message.
update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- real move assignment operator.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Update to NSS 3.74:
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (bsc#1195040)
Update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Update to NSS 3.69.1
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with AES_CBC
NSS 3.69
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
- FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
- Enable FIPS during test certificate creation and disables the library checksum
validation during same.
- FIPS: allow checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132.
- FIPS: update validation string to version-release format. (bsc#1192079).
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086).
- FIPS: Add CSP clearing (bmo#1697303, bsc#1192087).
mozilla-nspr was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
update to 4.33:
* fixes to build system and export of private symbols
ModerateSUSE bug 1191546SUSE bug 1192079SUSE bug 1192080SUSE bug 1192086SUSE bug 1192087SUSE bug 1192228SUSE bug 1193170SUSE bug 1195040SUSE bug 1198486SUSE bug 1198980SUSE bug 1200325SUSE bug 1201298CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for git (Important)SUSE OpenStack Cloud 9
This update for git fixes the following issues:
- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
- Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119)
ImportantSUSE bug 1200119SUSE bug 1201431CVE-2022-29187 at SUSECVE-2022-29187 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
ImportantSUSE bug 1199965SUSE bug 1199966SUSE bug 1200549SUSE bug 1201394SUSE bug 1201469CVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for pcre2 (Important)SUSE OpenStack Cloud 9
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
ImportantSUSE bug 1199235CVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Moderate)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496).
ModerateSUSE bug 1201496CVE-2022-32742 at SUSECVE-2022-32742 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.12.0 ESR (bsc#1201758):
- CVE-2022-36319: Mouse Position spoofing with CSS transforms
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
ImportantSUSE bug 1201758CVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dovecot22 (Important)SUSE OpenStack Cloud 9
This update for dovecot22 fixes the following issues:
- CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267).
ImportantSUSE bug 1201267CVE-2022-30550 at SUSECVE-2022-30550 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for qpdf (Important)SUSE OpenStack Cloud 9
This update for qpdf fixes the following issues:
- CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830).
- CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).
ImportantSUSE bug 1188514SUSE bug 1201830CVE-2021-36978 at SUSECVE-2021-36978 at NVDCVE-2022-34503 at SUSECVE-2022-34503 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Critical)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859)
CriticalSUSE bug 1194859CVE-2021-44142 at SUSECVE-2021-44142 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mokutil (Moderate)SUSE OpenStack Cloud 9
This update for mokutil fixes the following issues:
- Adds SBAT revocation support to mokutil. (bsc#1198458)
New options added (see manpage):
- mokutil --sbat
List all entries in SBAT.
- mokutil --set-sbat-policy (latest | previous | delete)
To set the SBAT acceptance policy.
- mokutil --list-sbat-revocations
To list the current SBAT revocations.
ModerateSUSE bug 1198458cpe:/o:suse:suse-openstack-cloud:9Security update for python-Babel (Important)SUSE OpenStack Cloud 9
This update for python-Babel fixes the following issues:
- CVE-2021-42771: Fixed relative path traversal leading to loading arbitrary
locale files on disk and executing arbitrary code (bsc#1185768).
ImportantSUSE bug 1185768CVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).
- cifs: To match file servers, make sure the server hostname matches (bsc#1201926).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926).
- cifs: set a minimum of 120s for next dns resolution (bsc#1201926).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926).
- kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type.
- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484).
ImportantSUSE bug 1195775SUSE bug 1195926SUSE bug 1198484SUSE bug 1198829SUSE bug 1200442SUSE bug 1201050SUSE bug 1201635SUSE bug 1201636SUSE bug 1201926SUSE bug 1201930CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Important)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issues:
- CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457).
- CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458).
ImportantSUSE bug 1166457SUSE bug 1166458CVE-2020-10108 at SUSECVE-2020-10108 at NVDCVE-2020-10109 at SUSECVE-2020-10109 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for curl (Important)SUSE OpenStack Cloud 9
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite
loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223).
- CVE-2022-27782: Fixed an issue where TLS and SSH connections would
be reused even when a related option had been changed (bsc#1199224).
- CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused
by an unbounded number of compression layers (bsc#1200735).
- CVE-2022-32208: Fixed an incorrect message verification issue when
performing FTP transfers using krb5 (bsc#1200737).
ImportantSUSE bug 1199223SUSE bug 1199224SUSE bug 1200735SUSE bug 1200737CVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u345 (icedtea-3.24.0)
- CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694).
- CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692).
- CVE-2022-34169: Fixed an issue where arbitrary bytecode could
be executed via a malicious stylesheet (bsc#1201684).
- Non-security fixes:
- Allowed for customization of PKCS12 keystores (bsc#1195163).
ImportantSUSE bug 1195163SUSE bug 1201684SUSE bug 1201692SUSE bug 1201694CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657).
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
Other fixes:
- Update for functional issues.
See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
| ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
| ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
| ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
ModerateSUSE bug 1201727CVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for zlib (Important)SUSE OpenStack Cloud 9
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
ImportantSUSE bug 1202175CVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Important)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086)
- CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088)
ImportantSUSE bug 1195086SUSE bug 1195088CVE-2022-22818 at SUSECVE-2022-22818 at NVDCVE-2022-23833 at SUSECVE-2022-23833 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for rsync (Important)SUSE OpenStack Cloud 9
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
ImportantSUSE bug 1201840CVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
- Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bluez (Important)SUSE OpenStack Cloud 9
This update for bluez fixes the following issues:
- CVE-2019-8922: Fixed a buffer overflow in the implementation of the
Service Discovery Protocol (bsc#1193227).
ImportantSUSE bug 1193227CVE-2019-8922 at SUSECVE-2019-8922 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libcroco (Important)SUSE OpenStack Cloud 9
This update for libcroco fixes the following issues:
- CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685).
ImportantSUSE bug 1171685CVE-2020-12825 at SUSECVE-2020-12825 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for gstreamer-plugins-good (Important)SUSE OpenStack Cloud 9
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
ImportantSUSE bug 1201688SUSE bug 1201693SUSE bug 1201702SUSE bug 1201704SUSE bug 1201706SUSE bug 1201707SUSE bug 1201708CVE-2022-1920 at SUSECVE-2022-1920 at NVDCVE-2022-1921 at SUSECVE-2022-1921 at NVDCVE-2022-1922 at SUSECVE-2022-1922 at NVDCVE-2022-1923 at SUSECVE-2022-1923 at NVDCVE-2022-1924 at SUSECVE-2022-1924 at NVDCVE-2022-1925 at SUSECVE-2022-1925 at NVDCVE-2022-2122 at SUSECVE-2022-2122 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql10 (Important)SUSE OpenStack Cloud 9
This update for postgresql10 fixes the following issues:
- Upgrade to 10.22:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.36.5 (bsc#1201980):
- Add support for PAC proxy in the WebDriver implementation.
- Fix video playback when loaded through custom URIs, this fixes
video playback in the Yelp documentation browser.
- Fix WebKitWebView::context-menu when using GTK4.
- Fix LTO builds with GCC.
- Fix several crashes and rendering issues.
- Security fixes:
- CVE-2022-32792: Fixed processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to
UI spoofing.
ImportantSUSE bug 1201980CVE-2022-32792 at SUSECVE-2022-32792 at NVDCVE-2022-32816 at SUSECVE-2022-32816 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for open-vm-tools (Important)SUSE OpenStack Cloud 9
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
ImportantSUSE bug 1202657SUSE bug 1202733CVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for net-snmp (Important)SUSE OpenStack Cloud 9
This update for net-snmp fixes the following issues:
- CVE-2020-15862: Make extended MIB read-only (bsc#1174961)
ImportantSUSE bug 1100146SUSE bug 1145864SUSE bug 1152968SUSE bug 1174961SUSE bug 1178021SUSE bug 1178351SUSE bug 1179009SUSE bug 1179699SUSE bug 1184839CVE-2020-15862 at SUSECVE-2020-15862 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for json-c (Important)SUSE OpenStack Cloud 9
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed an integer overflow that could lead to memory
corruption via a large JSON file (bsc#1171479).
Non-security fixes:
- Updated to version 0.12.1 (jsc#PED-1778).
ImportantSUSE bug 1171479CVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
ImportantSUSE bug 1202645CVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libgda (Important)SUSE OpenStack Cloud 9
This update for libgda fixes the following issues:
- CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849).
ImportantSUSE bug 1189849CVE-2021-39359 at SUSECVE-2021-39359 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
- Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when
processing malicious web content and that could lead to arbitrary
code execution.
- Fixed several crashes and rendering issues.
- Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
- Fixed several crashes and rendering issues
ImportantSUSE bug 1202169SUSE bug 1202807CVE-2022-32893 at SUSECVE-2022-32893 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for clamav (Important)SUSE OpenStack Cloud 9
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature 'Intermediates' feature.
* Relax constraints on slightly malformed zip archives that
contain overlapping file entries.
ImportantSUSE bug 1202986cpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
Note: the issues listed below were NOT fixed with the previous update (8.0-7.11).
- Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694)..
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for udisks2 (Moderate)SUSE OpenStack Cloud 9
This update for udisks2 fixes the following issues:
- CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606).
- Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797).
ModerateSUSE bug 1098797SUSE bug 1190606CVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql12 (Important)SUSE OpenStack Cloud 9
This update for postgresql12 fixes the following issues:
- Update to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1198166SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for keepalived (Important)SUSE OpenStack Cloud 9
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to
insufficient control in the D-Bus policy (bsc#1193115).
ImportantSUSE bug 1193115CVE-2021-44225 at SUSECVE-2021-44225 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql14 (Important)SUSE OpenStack Cloud 9
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
ImportantSUSE bug 1198166SUSE bug 1200437SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.2.0esr ESR:
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-34 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155)
Address bar spoofing via XSLT error handling
* CVE-2022-38473 (bmo#1771685)
Cross-origin XSLT Documents would have inherited the parent's
permissions
* CVE-2022-38476 (bmo#1760998)
Data race and potential use-after-free in PK11_ChangePW
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658)
Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Firefox Extended Support Release 102.1 ESR
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-30 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722)
Mouse Position spoofing with CSS transforms
* CVE-2022-36318 (bmo#1771774)
Directory indexes for bundled resources reflected URL
parameters
* CVE-2022-36314 (bmo#1773894)
Opening local <code>.lnk</code> files could cause unexpected
network loads
* CVE-2022-2505 (bmo#1769739, bmo#1772824)
Memory safety bugs fixed in Firefox 103 and 102.1
- Firefox Extended Support Release 102.0.1 ESR
* Fixed: Fixed bookmark shortcut creation by dragging to
Windows File Explorer and dropping partially broken
(bmo#1774683)
* Fixed: Fixed bookmarks sidebar flashing white when opened in
dark mode (bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with
content in both English and a non-Latin alphabet
(bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last
visible message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is
closed* checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
Firefox 102.0 ESR:
* New:
- We now provide more secure connections: Firefox can
now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc
headers.
- For added viewing pleasure, full-range color levels are now
supported for video playback on many systems.
- Find it easier now! Mac users can now access the macOS
share options from the Firefox File menu.
- Voil?! Support for images containing ICC v4 profiles is
enabled on macOS.
- Firefox now supports the new AVIF image format, which is
based on the modern and royalty-free AV1 video codec. It
offers significant bandwidth savings for sites compared to
existing image formats. It also supports transparency and
other advanced features.
- Firefox PDF viewer now supports filling more forms (e.g.,
XFA-based forms, used by multiple governments and banks).
Learn more.
- When available system memory is critically low, Firefox on
Windows will automatically unload tabs based on their last
access time, memory usage, and other attributes. This helps
to reduce Firefox out-of-memory crashes. Forgot something?
Switching to an unloaded tab automatically reloads it.
- To prevent session loss for macOS users who are running
Firefox from a mounted .dmg file, they’ll now be prompted to
finish installation. Bear in mind, this permission prompt
only appears the first time these users run Firefox on their
computer.
- For your safety, Firefox now blocks downloads that rely on
insecure connections, protecting against potentially
malicious or unsafe downloads. Learn more and see where to
find downloads in Firefox.
- Improved web compatibility for privacy protections with
SmartBlock 3.0: In Private Browsing and Strict Tracking
Protection, Firefox goes to great lengths to protect your web
browsing activity from trackers. As part of this, the built-
in content blocking will automatically block third-party
scripts, images, and other content from being loaded from
cross-site tracking companies reported by Disconnect. Learn
more.
- Introducing a new referrer tracking protection in Strict
Tracking Protection and Private Browsing. This feature
prevents sites from unknowingly leaking private information
to trackers. Learn more.
- Introducing Firefox Suggest, a feature that provides
website suggestions as you type into the address bar. Learn
more about this faster way to navigate the web and locale-
specific features.
- Firefox macOS now uses Apple's low-power mode for
fullscreen video on sites such as YouTube and Twitch. This
meaningfully extends battery life in long viewing sessions.
Now your kids can find out what the fox says on a loop
without you ever missing a beat…
- With this release, power users can use about:unloads to
release system resources by manually unloading tabs without
closing them.
- On Windows, there will now be fewer interruptions because
Firefox won’t prompt you for updates. Instead, a background
agent will download and install updates even if Firefox is
closed.
- On Linux, we’ve improved WebGL performance and reduced
power consumption for many users.
- To better protect all Firefox users against side-channel
attacks, such as Spectre, we introduced Site Isolation.
- Firefox no longer warns you by default when you exit the
browser or close a window using a menu, button, or three-key
command. This should cut back on unwelcome notifications,
which is always nice—however, if you prefer a bit of notice,
you’ll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox
Settings. No worries! More details here.
- Firefox supports the new Snap Layouts menus when running on
Windows 11.
- RLBox—a new technology that hardens Firefox against
potential security vulnerabilities in third-party
libraries—is now enabled on all platforms.
- We’ve reduced CPU usage on macOS in Firefox and
WindowServer during event processing.
- We’ve also reduced the power usage of software decoded
video on macOS, especially in fullscreen. This includes
streaming sites such as Netflix and Amazon Prime Video.
- You can now move the Picture-in-Picture toggle button to
the opposite side of the video. Simply look for the new
context menu option Move Picture-in-Picture Toggle to Left
(Right) Side.
- We’ve made significant improvements in noise suppression
and auto-gain-control, as well as slight improvements in
echo-cancellation to provide you with a better overall
experience.
- We’ve also significantly reduced main-thread load.
- When printing, you can now choose to print only the
odd/even pages.
- Firefox now supports and displays the new style of
scrollbars on Windows 11.
- Firefox has a new optimized download flow. Instead of
prompting every time, files will download automatically.
However, they can still be opened from the downloads panel
with just one click. Easy! More information
- Firefox no longer asks what to do for each file by default.
You won’t be prompted to choose a helper application or save
to disk before downloading a file unless you have changed
your download action setting for that type of file.
- Any files you download will be immediately saved on your
disk. Depending on the current configuration, they’ll be
saved in your preferred download folder, or you’ll be asked
to select a location for each download. Windows and Linux
users will find their downloaded files in the destination
folder. They’ll no longer be put in the Temp folder.
- Firefox allows users to choose from a number of built-in
search engines to set as their default. In this release, some
users who had previously configured a default engine might
notice their default search engine has changed since Mozilla
was unable to secure formal permission to continue including
certain search engines in Firefox.
- You can now toggle Narrate in ReaderMode with the keyboard
shortcut 'n.'
- You can find added support for search—with or without
diacritics—in the PDF viewer.
- The Linux sandbox has been strengthened: processes exposed
to web content no longer have access to the X Window system
(X11).
- Firefox now supports credit card autofill and capture in
Germany, France, and the United Kingdom.
- We now support captions/subtitles display on YouTube, Prime
Video, and Netflix videos you watch in Picture-in-Picture.
Just turn on the subtitles on the in-page video player, and
they will appear in PiP.
- Picture-in-Picture now also supports video captions on
websites that use Web Video Text Track (WebVTT) format (e.g.,
Coursera.org, Canadian Broadcasting Corporation, and many
more).
- On the first run after install, Firefox detects when its
language does not match the operating system language and
offers the user a choice between the two languages.
- Firefox spell checking now checks spelling in multiple
languages. To enable additional languages, select them in the
text field’s context menu.
- HDR video is now supported in Firefox on Mac—starting with
YouTube! Firefox users on macOS 11+ (with HDR-compatible
screens) can enjoy higher-fidelity video content. No need to
manually flip any preferences to turn HDR video support
on—just make sure battery preferences are NOT set to
“optimize video streaming while on battery”.
- Hardware-accelerated AV1 video decoding is enabled on
Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2
Excluding Navi 24, GeForce 30). Installing the AV1 Video
Extension from the Microsoft Store may also be required.
- Video overlay is enabled on Windows for Intel GPUs,
reducing power usage during video playback.
- Improved fairness between painting and handling other
events. This noticeably improves the performance of the
volume slider on Twitch.
- Scrollbars on Linux and Windows 11 won't take space by
default. On Linux, users can change this in Settings. On
Windows, Firefox follows the system setting (System Settings
> Accessibility > Visual Effects > Always show scrollbars).
- Firefox now ignores less restricted referrer
policies—including unsafe-url, no-referrer-when-downgrade,
and origin-when-cross-origin—for cross-site
subresource/iframe requests to prevent privacy leaks from the
referrer.
- Reading is now easier with the prefers-contrast media
query, which allows sites to detect if the user has requested
that web content is presented with a higher (or lower)
contrast.
- All non-configured MIME types can now be assigned a custom
action upon download completion.
- Firefox now allows users to use as many microphones as they
want, at the same time, during video conferencing. The most
exciting benefit is that you can easily switch your
microphones at any time (if your conferencing service
provider enables this flexibility).
- Print preview has been updated.
* Fixed: Various security fixes.
- MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34483 (bmo#1335845)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34476 (bmo#1387919)
ASN.1 parser could have been tricked into accepting malformed
ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246)
Potential integer overflow in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138)
Sandboxed iframes could redirect to external schemes
* CVE-2022-34469 (bmo#1721220)
TLS certificate errors on HSTS-protected domains could be
bypassed by the user on Firefox for Android
* CVE-2022-34471 (bmo#1766047)
Compromised server could trick a browser into an addon
downgrade
* CVE-2022-34472 (bmo#1770123)
Unavailable PAC file resulted in OCSP requests being blocked
* CVE-2022-34478 (bmo#1773717)
Microsoft protocols can be attacked if a user accepts a
prompt
* CVE-2022-2200 (bmo#1771381)
Undesired attributes could be set as part of prototype
pollution
* CVE-2022-34480 (bmo#1454072)
Free of uninitialized pointer in lg_init
* CVE-2022-34477 (bmo#1731614)
MediaError message property leaked information on cross-
origin same-site pages
* CVE-2022-34475 (bmo#1757210)
HTML Sanitizer could have been bypassed via same-origin
script via use tags
* CVE-2022-34473 (bmo#1770888)
HTML Sanitizer could have been bypassed via use tags
* CVE-2022-34484 (bmo#1763634, bmo#1772651)
Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
* CVE-2022-34485 (bmo#1768409, bmo#1768578)
Memory safety bugs fixed in Firefox 102
ImportantSUSE bug 1200793SUSE bug 1201758SUSE bug 1202645CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-2505 at SUSECVE-2022-2505 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34469 at SUSECVE-2022-34469 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34471 at SUSECVE-2022-34471 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34473 at SUSECVE-2022-34473 at NVDCVE-2022-34474 at SUSECVE-2022-34474 at NVDCVE-2022-34475 at SUSECVE-2022-34475 at NVDCVE-2022-34476 at SUSECVE-2022-34476 at NVDCVE-2022-34477 at SUSECVE-2022-34477 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34480 at SUSECVE-2022-34480 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34482 at SUSECVE-2022-34482 at NVDCVE-2022-34483 at SUSECVE-2022-34483 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDCVE-2022-34485 at SUSECVE-2022-34485 at NVDCVE-2022-36314 at SUSECVE-2022-36314 at NVDCVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDCVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38476 at SUSECVE-2022-38476 at NVDCVE-2022-38477 at SUSECVE-2022-38477 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative (bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
ImportantSUSE bug 1172145SUSE bug 1177440SUSE bug 1188944SUSE bug 1191881SUSE bug 1194535SUSE bug 1196616SUSE bug 1200598SUSE bug 1200770SUSE bug 1200910SUSE bug 1201019SUSE bug 1201420SUSE bug 1201429SUSE bug 1201705SUSE bug 1201726SUSE bug 1201940SUSE bug 1201948SUSE bug 1202096SUSE bug 1202154SUSE bug 1202346SUSE bug 1202347SUSE bug 1202393SUSE bug 1202396SUSE bug 1202672SUSE bug 1202897SUSE bug 1202898SUSE bug 1203098CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21385 at SUSECVE-2022-21385 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
- CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)
ImportantSUSE bug 1194581SUSE bug 1194588CVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma (Moderate)SUSE OpenStack Cloud 9
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string (bsc#1157665).
rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).
Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev45:
* FIP Status active after dissociate
- Update to version group-based-policy-14.0.1.dev43:
* fixed apic synchronization state for multiple erspan session
- Update to version group-based-policy-14.0.1.dev41:
* Remove\_legacy\_service\_chain\_code(2)
- Update to version group-based-policy-14.0.1.dev39:
* data-migrations spelling fixes
2014.2rc1
- Update to version group-based-policy-14.0.1.dev38:
* Adding support for address group feature in upstream
- Update to version group-based-policy-14.0.1.dev36:
* Add support for yoga
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev35:
* Removed\_legacy\_service\_chain\_code
2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
ModerateSUSE bug 1157665SUSE bug 1164139SUSE bug 1191454SUSE bug 1197818SUSE bug 1198398SUSE bug 1201186CVE-2019-11287 at SUSECVE-2019-11287 at NVDCVE-2020-1734 at SUSECVE-2020-1734 at NVDCVE-2021-39226 at SUSECVE-2021-39226 at NVDCVE-2022-24790 at SUSECVE-2022-24790 at NVDCVE-2022-28346 at SUSECVE-2022-28346 at NVDCVE-2022-34265 at SUSECVE-2022-34265 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libsndfile (Important)SUSE OpenStack Cloud 9
This update for libsndfile fixes the following issues:
- CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that
could potentially lead to heap exploitation (bsc#1194006).
ImportantSUSE bug 1194006CVE-2021-4156 at SUSECVE-2021-4156 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sqlite3 (Moderate)SUSE OpenStack Cloud 9
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite3 was update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Update to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64.
- CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3.
ImportantSUSE bug 1203477CVE-2022-40956 at SUSECVE-2022-40956 at NVDCVE-2022-40957 at SUSECVE-2022-40957 at NVDCVE-2022-40958 at SUSECVE-2022-40958 at NVDCVE-2022-40959 at SUSECVE-2022-40959 at NVDCVE-2022-40960 at SUSECVE-2022-40960 at NVDCVE-2022-40962 at SUSECVE-2022-40962 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for expat (Important)SUSE OpenStack Cloud 9
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for krb5-appl (Important)SUSE OpenStack Cloud 9
This update for krb5-appl fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530):
- CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution.
- CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution.
ImportantSUSE bug 1203530CVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bind (Important)SUSE OpenStack Cloud 9
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
ImportantSUSE bug 1203614SUSE bug 1203619SUSE bug 1203620CVE-2022-2795 at SUSECVE-2022-2795 at NVDCVE-2022-38177 at SUSECVE-2022-38177 at NVDCVE-2022-38178 at SUSECVE-2022-38178 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for squid (Important)SUSE OpenStack Cloud 9
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
ImportantSUSE bug 1203677SUSE bug 1203680CVE-2022-41317 at SUSECVE-2022-41317 at NVDCVE-2022-41318 at SUSECVE-2022-41318 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit (Important)SUSE OpenStack Cloud 9
This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues:
- CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662).
- CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842).
- CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843).
- CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844).
ImportantSUSE bug 1193662SUSE bug 1194842SUSE bug 1194843SUSE bug 1194844CVE-2021-4104 at SUSECVE-2021-4104 at NVDCVE-2022-23302 at SUSECVE-2022-23302 at NVDCVE-2022-23305 at SUSECVE-2022-23305 at NVDCVE-2022-23307 at SUSECVE-2022-23307 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql-jdbc (Important)SUSE OpenStack Cloud 9
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).
ImportantSUSE bug 1202170CVE-2022-31197 at SUSECVE-2022-31197 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Important)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for clamav (Important)SUSE OpenStack Cloud 9
This update for clamav fixes the following issues:
- CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731)
ImportantSUSE bug 1194731CVE-2022-20698 at SUSECVE-2022-20698 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-waitress (Important)SUSE OpenStack Cloud 9
This update for python-waitress fixes the following issues:
- CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197256)
ImportantSUSE bug 1197255CVE-2022-24761 at SUSECVE-2022-24761 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
- CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
ImportantSUSE bug 1201309SUSE bug 1202097SUSE bug 1202385SUSE bug 1202677SUSE bug 1202960SUSE bug 1203107SUSE bug 1203552CVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tiff (Important)SUSE OpenStack Cloud 9
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).
ImportantSUSE bug 1201723SUSE bug 1201971SUSE bug 1202026SUSE bug 1202466SUSE bug 1202467SUSE bug 1202468SUSE bug 1202968SUSE bug 1202971SUSE bug 1202973CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libksba (Critical)SUSE OpenStack Cloud 9
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Mako (Moderate)SUSE OpenStack Cloud 9
This update for python-Mako fixes the following issues:
- CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246).
ModerateSUSE bug 1203246CVE-2022-40023 at SUSECVE-2022-40023 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985).
- CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529).
- CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).
- CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727).
- CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207).
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442).
- CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442).
- CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032).
- CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731).
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)
- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162)
- CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575).
The following non-security bugs were fixed:
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- elfcore: fix building with clang (bsc#1169514).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge.
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841).
- kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- net: Using proper atomic helper (bsc#1186222).
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Add XDP support (bsc#1193507).
- net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507).
- net: mana: Improve the HWC error handling (bsc#1193507).
- net: mana: Support hibernation and kexec (bsc#1193507).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- post.sh: detect /usr mountpoint too
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change.
- rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla).
- rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358).
- rpm: use _rpmmacrodir (boo#1191384)
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
- watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
ImportantSUSE bug 1071995SUSE bug 1124431SUSE bug 1167162SUSE bug 1169514SUSE bug 1172073SUSE bug 1177101SUSE bug 1179599SUSE bug 1184804SUSE bug 1185377SUSE bug 1186207SUSE bug 1186222SUSE bug 1187167SUSE bug 1189305SUSE bug 1189841SUSE bug 1190358SUSE bug 1190428SUSE bug 1191229SUSE bug 1191384SUSE bug 1191731SUSE bug 1192032SUSE bug 1192267SUSE bug 1192740SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1193306SUSE bug 1193440SUSE bug 1193442SUSE bug 1193507SUSE bug 1193575SUSE bug 1193669SUSE bug 1193727SUSE bug 1193731SUSE bug 1193767SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194001SUSE bug 1194048SUSE bug 1194087SUSE bug 1194227SUSE bug 1194302SUSE bug 1194516SUSE bug 1194529SUSE bug 1194880SUSE bug 1194888SUSE bug 1194985SUSE bug 1195254CVE-2018-25020 at SUSECVE-2018-25020 at NVDCVE-2019-15126 at SUSECVE-2019-15126 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-0935 at SUSECVE-2021-0935 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-3564 at SUSECVE-2021-3564 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for multipath-tools (Important)SUSE OpenStack Cloud 9
This update for multipath-tools fixes the following issues:
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
ImportantSUSE bug 1202616SUSE bug 1202739SUSE bug 1204325CVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libxml2 (Important)SUSE OpenStack Cloud 9
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1201978SUSE bug 1204366SUSE bug 1204367CVE-2016-3709 at SUSECVE-2016-3709 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bluez (Important)SUSE OpenStack Cloud 9
This update for bluez fixes the following issues:
- CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237).
- CVE-2016-9803: Fixed memory leak (bsc#1013885).
ImportantSUSE bug 1013885SUSE bug 1193237CVE-2016-9803 at SUSECVE-2016-9803 at NVDCVE-2019-8921 at SUSECVE-2019-8921 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Updated to version 102.4.0 ESR (bsc#1204421):
- CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
ImportantSUSE bug 1204421CVE-2022-42927 at SUSECVE-2022-42927 at NVDCVE-2022-42928 at SUSECVE-2022-42928 at NVDCVE-2022-42929 at SUSECVE-2022-42929 at NVDCVE-2022-42932 at SUSECVE-2022-42932 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for telnet (Important)SUSE OpenStack Cloud 9
This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for SUSE Manager Client Tools (Moderate)SUSE OpenStack Cloud 9
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
golang-github-prometheus-alertmanager:
- Do not include sources (bsc#1200725)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114)
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
* CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
kiwi-desc-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Use salt bundle
* Add support fo VirtIO disks
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
ModerateSUSE bug 1196338SUSE bug 1198903SUSE bug 1200725SUSE bug 1201535SUSE bug 1201539CVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-31097 at SUSECVE-2022-31097 at NVDCVE-2022-31107 at SUSECVE-2022-31107 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for curl (Important)SUSE OpenStack Cloud 9
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593).
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
ImportantSUSE bug 1202593SUSE bug 1204383CVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libtirpc (Important)SUSE OpenStack Cloud 9
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
ImportantSUSE bug 1200800SUSE bug 1201680CVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openjpeg2 (Important)SUSE OpenStack Cloud 9
This update for openjpeg2 fixes the following issues:
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789).
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046).
ImportantSUSE bug 1149789SUSE bug 1179821SUSE bug 1180043SUSE bug 1180044SUSE bug 1180046CVE-2018-21010 at SUSECVE-2018-21010 at NVDCVE-2020-27824 at SUSECVE-2020-27824 at NVDCVE-2020-27842 at SUSECVE-2020-27842 at NVDCVE-2020-27843 at SUSECVE-2020-27843 at NVDCVE-2020-27845 at SUSECVE-2020-27845 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dbus-1 (Important)SUSE OpenStack Cloud 9
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libtasn1 (Critical)SUSE OpenStack Cloud 9
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690).
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412).
- CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416).
ImportantSUSE bug 1204412SUSE bug 1204416CVE-2022-3550 at SUSECVE-2022-3550 at NVDCVE-2022-3551 at SUSECVE-2022-3551 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for expat (Important)SUSE OpenStack Cloud 9
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glibc (Moderate)SUSE OpenStack Cloud 9
This update for glibc fixes the following issues:
- CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing
a malformed regexp (bsc#1193625)
- x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852)
- Recognize ppc64p7 arch to build for power7
ModerateSUSE bug 1193625SUSE bug 1196852CVE-2015-8985 at SUSECVE-2015-8985 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Important)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issues:
- CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781).
ImportantSUSE bug 1204781CVE-2019-12387 at SUSECVE-2019-12387 at NVDCVE-2020-10108 at SUSECVE-2020-10108 at NVDCVE-2022-21712 at SUSECVE-2022-21712 at NVDCVE-2022-39348 at SUSECVE-2022-39348 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libvirt (Important)SUSE OpenStack Cloud 9
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876)
ImportantSUSE bug 1192876SUSE bug 1193981SUSE bug 1194041CVE-2021-3975 at SUSECVE-2021-3975 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sudo (Important)SUSE OpenStack Cloud 9
This update for sudo fixes the following issues:
Security fixes:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).
Other:
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
- Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998).
ImportantSUSE bug 1197998SUSE bug 1203201SUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923)
ImportantSUSE bug 1185104SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2021-28689 at SUSECVE-2021-28689 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270):
- CVE-2022-45403: Service Workers might have learned size of cross-origin media files
- CVE-2022-45404: Fullscreen notification bypass
- CVE-2022-45405: Use-after-free in InputStream implementation
- CVE-2022-45406: Use-after-free of a JavaScript Realm
- CVE-2022-45408: Fullscreen notification bypass via windowName
- CVE-2022-45409: Use-after-free in Garbage Collection
- CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
- CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
- CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
- CVE-2022-45416: Keystroke Side-Channel Leakage
- CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
- CVE-2022-45420: Iframe contents could be rendered outside the iframe
- CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
ImportantSUSE bug 1205270CVE-2022-45403 at SUSECVE-2022-45403 at NVDCVE-2022-45404 at SUSECVE-2022-45404 at NVDCVE-2022-45405 at SUSECVE-2022-45405 at NVDCVE-2022-45406 at SUSECVE-2022-45406 at NVDCVE-2022-45408 at SUSECVE-2022-45408 at NVDCVE-2022-45409 at SUSECVE-2022-45409 at NVDCVE-2022-45410 at SUSECVE-2022-45410 at NVDCVE-2022-45411 at SUSECVE-2022-45411 at NVDCVE-2022-45412 at SUSECVE-2022-45412 at NVDCVE-2022-45416 at SUSECVE-2022-45416 at NVDCVE-2022-45418 at SUSECVE-2022-45418 at NVDCVE-2022-45420 at SUSECVE-2022-45420 at NVDCVE-2022-45421 at SUSECVE-2022-45421 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tiff (Important)SUSE OpenStack Cloud 9
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).
ImportantSUSE bug 1204641SUSE bug 1204643SUSE bug 1204644SUSE bug 1204645SUSE bug 1205392CVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for pixman (Important)SUSE OpenStack Cloud 9
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125).
- CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).
ImportantSUSE bug 1203125SUSE bug 1205244CVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for exiv2 (Important)SUSE OpenStack Cloud 9
This update for exiv2 fixes the following issues:
- CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681)
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332)
- CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338)
- CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
ImportantSUSE bug 1119562SUSE bug 1142681SUSE bug 1185002SUSE bug 1186231SUSE bug 1188733SUSE bug 1189332SUSE bug 1189337SUSE bug 1189338CVE-2018-20097 at SUSECVE-2018-20097 at NVDCVE-2019-13112 at SUSECVE-2019-13112 at NVDCVE-2021-29457 at SUSECVE-2021-29457 at NVDCVE-2021-29473 at SUSECVE-2021-29473 at NVDCVE-2021-31291 at SUSECVE-2021-31291 at NVDCVE-2021-32815 at SUSECVE-2021-32815 at NVDCVE-2021-34334 at SUSECVE-2021-34334 at NVDCVE-2021-37620 at SUSECVE-2021-37620 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for busybox (Important)SUSE OpenStack Cloud 9
This update for busybox fixes the following issues:
- CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660).
- CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412).
- CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912).
- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663).
- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662).
- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
- CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976).
- CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978).
- CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428).
- CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869).
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263).
- Update to 1.35.0
- awk: fix printf %%, fix read beyond end of buffer
- chrt: silence analyzer warning
- libarchive: remove duplicate forward declaration
- mount: 'mount -o rw ....' should not fall back to RO mount
- ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find,
mktemp, wget and others
- Enable fdisk (jsc#CAR-16)
- Update to 1.34.1:
* build system: use SOURCE_DATE_EPOCH for timestamp if available
* many bug fixes and new features
* touch: make FEATURE_TOUCH_NODEREF unconditional
- update to 1.33.1:
* httpd: fix sendfile
* ash: fix HISTFILE corruptio
* ash: fix unset variable pattern expansion
* traceroute: fix option parsing
* gunzip: fix for archive corruption
- Update to version 1.33.0
- many bug fixes and new features
- Update to version 1.32.1
- fixes a case where in ash, 'wait' never finishes.
- prepare usrmerge (bsc#1029961)
- Enable testsuite and package it for later rerun (for QA, jsc#CAR-15)
- Update to version 1.31.1:
+ Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion
fix), hush, dpkg-deb, telnet and wget.
- Changes from version 1.31.0:
+ many bugfixes and new features.
- Add busybox-no-stime.patch: stime() has been deprecated in glibc
2.31 and replaced with clock_settime().
- update to 1.25.1:
* fixes for hush, gunzip, ip route, ntpd
- includes changes from 1.25.0:
* many added and expanded implementations of command options
- includes changes from 1.24.2:
* fixes for build system (static build with glibc fixed),
truncate, gunzip and unzip.
- Update to version 1.24.1
* for a full list of changes see http://www.busybox.net/news.html
- Refresh busybox.install.patch
- Update to 1.23.2
* for a full list of changes see http://www.busybox.net/news.html
- Cleaned up spec file with spec-cleaner
- Refreshed patches
- update to 1.22.1:
Many updates and fixes for most included tools, see
see http://www.busybox.net/news.html
ImportantSUSE bug 1029961SUSE bug 1064976SUSE bug 1064978SUSE bug 1069412SUSE bug 1099260SUSE bug 1099263SUSE bug 1102912SUSE bug 1121426SUSE bug 1121428SUSE bug 1184522SUSE bug 1191514SUSE bug 1192869SUSE bug 914660SUSE bug 951562SUSE bug 970662SUSE bug 970663SUSE bug 991940CVE-2011-5325 at SUSECVE-2011-5325 at NVDCVE-2014-9645 at SUSECVE-2014-9645 at NVDCVE-2015-9261 at SUSECVE-2015-9261 at NVDCVE-2016-2147 at SUSECVE-2016-2147 at NVDCVE-2016-2148 at SUSECVE-2016-2148 at NVDCVE-2016-6301 at SUSECVE-2016-6301 at NVDCVE-2017-15873 at SUSECVE-2017-15873 at NVDCVE-2017-15874 at SUSECVE-2017-15874 at NVDCVE-2017-16544 at SUSECVE-2017-16544 at NVDCVE-2018-1000500 at SUSECVE-2018-1000500 at NVDCVE-2018-1000517 at SUSECVE-2018-1000517 at NVDCVE-2018-20679 at SUSECVE-2018-20679 at NVDCVE-2019-5747 at SUSECVE-2019-5747 at NVDCVE-2021-28831 at SUSECVE-2021-28831 at NVDCVE-2021-42373 at SUSECVE-2021-42373 at NVDCVE-2021-42374 at SUSECVE-2021-42374 at NVDCVE-2021-42375 at SUSECVE-2021-42375 at NVDCVE-2021-42376 at SUSECVE-2021-42376 at NVDCVE-2021-42377 at SUSECVE-2021-42377 at NVDCVE-2021-42378 at SUSECVE-2021-42378 at NVDCVE-2021-42379 at SUSECVE-2021-42379 at NVDCVE-2021-42380 at SUSECVE-2021-42380 at NVDCVE-2021-42381 at SUSECVE-2021-42381 at NVDCVE-2021-42382 at SUSECVE-2021-42382 at NVDCVE-2021-42383 at SUSECVE-2021-42383 at NVDCVE-2021-42384 at SUSECVE-2021-42384 at NVDCVE-2021-42385 at SUSECVE-2021-42385 at NVDCVE-2021-42386 at SUSECVE-2021-42386 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Important)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244).
The following non-security bug was fixed:
- Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171).
ImportantSUSE bug 1202666SUSE bug 1205244CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for binutils (Important)SUSE OpenStack Cloud 9
This update for binutils fixes the following issues:
The following security bugs were fixed:
- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).
- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).
- CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).
- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).
- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).
- CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).
- CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
- CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).
- CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).
The following non-security bugs were fixed:
- SLE toolchain update of binutils, update to 2.39 from 2.37.
- Update to 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
--weaken-symbols options now works with unique symbols as well.
- Update to 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
--unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
--unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils (bsc#1198458).
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to 'warn' will generate a
warning message whenever any multibyte character is encountered. Using the
option to 'warn-sym-only' will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908).
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
- Add back fix for bsc#1191473, which got lost in the update to 2.38.
- Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
ImportantSUSE bug 1142579SUSE bug 1185597SUSE bug 1185712SUSE bug 1188374SUSE bug 1191473SUSE bug 1191908SUSE bug 1193929SUSE bug 1194783SUSE bug 1197592SUSE bug 1198237SUSE bug 1198458SUSE bug 1202816SUSE bug 1202966SUSE bug 1202967SUSE bug 1202969CVE-2019-1010204 at SUSECVE-2019-1010204 at NVDCVE-2021-3530 at SUSECVE-2021-3530 at NVDCVE-2021-3648 at SUSECVE-2021-3648 at NVDCVE-2021-3826 at SUSECVE-2021-3826 at NVDCVE-2021-45078 at SUSECVE-2021-45078 at NVDCVE-2021-46195 at SUSECVE-2021-46195 at NVDCVE-2022-27943 at SUSECVE-2022-27943 at NVDCVE-2022-38126 at SUSECVE-2022-38126 at NVDCVE-2022-38127 at SUSECVE-2022-38127 at NVDCVE-2022-38533 at SUSECVE-2022-38533 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
Security fixes:
- CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
- CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
- CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
- CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
- CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).
Update to version 2.38.2:
- Fix scrolling issues in some sites having fixed background.
- Fix prolonged buffering during progressive live playback.
- Fix the build with accessibility disabled.
- Fix several crashes and rendering issues.
Update to version 2.38.1:
- Make xdg-dbus-proxy work if host session bus address is an
abstract socket.
- Use a single xdg-dbus-proxy process when sandbox is enabled.
- Fix high resolution video playback due to unimplemented
changeType operation.
- Ensure GSubprocess uses posix_spawn() again and inherit file
descriptors.
- Fix player stucking in buffering (paused) state for progressive
streaming.
- Do not try to preconnect on link click when link preconnect
setting is disabled.
- Fix close status code returned when the client closes a
WebSocket in some cases.
- Fix media player duration calculation.
- Fix several crashes and rendering issues.
Update to version 2.38.0:
- New media controls UI style.
- Add new API to set WebView's Content-Security-Policy for web
extensions support.
- Make it possible to use the remote inspector from other
browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
- MediaSession is enabled by default, allowing remote media
control using MPRIS.
- Add support for PDF documents using PDF.js.
ImportantSUSE bug 1205120SUSE bug 1205121SUSE bug 1205122SUSE bug 1205123SUSE bug 1205124CVE-2022-32888 at SUSECVE-2022-32888 at NVDCVE-2022-32923 at SUSECVE-2022-32923 at NVDCVE-2022-42799 at SUSECVE-2022-42799 at NVDCVE-2022-42823 at SUSECVE-2022-42823 at NVDCVE-2022-42824 at SUSECVE-2022-42824 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
- CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
- CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
- CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
- CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
- CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
- Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302]
* Security:
- The IBM ORB Does Not Support Object-Serialisation Data Filtering
- Large Allocation In CipherSuite
- Avoid Evaluating Sslalgorithmconstraints Twice
- Cache The Results Of Constraint Checks
- An incorrect ShortBufferException is thrown by IBMJCEPlus,
IBMJCEPlusFIPS during cipher update operation
- Disable SHA-1 Signed Jars For Ea
- JSSE Performance Improvement
- Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
* Java 8/Orb:
- Upgrade ibmcfw.jar To Version o2228.02
* Class Libraries:
- Crash In Libjsor.So During An Rdma Failover
- High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
- Update Timezone Information To The Latest tzdata2022c
* Jit Compiler:
- Crash During JIT Compilation
- Incorrect JIT Optimization Of Java Code
- Incorrect Return From Class.isArray()
- Unexpected ClassCastException
- Performance Regression When Calling VM Helper Code On X86
* X/Os Extentions:
- Add RSA-OAEP Cipher Function To IBMJCECCA
- Update to Java 8.0 Service Refresh 7 Fix Pack 16
* Java Virtual Machine
- Assertion failure at ClassLoaderRememberedSet.cpp
- Assertion failure at StandardAccessBarrier.cpp when
-Xgc:concurrentScavenge is set.
- GC can have unflushed ownable synchronizer objects which
can eventually lead to heap corruption and failure when
-Xgc:concurrentScavenge is set.
* JIT Compiler:
- Incorrect JIT optimization of Java code
- JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
* Reliability and Serviceability:
- javacore with 'kill -3' SIGQUIT signal freezes Java process
ModerateSUSE bug 1204468SUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475SUSE bug 1204480SUSE bug 1205302CVE-2022-21618 at SUSECVE-2022-21618 at NVDCVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDCVE-2022-39399 at SUSECVE-2022-39399 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for supportutils (Moderate)SUSE OpenStack Cloud 9
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
ModerateSUSE bug 1203818cpe:/o:suse:suse-openstack-cloud:9Security update for grub2 (Important)SUSE OpenStack Cloud 9
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520).
- Remove zfs modules (bsc#1205554).
ImportantSUSE bug 1205178SUSE bug 1205182SUSE bug 1205520SUSE bug 1205554CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- CVE-2022-42252: Fixed a request smuggling (bsc#1204918).
ImportantSUSE bug 1204918CVE-2022-42252 at SUSECVE-2022-42252 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for emacs (Important)SUSE OpenStack Cloud 9
This update for emacs fixes the following issues:
- CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822).
ImportantSUSE bug 1205822CVE-2022-45939 at SUSECVE-2022-45939 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for krb5 (Important)SUSE OpenStack Cloud 9
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u352 (icedtea-3.25.0):
- CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475).
- CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471).
- CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472).
ModerateSUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475CVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for glibc (Important)SUSE OpenStack Cloud 9
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Bugs fixed:
- Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458)
- Allow dlopen of filter object to work (bsc#1192620, BZ #16272)
- x86: fix stack alignment in cancelable syscall stub (bsc#1191835)
ImportantSUSE bug 1191835SUSE bug 1192620SUSE bug 1193478SUSE bug 1194640SUSE bug 1194768SUSE bug 1194770CVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):
- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
ImportantSUSE bug 1206242CVE-2022-46872 at SUSECVE-2022-46872 at NVDCVE-2022-46874 at SUSECVE-2022-46874 at NVDCVE-2022-46875 at SUSECVE-2022-46875 at NVDCVE-2022-46878 at SUSECVE-2022-46878 at NVDCVE-2022-46880 at SUSECVE-2022-46880 at NVDCVE-2022-46881 at SUSECVE-2022-46881 at NVDCVE-2022-46882 at SUSECVE-2022-46882 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for zabbix (Moderate)SUSE OpenStack Cloud 9
This update for zabbix fixes the following issues:
- CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083).
ModerateSUSE bug 1206083CVE-2022-43515 at SUSECVE-2022-43515 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
- CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
- CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
- CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
- CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
- CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)
- Xi: return an error from XI property changes if verification failed (bsc#1205875)
ImportantSUSE bug 1205874SUSE bug 1205875SUSE bug 1205876SUSE bug 1205877SUSE bug 1205878SUSE bug 1205879SUSE bug 1206017CVE-2022-4283 at SUSECVE-2022-4283 at NVDCVE-2022-46340 at SUSECVE-2022-46340 at NVDCVE-2022-46341 at SUSECVE-2022-46341 at NVDCVE-2022-46342 at SUSECVE-2022-46342 at NVDCVE-2022-46343 at SUSECVE-2022-46343 at NVDCVE-2022-46344 at SUSECVE-2022-46344 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_7_1-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).
- CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
- CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788).
- CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987).
The following non-security bugs were fixed:
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes).
ImportantSUSE bug 1196018SUSE bug 1198702SUSE bug 1200788SUSE bug 1201455SUSE bug 1202686SUSE bug 1203008SUSE bug 1203183SUSE bug 1203290SUSE bug 1203322SUSE bug 1203514SUSE bug 1203960SUSE bug 1203987SUSE bug 1204166SUSE bug 1204168SUSE bug 1204170SUSE bug 1204354SUSE bug 1204355SUSE bug 1204402SUSE bug 1204414SUSE bug 1204415SUSE bug 1204424SUSE bug 1204431SUSE bug 1204432SUSE bug 1204439SUSE bug 1204479SUSE bug 1204574SUSE bug 1204576SUSE bug 1204631SUSE bug 1204635SUSE bug 1204636SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204868SUSE bug 1205006SUSE bug 1205128SUSE bug 1205130SUSE bug 1205220SUSE bug 1205473SUSE bug 1205514SUSE bug 1205671SUSE bug 1205705SUSE bug 1205709SUSE bug 1205796SUSE bug 1206113SUSE bug 1206114SUSE bug 1206207CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-40307 at SUSECVE-2022-40307 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for vim (Moderate)SUSE OpenStack Cloud 9
This update for vim fixes the following issues:
Updated to version 9.0.0814:
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
ModerateSUSE bug 1070955SUSE bug 1173256SUSE bug 1174564SUSE bug 1176549SUSE bug 1182324SUSE bug 1190533SUSE bug 1190570SUSE bug 1191770SUSE bug 1191893SUSE bug 1192167SUSE bug 1192478SUSE bug 1192481SUSE bug 1192902SUSE bug 1192903SUSE bug 1192904SUSE bug 1193294SUSE bug 1193298SUSE bug 1193466SUSE bug 1193905SUSE bug 1194093SUSE bug 1194216SUSE bug 1194217SUSE bug 1194388SUSE bug 1194556SUSE bug 1194872SUSE bug 1194885SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195203SUSE bug 1195332SUSE bug 1195354SUSE bug 1195356SUSE bug 1196361SUSE bug 1198596SUSE bug 1198748SUSE bug 1199331SUSE bug 1199333SUSE bug 1199334SUSE bug 1199651SUSE bug 1199655SUSE bug 1199693SUSE bug 1199745SUSE bug 1199747SUSE bug 1199936SUSE bug 1200010SUSE bug 1200011SUSE bug 1200012SUSE bug 1200270SUSE bug 1200697SUSE bug 1200698SUSE bug 1200700SUSE bug 1200701SUSE bug 1200732SUSE bug 1200884SUSE bug 1200902SUSE bug 1200903SUSE bug 1200904SUSE bug 1201132SUSE bug 1201133SUSE bug 1201134SUSE bug 1201135SUSE bug 1201136SUSE bug 1201150SUSE bug 1201151SUSE bug 1201152SUSE bug 1201153SUSE bug 1201154SUSE bug 1201155SUSE bug 1201249SUSE bug 1201356SUSE bug 1201359SUSE bug 1201363SUSE bug 1201620SUSE bug 1201863SUSE bug 1202046SUSE bug 1202049SUSE bug 1202050SUSE bug 1202051SUSE bug 1202414SUSE bug 1202420SUSE bug 1202421SUSE bug 1202511SUSE bug 1202512SUSE bug 1202515SUSE bug 1202552SUSE bug 1202599SUSE bug 1202687SUSE bug 1202689SUSE bug 1202862SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2016-1248 at SUSECVE-2016-1248 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ca-certificates-mozilla (Important)SUSE OpenStack Cloud 9
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:suse-openstack-cloud:9Security update for virglrenderer (Important)SUSE OpenStack Cloud 9
This update for virglrenderer fixes the following issues:
- CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389).
ImportantSUSE bug 1195389CVE-2022-0135 at SUSECVE-2022-0135 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for expat (Important)SUSE OpenStack Cloud 9
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
ImportantSUSE bug 1195054SUSE bug 1195217CVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tiff (Important)SUSE OpenStack Cloud 9
This update for tiff fixes the following issues:
- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).
ImportantSUSE bug 1071031SUSE bug 1154365SUSE bug 1182808SUSE bug 1182809SUSE bug 1182811SUSE bug 1182812SUSE bug 1190312SUSE bug 1194539CVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tcpdump (Moderate)SUSE OpenStack Cloud 9
This update for tcpdump fixes the following issues:
- CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825).
ModerateSUSE bug 1195825CVE-2018-16301 at SUSECVE-2018-16301 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cobbler (Important)SUSE OpenStack Cloud 9
This update for cobbler fixes the following issues:
- CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671).
The following non-security bugs were fixed:
- Move configuration files ownership to apache (bsc#1195906)
ImportantSUSE bug 1193671SUSE bug 1195906CVE-2021-45083 at SUSECVE-2021-45083 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xerces-j2 (Important)SUSE OpenStack Cloud 9
This update for xerces-j2 fixes the following issues:
- CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).
ImportantSUSE bug 1195108CVE-2022-23437 at SUSECVE-2022-23437 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682)
- CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service
- CVE-2022-22754: Extensions could have bypassed permission confirmation during update
- CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable
- CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements
- CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types
- CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
- CVE-2022-22763: Script Execution during invalid object state
- CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)
- Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry
ImportantSUSE bug 1195230SUSE bug 1195682CVE-2022-22753 at SUSECVE-2022-22753 at NVDCVE-2022-22754 at SUSECVE-2022-22754 at NVDCVE-2022-22756 at SUSECVE-2022-22756 at NVDCVE-2022-22759 at SUSECVE-2022-22759 at NVDCVE-2022-22760 at SUSECVE-2022-22760 at NVDCVE-2022-22761 at SUSECVE-2022-22761 at NVDCVE-2022-22763 at SUSECVE-2022-22763 at NVDCVE-2022-22764 at SUSECVE-2022-22764 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Important)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220207 release.
- CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615)
- CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779)
- CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780)
- CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781)
- Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
- Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
ImportantSUSE bug 1192615SUSE bug 1195779SUSE bug 1195780SUSE bug 1195781CVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943)
- CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942)
ImportantSUSE bug 1193942SUSE bug 1193943CVE-2021-44224 at SUSECVE-2021-44224 at NVDCVE-2021-44790 at SUSECVE-2021-44790 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.5 (bsc#1195735):
- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.
Update to version 2.34.4 (bsc#1195064):
- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The following CVEs were addressed in a previous update:
- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
ImportantSUSE bug 1195064SUSE bug 1195735CVE-2021-30934 at SUSECVE-2021-30934 at NVDCVE-2021-30936 at SUSECVE-2021-30936 at NVDCVE-2021-30951 at SUSECVE-2021-30951 at NVDCVE-2021-30952 at SUSECVE-2021-30952 at NVDCVE-2021-30953 at SUSECVE-2021-30953 at NVDCVE-2021-30954 at SUSECVE-2021-30954 at NVDCVE-2021-30984 at SUSECVE-2021-30984 at NVDCVE-2021-45481 at SUSECVE-2021-45481 at NVDCVE-2021-45482 at SUSECVE-2021-45482 at NVDCVE-2021-45483 at SUSECVE-2021-45483 at NVDCVE-2022-22589 at SUSECVE-2022-22589 at NVDCVE-2022-22590 at SUSECVE-2022-22590 at NVDCVE-2022-22592 at SUSECVE-2022-22592 at NVDCVE-2022-22594 at SUSECVE-2022-22594 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cyrus-sasl (Important)SUSE OpenStack Cloud 9
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
ImportantSUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for expat (Important)SUSE OpenStack Cloud 9
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
ImportantSUSE bug 1196025SUSE bug 1196026SUSE bug 1196168SUSE bug 1196169SUSE bug 1196171CVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for zsh (Important)SUSE OpenStack Cloud 9
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be
executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be
properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-1100: Fixed a potential code execution via a stack-based buffer
overflow in utils.c:checkmailpath() (bsc#1089030).
ImportantSUSE bug 1089030SUSE bug 1163882SUSE bug 1196435CVE-2018-1100 at SUSECVE-2018-1100 at NVDCVE-2019-20044 at SUSECVE-2019-20044 at NVDCVE-2021-45444 at SUSECVE-2021-45444 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Twisted (Important)SUSE OpenStack Cloud 9
This update for python-Twisted fixes the following issues:
- CVE-2022-21712: Fixed secret exposure in cross-origin redirects (bsc#1195667, GHSA-92x2-jw7w-xvvx) from
ImportantSUSE bug 1195667CVE-2022-21712 at SUSECVE-2022-21712 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
The following non-security bugs were fixed:
- NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934).
- crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).
- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
ImportantSUSE bug 1107207SUSE bug 1114893SUSE bug 1185973SUSE bug 1191580SUSE bug 1194516SUSE bug 1195536SUSE bug 1195543SUSE bug 1195612SUSE bug 1195840SUSE bug 1195897SUSE bug 1195908SUSE bug 1195934SUSE bug 1195949SUSE bug 1195987SUSE bug 1196079SUSE bug 1196155SUSE bug 1196584SUSE bug 1196601SUSE bug 1196612CVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.1 ESR (bsc#1196809):
- CVE-2022-26485: Use-after-free in XSLT parameter processing
- CVE-2022-26486: Use-after-free in WebGPU IPC Framework
ImportantSUSE bug 1196809CVE-2022-26485 at SUSECVE-2022-26485 at NVDCVE-2022-26486 at SUSECVE-2022-26486 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Important)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
- Update to 10.2.43 (bsc#1196016):
* 10.2.43: CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
* 10.2.42: CVE-2022-24052
CVE-2022-24051
CVE-2022-24050
CVE-2022-24048
CVE-2021-46659, bsc#1195339
- The following issues have already been fixed in this package but weren't
previously mentioned in the changes file:
CVE-2021-46658, bsc#1195334
CVE-2021-46657, bsc#1195325
ImportantSUSE bug 1195325SUSE bug 1195334SUSE bug 1195339SUSE bug 1196016CVE-2021-46657 at SUSECVE-2021-46657 at NVDCVE-2021-46658 at SUSECVE-2021-46658 at NVDCVE-2021-46659 at SUSECVE-2021-46659 at NVDCVE-2021-46661 at SUSECVE-2021-46661 at NVDCVE-2021-46663 at SUSECVE-2021-46663 at NVDCVE-2021-46664 at SUSECVE-2021-46664 at NVDCVE-2021-46665 at SUSECVE-2021-46665 at NVDCVE-2021-46668 at SUSECVE-2021-46668 at NVDCVE-2022-24048 at SUSECVE-2022-24048 at NVDCVE-2022-24050 at SUSECVE-2022-24050 at NVDCVE-2022-24051 at SUSECVE-2022-24051 at NVDCVE-2022-24052 at SUSECVE-2022-24052 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255)
- Remove log4j dependency, which is currently directly in use (bsc#1196137)
- Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
ImportantSUSE bug 1195255SUSE bug 1196091SUSE bug 1196137CVE-2022-23181 at SUSECVE-2022-23181 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.6 (bsc#1196133):
- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.
ImportantSUSE bug 1196133CVE-2022-22620 at SUSECVE-2022-22620 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libcaca (Important)SUSE OpenStack Cloud 9
This update for libcaca fixes the following issues:
- CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no
data is written and space is allocated for the header only, not taking into
account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752).
ImportantSUSE bug 1184751SUSE bug 1184752CVE-2021-30498 at SUSECVE-2021-30498 at NVDCVE-2021-30499 at SUSECVE-2021-30499 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.7.0 ESR (bsc#1196900):
- CVE-2022-26383: Browser window spoof using fullscreen mode
- CVE-2022-26384: iframe allow-scripts sandbox bypass
- CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
- CVE-2022-26381: Use-after-free in text reflows
- CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users
ImportantSUSE bug 1196900CVE-2022-26381 at SUSECVE-2022-26381 at NVDCVE-2022-26383 at SUSECVE-2022-26383 at NVDCVE-2022-26384 at SUSECVE-2022-26384 at NVDCVE-2022-26386 at SUSECVE-2022-26386 at NVDCVE-2022-26387 at SUSECVE-2022-26387 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for expat (Important)SUSE OpenStack Cloud 9
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249).
ImportantSUSE bug 1196249SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
Non-security issues fixed:
- Fix PAC pointer authentication in ARM. (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
- Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u322 (icedtea-3.22.0)
Including the following security fixes:
- CVE-2022-21248, bsc#1194926: Enhance cross VM serialization
- CVE-2022-21283, bsc#1194937: Better String matching
- CVE-2022-21293, bsc#1194935: Improve String constructions
- CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps
- CVE-2022-21282, bsc#1194933: Better resolution of URIs
- CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management
- CVE-2022-21299, bsc#1194931: Improved scanning of XML entities
- CVE-2022-21305, bsc#1194939: Better array indexing
- CVE-2022-21340, bsc#1194940: Verify Jar Verification
- CVE-2022-21341, bsc#1194941: Improve serial forms for transport
- CVE-2022-21349: Improve Solaris font rendering
- CVE-2022-21360, bsc#1194929: Enhance BMP image support
- CVE-2022-21365, bsc#1194928: Enhanced BMP processing
ImportantSUSE bug 1193314SUSE bug 1193444SUSE bug 1193491SUSE bug 1194926SUSE bug 1194928SUSE bug 1194929SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195163CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bind (Important)SUSE OpenStack Cloud 9
This update for bind fixes the following issues:
- CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose
caching rules (bsc#1197135).
ImportantSUSE bug 1197135CVE-2021-25220 at SUSECVE-2021-25220 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for kernel-firmware (Moderate)SUSE OpenStack Cloud 9
This update for kernel-firmware fixes the following issues:
Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786):
- CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access.
ModerateSUSE bug 1195786CVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
ImportantSUSE bug 1197091SUSE bug 1197095SUSE bug 1197096SUSE bug 1197098CVE-2022-22719 at SUSECVE-2022-22719 at NVDCVE-2022-22720 at SUSECVE-2022-22720 at NVDCVE-2022-22721 at SUSECVE-2022-22721 at NVDCVE-2022-23943 at SUSECVE-2022-23943 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sudo (Important)SUSE OpenStack Cloud 9
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for git (Important)SUSE OpenStack Cloud 9
This update for git fixes the following issues:
- CVE-2022-41903: Fixed a heap overflow in the 'git archive' and
'git log --format' commands (bsc#1207033).
- CVE-2022-23521: Fixed an integer overflow that could be triggered
when parsing a gitattributes file (bsc#1207032).
ImportantSUSE bug 1207032SUSE bug 1207033CVE-2022-23521 at SUSECVE-2022-23521 at NVDCVE-2022-41903 at SUSECVE-2022-41903 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.7.0 ESR (bsc#1207119):
- CVE-2022-46871: Updated an out of date library (libusrsctp) which
contained several vulnerabilities.
- CVE-2023-23598: Fixed an arbitrary file read from GTK drag and
drop on Linux.
- CVE-2023-23601: Fixed a potential spoofing attack when dragging a
URL from a cross-origin iframe into the same tab.
- CVE-2023-23602: Fixed a mishandled security check, which caused
the Content Security Policy header to be ignored for WebSockets
in WebWorkers.
- CVE-2022-46877: Fixed a fullscreen notification bypass which
could be leveraged in spoofing attacks.
- CVE-2023-23603: Fixed a Content Security Policy bypass via format
directives.
- CVE-2023-23605: Fixed several memory safety bugs.
ImportantSUSE bug 1207119CVE-2022-46871 at SUSECVE-2022-46871 at NVDCVE-2022-46877 at SUSECVE-2022-46877 at NVDCVE-2023-23598 at SUSECVE-2023-23598 at NVDCVE-2023-23601 at SUSECVE-2023-23601 at NVDCVE-2023-23602 at SUSECVE-2023-23602 at NVDCVE-2023-23603 at SUSECVE-2023-23603 at NVDCVE-2023-23605 at SUSECVE-2023-23605 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud 9
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for freeradius-server (Important)SUSE OpenStack Cloud 9
This update for freeradius-server fixes the following issues:
- CVE-2022-41859: Fixed an issue in EAP-PWD that could leak
information about the password, which could facilitate dictionary
attacks (bsc#1206204).
- CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually
configured, which could be triggered via a malformed SIM option
(bsc#1206205).
- CVE-2022-41861: Fixed a server crash that could be triggered by
sending malformed data from a system in the RADIUS circle of trust
(bsc#1206206).
ImportantSUSE bug 1206204SUSE bug 1206205SUSE bug 1206206CVE-2022-41859 at SUSECVE-2022-41859 at NVDCVE-2022-41860 at SUSECVE-2022-41860 at NVDCVE-2022-41861 at SUSECVE-2022-41861 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Important)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2021-20251: Fixed an issue where the bad password count would
not be properly incremented, which could allow attackers to brute
force a user's password (bsc#1206546).
- CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
Secure channel (bsc#1206504).
- CVE-2022-37966: Fixed an issue where a weak cipher would be
selected to encrypt session keys, which could lead to privilege
escalation (bsc#1205385).
ImportantSUSE bug 1205385SUSE bug 1206504SUSE bug 1206546CVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dpdk (Moderate)SUSE OpenStack Cloud 9
This update of dpdk fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud:9Security update for libXpm (Important)SUSE OpenStack Cloud 9
This update for libXpm fixes the following issues:
- CVE-2022-46285: Fixed an infinite loop that could be triggered
when reading a XPM image with a C-style comment that is never
closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could
be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands
susceptible to PATH environment variable manipulation attacks
(bsc#1207031).
ImportantSUSE bug 1207029SUSE bug 1207030SUSE bug 1207031CVE-2022-44617 at SUSECVE-2022-44617 at NVDCVE-2022-46285 at SUSECVE-2022-46285 at NVDCVE-2022-4883 at SUSECVE-2022-4883 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bluez (Important)SUSE OpenStack Cloud 9
This update for bluez fixes the following issues:
- CVE-2022-39176: Fixed a memory safety issue that could allow
physically proximate attackers to obtain sensitive information
(bsc#1203121).
- CVE-2022-39177: Fixed a memory safety issue that could allow
physically proximate attackers to cause a denial of service
(bsc#1203120).
ImportantSUSE bug 1203120SUSE bug 1203121CVE-2022-39176 at SUSECVE-2022-39176 at NVDCVE-2022-39177 at SUSECVE-2022-39177 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).
ImportantSUSE bug 1209622CVE-2023-28708 at SUSECVE-2023-28708 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).
ImportantSUSE bug 1209543CVE-2023-1393 at SUSECVE-2023-1393 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.5 (boo#1208328):
- CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.
- CVE-2023-23518: Processing maliciously crafted web content may lead to
Previously fixed inside update to version 2.38.4 (boo#1207997):
- CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.
ImportantSUSE bug 1207997SUSE bug 1208328CVE-2022-42826 at SUSECVE-2022-42826 at NVDCVE-2023-23518 at SUSECVE-2023-23518 at NVDCVE-2023-23529 at SUSECVE-2023-23529 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sudo (Moderate)SUSE OpenStack Cloud 9
This update for sudo fixes the following issues:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
ModerateSUSE bug 1209361SUSE bug 1209362CVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
Security fixes:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
Other fixes:
- Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062)
ModerateSUSE bug 1202062SUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for systemd (Important)SUSE OpenStack Cloud 9
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
Bug fixes:
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
- Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244).
- Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529).
- Fixed 'man' tweak description of auto/noauto (bsc#1191502).
ImportantSUSE bug 1191502SUSE bug 1195529SUSE bug 1197244SUSE bug 1198507SUSE bug 1204423SUSE bug 1204968SUSE bug 1205000SUSE bug 1206985SUSE bug 1208958CVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDCVE-2023-26604 at SUSECVE-2023-26604 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ghostscript (Important)SUSE OpenStack Cloud 9
This update for ghostscript fixes the following issues:
- CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062).
ImportantSUSE bug 1210062CVE-2023-28879 at SUSECVE-2023-28879 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 102.10.0 ESR (bsc#1210212)
- CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
- CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
- CVE-2023-29533: Fullscreen notification obscured
- MFSA-TMP-2023-0001: Double-free in libwebp
- CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
- CVE-2023-29536: Invalid free from JavaScript code
- CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download
- CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux
- CVE-2023-29542: Bypass of file download extension restrictions
- CVE-2023-29545: Windows Save As dialog resolved environment variables
- CVE-2023-1945: Memory Corruption in Safe Browsing Code
- CVE-2023-29548: Incorrect optimization result on ARM64
- CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
ImportantSUSE bug 1210212CVE-2023-1945 at SUSECVE-2023-1945 at NVDCVE-2023-29531 at SUSECVE-2023-29531 at NVDCVE-2023-29532 at SUSECVE-2023-29532 at NVDCVE-2023-29533 at SUSECVE-2023-29533 at NVDCVE-2023-29535 at SUSECVE-2023-29535 at NVDCVE-2023-29536 at SUSECVE-2023-29536 at NVDCVE-2023-29539 at SUSECVE-2023-29539 at NVDCVE-2023-29541 at SUSECVE-2023-29541 at NVDCVE-2023-29542 at SUSECVE-2023-29542 at NVDCVE-2023-29545 at SUSECVE-2023-29545 at NVDCVE-2023-29548 at SUSECVE-2023-29548 at NVDCVE-2023-29550 at SUSECVE-2023-29550 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for harfbuzz (Important)SUSE OpenStack Cloud 9
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 (bsc#1208480):
* Security fixes:
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
* New Features/Enhancements:
- Add RSA-PSS signature to IBMJCECCA.
* Defect Fixes:
- IJ45437 Service, Build, Packaging and Deliver: Getting
FIPSRUNTIMEEXCEPTION when calling java code:
MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
- IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
- IJ45280 Class Libraries: Update timezone information to the
latest TZDATA2022F
- IJ44896 Class Libraries: Update timezone information to the
latest TZDATA2022G
- IJ45436 Java Virtual Machine: Stack walking code gets into
endless loop, hanging the application
- IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified
multiple times on the same command line the first option takes
precedence instead of the last
- IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT()
due to a NULL pointer
- IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static
final field object properties
- IJ44107 JIT Compiler: JIT publishes new object reference to other
threads without executing a memory flush
- IX90193 ORB: Fix security vulnerability CVE-2023-21830
- IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has
similar error of JDK-8253368
- IJ45148 Security: code changes for tech preview
- IJ44621 Security: Computing Diffie-Hellman secret repeatedly,
using IBMJCEPLUS, causes a small memory leak
- IJ44172 Security: Disable SHA-1 signed jars for EA
- IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly,
using IBMJCEPLUS, Causes a small memory leak
- IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305
crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
- IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA
during signature operations resulting in Java cores
- IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
- IJ45202 Security: KEYTOOL NPE if signing certificate does not contain
a SUBJECTKEYIDENTIFIER extension
- IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY()
method uses SHA1XXXX signature algorithms to match private and public keys
- IJ45203 Security: RSAPSS multiple names for KEYTYPE
- IJ43920 Security: The PKCS12 keystore update and the PBES2 support
- IJ40002 XML: Fix security vulnerability CVE-2022-21426
ModerateSUSE bug 1207246SUSE bug 1207248SUSE bug 1207249SUSE bug 1208480CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21835 at SUSECVE-2023-21835 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for liblouis (Important)SUSE OpenStack Cloud 9
This update for liblouis fixes the following issues:
- CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429).
- CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431).
- CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432).
ImportantSUSE bug 1209429SUSE bug 1209431SUSE bug 1209432SUSE bug 1209855CVE-2023-26767 at SUSECVE-2023-26767 at NVDCVE-2023-26768 at SUSECVE-2023-26768 at NVDCVE-2023-26769 at SUSECVE-2023-26769 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
backend could cause the response headers to be truncated early,
resulting in some headers being incorporated into the response body
(bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
header could cause memory corruption (bsc#1207247).
ImportantSUSE bug 1207247SUSE bug 1207250SUSE bug 1207251CVE-2006-20001 at SUSECVE-2006-20001 at NVDCVE-2022-36760 at SUSECVE-2022-36760 at NVDCVE-2022-37436 at SUSECVE-2022-37436 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2-mod_auth_openidc (Important)SUSE OpenStack Cloud 9
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441).
- CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073).
ImportantSUSE bug 1190855SUSE bug 1206441SUSE bug 1210073CVE-2022-23527 at SUSECVE-2022-23527 at NVDCVE-2023-28625 at SUSECVE-2023-28625 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for shim (Important)SUSE OpenStack Cloud 9
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1193315SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ovmf (Important)SUSE OpenStack Cloud 9
This update for ovmf fixes the following issues:
- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246).
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
ImportantSUSE bug 1174246SUSE bug 1196741CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tiff (Important)SUSE OpenStack Cloud 9
This update for tiff fixes the following issues:
- CVE-2022-48281: Fixed a buffer overflow that could be triggered via
a crafted image (bsc#1207413).
ImportantSUSE bug 1207413CVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sssd (Important)SUSE OpenStack Cloud 9
This update for sssd fixes the following issues:
- CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474)
ImportantSUSE bug 1207474CVE-2022-4254 at SUSECVE-2022-4254 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dmidecode (Moderate)SUSE OpenStack Cloud 9
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.6 (bsc#1210731):
- CVE-2022-0108: Fixed information leak.
- CVE-2022-32885: Fixed arbitrary code execution.
- CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer.
- CVE-2023-27932: Fixed Same Origin Policy bypass.
- CVE-2023-27954: Fixed sensitive user information tracking.
- CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295).
Already fixed in version 2.38.5:
- CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
ImportantSUSE bug 1210295SUSE bug 1210731CVE-2022-0108 at SUSECVE-2022-0108 at NVDCVE-2022-32885 at SUSECVE-2022-32885 at NVDCVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDCVE-2023-25358 at SUSECVE-2023-25358 at NVDCVE-2023-25360 at SUSECVE-2023-25360 at NVDCVE-2023-25361 at SUSECVE-2023-25361 at NVDCVE-2023-25362 at SUSECVE-2023-25362 at NVDCVE-2023-25363 at SUSECVE-2023-25363 at NVDCVE-2023-27932 at SUSECVE-2023-27932 at NVDCVE-2023-27954 at SUSECVE-2023-27954 at NVDCVE-2023-28205 at SUSECVE-2023-28205 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for git (Moderate)SUSE OpenStack Cloud 9
This update for git fixes the following issues:
- CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686).
- CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686).
- CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).
ModerateSUSE bug 1210686CVE-2023-25652 at SUSECVE-2023-25652 at NVDCVE-2023-25815 at SUSECVE-2023-25815 at NVDCVE-2023-29007 at SUSECVE-2023-29007 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for shadow (Moderate)SUSE OpenStack Cloud 9
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Important)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2023-24580: Fixed potential DoS in file uploads (bsc#1208082).
ImportantSUSE bug 1208082CVE-2023-24580 at SUSECVE-2023-24580 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for vim (Important)SUSE OpenStack Cloud 9
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
- CVE-2022-3491: Fixed an out of bounds memory access that could
cause a crash (bsc#1206028).
- CVE-2022-3520: Fixed an out of bounds memory access that could
cause a crash (bsc#1206071).
- CVE-2022-3591: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206072).
- CVE-2022-4292: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206075).
- CVE-2022-4293: Fixed a floating point exception that could cause
a crash (bsc#1206077).
- CVE-2022-4141: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1205797).
- CVE-2022-3705: Fixed an use-after-free issue that could cause
a crash or memory corruption (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077SUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for shim (Important)SUSE OpenStack Cloud 9
This update for shim fixes the following issues:
- Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737)
ImportantSUSE bug 1198458CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for dnsmasq (Moderate)SUSE OpenStack Cloud 9
This update for dnsmasq fixes the following issues:
- CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358).
ModerateSUSE bug 1209358CVE-2023-28450 at SUSECVE-2023-28450 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.11.0 ESR (bsc#1211175):
- CVE-2023-32205: Browser prompts could have been obscured by popups
- CVE-2023-32206: Crash in RLBox Expat driver
- CVE-2023-32207: Potential permissions request bypass via clickjacking
- CVE-2023-32211: Content process crash due to invalid wasm code
- CVE-2023-32212: Potential spoof due to obscured address bar
- CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
- CVE-2023-32214: Potential DoS via exposed protocol handlers
- CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
ImportantSUSE bug 1211175CVE-2023-32205 at SUSECVE-2023-32205 at NVDCVE-2023-32206 at SUSECVE-2023-32206 at NVDCVE-2023-32207 at SUSECVE-2023-32207 at NVDCVE-2023-32211 at SUSECVE-2023-32211 at NVDCVE-2023-32212 at SUSECVE-2023-32212 at NVDCVE-2023-32213 at SUSECVE-2023-32213 at NVDCVE-2023-32214 at SUSECVE-2023-32214 at NVDCVE-2023-32215 at SUSECVE-2023-32215 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for SUSE Manager Client Tools (Important)SUSE OpenStack Cloud 9
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051)
prometheus-blackbox_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062)
- Other non-security bugs fixed and changes:
* Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113)
* On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
prometheus-postgres_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)
- Other non-security issues fixed:
* Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and
clones
* Create the prometheus user for Red Hat Linux Enterprise systems and clones
* Fix broken log-level for values other than debug (bsc#1208965)
golang-github-prometheus-node_exporter:
- Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578):
* CVE-2022-27191: Update go/x/crypto (bsc#1197284)
* CVE-2022-27664: Update go/x/net (bsc#1203185)
* CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
- Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578):
* NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU
thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes
with high numbers of CPUs/CPU threads.
* [BUGFIX] Fix hwmon label sanitizer
* [BUGFIX] Use native endianness when encoding InetDiagMsg
* [BUGFIX] Fix btrfs device stats always being zero
* [BUGFIX] Fix diskstats exclude flags
* [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning
* [BUGFIX] Fix concurrency issue in ethtool collector
* [BUGFIX] Fix concurrency issue in netdev collector
* [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes
* [BUGFIX] Fix iostat on macos broken by deprecation warning
* [BUGFIX] Fix NodeFileDescriptorLimit alerts
* [BUGFIX] Sanitize rapl zone names
* [BUGFIX] Add file descriptor close safely in test
* [BUGFIX] Fix race condition in os_release.go
* [BUGFIX] Skip ZFS IO metrics if their paths are missing
* [BUGFIX] Handle nil CPU thermal power status on M1
* [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE
* [BUGFIX] Sanitize UTF-8 in dmi collector
* [CHANGE] Merge metrics descriptions in textfile collector
* [FEATURE] Add multiple listeners and systemd socket listener activation
* [FEATURE] [node-mixin] Add darwin dashboard to mixin
* [FEATURE] Add 'isolated' metric on cpu collector on linux
* [FEATURE] Add cgroup summary collector
* [FEATURE] Add selinux collector
* [FEATURE] Add slab info collector
* [FEATURE] Add sysctl collector
* [FEATURE] Also track the CPU Spin time for OpenBSD systems
* [FEATURE] Add support for MacOS version
* [ENHANCEMENT] Add RTNL version of netclass collector
* [ENHANCEMENT] [node-mixin] Add missing selectors
* [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default
* [ENHANCEMENT] [node-mixin] Change disk graph to disk table
* [ENHANCEMENT] [node-mixin] Change io time units to %util
* [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd
* [ENHANCEMENT] Add additional vm_stat memory metrics for darwin
* [ENHANCEMENT] Add device filter flags to arp collector
* [ENHANCEMENT] Add diskstats include and exclude device flags
* [ENHANCEMENT] Add node_softirqs_total metric
* [ENHANCEMENT] Add rapl zone name label option
* [ENHANCEMENT] Add slabinfo collector
* [ENHANCEMENT] Allow user to select port on NTP server to query
* [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev
* [ENHANCEMENT] Enable builds against older macOS SDK
* [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
* [ENHANCEMENT] systemd: Expose systemd minor version
* [ENHANCEMENT] Use netlink for tcpstat collector
* [ENHANCEMENT] Use netlink to get netdev stats
* [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles
* [ENHANCEMENT] Add btrfs device error stats
golang-github-prometheus-prometheus:
- Security issues fixed in this version update to 2.37.6 (jsc#PED-3576):
* CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
* CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
- Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576):
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
* [BUGFIX] Properly close file descriptor when logging unfinished queries.
* [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
* [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
* [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
* [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
* [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
* [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
* [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
* [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default
configuration values.
* [BUGFIX] Fix serving of static assets like fonts and favicon.
* [BUGFIX] promtool: Add --lint-fatal option.
* [BUGFIX] Changing TotalQueryableSamples from int to int64.
* [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
* [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
* [BUGFIX] Stop rule manager before TSDB is stopped.
* [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
* [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
* [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page.
* [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
* [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
* [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
* [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset.
* [BUGFIX] UI: Fix bug that sets the range input to the resolution.
* [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled.
* [BUGFIX] Parser: Specify type in metadata parser errors.
* [BUGFIX] Scrape: Fix label limit changes not applying.
* [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch.
* [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
* [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
* [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
* [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
* [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s.
* [BUGFIX] Promtool: Make exit codes more consistent.
* [BUGFIX] Promtool: Fix flakiness of rule testing.
* [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write
irrecoverably fails.
* [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
* [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks.
* [BUGFIX] TSDB: Fix logging of exemplar storage size.
* [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
* [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets.
* [BUGFIX] UI: Fix autocompletion when expression is empty.
* [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
* [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
* [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting
in a new exit code (3) for linter errors.
* [CHANGE] UI: Classic UI removed.
* [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
* [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
* [CHANGE] Web: Promote remote-write-receiver to stable.
* [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery.
* [FEATURE] Add lowercase and uppercase relabel action.
* [FEATURE] SD: Add IONOS Cloud integration.
* [FEATURE] SD: Add Vultr integration.
* [FEATURE] SD: Add Linode SD failure count metric.
* [FEATURE] Add prometheus_ready metric.
* [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit.
Enable with the flag `--enable-feature=auto-gomaxprocs`.
* [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query.
Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using
stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`.
* [FEATURE] Config: Add stripPort template function.
* [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended.
* [FEATURE] SD: Enable target discovery in own K8s namespace.
* [FEATURE] SD: Add provider ID label in K8s SD.
* [FEATURE] Web: Add limit field to the rules API.
* [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
* [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
* [ENHANCEMENT] TSDB: Memory optimizations.
* [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
* [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
* [ENHANCEMENT] Add stripDomain to template function.
* [ENHANCEMENT] UI: Enable active search through dropped targets.
* [ENHANCEMENT] promtool: support matchers when querying label
* [ENHANCEMENT] Add agent mode identifier.
* [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup.
* [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
* [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
* [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1
EndpointSlice (previously only discovery.k8s.io/v1beta1
EndpointSlice was supported).
* [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods.
* [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
* [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
* [ENHANCEMENT] Config: Support overriding minimum TLS version.
* [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag
`--storage.tsdb.head-chunks-write-queue-size`.
* [ENHANCEMENT] HTTP SD: Add a failure counter.
* [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
* [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
* [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape.
* [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1.
* [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read.
* [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
* [ENHANCEMENT] UI: Improve graph colors that were hard to see.
* [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels.
* [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces.
* [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver.
* [ENHANCEMENT] Remote-write: Shard up more when backlogged.
* [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance.
* [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap.
* [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write.
* [ENHANCEMENT] TSDB: Improve label matching performance.
* [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
* [ENHANCEMENT] UI: Optimize the target page and add a search bar.
golang-github-prometheus-promu:
- Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576):
* [BUGFIX] Set build date from last changelog modification (bsc#1047218)
* [BUGFIX] Validate environment variable value
* [BUGFIX]Set build date from SOURCE_DATE_EPOCH
* [BUGFIX]Make extldflags extensible by configuration.
* [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine
* [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag
* [BUGFIX] Fix git repository url parsing
* [CHANGE] Remove ioutil
* [CHANGE] Update common Prometheus files
* [FEATURE] Add the ability to override tags per GOOS
* [FEATURE] Adding changes to support s390x
* [FEATURE] Added check_licenses Command to Promu
* [ENHANCEMENT] Allow to customize nested options via env variables
* [ENHANCEMENT] Add warning if promu info is unable to determine repo info
ImportantSUSE bug 1047218SUSE bug 1197284SUSE bug 1203185SUSE bug 1203599SUSE bug 1204023SUSE bug 1208049SUSE bug 1208051SUSE bug 1208060SUSE bug 1208062SUSE bug 1208064SUSE bug 1208965SUSE bug 1209113CVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql15 (Important)SUSE OpenStack Cloud 9
This update for postgresql15 fixes the following issues:
Updated to version 15.3:
- CVE-2023-2454: Fixed an issue where a user having permission to
create a schema could hijack the privileges of a security definer
function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or
modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
ImportantSUSE bug 1210303SUSE bug 1211228SUSE bug 1211229CVE-2023-2454 at SUSECVE-2023-2454 at NVDCVE-2023-2455 at SUSECVE-2023-2455 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-cryptography (Moderate)SUSE OpenStack Cloud 9
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for curl (Important)SUSE OpenStack Cloud 9
This update for curl fixes the following issues:
- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ImportantSUSE bug 1206309SUSE bug 1207992SUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233SUSE bug 1211339CVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- Fix kABI breakage (bsc#1208333)
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353).
- cifs: fix double free in dfs mounts (bsc#1209845).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
- cifs: missing null pointer check in cifs_mount (bsc#1209845).
- cifs: serialize all mount attempts (bsc#1209845).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- k-m-s: Drop Linux 2.6 support
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
ImportantSUSE bug 1076830SUSE bug 1194535SUSE bug 1202353SUSE bug 1205128SUSE bug 1207036SUSE bug 1207125SUSE bug 1207168SUSE bug 1207185SUSE bug 1207795SUSE bug 1207845SUSE bug 1208179SUSE bug 1208333SUSE bug 1208599SUSE bug 1208777SUSE bug 1208837SUSE bug 1208850SUSE bug 1209008SUSE bug 1209052SUSE bug 1209256SUSE bug 1209289SUSE bug 1209291SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209613SUSE bug 1209687SUSE bug 1209777SUSE bug 1209778SUSE bug 1209845SUSE bug 1209871SUSE bug 1209887SUSE bug 1210124SUSE bug 1210202SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210647SUSE bug 1211037CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20567 at SUSECVE-2022-20567 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u372 (icedtea-3.27.0):
- CVE-2023-21930: Fixed an issue in the JSSE component that could
allow an attacker to access critical data without authorization
(bsc#1210628).
- CVE-2023-21937: Fixed an issue in the Networking component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210631).
- CVE-2023-21938: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210632).
- CVE-2023-21939: Fixed an issue in the Swing component that could
allow an attacker to update, insert or delete some data without
authorization (bsc#1210634).
- CVE-2023-21954: Fixed an issue in the Hotspot component that
could allow an attacker to access critical data without
authorization (bsc#1210635).
- CVE-2023-21967: Fixed an issue in the JSSE component that could
allow an attacker to cause a hang or frequently repeatable
crash without authorization (bsc#1210636).
- CVE-2023-21968: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210637).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ctags (Important)SUSE OpenStack Cloud 9
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a
crafted filename (bsc#1206543).
ImportantSUSE bug 1206543CVE-2022-4515 at SUSECVE-2022-4515 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Important)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382)
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608).
ImportantSUSE bug 1211608CVE-2023-28709 at SUSECVE-2023-28709 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cups (Important)SUSE OpenStack Cloud 9
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openvswitch (Important)SUSE OpenStack Cloud 9
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
- CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865).
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).
ImportantSUSE bug 1188524SUSE bug 1203865SUSE bug 1206580SUSE bug 1206581CVE-2021-36980 at SUSECVE-2021-36980 at NVDCVE-2022-32166 at SUSECVE-2022-32166 at NVDCVE-2022-4337 at SUSECVE-2022-4337 at NVDCVE-2022-4338 at SUSECVE-2022-4338 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openstack-heat, openstack-swift, python-Werkzeug (Important)SUSE OpenStack Cloud 9
This update for openstack-heat, openstack-swift, python-Werkzeug contains the following fixes:
Security fixes included in this update:
openstack-heat:
- CVE-2023-1625: Fixed an issue where parameter values marked as 'hidden' would be shown in the stack's environment (bsc#1209774).
openstack-swift:
- CVE-2022-47950: Fixed a local file disclosure that could be triggered by an authenticated attacker by supplying a malicious XML (bnc#1207035).
python-Werkzeug:
- CVE-2023-25577: Fixed an unbounded resource usage when parsing multipart forms with many fields (bsc#1208283).
Non security changes on this update:
Changes in openstack-heat:
- Honor 'hidden' parameter in 'stack environment show' command. (bsc#1209774, CVE-2023-1625)
Changes in openstack-swift:
- Prevent XXE injections in API. (bsc#1207035, CVE-2022-47950)
Changes in python-Werkzeug;
- Limit maximum number of multipart form parts. (bsc#1208283, CVE-2023-25577)
ImportantSUSE bug 1207035SUSE bug 1208283SUSE bug 1209774CVE-2022-47950 at SUSECVE-2022-47950 at NVDCVE-2023-1625 at SUSECVE-2023-1625 at NVDCVE-2023-25577 at SUSECVE-2023-25577 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.12.0 ESR (bsc#1211922):
- CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
- CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
ImportantSUSE bug 1211922CVE-2023-34414 at SUSECVE-2023-34414 at NVDCVE-2023-34416 at SUSECVE-2023-34416 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637SUSE bug 1210711SUSE bug 1210826SUSE bug 1211615CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDCVE-2023-2597 at SUSECVE-2023-2597 at NVDCVE-2023-30441 at SUSECVE-2023-30441 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libcares2 (Important)SUSE OpenStack Cloud 9
This update for libcares2 fixes the following issues:
- CVE-2023-32067: Fixed a denial of service that could be triggered by
a 0-byte UDP payload (bsc#1211604).
- CVE-2023-31147: Fixed an insufficient randomness in generation of
DNS query IDs (bsc#1211605).
- CVE-2023-31130: Fixed a buffer underflow when configuring specific
IPv6 addresses (bsc#1211606).
- CVE-2023-31124: Fixed a build issue when cross-compiling that could
lead to insufficient randomness (bsc#1211607).
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libX11 (Important)SUSE OpenStack Cloud 9
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287).
- CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
ImportantSUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206878SUSE bug 1209287SUSE bug 1210629SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211105SUSE bug 1211186SUSE bug 1211260SUSE bug 1211592CVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libwebp (Important)SUSE OpenStack Cloud 9
This update for libwebp fixes the following issues:
- CVE-2023-1999: Fixed double free (bsc#1210212).
ImportantSUSE bug 1210212CVE-2023-1999 at SUSECVE-2023-1999 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bluez (Important)SUSE OpenStack Cloud 9
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Add security patches (bsc#1211846):
- CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
- CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).
ImportantSUSE bug 1211658SUSE bug 1211659SUSE bug 1211846CVE-2023-28204 at SUSECVE-2023-28204 at NVDCVE-2023-32373 at SUSECVE-2023-32373 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests [bsc#1201627]
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
ModerateSUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python (Important)SUSE OpenStack Cloud 9
This update for python fixes the following issues:
- CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471).
ImportantSUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for sqlite3 (Moderate)SUSE OpenStack Cloud 9
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-sqlparse (Moderate)SUSE OpenStack Cloud 9
This update for python-sqlparse fixes the following issues:
- CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS (bsc#1210617).
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for bind (Important)SUSE OpenStack Cloud 9
This update for bind fixes the following issues:
- CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544).
ImportantSUSE bug 1212544CVE-2023-2828 at SUSECVE-2023-2828 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-tornado (Low)SUSE OpenStack Cloud 9
This update for python-tornado fixes the following issues:
- CVE-2023-28370: Fixed an open redirect issue in the static file
handler (bsc#1211741).
LowSUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for installation-images (Moderate)SUSE OpenStack Cloud 9
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud:9Security update for libqt5-qtbase (Important)SUSE OpenStack Cloud 9
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408).
- CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798).
ImportantSUSE bug 1189408SUSE bug 1211798CVE-2020-24741 at SUSECVE-2020-24741 at NVDCVE-2023-32763 at SUSECVE-2023-32763 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).
ImportantSUSE bug 1207783CVE-2023-0494 at SUSECVE-2023-0494 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ghostscript (Important)SUSE OpenStack Cloud 9
This update for ghostscript fixes the following issues:
- CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711).
ImportantSUSE bug 1212711CVE-2023-36664 at SUSECVE-2023-36664 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
- Required fields are now highlighted in PDF forms.
- Improved performance on high-refresh rate monitors (120Hz+).
- Buttons in the Tabs toolbar can now be reached with Tab,
Shift+Tab, and Arrow keys. View this article for additional
details.
- Windows' 'Make text bigger' accessibility setting now
affects all the UI and content pages, rather than only
applying to system font sizes.
- Non-breaking spaces are now preserved—preventing automatic
line breaks—when copying text from a form control.
- Fixed WebGL performance issues on NVIDIA binary drivers via
DMA-Buf on Linux.
- Fixed an issue in which Firefox startup could be
significantly slowed down by the processing of Web content
local storage. This had the greatest impact on users with
platter hard drives and significant local storage.
- Removed a configuration option to allow SHA-1 signatures in
certificates: SHA-1 signatures in certificates—long since
determined to no longer be secure enough—are now not
supported.
- Highlight color is preserved correctly after typing `Enter`
in the mail composer of Yahoo Mail and Outlook.
After bypassing the https only error page navigating back
would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was
visited.
- Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
plain text contexts, such as input and text area.
- Added an option to print only the current page from the
print preview dialog.
- Swipe to navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) on Windows is now
enabled.
- Stability on Windows is significantly improved as Firefox
handles low-memory situations much better.
- Touchpad scrolling on macOS was made more accessible by
reducing unintended diagonal scrolling opposite of the
intended scroll axis.
- Firefox is less likely to run out of memory on Linux and
performs more efficiently for the rest of the system when
memory runs low.
- It is now possible to edit PDFs: including writing text,
drawing, and adding signatures.
- Setting Firefox as your default browser now also makes it
the default PDF application on Windows systems.
- Swipe-to-navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) now works for Linux
users on Wayland.
- Text Recognition in images allows users on macOS 10.15 and
higher to extract text from the selected image (such as a
meme or screenshot).
- Firefox View helps you get back to content you previously
discovered. A pinned tab allows you to find and open recently
closed tabs on your current device and access tabs from other
devices (via our “Tab Pickup” feature).
- Import maps, which allow web pages to control the behavior
of JavaScript imports, are now enabled by default.
- Processes used for background tabs now use efficiency mode
on Windows 11 to limit resource use.
- The shift+esc keyboard shortcut now opens the Process
Manager, offering a way to quickly identify processes that
are using too many resources.
- Firefox now supports properly color correcting images
tagged with ICCv4 profiles.
- Support for non-English characters when saving and printing
PDF forms.
- The bookmarks toolbar's default 'Only show on New Tab'
state works correctly for blank new tabs. As before, you can
change the bookmark toolbar's behavior using the toolbar
context menu.
- Manifest Version 3 (MV3) extension support is now enabled
by default (MV2 remains enabled/supported). This major update
also ushers an exciting user interface change in the form of
the new extensions button.
- The Arbitrary Code Guard exploit protection has been
enabled in the media playback utility processes, improving
security for Windows users.
- The native HTML date picker for date and datetime inputs
can now be used with a keyboard alone, improving its
accessibility for screen reader users. Users with limited
mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
- Firefox builds in the Spanish from Spain (es-ES) and
Spanish from Argentina (es-AR) locales now come with a built-
in dictionary for the Firefox spellchecker.
- On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls
the page instead of zooming. This avoids accidental zooming
and matches the behavior of other web browsers on macOS.
- It's now possible to import bookmarks, history and
passwords not only from Edge, Chrome or Safari but also from
Opera, Opera GX, and Vivaldi.
- GPU sandboxing has been enabled on Windows.
- On Windows, third-party modules can now be blocked from
injecting themselves into Firefox, which can be helpful if
they are causing crashes or other undesirable behavior.
- Date, time, and datetime-local input fields can now be
cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on
macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and
Linux.
- GPU-accelerated Canvas2D is enabled by default on macOS and
Linux.
- WebGL performance improvement on Windows, MacOS and Linux.
- Enables overlay of hardware-decoded video with non-Intel
GPUs on Windows 10/11, improving video playback performance
and video scaling quality.
- Windows native notifications are now enabled.
- Firefox Relay users can now opt-in to create Relay email
masks directly from the Firefox credential manager. You must
be signed in with your Firefox Account.
- We’ve added two new locales: Silhe Friulian (fur) and
Sardinian (sc).
- Right-clicking on password fields now shows an option to
reveal the password.
- Private windows and ETP set to strict will now include
email tracking protection. This will make it harder for email
trackers to learn the browsing habits of Firefox users. You
can check the Tracking Content in the sub-panel on the shield
icon panel.
- The deprecated U2F Javascript API is now disabled by
default. The U2F protocol remains usable through the WebAuthn
API. The U2F API can be re-enabled using the
`security.webauth.u2f` preference.
- Say hello to enhanced Picture-in-Picture! Rewind, check
video duration, and effortlessly switch to full-screen mode
on the web's most popular video websites.
- Firefox's address bar is already a great place to search
for what you're looking for. Now you'll always be able to see
your web search terms and refine them while viewing your
search's results - no additional scrolling needed! Also, a
new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest
entries.
- Private windows now protect users even better by blocking
third-party cookies and storage of content trackers.
- Passwords automatically generated by Firefox now include
special characters, giving users more secure passwords by
default.
- Firefox 115 introduces a redesigned accessibility engine
which significantly improves the speed, responsiveness, and
stability of Firefox when used with:
- Screen readers, as well as certain other accessibility
software;
- East Asian input methods;
- Enterprise single sign-on software; and
- Other applications which use accessibility frameworks to
access information.
- Firefox 115 now supports AV1 Image Format files containing
animations (AVIS), improving support for AVIF images across
the web.
- The Windows GPU sandbox first shipped in the Firefox 110
release has been tightened to enhance the security benefits
it provides.
- A 13-year-old feature request was fulfilled and Firefox now
supports files being drag-and-dropped directly from Microsoft
Outlook. A special thanks to volunteer contributor Marco
Spiess for helping to get this across the finish line!
- Users on macOS can now access the Services sub-menu
directly from Firefox context menus.
- On Windows, the elastic overscroll effect has been enabled
by default. When two-finger scrolling on the touchpad or
scrolling on the touchscreen, you will now see a bouncing
animation when scrolling past the edge of a scroll container.
- Firefox is now available in the Tajik (tg) language.
- Added UI to manage the DNS over HTTPS exception list.
- Bookmarks can now be searched from the Bookmarks menu. The
Bookmarks menu is accessible by adding the Bookmarks menu
button to the toolbar.
- Restrict searches to your local browsing history by
selecting Search history from the History, Library or
Application menu buttons.
- Mac users can now capture video from their cameras in all
supported native resolutions. This enables resolutions higher
than 1280x720.
- It is now possible to reorder the extensions listed in the
extensions panel.
- Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator.
- Pocket Recommended content can now be seen in France,
Italy, and Spain.
- DNS over HTTPS settings are now part of the Privacy &
Security section of the Settings page and allow the user to
choose from all the supported modes.
- Migrating from another browser? Now you can bring over
payment methods you've saved in Chrome-based browsers to
Firefox.
- Hardware video decoding enabled for Intel GPUs on Linux.
- The Tab Manager dropdown now features close buttons, so you
can close tabs more quickly.
- Windows Magnifier now follows the text cursor correctly
when the Firefox title bar is visible.
- Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions-
using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3
*_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
[6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows
[9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464)
Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002)
Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711)
Potential use-after-free from compartment mismatch in
SpiderMonkey
* CVE-2023-37203 (bmo#291640)
Drag and Drop API may provide access to local system files
* CVE-2023-37204 (bmo#1832195)
Fullscreen notification obscured via option element
* CVE-2023-37205 (bmo#1704420)
URL spoofing in address bar using RTL characters
* CVE-2023-37206 (bmo#1813299)
Insufficient validation of symlinks in the FileSystem API
* CVE-2023-37207 (bmo#1816287)
Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675)
Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993)
Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886)
Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
bmo#1836550, bmo#1837450)
Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,
bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,
bmo#1838587)
Memory safety bugs fixed in Firefox 115
- Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
ImportantSUSE bug 1212101SUSE bug 1212438CVE-2023-3482 at SUSECVE-2023-3482 at NVDCVE-2023-37201 at SUSECVE-2023-37201 at NVDCVE-2023-37202 at SUSECVE-2023-37202 at NVDCVE-2023-37203 at SUSECVE-2023-37203 at NVDCVE-2023-37204 at SUSECVE-2023-37204 at NVDCVE-2023-37205 at SUSECVE-2023-37205 at NVDCVE-2023-37206 at SUSECVE-2023-37206 at NVDCVE-2023-37207 at SUSECVE-2023-37207 at NVDCVE-2023-37208 at SUSECVE-2023-37208 at NVDCVE-2023-37209 at SUSECVE-2023-37209 at NVDCVE-2023-37210 at SUSECVE-2023-37210 at NVDCVE-2023-37211 at SUSECVE-2023-37211 at NVDCVE-2023-37212 at SUSECVE-2023-37212 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud 9
This update for java-1_8_0-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000):
- Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection.
ImportantSUSE bug 1213000cpe:/o:suse:suse-openstack-cloud:9Security update for perl (Important)SUSE OpenStack Cloud 9
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for samba (Moderate)SUSE OpenStack Cloud 9
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ModerateSUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230)
Security fixes:
- CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703)
Other fixes:
- Fixed a startup crash experienced by some Windows
users by blocking instances of a malicious injected DLL
(bmo#1841751)
- Fixed a bug with displaying a caret in the text editor
on some websites (bmo#1840804)
- Fixed a bug with broken audio rendering on some
websites (bmo#1841982)
- Fixed a bug with patternTransform translate using the
wrong units (bmo#1840746)
- Fixed a crash affecting Windows 7 users related to the
DLL blocklist.
Firefox Extended Support Release 115.0.1 ESR
- Fixed a startup crash for Windows users with Kingsoft
Antivirus software installed (bmo#1837242)
ImportantSUSE bug 1213230CVE-2023-3600 at SUSECVE-2023-3600 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cjose (Important)SUSE OpenStack Cloud 9
This update for cjose fixes the following issues:
- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).
ImportantSUSE bug 1213385CVE-2023-37464 at SUSECVE-2023-37464 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- testsuite: Update further expiring certificates that affect tests [bsc#1201627]
ImportantSUSE bug 1201627SUSE bug 1207533SUSE bug 1207534SUSE bug 1207536CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
ImportantSUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libksba (Important)SUSE OpenStack Cloud 9
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ImportantSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mariadb (Moderate)SUSE OpenStack Cloud 9
This update for mariadb fixes the following issues:
- CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164).
ModerateSUSE bug 1201164CVE-2022-32084 at SUSECVE-2022-32084 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2-mod_security2 (Important)SUSE OpenStack Cloud 9
This update for apache2-mod_security2 fixes the following issues:
- CVE-2022-48279: Fixed a potential firewall bypass due to an
incorrect parsing of HTTP multipart requests (bsc#1207378).
ImportantSUSE bug 1207378CVE-2022-48279 at SUSECVE-2022-48279 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2023-36053: Fixed regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742).
ModerateSUSE bug 1212742CVE-2023-36053 at SUSECVE-2023-36053 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137)
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1196137SUSE bug 1198136cpe:/o:suse:suse-openstack-cloud:9Security update for libapr-util1 (Critical)SUSE OpenStack Cloud 9
This update for libapr-util1 fixes the following issues:
- CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)
CriticalSUSE bug 1207866CVE-2022-25147 at SUSECVE-2022-25147 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xrdp (Important)SUSE OpenStack Cloud 9
This update for xrdp fixes the following issues:
- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
ImportantSUSE bug 1206300SUSE bug 1206303SUSE bug 1206306SUSE bug 1206307SUSE bug 1206310SUSE bug 1206311SUSE bug 1206312CVE-2022-23468 at SUSECVE-2022-23468 at NVDCVE-2022-23479 at SUSECVE-2022-23479 at NVDCVE-2022-23480 at SUSECVE-2022-23480 at NVDCVE-2022-23481 at SUSECVE-2022-23481 at NVDCVE-2022-23482 at SUSECVE-2022-23482 at NVDCVE-2022-23483 at SUSECVE-2022-23483 at NVDCVE-2022-23484 at SUSECVE-2022-23484 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2023-41164: Fixed a potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (bsc#1214667).
ModerateSUSE bug 1214667CVE-2023-41164 at SUSECVE-2023-41164 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for cups (Important)SUSE OpenStack Cloud 9
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
- CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1212230SUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-34241 at SUSECVE-2023-34241 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libwebp (Critical)SUSE OpenStack Cloud 9
This update for libwebp fixes the following issues:
- CVE-2023-4863: Fixed a heap buffer overflow (bsc#1215231).
CriticalSUSE bug 1215231CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for postgresql15 (Important)SUSE OpenStack Cloud 9
This update for postgresql15 fixes the following issues:
Update to 15.2:
- CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102).
ImportantSUSE bug 1208102CVE-2022-41862 at SUSECVE-2022-41862 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-gevent (Important)SUSE OpenStack Cloud 9
This update for python-gevent fixes the following issues:
- CVE-2023-41419: Fixed a http request smuggling (bsc#1215469).
ImportantSUSE bug 1215469CVE-2023-41419 at SUSECVE-2023-41419 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-setuptools (Moderate)SUSE OpenStack Cloud 9
This update for python-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
by fetching a malicious HTML document (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- Reverted 'constraints: increase disk space for all architectures' (bsc#1203693).
- HID: betop: check shape of output reports (bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186).
- HID: check empty report_list in hid_validate_values() (bsc#1206784).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
ImportantSUSE bug 1203693SUSE bug 1205149SUSE bug 1206073SUSE bug 1206664SUSE bug 1206677SUSE bug 1206784SUSE bug 1207036SUSE bug 1207186SUSE bug 1207237CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ImageMagick (Important)SUSE OpenStack Cloud 9
This update for ImageMagick fixes the following issues:
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).
ImportantSUSE bug 1207982SUSE bug 1207983CVE-2022-44267 at SUSECVE-2022-44267 at NVDCVE-2022-44268 at SUSECVE-2022-44268 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for git (Important)SUSE OpenStack Cloud 9
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).
ImportantSUSE bug 1208027SUSE bug 1208028CVE-2023-22490 at SUSECVE-2023-22490 at NVDCVE-2023-23946 at SUSECVE-2023-23946 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud 9
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
- CVE-2018-25091: Fixed a potential leak of the Authorization header
during a cross-origin redirect (bsc#1216275).
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968SUSE bug 1216275SUSE bug 1216377CVE-2018-25091 at SUSECVE-2018-25091 at NVDCVE-2023-43804 at SUSECVE-2023-43804 at NVDCVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud 9
This update for java-1_8_0-openjdk fixes the following issues:
Updated to version jdk8u362 (icedtea-3.26.0):
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
ModerateSUSE bug 1207248SUSE bug 1207249CVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2023-43665: Fixed a denial of service in
django.utils.text.Truncator (bsc#1215978).
ModerateSUSE bug 1215978CVE-2023-43665 at SUSECVE-2023-43665 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for clamav (Critical)SUSE OpenStack Cloud 9
This update for clamav fixes the following issues:
- CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363).
- CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).
CriticalSUSE bug 1208363SUSE bug 1208365CVE-2023-20032 at SUSECVE-2023-20032 at NVDCVE-2023-20052 at SUSECVE-2023-20052 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for ucode-intel (Important)SUSE OpenStack Cloud 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Pillow (Important)SUSE OpenStack Cloud 9
This update for python-Pillow fixes the following issues:
- CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).
ImportantSUSE bug 1216894CVE-2023-44271 at SUSECVE-2023-44271 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Updated to version 102.8.0 ESR (bsc#1208144):
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
- CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus.
- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
- CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers.
- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
- CVE-2023-25729: Fixed extensions opening external schemes without user knowledge.
- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
- CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads.
- CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey.
- CVE-2023-25744: Fixed Memory safety bugs.
- CVE-2023-25746: Fixed Memory safety bugs.
ImportantSUSE bug 1208138SUSE bug 1208144CVE-2023-0767 at SUSECVE-2023-0767 at NVDCVE-2023-25728 at SUSECVE-2023-25728 at NVDCVE-2023-25729 at SUSECVE-2023-25729 at NVDCVE-2023-25730 at SUSECVE-2023-25730 at NVDCVE-2023-25732 at SUSECVE-2023-25732 at NVDCVE-2023-25734 at SUSECVE-2023-25734 at NVDCVE-2023-25735 at SUSECVE-2023-25735 at NVDCVE-2023-25737 at SUSECVE-2023-25737 at NVDCVE-2023-25738 at SUSECVE-2023-25738 at NVDCVE-2023-25739 at SUSECVE-2023-25739 at NVDCVE-2023-25742 at SUSECVE-2023-25742 at NVDCVE-2023-25743 at SUSECVE-2023-25743 at NVDCVE-2023-25744 at SUSECVE-2023-25744 at NVDCVE-2023-25746 at SUSECVE-2023-25746 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud 9
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for poppler (Important)SUSE OpenStack Cloud 9
This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).
- CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).
ImportantSUSE bug 1140877SUSE bug 1202692CVE-2019-13283 at SUSECVE-2019-13283 at NVDCVE-2022-38784 at SUSECVE-2022-38784 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for libxslt (Important)SUSE OpenStack Cloud 9
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xterm (Important)SUSE OpenStack Cloud 9
This update for xterm fixes the following issues:
- CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305).
ImportantSUSE bug 1205305CVE-2022-45063 at SUSECVE-2022-45063 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for nrpe (Moderate)SUSE OpenStack Cloud 9
This update for nrpe fixes the following issues:
- CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906).
ModerateSUSE bug 931600SUSE bug 938906CVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for emacs (Important)SUSE OpenStack Cloud 9
This update for emacs fixes the following issues:
- CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515).
- CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512).
ImportantSUSE bug 1208512SUSE bug 1208515CVE-2022-48337 at SUSECVE-2022-48337 at NVDCVE-2022-48339 at SUSECVE-2022-48339 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.3 (bnc#1206750):
- CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
- CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474).
- CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
- CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
- CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
- CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
- CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
ImportantSUSE bug 1206474SUSE bug 1206750CVE-2022-42852 at SUSECVE-2022-42852 at NVDCVE-2022-42856 at SUSECVE-2022-42856 at NVDCVE-2022-42863 at SUSECVE-2022-42863 at NVDCVE-2022-42867 at SUSECVE-2022-42867 at NVDCVE-2022-46691 at SUSECVE-2022-46691 at NVDCVE-2022-46692 at SUSECVE-2022-46692 at NVDCVE-2022-46698 at SUSECVE-2022-46698 at NVDCVE-2022-46699 at SUSECVE-2022-46699 at NVDCVE-2022-46700 at SUSECVE-2022-46700 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud 9
This update for xorg-x11-server fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874).
ImportantSUSE bug 1205874CVE-2022-46340 at SUSECVE-2022-46340 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python3 (Important)SUSE OpenStack Cloud 9
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
- CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673).
ImportantSUSE bug 1206673SUSE bug 1208471CVE-2022-40899 at SUSECVE-2022-40899 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for tomcat (Important)SUSE OpenStack Cloud 9
This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513CVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp (Important)SUSE OpenStack Cloud 9
This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues:
Security fixes included on this update:
openstack-barbican:
- CVE-2022-3100: Fixed an access policy bypass via query string injection (bsc#1203873).
spark:
- CVE-2022-33891: Fixed a command injection vulnerability via Spark UI (bsc#1204326).
Non Security fixes:
Changes in openstack-barbican:
- Add patch to address access policy bypass via query string injection.
(bsc#1203873, CVE-2022-3100.)
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev5:
* Add support for zed
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev6:
* Add support for zed
- Update to version group-based-policy-ui-14.0.1.dev5:
* fix launch instance GBP issue
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev209:
* Update documentation link for openSUSE index
- Update to version neutron-13.0.8.dev208:
* fix: Fix url of Floodlight
- Update to version neutron-13.0.8.dev207:
* Mellanox\_eth.img url expires, remove the mellanox\_eth.img node
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev209:
* Update documentation link for openSUSE index
- Update to version neutron-13.0.8.dev208:
* fix: Fix url of Floodlight
- Update to version neutron-13.0.8.dev207:
* Mellanox\_eth.img url expires, remove the mellanox\_eth.img node
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev52:
* Fix keystone notification listener
- Update to version group-based-policy-14.0.1.dev51:
* Support for epg subnet
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev50:
* Use top-level contract references
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev48:
* Remove py37 jobs from gate
2014.2rc1
Changes in spark:
- Avoid using bash -c in ShellBasedGroupsMappingProvider. (bsc#1204326, CVE-2022-33891)
- Add _constraints to prevent build from running out of disk space
- Update to version group-based-policy-14.0.1.dev47:
* Remove python39 from voting
ImportantSUSE bug 1203873SUSE bug 1204326CVE-2022-3100 at SUSECVE-2022-3100 at NVDCVE-2022-33891 at SUSECVE-2022-33891 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for jakarta-commons-fileupload (Important)SUSE OpenStack Cloud 9
This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513SUSE bug 986359CVE-2016-3092 at SUSECVE-2016-3092 at NVDCVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for vim (Important)SUSE OpenStack Cloud 9
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud 9
This update for MozillaFirefox fixes the following issues:
Update to version 102.9.0 ESR (bsc#1209173):
- CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
- CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
- CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
- CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28160: Redirect to Web Extension files may have leaked local path
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- CVE-2023-28177: Memory safety bugs fixed in Firefox 111
ImportantSUSE bug 1209173CVE-2023-25748 at SUSECVE-2023-25748 at NVDCVE-2023-25749 at SUSECVE-2023-25749 at NVDCVE-2023-25750 at SUSECVE-2023-25750 at NVDCVE-2023-25751 at SUSECVE-2023-25751 at NVDCVE-2023-25752 at SUSECVE-2023-25752 at NVDCVE-2023-28159 at SUSECVE-2023-28159 at NVDCVE-2023-28160 at SUSECVE-2023-28160 at NVDCVE-2023-28161 at SUSECVE-2023-28161 at NVDCVE-2023-28162 at SUSECVE-2023-28162 at NVDCVE-2023-28163 at SUSECVE-2023-28163 at NVDCVE-2023-28164 at SUSECVE-2023-28164 at NVDCVE-2023-28176 at SUSECVE-2023-28176 at NVDCVE-2023-28177 at SUSECVE-2023-28177 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for apache2 (Important)SUSE OpenStack Cloud 9
This update for apache2 fixes the following issues:
- CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).
The following non-security bugs were fixed:
- Fixed passing health check does not recover worker from its error state (bsc#1208708).
ImportantSUSE bug 1208708SUSE bug 1209047CVE-2023-25690 at SUSECVE-2023-25690 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-cffi (Moderate)SUSE OpenStack Cloud 9
This update for python-cffi fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to immutable python object being changed (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils (Important)SUSE OpenStack Cloud 9
This update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils contains the following fixes:
Security fixes included on this update:
openstack-cinder, openstack-glance, openstack-nova:
- CVE-2022-47951: Fixed file access control through custom VMDK flat descriptor. (bsc#1207321)
Non-security changes included on this update:
Changes in openstack-cinder:
- Fixed file access control through custom VMDK flat descriptor. (bsc#1207321, CVE-2022-47951)
Changes in openstack-glance:
- Enforce image safety during image_conversion. (bsc#1207321, CVE-2022-47951)
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev58:
* Add no nat cidrs network extension
- Update to version group-based-policy-14.0.1.dev57:
* Cleanup stable branches
- Update to version group-based-policy-14.0.1.dev56:
* Revert 'Add no nat cidrs network extension'
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev55:
* Add no nat cidrs network extension
2014.2rc1
- Update to version group-based-policy-14.0.1.dev54:
* Add python39 gate support
* Fixes for tox4
Changes in openstack-nova:
- Fixed file access control through custom VMDK flat descriptor. (bsc#1207321, CVE-2022-47951)
Changes in python-oslo.utils:
- Report format specific details when using JSON output format. (bsc#1207321)
ImportantSUSE bug 1207321CVE-2022-47951 at SUSECVE-2022-47951 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).
The following non-security bugs were fixed:
- kabi/severities: add l2tp local symbols
ImportantSUSE bug 1191881SUSE bug 1194535SUSE bug 1201420SUSE bug 1203331SUSE bug 1203332SUSE bug 1205711SUSE bug 1207051SUSE bug 1207773SUSE bug 1207795SUSE bug 1208700SUSE bug 1209188CVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-2991 at SUSECVE-2022-2991 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for oracleasm (Moderate)SUSE OpenStack Cloud 9
This update of oracleasm fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud:9Security update for xen (Important)SUSE OpenStack Cloud 9
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for grub2 (Moderate)SUSE OpenStack Cloud 9
This update of grub2 fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud:9Security update for python-Django (Important)SUSE OpenStack Cloud 9
This update for python-Django fixes the following issues:
- CVE-2024-27351: Align the patch with the upstream one and make it more robust. (bsc#1220358)
ImportantSUSE bug 1220358CVE-2024-27351 at SUSECVE-2024-27351 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Pillow (Important)SUSE OpenStack Cloud 9
This update for python-Pillow fixes the following issues:
- CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262)
ImportantSUSE bug 1222262CVE-2024-28219 at SUSECVE-2024-28219 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Pillow (Important)SUSE OpenStack Cloud 9
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048)
ImportantSUSE bug 1219048CVE-2023-50447 at SUSECVE-2023-50447 at NVDcpe:/o:suse:suse-openstack-cloud:9Feature update for LibreOffice (Important)SUSE OpenStack Cloud 9
This update for LibreOffice fixes the following issues:
libreoffice:
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* For the highlights of changes of version 7.4 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.4
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
* poppler-data version update from 0.4.10 to 0.4.11
* skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
* New build dependencies:
* fixmath-devel
* libwebp-devel
* zlib-devel
* dragonbox-devel
* at-spi2-core-devel
* libtiff-devel
dragonbox:
- New package at version 1.1.3 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
fixmath:
- New package at version 2022.07.20 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
libmwaw:
- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
* Add debug code to read some private rsrc data
* Allow to read some MacWrite which does not have printer informations
* Add a parser for Scoop files
* Add a parser for ScriptWriter files
* Add a parser for ReadySetGo 1-4 files
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Important)SUSE OpenStack Cloud 9
This update for python-Django1 fixes the following issues:
- CVE-2024-24680: Fixed a denial-of-service in intcomma template filter (bsc#1219683).
- CVE-2024-27351: Fixed potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` (bsc#1220358).
ImportantSUSE bug 1219683SUSE bug 1220358CVE-2024-24680 at SUSECVE-2024-24680 at NVDCVE-2024-27351 at SUSECVE-2024-27351 at NVDcpe:/o:suse:suse-openstack-cloud:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issue:
Security issue fixed:
- CVE-2019-6975: Fixed memory exhaustion in django.utils.numberformat.format() (bsc#1124991).
ModerateSUSE bug 1124991CVE-2019-6975 at SUSECVE-2019-6975 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2019-12308: Fixed an improper validatation of the clickable 'Current URL' link in AdminURLFieldWidget
which could have allowed attackers to perform XSS attacks (bsc#1136468).
ModerateSUSE bug 1136468CVE-2019-12308 at SUSECVE-2019-12308 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana packages (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana package fixes the following issues:
- Update to version 9.0+git.1560211997.7ac9792:
* Adds repository list parameter (bsc#1122825)
- Update to version 9.0+git.1557219331.457b6e7:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559292830.208d258:
* Convert number of workers to int (SOC-9418)
- Update to version 9.0+git.1557424689.2b085d5:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1556225774.492d42c:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220194.6a90deb:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219517.7b97993:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559039284.6fc1d47:
* Convert number of workers to int (SOC-9384)
- Update to version 9.0+git.1558583814.a96bada:
* Restrict rootwrap directories for cinder (bsc#1132542)
- Update to version 9.0+git.1557421539.521a486:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219553.d850ca4:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219586.7c96a6d:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219626.b190680:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560868957.42bcb70:
* MariaDB conf changes IPv6 (SOC-9089)
- Update to version 9.0+git.1559351643.a440414:
* Configure xinted mysqlchk to accept ipv6 (SOC-9369)
- Update to version 9.0+git.1557219651.3d4d2d5:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1554995553.23d9513:
* Configurable innodb flush options (SCRD-7496)
- Switch to new Gerrit Server
- Update to version 9.0+git.1558588538.9211022:
* Secure designate's rootwrap files (bsc#1132542)
- Update to version 9.0+git.1558549508.9bfa9e7:
* specify rootwrap config file in designate sudoer (bsc#1132542)
- Update to version 9.0+git.1557219686.0e71bf9:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559033522.5e5be1c:
* Convert number of workers to int (SOC-9381)
- Update to version 9.0+git.1557421456.f1e5016:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219717.fe1bde6:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559036788.b727b53:
* Convert number of workers to int (SOC-9382)
- Update to version 9.0+git.1557421526.a8c13bf:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219773.fe2f6aa:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219807.6036a8e:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220534.883f8c9:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1557189507.c786525:
* add external network to Ironic multi-tenancy input model (SCRD-8930)
- Update to version 9.0+git.1557189482.8931e67:
* add neutron_l3_agent plugin (SCRD-8929)
- Switch to new Gerrit Server
- Update to version 9.0+git.1556199488.bdf1cdc:
* SCRD-7471 Don't set external-name in ardana-ci models (SCRD-7471)
- Update to version 9.0+git.1559171053.476225c:
* Move keystone error url to locale bundle (SOC-3456)
* Add doc link to 503 error from Keystone (SOC-3456)
- Update to version 9.0+git.1558732415.467c8ab:
* Consolidate setCloseButtonDisabled
* Disable close button when playbook or action in progress
* Disable close button when playbook or action in progress
* Updated comments
* Fixed an issue for replacing controller page
* Prevent operations when replacing a server in progress (SCRD-8756)
- Update to version 9.0+git.1558726203.bae5a7d:
* Updated the message for full deployment (SOC-8879)
* Add SES integration into day0/2 (SoC-8555) (#342)
- Update to version 9.0+git.1557281300.f3e29e9:
* Use Lato font version 2.015 from latofonts.com (#349)
- Update to version 9.0+git.1556908018.7801990:
* Update documentation useful link (SCRD-8689)
* Open useful links in a new tab (SCRD-8910)
* Added prepare deployment/deploy capability to model config (SCRD-8879)
- Update to version 9.0+git.1560365077.17250c6:
* Sync up rootwrap filters with upstream (SOC-9500)
- Update to version 9.0+git.1557219834.53dbb0b:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559292289.b5ed172:
* Convert number of processes to int (SOC-9418)
- Update to version 9.0+git.1557421499.3e9fe25:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557219888.c532b5e:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219914.6d7ebb5:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557219960.226e32b:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Switch to new Gerrit Server
- Update to version 9.0+git.1556646861.58ce24f:
* update audit API map for Manila (SCRD-8747)
- Update to version 9.0+git.1557219995.cd49525:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1556731170.c8210e0:
* Rip out vertica related code (SCRD-9031)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220073.7e88cfa:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560214193.fc0378b:
* bind epmd.socket to ipv4 and ipv6 (SOC-8364)
- Update to version 9.0+git.1557220112.00d7117:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560464557.d2f6200:
* Remove the creation of /etc/neutron/rootwrap.conf (SOC-9472)
- Update to version 9.0+git.1560196282.28bbf67:
* Change how lbaasv2 rootwrap filters are installed (SOC-9457)
- Update to version 9.0+git.1560195873.c45568f:
* Rootwrap changes for supported L3-agent extensions (SOC-9459)
- Update to version 9.0+git.1559846163.ca22b06:
* Improve neutron service restart limit handling (SOC-8746)
- Update to version 9.0+git.1559031432.b99d89a:
* Convert number of workers to int (SOC-9379)
- Update to version 9.0+git.1558569689.36fbbd5:
* Tighten neutron sudoers to only execute rootwrap (bsc#1132542) (SOC-9031)
- Update to version 9.0+git.1557942331.3c74f81:
* Kill dhclient before restarting neutron-openvswitch-agent (SOC-9230)
- Update to version 9.0+git.1557421465.faf2c38:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Update to version 9.0+git.1557322578.4542665:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559869848.7a706df:
* Adding support for qemu-ovmf to ardana (SOC-8985)
- Update to version 9.0+git.1559823309.d3d23fe:
* Convert number of workers to int (SOC-9380)
- Update to version 9.0+git.1559234129.2fd63a9:
* SCRD-9031 Change permitted nova-rootwrap config file pattern (bsc#1132542)
- Update to version 9.0+git.1558549516.86e9f59:
* specify rootwrap config file in nova sudoer (bsc#1132542)
- Update to version 9.0+git.1554825274.040de21:
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560519270.e0a2620:
* Tune bumpng anphora retries (SOC-9285)
- Update to version 9.0+git.1558549438.4ce3e83:
* Stop installing a sudoers root escalator (SCRD-9031)
- Update to version 9.0+git.1555319067.9e6f74e:
* Increase number of connect retries (SCRD-7496)
- Switch to new Gerrit Server
- Switch to new Gerrit Server
- Update to version 9.0+git.1555530925.206f1a8:
* Fix 'Add New Dashboard Card' button on Ops Console dashboard (SCRD-7697)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560269313.7ddaff2:
* Configure sysctl neigh.default.gc_thres for ipv6 (SOC-5771)
- Update to version 9.0+git.1559870350.2cde7ea:
* Remove '/32' from iptables tasks (SOC-9349)
- Update to version 9.0+git.1557219143.2fc9eb2:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560974342.47a5b12:
* Correctly handle HttpError during authentication (SOC-3456)
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220501.ebd3011:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Switch to new Gerrit Server
- Update to version 9.0+git.1557220247.e78d1c3:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 9.0+git.1559038506.cc119d9:
* Convert number of workers to int (SOC-9383)
- Update to version 9.0+git.1557421607.00a5fae:
* Update gerrit location (SCRD-9140)
* SCRD-8748 Fix default worker count determination logic (SCRD-8748)
- Switch to new Gerrit Server
- Update to version 9.0+git.1560949748.f0bd816:
* Blacklist test_delete_policies_while_tenant_attached_to_net (SOC-9235)
- Update to version 9.0+git.1560694157.69a4419:
* Blacklist some revert tests (SOC-9178)
- Update to version 9.0+git.1560529053.50e76bf:
* Blacklist some revert tests (SOC-9178)
- Update to version 9.0+git.1560517118.0aac5fd:
* Add configuration for manila-tempest-plugin (SOC-7496)
- Update to version 9.0+git.1560180804.42077a8:
* Revert Remove common failing tests from tempest runs (SOC-9366)
- Update to version 9.0+git.1559833566.10d972d:
* Fix lbaas tempest filter (SOC-7496)
- Update to version 9.0+git.1559139132.a92980b:
* Move some nova tests to serial (SOC-9366)
- Update to version 9.0+git.1558706119.27e844b:
* Remove comoonly failing tests from tempest runs (SOC-9366)
- Update to version 9.0+git.1557825747.1002f16:
* run neutron-lbaas tempest tests sequentially (SCRD-9176)
- Update to version 9.0+git.1557421599.43d2140:
* Update gerrit location (SCRD-9140)
- Update to version 9.0+git.1557335657.ab2f1b9:
* Disable TestVolumeBootPattern.test_volume_boot_pattern (SCRD-9015)
* Make --os-test-timeout configurable and increase default (SCRD-7496)
- Update to version 9.0+git.1556893395.1813ec1:
* Increase and make timeout values configurable (SCRD-7496)
* Configure tempest heat_plugin (SCRD-7496)
- Switch to new Gerrit Server
- Update to version 9.0+git.1556788546.313ff00:
* Enable additional features for cinder testing (SCRD-7496)
* Enable volume backed live migration tests (SCRD-7496)
- Update to version 9.0+git.1556788508.468dae0:
* Set admin project to cloud admin project (SCRD-7496)
- Update to version 9.0+git.1556728115.62a8427:
* Set cinder/glance admin on tempest roles (SCRD-7496)
- Update to version 9.0+git.1556721233.8750e33:
* Configure neutron tempest plugin (SCRD-7496)
- Update to version 9.0+git.1556721213.3c2f140:
* Update neutron api extensions list (SCRD-7496)
- Update to version 9.0+git.1556530821.e592de1:
* Update tempest test filters (SCRD-7496)
- Update to version 9.0+git.1557220381.5641a2e:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Update to version 1.0+git.1560518045.ad7dc6d:
* Patching node before bootstraping
- Update to version 6.0+git.1561125496.b7508480:
* IPv6: Export ip_version and handle the DHCP domain
- Update to version 6.0+git.1558489909.b45da865:
* ipv6: Update start-up.sh to be IPv6 compatible
- Update to version 6.0+git.1558002425.cc651aae:
* crowbar: Make potential output of reset_crowbar visible
- Update to version 6.0+git.1562154525.5e2983308:
* Crowbar: DomainName verification relaxed
- Update to version 6.0+git.1561729566.22019624e:
* upgrade: Mark correctly the set of nodes that was selected for upgrade
- Update to version 6.0+git.1561555935.31c4165cc:
* Use proper names for the Travis Tests (SOC-9565)
* Replace Danger with Gitlint (SOC-9565)
* Switch from Travis dist from Trusty to Xenial (SOC-9565)
- Update to version 6.0+git.1561381017.8aab650d0:
* network: Don't set datapath-ids on ovs-bridges anymore
- Update to version 6.0+git.1560962186.456663e42:
* crowbar: Save sync_mark attributes in databag
* dns: fix designate migration
- Update to version 6.0+git.1560522168.7a376b958:
* travis: pin sexp_processor to 4.12.0
* Allow restricted API access during upgrade
- Update to version 6.0+git.1559635691.42aa36659:
* deployer: Use dhcp on crowbar_register only when enable_pxe is set (bsc#1132654)
* network: Allow locking down the network config for nodes (bsc#1120657)
- Update to version 6.0+git.1558533504.0a5369b05:
* provisioner: enabled tuned profiles
- Update to version 6.0+git.1558029089.90c1cb545:
* crowbar: Add debug logging to restore API
* crowbar: Move crowbarrc mgmt into crowbar cookbook (SCRD-8330)
- Update to version 6.0+git.1557765503.660dd52c5:
* Ignore CVE-2019-11068 during Travis (SOC-9262)
- Update to version 6.0+git.1557210549.ec8c84852:
* Fix order of values in nodes piechart
- Update to version 6.0+git.1556186576.4d681c4ed:
* Update Lato font to version 2.015 (SCRD-8948)
- Update to version 6.0+git.1560951093.4af1ee5:
* Add timeout multiplier
* Make default sync_mark timeout configurable
- update suse-branding.patch (SOC-9297)
- Update to version 6.0+git.1562153583.4735fcf34:
* Sync Travis with crowbar-core (SOC-9565)
- Update to version 6.0+git.1561546411.c9b99ebbb:
* Make ovs of_inactivity_probe configurable from neutron barclamp
- Update to version 6.0+git.1561124272.c447b965b:
* Configurable timeout for Galera pre-sync
- Update to version 6.0+git.1560962133.cf99aa9eb:
* monasca: use string keys for attrs in migrations
- Update to version 6.0+git.1560502325.7de215873:
* nova: only create nonexistent cell1
* nova: reinstate old db sync ordering
- Update to version 6.0+git.1560353653.b92e4f9c1:
* designate: do not use pacemaker as all the services are stateless
* designate: allow worker on cluster.
- Update to version 6.0+git.1559857307.9cb8796a6:
* rabbitmq: Fix ACL of SSL key after uid/gid change
- Update to version 6.0+git.1559841020.dfbbc5be5:
* tempest: Disable Barbican validation of signed image (SOC-8578)
- Update to version 6.0+git.1559637225.141253d99:
* ironic: Add Redfish drivers by default
- Update to version 6.0+git.1559542941.26fe90143:
* ironic: Install deploy image with ironic
- Update to version 6.0+git.1559214145.66de78575:
* nova: Don't retry creating existing flavors
- Update to version 6.0+git.1558698448.10d30a50d:
* ironic: Use IP also in [swift] section
- Update to version 6.0+git.1558609537.4ebc9b31d:
* neutron: increase interval between checks to 30s
* neutron: remove .openrc creation from neutron cookbooks
* neutron: Don't restart l3-ha on .openrc change
- Update to version 6.0+git.1558326886.306598770:
* nova: Show stdout/stderr when 'openstack flavor list' fails
- Update to version 6.0+git.1558084779.634ff6e8a:
* neutron: Add 'insecure' to old cli calls
- Update to version 6.0+git.1557932150.575791c62:
* database: Make wsrep_provider_options configurable (fate#327745)
* horizon: Disable Ceph dashboard if not monitored (SOC-7573)
- Update to version 6.0+git.1557840648.637a6f7e6:
* monasca: Fix notification types initialisation
* monasca: Add openvswitch plugin (SCRD-7571)
* designate: do not install the keystone_authtoken on worker nodes
* monasca: Configure `delegate_authorized_roles`
- Update to version 6.0+git.1557734236.12a27293f:
* database: Raise and align promote/demote timeouts (bsc#1131791)
- Update to version 6.0+git.1557393769.797307d6f:
* neutron: use crm_resource restart for restarting neutron-l3-ha-service
- Update to version 6.0+git.1556267896.b86529796:
* neutron: restart neutron-ha-tool when the config file changes
- Update to version 6.0+git.1556220665.450d8de69:
* tempest: Enable BaremetalBasicOps test
- Update to version 9.20190621:
* Update after branching change
* Update operations-maintenance-update_maintenance.xml
* add scottwulf content
* address recommended changes
* change PTF deploy instructions (bsc#1128453)
- switch to maintenance/cloud_9 git branch
- Update to version 9.20190620:
* add designate barclamp (SCRD-8739)
- Update to version 9.20190613:
* Language update to copy-on-write
* model tab for day2 UI (SOC-8879) - replaces PR992
* Updated model tab for day2 UI (SOC-8879)
- Update to version 9.20190611:
* Fixing merge conflicts
* Fixing minor issue
* Fixing Tim's edits to the config file
* Adding Carl's edits
* updating versions and intro
* Adding comments from Walter Boring
* Fixes
* Fix broken build and comments
* Fix SES Integration chapter: SOC-9343
- Update to version 9.20190610:
* Triggering a re-build
* Fixing filename error
* Update install_caasp_heat_templates.xml
* Update installation-installation-ses_integration.xml
* Updating based on Carl's clarification
* Fix bsc#1131899
* Further CaaSP restructuring and removing outdated instructions
* Include instructions for registering CaaSP for MU's (SCRD-8793)
- Update to version 9.20190607:
* add OVSvApp, Nova proxy VM sizing (no bsc, no Jira)
* optipng deployment images (no bsc, no Jira)
* add nova-proxy description to ESXi and OVSvApp section (no bsc, no Jira)
- Update to version 9.20190605:
* move fernet token to supported Keystone feature
- Update to version 9.20190528:
* Remove docmanager section
* Reformat the file
* Feedback from csymons
* Crowbar POC initial version
- Update to version 9.20190522:
* Remove completely outdated Bugzilla association from Supplement Guide
* Remove upstream admin/user guides
- Update to version 9.20190521:
* add Network Security Group logging (SCRD-9124)
- Update to version 9.20190520:
* CLM - update MariaDB manually (bsc#1132852, SOC-9022)
* add instructions for updating MariaDB manually (bsc#1132852)
- Update to version 9.20190516:
* Fix command to create external network
* Remove sudo from commands in 'Setting Up Multiple External Networks'
- Update to version 9.20190515:
* Update README.adoc
- Update to version 9.20190514:
* Grammar fix
* README: Add super dummy docs how to build locally
* Document bootstrap galera cluster with a missing node (bsc#1132853)
* Remove authors.xml
* Refinements to CaaSP MU process
* Included changes requested by reviewers
* Instruct CaaS users to install Tiller component (SCRD-8793)
* Update install_caasp_heat_templates.xml
* Document more necessary CaaSP settings (SCRD-8793)
- Update to version 9.20190509:
* update boot from SAN and multipath configuration (SCRD-8942)
* remove outdated Swift instructions (SCRD-8941)
* replace SOC 8 with SOC 9 (no bsc)
* make Fernet token default (bsc#1134336)
- Update to version 9.20190508:
* increase VMs supported to 12000 (no bsc, no SCRD)
- Update to version 9.20190506:
* change repo location cloud8 to cloud9 Rocket Chat
* remove note re uefi, secure boot (bsc#1132832)
- Update to version 9.20190425:
* address requested changes
* change Monasca documentation (SCRD-7786)
* changes to RHEL Installation Guide requested by T.R. (no bsc#, no SCRD)
* adjust table structure and headings
* restructure console alarm table (SCRD-7710, bsc#1124170)
* restructure esx alarm table (SCRD-7710, bsc#1124170)
* restructure identity alarm table (SCRD-7710, bsc#1124170)
* restructure system alarms table (SCRD-7710, bsc#1124170)
* restructure networking table (SCRD-7710, bsc#1124170)
* restructure other alarms table (SCRD-7710, bsc#1124170)
* restructure telemetry table (SCRD-7710, bsc#1124170)
* restructure storage table (SCRD-7710, bsc#1124170)
* complete compute alarm table
- Update to version 9.20190424:
* update Manila component installation (SCRD-8940)
- Update to version 9.20190423:
* Update Day0 screenshots (SCRD-8976) (#951)
- Update to version 9.20190422:
* add cobbler deprecation notice (no bsc#, no SCRD)
* set up security rule before creating VM (SCRD-8947)
- Update to version 9.20190419:
* fix neutron ovsvapp commands (SCRD-8911)
- Add 0001-Use-strings-when-setting-X-Cache-header.patch
Fixes a problem with Twisted versions where headers values
must be strings, not bools.
- Update to version 0.0+git.1562242499.36b8b64 (bsc#1122053):
* Add optional systemd ready and watchdog support
* Drop unneeded check for 'conn'
* Reset last_query_response when the cache needs to be updated
* Drop unneeded 'conn' var initialization
* Move respone header generation to own function
* Use None as default result
* Drop opts.being_updated variable
* Use contextmanager for DB connection
* Refactor DB method to get WSREP local state
* Refactor method to get readonly DB status
* pep8: Fix E712 comparison to False should be 'if cond is False:'
* pep8: Fix E305 expected 2 blank lines after class or function def
* pep8: Fix E124 closing bracket does not match visual indentation
* pep8: Fix E251 unexpected spaces around keyword / parameter equals
* pep8: Fix E262 inline comment should start with '# '
* pep8: Fix E261 at least two spaces before inline comment
* pep8: Fix F841 local variable is assigned to but never used
* pep8: Fix E302 expected 2 blank lines, found 1
* pep8: Fix E265 block comment should start with '# '
* pep8: Fix E231 missing whitespace after ','
* pep8: Fix E999 SyntaxError: invalid syntax
* pep8: Fix F821 undefined name
* pep8: Fix E225 missing whitespace around operator
* pep8: Fix E221 multiple spaces before operator
* pep8: Fix F401 module imported but unused
* Add clustercheck to console_scripts
* Add basic test infrastructure and a first pep8 job
* Fix exception handling for pymysql exception
* Readd argparse usage
* Fix installation requirements
* Add read timeout to prevent connection hanging forever
* Exclude benchmark/ directory when creating sdist tarball
* Use argparse instead of optparse
* Add basic logging infrastructure
* Add a standard setup.py file
* Catch all query exceptions
* Switch to PyMySQL
- Drop pymysql.patch and readtimeout.patch. Both merged upstream.
- Use systemd service type=notify which is now supported upstream
- Use systemd watchdog which is now supported upstream
- Update to version 5.3.3 (CVE-2018-19039, bsc#1115960) :
* File Exfiltration vulnerability Security fix
- Update to version ceilometer-11.0.2.dev13:
* Update reno for stable/rocky
- Update to version ceilometer-11.0.2.dev12:
* [stable-only] Fix sphinx requirement
- Update to version ceilometer-11.0.2.dev10:
* tempest: Allow to configure tempest config
- Update to version ceilometer-11.0.2.dev8:
* Remove \_ceilometer\_check\_for\_storage check
* OpenDev Migration Patch
- Update to version ceilometer-11.0.2.dev6:
* Added snapshot delete event
* Fixes KeyError on volume create/delete
- Update to version ceilometer-11.0.2.dev13:
* Update reno for stable/rocky
- Update to version ceilometer-11.0.2.dev12:
* [stable-only] Fix sphinx requirement
- Update to version ceilometer-11.0.2.dev10:
* tempest: Allow to configure tempest config
- Update to version ceilometer-11.0.2.dev8:
* Remove \_ceilometer\_check\_for\_storage check
* OpenDev Migration Patch
- Update to version ceilometer-11.0.2.dev6:
* Added snapshot delete event
* Fixes KeyError on volume create/delete
- Update to version cinder-13.0.6.dev12:
* Create new image volume cache entry when cloning fails
- Update to version cinder-13.0.6.dev10:
* Fix python3 compatibility of rbd get\_fsid
- Update to version cinder-13.0.6.dev9:
* lvm: Only use initiators when comparing connector dicts
- Update to version cinder-13.0.6.dev7:
* Declare multiattach support for HPE MSA
- Update to version cinder-13.0.6.dev6:
* Fix 'connector=None' issue in Kaminario drivers
- Update to version cinder-13.0.6.dev5:
* NetApp: Return all iSCSI targets-portals
- Update to version cinder-13.0.6.dev4:
* Make sure we install cinder requirements during the correct tox phase
13.0.5
- Update to version cinder-13.0.5.dev27:
* Remove LOCI publishing from the post pipeline
* 3PAR: Provide an option duing creation of volume from snapshot
* OpenDev Migration Patch
* Tests: Fix up test\_volume notify tests
* Remove auth\_uri usage
* Tests: Fix up migrate notify tests
* Handle multiattach attribute when managing volumes
* Set right attach mode after migration
* Replace openstack.org git:// URLs with https://
* Check Volume Status on attahcment create/update
13.0.4
* NetApp SolidFire: Fix multi-attach volume deletion
* Fix Support Matrix - Pure does support Multiattach
* Fix Snapshot object metadata loading
* VNX: update sg in cache
* Restore VMAX unit test mock
* VMAX Driver - Fix for invalid device id length
* Raise the ImageTooBig exception when found it
* hpe 3par driver initialization failure
* Fix unexpected behavior in \_clone\_image\_volume
* VNX: Add constraints for async migration
* Handle drivers that do not support list manageable
* Fix wrong uuid recognized when create group
* Exclude disabled API versions from listing
* Tintri: Inherit tests from BaseDriverTestCase
* VMware: Fix revert-to-snapshot
* Fix api-ref title levels and index
* Fix group availability zone-backend host mismatch
* Fix version return incorrect when endpoint url end without /
* Fix for auth version change in Brcd HTTP
* VNX Driver: delete\_hba() instead of remove\_hba()
* Fix for HPE MSA 2050 login failures
13.0.3
* Avoid using 'truncate' on Windows
* Fix permissions with NFS-backed snapshots and backups
* Delete related encryption provider when a volume type is deleting
- Update to version cinder-13.0.6.dev12:
* Create new image volume cache entry when cloning fails
- Update to version cinder-13.0.6.dev10:
* Fix python3 compatibility of rbd get\_fsid
- Update to version cinder-13.0.6.dev9:
* lvm: Only use initiators when comparing connector dicts
- Update to version cinder-13.0.6.dev7:
* Declare multiattach support for HPE MSA
- Update to version cinder-13.0.6.dev6:
* Fix 'connector=None' issue in Kaminario drivers
- Update to version cinder-13.0.6.dev5:
* NetApp: Return all iSCSI targets-portals
- Update to version cinder-13.0.6.dev4:
* Make sure we install cinder requirements during the correct tox phase
13.0.5
- Update to version cinder-13.0.5.dev27:
* Remove LOCI publishing from the post pipeline
* 3PAR: Provide an option duing creation of volume from snapshot
* OpenDev Migration Patch
* Tests: Fix up test\_volume notify tests
* Remove auth\_uri usage
* Tests: Fix up migrate notify tests
* Handle multiattach attribute when managing volumes
* Set right attach mode after migration
* Replace openstack.org git:// URLs with https://
* Check Volume Status on attahcment create/update
13.0.4
* NetApp SolidFire: Fix multi-attach volume deletion
* Fix Support Matrix - Pure does support Multiattach
* Fix Snapshot object metadata loading
* VNX: update sg in cache
* Restore VMAX unit test mock
* VMAX Driver - Fix for invalid device id length
* Raise the ImageTooBig exception when found it
* hpe 3par driver initialization failure
* Fix unexpected behavior in \_clone\_image\_volume
* VNX: Add constraints for async migration
* Handle drivers that do not support list manageable
* Fix wrong uuid recognized when create group
* Exclude disabled API versions from listing
* Tintri: Inherit tests from BaseDriverTestCase
* VMware: Fix revert-to-snapshot
* Fix api-ref title levels and index
* Fix group availability zone-backend host mismatch
* Fix version return incorrect when endpoint url end without /
* Fix for auth version change in Brcd HTTP
* VNX Driver: delete\_hba() instead of remove\_hba()
* Fix for HPE MSA 2050 login failures
13.0.3
* Avoid using 'truncate' on Windows
* Fix permissions with NFS-backed snapshots and backups
* Delete related encryption provider when a volume type is deleting
- add dependency on nfs-utils
- Update to version horizon-14.0.4.dev4:
* Make project volume group table work even with volumev3 only env
- Update to version horizon-14.0.4.dev3:
* Complete angular translation extract pattern
14.0.3
* OpenDev Migration Patch
* Imported Translations from Zanata
- Update to version designate-7.0.1.dev20:
* Allow pdns4 backend to select tsigkey
- Update to version designate-7.0.1.dev18:
* Clean fix for bandit exclusions change
- Update to version designate-7.0.1.dev17:
* Fixing RabbitMQ gate timeouts
* Fix DBDeadLock error resulting into 500
- Update to version designate-7.0.1.dev13:
* Use branched version of neutron-tempest-plugin job
* OpenDev Migration Patch
- Update to version designate-7.0.1.dev20:
* Allow pdns4 backend to select tsigkey
- Update to version designate-7.0.1.dev18:
* Clean fix for bandit exclusions change
- Update to version designate-7.0.1.dev17:
* Fixing RabbitMQ gate timeouts
* Fix DBDeadLock error resulting into 500
- Update to version designate-7.0.1.dev13:
* Use branched version of neutron-tempest-plugin job
* OpenDev Migration Patch
- Update to version openstack-heat-11.0.3.dev5:
* Return None for attributes of sd with no actions
* Fix regression with SW deployments when region not configured
- Update to version openstack-heat-11.0.3.dev2:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
* OpenDev Migration Patch
11.0.2
- Update to version openstack-heat-11.0.3.dev5:
* Return None for attributes of sd with no actions
* Fix regression with SW deployments when region not configured
- Update to version openstack-heat-11.0.3.dev2:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
* OpenDev Migration Patch
11.0.2
- Update to version designate-dashboard-7.0.1.dev7:
* OpenDev Migration Patch
* Imported Translations from Zanata
- Update to latest spec from rpm-packaging
* Don't exclude python bytecode files in dashboards
* do not compress files during installation
* install settings file for heat-dashboard
- Update to version magnum-ui-5.0.2.dev9:
* Limit cluster update properties
* OpenDev Migration Patch
- Update to latest spec from rpm-packaging
* Don't exclude python bytecode files in dashboards
- Update to version ironic-11.1.4.dev2:
* Ansible module: fix configdrive partition creation step
- Update to version ironic-11.1.4.dev1:
11.1.3
* Place upper bound on python-dracclient version
- Update to version ironic-11.1.3.dev26:
* Update sphinx requirements
- Update to version ironic-11.1.3.dev25:
* Do not try to return mock as JSON in unit tests
* Ansible module fix: stream\_url
- Update to version ironic-11.1.3.dev22:
* Disable metadata\_csum when creating ext4 filesystems
- Update to version ironic-11.1.3.dev21:
* Fix pyghmi path
* OpenDev Migration Patch
* Reuse checksum calculation from oslo
- Update to version ironic-11.1.3.dev17:
* Ansible module: fix clean error handling
* Ansible module: fix partition\_configdrive.sh file
- Update to version ironic-11.1.4.dev2:
* Ansible module: fix configdrive partition creation step
- Update to version ironic-11.1.4.dev1:
11.1.3
* Place upper bound on python-dracclient version
- Update to version ironic-11.1.3.dev26:
* Update sphinx requirements
- Update to version ironic-11.1.3.dev25:
* Do not try to return mock as JSON in unit tests
* Ansible module fix: stream\_url
- Update to version ironic-11.1.3.dev22:
* Disable metadata\_csum when creating ext4 filesystems
- Update to version ironic-11.1.3.dev21:
* Fix pyghmi path
* OpenDev Migration Patch
* Reuse checksum calculation from oslo
- Update to version ironic-11.1.3.dev17:
* Ansible module: fix clean error handling
* Ansible module: fix partition\_configdrive.sh file
- Update to version ironic-python-agent-3.3.2.dev13:
* Bind mount /run into chroot when installing grub
* Ironic python agent does not extract correct available memory
- Update to version ironic-python-agent-3.3.2.dev9:
* Fix download upper constraints
- Update to version ironic-python-agent-3.3.2.dev7:
* Add more channel number for detecting BMC IP address
- Update to version ironic-python-agent-3.3.2.dev5:
* Fixes for building images with CoreOS
- Update to version ironic-python-agent-3.3.2.dev4:
* Fetch upper constraints from opendev.org
* OpenDev Migration Patch
- Update to version keystone-14.1.1.dev7:
* Blacklist bandit 1.6.0
* OpenDev Migration Patch
- Update to version keystone-14.1.1.dev5:
* Remove message about circular role inferences
- Update to version keystone-14.1.1.dev3:
* Delete shadow users when domain is deleted
- Update to version keystone-14.1.1.dev7:
* Blacklist bandit 1.6.0
* OpenDev Migration Patch
- Update to version keystone-14.1.1.dev5:
* Remove message about circular role inferences
- Update to version keystone-14.1.1.dev3:
* Delete shadow users when domain is deleted
* fix self-service credential APIs (bsc#1121530)
- Update to version magnum-7.1.1.dev24:
* Fix registry on k8s\_fedora\_atomic
- Update to version magnum-7.1.1.dev23:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
- Update to version magnum-7.1.1.dev22:
* Partial backport: Disable broken image building
* OpenDev Migration Patch
- Update to version magnum-7.1.1.dev24:
* Fix registry on k8s\_fedora\_atomic
- Update to version magnum-7.1.1.dev23:
* Blacklist bandit 1.6.0 and cap Sphinx on Python2
- Update to version magnum-7.1.1.dev22:
* Partial backport: Disable broken image building
* OpenDev Migration Patch
- Update to version manila-7.3.1.dev2:
* [CI] Add bindep.txt
* OpenDev Migration Patch
7.3.0
- Update to version manila-7.3.1.dev2:
* [CI] Add bindep.txt
* OpenDev Migration Patch
7.3.0
- Updated the openstack-monasca-agent-sudoers file (bsc#1132542)
- update to version 1.14.1~dev8
- Fix team and repository tags in README.rst
- update to version 1.14.1~dev7
- OpenDev Migration Patch
- Blacklist bandit and update sphinx requirement
- Fix loading of notification plugins
- Bug Fix: Parses notifier configuration options
- Update to version neutron-13.0.4.dev89:
* Treat networks shared by RBAC in same way as shared with all tenants
* Turn CIDR in query filter into proper subnet
- Update to version neutron-13.0.4.dev86:
* Prevent create port forwarding to port which has binding fip
- Update to version neutron-13.0.4.dev84:
* Release notes for dns\_domain behavioural changes
- Update to version neutron-13.0.4.dev83:
* DVR: on new port only send router update on port's host
- Update to version neutron-13.0.4.dev81:
* Reset MAC on unbinding direct-physical port
- Update to version neutron-13.0.4.dev79:
* Optimize the code that fixes the race condition of DHCP agent
- Update to version neutron-13.0.4.dev77:
* Switch to new engine facade for Route objects
* Revert 'Pass network's dns\_domain to dnsmasq conf'
- Update to version neutron-13.0.4.dev73:
* SRIOV agent: wait VFs initialization on embedded switch create
- Update to version neutron-13.0.4.dev72:
* Make OVS controller inactivity\_probe configurable
* improve dvr port update under large scale deployment
* Packets getting lost during SNAT with too many connections
* [DVR] Block ARP to dvr router's port instead of subnet's gateway
* Use list instead of six.viewkeys to avoid py2 to py3 problems
* Only store segmenthostmapping when enable segment plugin
* Wait to ipv6 accept\_ra be really changed by L3 agent
* Add port\_forwarding to devstack plugin
* Allow first address in an IPv6 subnet as valid unicast
* Show all SG rules belong to SG in group's details
* [DHCP] Don't resync network if same port is alredy in cache
* Remove rootwrap configuration from neutron-keepalived-state-change
* Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems
- Update to version neutron-13.0.4.dev50:
* Ensure dvr ha router gateway port binding host
- Update to version neutron-13.0.4.dev48:
* Async notify neutron-server for HA states
* Fix handling of network:shared field in policy module
* Fix creating policy rules from subattributes
* Keep HA ports info for HA router during entire lifecycle
* Don't count ports with inactive bindings as serviceable dvr ports
* Use dynamic lazy mode for fetching security group rules
- Update to version neutron-13.0.4.dev38:
* Revert iptables TCP checksum-fill code
- Update to version neutron-13.0.4.dev36:
* Get ports query: extract limit and use it only at the end
- Update to version neutron-13.0.4.dev34:
* Not process port forwarding if no snat functionality
* Move subnet postcommit out of transaction for bulk create
- Update to version neutron-13.0.4.dev30:
* Give some HA router case specific resources
- Update to version neutron-13.0.4.dev28:
* Check master/backup router status in DVR functional tests
- Update to version neutron-13.0.4.dev26:
* OpenDev Migration Patch
* Set HA failover bridges veth pair devices UP
- Update to version neutron-13.0.4.dev23:
* neutron.conf needs lock\_path set for router to operate This change is adding required configuration in neutron.conf to set the lock\_path parameter, which was missing in compute-install-ubuntu.rst
- Update to version neutron-13.0.4.dev21:
* Do not call update\_device\_list in large sets
- Update to version neutron-13.0.4.dev19:
* Avoid loading same service plugin more than once
* Add dependency for service plugin
* Prevent bind fip to port has port forwarding
* Make test service\_plugins override simple
* DVR: Correctly change MTU in fip namespace
- Update to version neutron-13.0.4.dev9:
* Choose random value for HA routes' vr\_id
13.0.3
* Set router\_id if floating IP has port\_forwardings
* Change default local ovs connection timeout
- Update to version neutron-13.0.4.dev89:
* Treat networks shared by RBAC in same way as shared with all tenants
* Turn CIDR in query filter into proper subnet
- Update to version neutron-13.0.4.dev86:
* Prevent create port forwarding to port which has binding fip
- Update to version neutron-13.0.4.dev84:
* Release notes for dns\_domain behavioural changes
- Update to version neutron-13.0.4.dev83:
* DVR: on new port only send router update on port's host
- Update to version neutron-13.0.4.dev81:
* Reset MAC on unbinding direct-physical port
- Update to version neutron-13.0.4.dev79:
* Optimize the code that fixes the race condition of DHCP agent
- Update to version neutron-13.0.4.dev77:
* Switch to new engine facade for Route objects
* Revert 'Pass network's dns\_domain to dnsmasq conf'
- Update to version neutron-13.0.4.dev73:
* SRIOV agent: wait VFs initialization on embedded switch create
- Update to version neutron-13.0.4.dev72:
* Make OVS controller inactivity\_probe configurable
* improve dvr port update under large scale deployment
* Packets getting lost during SNAT with too many connections
* [DVR] Block ARP to dvr router's port instead of subnet's gateway
* Use list instead of six.viewkeys to avoid py2 to py3 problems
* Only store segmenthostmapping when enable segment plugin
* Wait to ipv6 accept\_ra be really changed by L3 agent
* Add port\_forwarding to devstack plugin
* Allow first address in an IPv6 subnet as valid unicast
* Show all SG rules belong to SG in group's details
* [DHCP] Don't resync network if same port is alredy in cache
* Remove rootwrap configuration from neutron-keepalived-state-change
* Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems
- Update to version neutron-13.0.4.dev50:
* Ensure dvr ha router gateway port binding host
- Update to version neutron-13.0.4.dev48:
* Async notify neutron-server for HA states
* Fix handling of network:shared field in policy module
* Fix creating policy rules from subattributes
* Keep HA ports info for HA router during entire lifecycle
* Don't count ports with inactive bindings as serviceable dvr ports
* Use dynamic lazy mode for fetching security group rules
- Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860)
- Update to version neutron-13.0.4.dev38:
* Revert iptables TCP checksum-fill code
- Update to version neutron-13.0.4.dev36:
* Get ports query: extract limit and use it only at the end
- Update to version neutron-13.0.4.dev34:
* Not process port forwarding if no snat functionality
* Move subnet postcommit out of transaction for bulk create
- Update to version neutron-13.0.4.dev30:
* Give some HA router case specific resources
- Update to version neutron-13.0.4.dev28:
* Check master/backup router status in DVR functional tests
- Update to version neutron-13.0.4.dev26:
* OpenDev Migration Patch
* Set HA failover bridges veth pair devices UP
- Update to version neutron-13.0.4.dev23:
* neutron.conf needs lock\_path set for router to operate This change is adding required configuration in neutron.conf to set the lock\_path parameter, which was missing in compute-install-ubuntu.rst
- Update to version neutron-13.0.4.dev21:
* Do not call update\_device\_list in large sets
- Update to version neutron-13.0.4.dev19:
* Avoid loading same service plugin more than once
* Add dependency for service plugin
* Prevent bind fip to port has port forwarding
* Make test service\_plugins override simple
* DVR: Correctly change MTU in fip namespace
- Update to version neutron-13.0.4.dev9:
* Choose random value for HA routes' vr\_id
13.0.3
* Set router\_id if floating IP has port\_forwardings
* Change default local ovs connection timeout
* Fix KeyError in OVS firewall (bsc#1131712, CVE-2019-10876)
- Update to version neutron-fwaas-13.0.2.dev14:
* netfilter\_log: Correctly decode binary type prefix
* OpenDev Migration Patch
- Update to version neutron-fwaas-13.0.2.dev12:
* Fix the verification method before creating and updating the firewall rule
- Update to version neutron-fwaas-13.0.2.dev14:
* netfilter\_log: Correctly decode binary type prefix
* OpenDev Migration Patch
- Update to version neutron-fwaas-13.0.2.dev12:
* Fix the verification method before creating and updating the firewall rule
- Update to version group-based-policy-5.0.1.dev443:
* Fix the thread concurrency issue while calling gbp purge
* Workaround expunge failure for SubnetRoute in session identity\_map
- Update to version group-based-policy-5.0.1.dev440:
* [AIM] Fix handling of missing PortSecurityBinding
- Update to version group-based-policy-5.0.1.dev439:
* Pull the upper constraint file also from the opendev.org site
- Update to version group-based-policy-5.0.1.dev438:
* [AIM] Don't override loading of SG rules when validating
- Update to version group-based-policy-5.0.1.dev437:
* Enhance the log while getting the keystone notification
- Update to version group-based-policy-5.0.1.dev436:
* [AIM] Cleanup RPC implementations
* [AIM] Pass in limit=-1 to work around a Nova bug
* [AIM] Some enhancements
- Update to version group-based-policy-5.0.1.dev433:
* Fix CI again
* OpenDev Migration Patch
- Update to version group-based-policy-5.0.1.dev431:
* Re-enable unit tests and fix CI jobs
- Update to version neutron-lbaas-13.0.1.dev12:
* Fix memory leak in the haproxy provider driver
- Update to version neutron-lbaas-13.0.1.dev11:
* OpenDev Migration Patch
* Revert 'Updated 'create\_pool' method in plugin'
- Update to version neutron-lbaas-13.0.1.dev12:
* Fix memory leak in the haproxy provider driver
- Update to version neutron-lbaas-13.0.1.dev11:
* OpenDev Migration Patch
* Revert 'Updated 'create\_pool' method in plugin'
- Update to version neutron-vpnaas-13.0.2.dev4:
* Execute neutron-vpn-netns-wrapper with rootwrap\_config argument
* OpenDev Migration Patch
- Update to version neutron-vpnaas-13.0.2.dev4:
* Execute neutron-vpn-netns-wrapper with rootwrap\_config argument
* OpenDev Migration Patch
- Update to version nova-18.2.2.dev9:
* Init HostState.failed\_builds
* libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
- Update to version nova-18.2.2.dev5:
* Grab fresh power state info from the driver
- Update to version nova-18.2.2.dev3:
* libvirt: flatten rbd images when unshelving an instance
18.2.1
* Share snapshot image membership with instance owner
- Update to version nova-18.2.1.dev95:
* [ironic] Don't remove instance info twice in destroy
* docs: Don't version links to reno docs
* tox: Use basepython of python3.5
* Allow driver to properly unplug VIFs on destination on confirm resize
* Move get\_pci\_mapping\_for\_migration to MigrationContext
* Fixes multi-registry config in Quobyte driver
* Include all network devices in nova diagnostics
- Update to version nova-18.2.1.dev81:
* Fix live-migration when glance image deleted
- Update to version nova-18.2.1.dev79:
* Replace the invalid index of nova-rocky releasenote
* Workaround missing RequestSpec.instance\_group.uuid
* Add regression recreate test for bug 1830747
* [stable-only] Improve the reno for consoleauth upgrade check
* Restore connection\_info after live migration rollback
* libvirt: Do not reraise DiskNotFound exceptions during resize
* Stop logging traceback when skipping quiesce
* libvirt: Avoid using os-brick encryptors when device\_path isn't provided
- Update to version nova-18.2.1.dev63:
* Block swap volume on volumes with >1 rw attachment
- Update to version nova-18.2.1.dev62:
* Fix retry of instance\_update\_and\_get\_original
- Update to version nova-18.2.1.dev60:
* Fix assert methods in unit tests
* Skip \_exclude\_nested\_providers() if not nested
- Update to version nova-18.2.1.dev56:
* Pass on region when we don't have a valid ironic endpoint
- Update to version nova-18.2.1.dev54:
* Add functional confirm\_migration\_error test
* [stable-only] Delete allocations even if \_confirm\_resize raises (part 2)
- Update to version nova-18.2.1.dev50:
* xenapi/agent: Change openssl error handling
- Update to version nova-18.2.1.dev48:
* Use migration\_status during volume migrating and retyping
- Update to version nova-18.2.1.dev47:
* libvirt: Always disconnect volumes after libvirtError exceptions
* libvirt: Stop ignoring unknown libvirtError exceptions during volume attach
- Update to version nova-18.2.1.dev45:
* AZ list performance optimization: avoid double service list DB fetch
- Update to version nova-18.2.1.dev44:
* Create request spec, build request and mappings in one transaction
* Fix {min|max}\_version in ironic Adapter setup
- Update to version nova-18.2.1.dev41:
* Fix regression in glance client call
- Update to version nova-18.2.1.dev40:
* OpenDev Migration Patch
* libvirt: set device address tag only if setting disk unit
- Update to version nova-18.2.1.dev37:
* Update instance.availability\_zone on revertResize
* Add functional recreate test for bug 1819963
* Fix incomplete instance data returned after build failure
- Update to version nova-18.2.1.dev31:
* Delete allocations even if \_confirm\_resize raises
* Error out migration when confirm\_resize fails
* Don't warn on network-vif-unplugged event during live migration
* libvirt: disconnect volume when encryption fails
* Temporarily mutate migration object in finish\_revert\_resize
* Override the 'get' method in DriverBlockDevice class
- Update to version nova-18.2.1.dev19:
* Add missing libvirt exception during device detach
* Fix bug preventing forbidden traits from working
* Adding tests to demonstrate bug #1821824
- Update to version nova-18.2.2.dev9:
* Init HostState.failed\_builds
* libvirt: Rework 'EBUSY' (SIGKILL) error handling code path
- Update to version nova-18.2.2.dev5:
* Grab fresh power state info from the driver
- Update to version nova-18.2.2.dev3:
* libvirt: flatten rbd images when unshelving an instance
18.2.1
* Share snapshot image membership with instance owner
- Update to version nova-18.2.1.dev95:
* [ironic] Don't remove instance info twice in destroy
* docs: Don't version links to reno docs
* tox: Use basepython of python3.5
* Allow driver to properly unplug VIFs on destination on confirm resize
* Move get\_pci\_mapping\_for\_migration to MigrationContext
* Fixes multi-registry config in Quobyte driver
* Include all network devices in nova diagnostics
- Update to version nova-18.2.1.dev81:
* Fix live-migration when glance image deleted
- Update to version nova-18.2.1.dev79:
* Replace the invalid index of nova-rocky releasenote
* Workaround missing RequestSpec.instance\_group.uuid
* Add regression recreate test for bug 1830747
* [stable-only] Improve the reno for consoleauth upgrade check
* Restore connection\_info after live migration rollback
* libvirt: Do not reraise DiskNotFound exceptions during resize
* Stop logging traceback when skipping quiesce
* libvirt: Avoid using os-brick encryptors when device\_path isn't provided
- Update to version nova-18.2.1.dev63:
* Block swap volume on volumes with >1 rw attachment
- Update to version nova-18.2.1.dev62:
* Fix retry of instance\_update\_and\_get\_original
- Update to version nova-18.2.1.dev60:
* Fix assert methods in unit tests
* Skip \_exclude\_nested\_providers() if not nested
- Update to version nova-18.2.1.dev56:
* Pass on region when we don't have a valid ironic endpoint
- Update to version nova-18.2.1.dev54:
* Add functional confirm\_migration\_error test
* [stable-only] Delete allocations even if \_confirm\_resize raises (part 2)
- Update to version nova-18.2.1.dev50:
* xenapi/agent: Change openssl error handling
- Update to version nova-18.2.1.dev48:
* Use migration\_status during volume migrating and retyping
- Update to version nova-18.2.1.dev47:
* libvirt: Always disconnect volumes after libvirtError exceptions
* libvirt: Stop ignoring unknown libvirtError exceptions during volume attach
- Update to version nova-18.2.1.dev45:
* AZ list performance optimization: avoid double service list DB fetch
- Update to version nova-18.2.1.dev44:
* Create request spec, build request and mappings in one transaction
* Fix {min|max}\_version in ironic Adapter setup
- Update to version nova-18.2.1.dev41:
* Fix regression in glance client call
- Update to version nova-18.2.1.dev40:
* OpenDev Migration Patch
* libvirt: set device address tag only if setting disk unit
- Update to version nova-18.2.1.dev37:
* Update instance.availability\_zone on revertResize
* Add functional recreate test for bug 1819963
* Fix incomplete instance data returned after build failure
- Update to version nova-18.2.1.dev31:
* Delete allocations even if \_confirm\_resize raises
* Error out migration when confirm\_resize fails
* Don't warn on network-vif-unplugged event during live migration
* libvirt: disconnect volume when encryption fails
* Temporarily mutate migration object in finish\_revert\_resize
* Override the 'get' method in DriverBlockDevice class
- Update to version nova-18.2.1.dev19:
* Add missing libvirt exception during device detach
* Fix bug preventing forbidden traits from working
* Adding tests to demonstrate bug #1821824
- Update to version octavia-3.1.2.dev2:
* Add bindep.txt for Octavia
- Update to version octavia-3.1.2.dev1:
* Fix allocate\_and\_associate DB deadlock
3.1.1
- Update to version octavia-3.1.1.dev8:
* Treat null admin\_state\_up as False
* Performance improvement for non-udp health checks
- Update to version octavia-3.1.1.dev5:
* Bandit test exclusions syntax change
- Update to version octavia-3.1.1.dev4:
* Fix IPv6 in Active/Standby topology on CentOS
- Update to version octavia-3.1.1.dev3:
* Fix listener API handling of None/null updates
* OpenDev Migration Patch
- Update to version octavia-3.1.1.dev1:
* Fix a lifecycle bug with child objects
3.1.0
- Update to version 9.0+git.1558039547.f0d0ddf:
* Fix validate ip version call (SOC-9301)
- Update to version 9.0+git.1557220468.f113719:
* Update gerrit location (SCRD-9140)
- Switch to new Gerrit Server
- Add patch to toggle signed image validation (SCRD-8578)
- update to version 4.0.2
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Replace openstack.org git:// URLs with https://
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- import zuul job settings from project-config
- Raise API max version for Rocky updates
- Switch to new Gerrit Server
- removed 0001-pass-endpoint-interface-to-http-client.patch
- update to version 2.5.2
- Replace openstack.org git:// URLs with https://
- pass endpoint interface to http client
- Use endpoint_override in version negotiation
- Add back tarball
- added 0002-Skip-read-only-test-for-CIFS.patch
- added 0001-Fix-CIFS-access-for-non-multitenant-setup.patch
- update to version 1.24.2
- Fix get_base_url
- [CI] Fix logs for the functional test job
- Return is_default as a value instead of a function object
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Replace openstack.org git:// URLs with https://
- Don't quote {posargs} in tox.ini
- import zuul job settings from project-config
- update to version 2.5.7
- Fix FC case sensitive scanning
- update to version 4.40.2
- OpenDev Migration Patch
- exc_filters: fix deadlock detection for MariaDB/Galera cluster
- update to 2.8.4 (SOC-9280)
* Adding fix for nic\_capacity calculation
- Update to version 9.0.1562324636.e7046a3:
* Add the freezer service to config file and log file collection
* Change the dir from where the ardana model/config files are collected
ModerateSUSE bug 1115960SUSE bug 1120657SUSE bug 1121530SUSE bug 1122053SUSE bug 1122825SUSE bug 1124170SUSE bug 1128453SUSE bug 1131712SUSE bug 1131791SUSE bug 1131899SUSE bug 1132542SUSE bug 1132654SUSE bug 1132832SUSE bug 1132852SUSE bug 1132853SUSE bug 1132860SUSE bug 1134336CVE-2018-19039 at SUSECVE-2018-19039 at NVDCVE-2019-10876 at SUSECVE-2019-10876 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-requests (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-requests to version 2.20.1 fixes the following issues:
Security issue fixed:
- CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622).
ModerateSUSE bug 1111622CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issue:
Security issue fixed:
- CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed
attackers to perfrom CRLF attacks (bsc#1137825).
ModerateSUSE bug 1137825CVE-2019-12387 at SUSECVE-2019-12387 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for nodejs6 (Important)SUSE OpenStack Cloud Crowbar 9
This update for nodejs6 fixes the following issues:
- CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).
ImportantSUSE bug 1140290CVE-2019-13173 at SUSECVE-2019-13173 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rails-html-sanitizer (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rails-html-sanitizer fixes the following issues:
- CVE-2018-3741: Fixed a XSS vulnerability due to insufficient filtering in scrub_attribute (bsc#1086598).
ModerateSUSE bug 1086598CVE-2018-3741 at SUSECVE-2018-3741 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-loofah (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-loofah fixes the following issues:
- Security issue fixed:
- CVE-2018-8048: Update fix to make Loofah::HTML5::Scrub.force_correct_attribute_escaping! callable from other gems (bsc#1086598).
ModerateSUSE bug 1086598CVE-2018-8048 at SUSECVE-2018-8048 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues:
- Update to version 9.0+git.1566374020.301191f:
* Use raw image format when using SES backend on Nova (SOC-9285)
- Update to version 9.0+git.1563375514.31fa9a7:
* Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
- Update to version 9.0+git.1563192450.30e8f16:
* Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840)
- Update to version 9.0+git.1566251498.be02ca4:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565678764.c3a9b9f:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1562898832.1731f25:
* FIX broken symlink for policy.yaml.j2. (SOC-0000)
- Update to version 9.0+git.1559333871.40508f7:
* Allow system to bind to non local ipv6 addresses (SOC-9330)
- Update to version 9.0+git.1566336494.93967dd:
* Using python netaddr for ipv6 address comparison (SOC-9940)
- Update to version 9.0+git.1564409964.b7e4fc3:
* Don't use 'latest' with 'zypper' (SOC-9997)
- Update to version 9.0+git.1562182567.aef23e0:
* Format curl commands for ipv6 (SOC-9369)
- Update to version 9.0+git.1565680593.df7a432:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1566213657.69862ab:
* Add missing service plugin for l2gw (SOC-5837)
- Update to version 9.0+git.1563904379.31ff1e9:
* Add the NSX-T L2-Gateway Service definition (SOC-5837)
- Switch to new Gerrit Server
- Update to version 9.0+git.1566375806.f0b2333:
* Configure glance image_direct_url/multiple_locations (SOC-9285)
- Update to version 9.0+git.1565720518.c7fdca2:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1564491141.602fdf9:
* Default glance_default_store to rbd if SES enabled (SOC-8749)
- Update to version 9.0+git.1565721273.f44b8d7:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565891518.2a545a1:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565655129.ab3a58c:
* Removed None condition from rule (SOC-10003)
- Update to version 9.0+git.1564609155.033a963:
* Updated heat_policy.json permission to be 664 (SOC-9872)
- Update to version 9.0+git.1562848565.91e75b2:
* Include memcached in the minimal ardana-ci model (SOC-9800)
- Update to version 9.0+git.1566255088.3443670:
* Add server state column (SOC-9957)
- Update to version 9.0+git.1565218199.868c5d1:
* Add ipv6 support (SOC-9677) (#357)
- Update to version 9.0+git.1563912815.7090c20:
* Only show ses config upload option when ses is not configured (SOC-8555) (#356)
- Update to version 9.0+git.1565721987.ddc59c8:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565891593.cad6d1a:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1563911975.a7ed208:
* Ensure Member role is created during upgrade (SOC-9923)
- Update to version 9.0+git.1565761582.2dc823a:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565762005.016032a:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1566332665.ad894c0:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565691188.2309798:
* Use systemd for monasca-thresh (SOC-10145)
- Update to version 9.0+git.1565115025.148d092:
* Enable ipv6 on rabbitmq-server (SOC-9745)
- Update to version 9.0+git.1566251310.3a1e8f9:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1563989391.dfe3688:
* Let SDN services configure VPN and Firewall service providers (SOC-9935)
- Update to version 9.0+git.1561563389.90bfb06:
* Add dependent services to neutron services (SOC-8746)
- Update to version 9.0+git.1566332515.e232568:
* adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565946239.023aefe:
* Set diskcachemode and disk discard when using RBD (SOC-10182)
- Update to version 9.0+git.1565715522.3fe67c6:
* fix Ironic endpoint override (SOC-10130)
- Update to version 9.0+git.1565366126.4993583:
* Make default/rpc_response_timeout configurable (SOC-9285)
- Update to version 9.0+git.1562762205.ce51d30:
* Resolves nova-novncproxy random status failures (SOC-9574)
- Update to version 9.0+git.1566206502.6c87b41:
* Use default values for amphora connection retries/timeout (SOC-9285)
- Update to version 9.0+git.1566251377.b1caeaa:
* adds ipv6 format to http/https urls (SOC-10063)
- Add ipaddr bower dependency (SOC-9679)
- Update to version 9.0+git.1565764394.545b573:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565380193.f006466:
* Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939)
- Update to version 9.0+git.1565265803.6a720d0:
* Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
- Update to version 9.0+git.1565150548.c475cb8:
* Configured logrotate user for ovs as 'root' (SOC-8139)
- Update to version 9.0+git.1563894224.943cbc2:
* Make the example repo url entry totally fictitious (SOC-6800)
- Update to version 9.0+git.1563383124.1d585e4:
* Add an global_filter entry to lvm.conf (bsc#1140512)
- Update to version 9.0+git.1562782235.67538c9:
* Configure ovs user for logrotate (SOC-8139)
- Update to version 9.0+git.1562371586.24a698a:
* Allow for use of --check in iptables command (SOC-9349)
- Update to version 9.0+git.1562170979.edc53b6:
* Don't set datapath-ids on ovs-bridges anymore (SOC-9239)
- Update to version 9.0+git.1564706915.edd44c4:
* Add ipv6 support (SOC-9677)
- Update to version 9.0+git.1563468620.5035cf8:
* Add support for ses integration (SOC-8555)
- Update to version 9.0+git.1563461311.16ea2df:
* Change url of upper-constraints file (SOC-9863)
- Update to version 9.0+git.1565962617.523149b:
* Add ses-status playbook (SOC-9902)
- Update to version 9.0+git.1565704258.123de3f:
* Update Swift endpoint during deploy (SOC-9303)
- Update to version 9.0+git.1565891872.73fc3c7:
* adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565644472.644d5f6:
* Cloud 8 to 9 upgrade enhancements (SOC-10146)
- Update to version 9.0+git.1566471752.a3c5c9c:
* Delete existing run filter before deploying it (SOC-10287)
- Update to version 9.0+git.1565366961.33ad009:
* Run loadbalancer tests in parallel (SOC-9285)
- Update to version 9.0+git.1563203769.49124de:
* Blacklist failing shelve tests (SOC-9775)
- Update to version 9.0+git.1562783575.7e02c70:
* Blacklist failing shelve tests (SOC-9775)
- Update to version 6.0+git.1566321308.1de18b9a4:
* ohai: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566303970.2c7d83971:
* upgrade: restart nova services after upgrade
- Update to version 6.0+git.1565859218.525130340:
* upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164)
- Update to version 6.0+git.1565256572.49359f57b:
* ovs-pre-up: remove controller for admin bridge (SOC-10073)
- Update to version 6.0+git.1564996068.e7ccb0bae:
* batch: Fix get_proposal_json (SOC-9954)
- Update to version 6.0+git.1564738819.232375c6f:
* batch: Format crowbar batch error output (SOC-9954)
* repochecks errors for ses5-pool on SOC9
* dns: fix migration for designate
- Update to version 6.0+git.1564480387.a4b8c2ff7:
* batch: Format crowbar batch error output (SOC-9954)
- Update to version 6.0+git.1564406710.9273d5a17:
* travis: Whitelist CVE-2015-3448 (SOC-9911)
* travis: Use env variable for commit range (SOC-9911)
- Update to version 6.0+git.1564131651.98f426eae:
* monasca: add cleanup before upgrade (SOC-9482)
* bind9: Fix spelling error in template
- Update to version 6.0+git.1563950117.f6123bd8f:
* Cleanup clone_stateless_services leftovers (SOC-9842)
- Update to version 6.0+git.1562772809.4a470bec0:
* upgrade: update file names for 8 -> 9 (SOC-9029)
- Update to version 6.0+git.1562733958.204289d65:
* ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098)
- Update to version 6.0+git.1566406179.7549de2:
* corosync: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566404979.41279a88e:
* Designate: Update DB pools configuration (SOC-9767)
* horizon: Install designate plugin when configured (SOC-9695)
- Update to version 6.0+git.1566211690.54dcd56ba:
* ceilometer: Remove old ceilometer-api vhosts (SOC-9483)
- Update to version 6.0+git.1565968769.ae650697c:
* Octavia: Barclamp (SOC-6100)
- Update to version 6.0+git.1565739445.3fc6ef5e8:
* designate: Configure resource settings (SOC-9633)
- Update to version 6.0+git.1565713423.0dd3fbb3e:
* tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029)
- Update to version 6.0+git.1565081581.1e2cf5bd0:
* nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)
- Update to version 6.0+git.1564586397.a7203dba7:
* Add tempest filters based on services (SOC-9298)
* upgrade: Fix HA detection for keystone db_sync (SOC-9981)
- Update to version 6.0+git.1564498339.07f14a985:
* Fix magnum tempest tests (SOC-9298)
* Fix nova tempest tests (SOC-9298)
- Update to version 6.0+git.1564435128.cef47cc21:
* neutron: raise validation error if domain names dont end with a dot(.)
- Update to version 6.0+git.1564412715.c969e1e11:
* Fix barbican SSL support (SOC-9298)
- Update to version 6.0+git.1564039130.9ad11f213:
* designate: Use server node for VIP look ups (SOC-9631)
- add cirros-0.4.0-x86_64-disk.img (SOC-9298)
* the disk img is required to run the barbican tempest test
- Update to version 6.0+git.1563891318.d41ce2e75:
* Cleanup clone_stateless_services leftovers (SOC-9842)
- Update to version 6.0+git.1563439849.5c507bcdb:
* Fix tempest config for cinder using ceph as backenid (SOC-9298)
- Update to version 6.0+git.1562841293.9768602a2:
* swift: Sync HA nodes (SOC-9683)
- Update to version 6.0+git.1562684470.f5d361077:
* designate: Fix spelling error inside comments (SOC-6361)
- Update to version 6.0+git.1562599436.b4c63fc56:
* case-insensitive when lookup by name (SOC-9339)
- Update to version 6.0+git.1562319309.98a52a0a3:
* monasca: move Grafana DB creation
- Update to version 1.3.0+git.1563181545.65360af5:
* upgrade: Update repocheck keys
* Update texts for 8-9 upgrade (SOC-9689)
- Update to version 1.3.0+git.1562579063.5690a1bc:
* Pin gulp-angular-templatecache version
- Bumped package version to 1.3 to differentiate it from 8-9 version
- Udate to version 2.11.1.dev4
* Add Cassandra db support
* Bump the pom version to 1.3.0
* Remove cassandra.patch (merged upstream)
- Fix license
- Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common
- Update to version ceilometer-11.0.2.dev14:
* Fixing broken links
- Update to version ceilometer-11.0.2.dev14:
* Fixing broken links
- Update to version cinder-13.0.7.dev3:
* Prevent double-attachment race in attachment\_reserve
- Update to version cinder-13.0.7.dev1:
13.0.6
* Add OS-SCH-HNT in extensions list
- Update to version cinder-13.0.6.dev16:
* Revert 'Declare multiattach support for HPE MSA'
- Update to version cinder-13.0.6.dev14:
* Remove Sheepdog tests from zuul config
- Update to version cinder-13.0.6.dev13:
* [VNX] Fix test case issue
- Update to version cinder-13.0.7.dev3:
* Prevent double-attachment race in attachment\_reserve
- Update to version cinder-13.0.7.dev1:
13.0.6
* Add OS-SCH-HNT in extensions list
- Update to version cinder-13.0.6.dev16:
* Revert 'Declare multiattach support for HPE MSA'
- Update to version cinder-13.0.6.dev14:
* Remove Sheepdog tests from zuul config
- Update to version cinder-13.0.6.dev13:
* [VNX] Fix test case issue
* nimble: Fix missing ssl support (bsc#1027315)
- Update to version designate-7.0.1.dev21:
* Improve log message for better understanding
- Update to version designate-7.0.1.dev21:
* Improve log message for better understanding
- Update to version openstack-heat-11.0.3.dev19:
* Fix allowed address pair validation
- Update to version openstack-heat-11.0.3.dev18:
* Show an engine as down if service record is not updated twice
* Allow update of previously-replaced resources
* Do not perform the tenant stack limit check for admin user
- Update to version openstack-heat-11.0.3.dev12:
* Add entry\_point for oslo policy scripts
- Update to version openstack-heat-11.0.3.dev10:
* Don't resolve properties for OS::Heat::None resource
- Update to version openstack-heat-11.0.3.dev8:
* Add local bindep.txt and limit bandit version
* Retry on DB deadlock in event\_create()
- Update to version openstack-heat-11.0.3.dev19:
* Fix allowed address pair validation
- Update to version openstack-heat-11.0.3.dev18:
* Show an engine as down if service record is not updated twice
* Allow update of previously-replaced resources
* Do not perform the tenant stack limit check for admin user
- Update to version openstack-heat-11.0.3.dev12:
* Add entry\_point for oslo policy scripts
- Update to version openstack-heat-11.0.3.dev10:
* Don't resolve properties for OS::Heat::None resource
- Update to version openstack-heat-11.0.3.dev8:
* Add local bindep.txt and limit bandit version
* Retry on DB deadlock in event\_create()
- Do not exclude python bytecode files (see
https://review.opendev.org/#/c/666611 for details)
- Update to version neutron-lbaas-dashboard-5.0.1.dev7:
* Update tox.ini for new upper constraints strategy
* OpenDev Migration Patch
- Update to latest spec from rpm-packaging
* Don't exclude python bytecode files in dashboards
- Update to version ironic-11.1.4.dev9:
* Filter security group list on the ID's we expect
* Ansible module: fix deployment for private and/or shared images
- Update to version ironic-11.1.4.dev5:
* Ansible driver: fix deployment with serial specified as root device hint
* CI: stop using pyghmi from git master
- Update to version ironic-11.1.4.dev9:
* Filter security group list on the ID's we expect
* Ansible module: fix deployment for private and/or shared images
- Update to version ironic-11.1.4.dev5:
* Ansible driver: fix deployment with serial specified as root device hint
* CI: stop using pyghmi from git master
- Update to version ironic-python-agent-3.3.3.dev4:
* CI: stop using pyghmi from git master
- Update to version ironic-python-agent-3.3.3.dev3:
* Correct formatting of a warning when lshw cannot be run
- Update to version ironic-python-agent-3.3.3.dev1:
* Stop logging lshw output, collect it with other logs instead
3.3.2
- Update to version keystone-14.1.1.dev8:
* Revert 'Blacklist bandit 1.6.0'
- Update to version keystone-14.1.1.dev8:
* Revert 'Blacklist bandit 1.6.0'
- Update to version magnum-7.1.1.dev28:
* Revert 'support http/https proxy for discovery url'
* Use rocky heat-container-agent for stable/rocky
- Update to version magnum-7.1.1.dev28:
* Revert 'support http/https proxy for discovery url'
* Use rocky heat-container-agent for stable/rocky
- Update to version manila-7.3.1.dev3:
* Remove the redunant table from windows' editor
- Update to version manila-7.3.1.dev3:
* Remove the redunant table from windows' editor
- update to version 1.14.2~dev1
- [GateFix] Ignore false positive bandit B105 test failure
- update to version 1.12.1~dev9
- Update all columns in metrics on an update to refresh TTL
- update to version 1.12.1~dev7
- Widen exception catch for point parse failure
- update to version 1.12.1~dev6
- some points unable to parse
- OpenDev Migration Patch
- Rebased patches:
+ 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream)
- Update to version monasca-persister-1.12.1.dev9:
* Update all columns in metrics on an update to refresh TTL
* OpenDev Migration Patch
- Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch
- Update to version monasca-persister-1.12.1.dev4
* Java persister config: defaults and robustness
* Add Cassandra db support
- Remove java-persister-defaults.patch (merged upstream)
- Remove cassandra.patch (merged upstream)
- Add missing URLs for patches
- Updated to kit tarball built from 1.12.1.dev4
- Updated README.updating for current version
- Update to version neutron-13.0.5.dev22:
* Clear skb mark on encapsulating packets
* Stop OVS agent before starting it again
* Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings
* fix update port bug
- Update to version neutron-13.0.5.dev15:
* Check for agent restarted after checking for DVR port
- Update to version neutron-13.0.5.dev14:
* Retry trunk status updates failing with StaleDataError
- Update to version neutron-13.0.5.dev13:
* Don't crash ovs agent during reconfigure of phys bridges
- Update to version neutron-13.0.5.dev12:
* Use --bind-dynamic with dnsmasq instead of --bind-interfaces
* Yield control to other greenthreads while processing trusted ports
* Limit max ports per rpc for dhcp\_ready\_on\_ports()
- Update to version neutron-13.0.5.dev6:
* Ignore first local port update notification
- Update to version neutron-13.0.5.dev5:
* Add custom ethertype processing
13.0.4
- Update to version neutron-13.0.5.dev22:
* Clear skb mark on encapsulating packets
* Stop OVS agent before starting it again
* Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings
* fix update port bug
- Update to version neutron-13.0.5.dev15:
* Check for agent restarted after checking for DVR port
- Update to version neutron-13.0.5.dev14:
* Retry trunk status updates failing with StaleDataError
- Update to version neutron-13.0.5.dev13:
* Don't crash ovs agent during reconfigure of phys bridges
- Update to version neutron-13.0.5.dev12:
* Use --bind-dynamic with dnsmasq instead of --bind-interfaces
* Yield control to other greenthreads while processing trusted ports
* Limit max ports per rpc for dhcp\_ready\_on\_ports()
- Update to version neutron-13.0.5.dev6:
* Ignore first local port update notification
- Update to version neutron-13.0.5.dev5:
* Add custom ethertype processing
13.0.4
* When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729)
- Update to version group-based-policy-5.0.1.dev459:
* Tempest Scenario test for Connection Tracking
- Update to version group-based-policy-5.0.1.dev457:
* Adding icmp\_code and icmp\_type for SG rule
* A VM could be associated with multiple ports
* Optimize the extend\_router\_dict() call
- Update to version group-based-policy-5.0.1.dev451:
* [AIM] Enhance gbp-validate to detect routed subnet overlap
- Update to version group-based-policy-5.0.1.dev450:
* [AIM] Prevent overlapping CIDRs in routed VRF
* Disallow external subnets as router interfaces
- Update to version group-based-policy-5.0.1.dev448:
* Fix issues on sync\_state display on neutron based on AIM status
- Update to version group-based-policy-5.0.1.dev446:
* Send the port updates for the SNAT use case if needed
* Make DHCP provisioning blocks conditional
- Update to version neutron-lbaas-13.0.1.dev14:
* Update tox.ini for new upper constraints strategy
* Remove the release notes job from stable/rocky
- add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch
- Update to version neutron-lbaas-13.0.1.dev14:
* Update tox.ini for new upper constraints strategy
* Remove the release notes job from stable/rocky
* Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051)
- Update to version octavia-3.1.2.dev8:
* Add octavia-v2-dsvm jobs to the gate queue
- Update to version octavia-3.1.2.dev7:
* Fix for utils LB DM transformation function
- Update to version octavia-3.1.2.dev5:
* Update amphora-agent to report UDP listener health
- Update to version octavia-3.1.2.dev3:
* Update tox.ini for new upper constraints strategy
- Add patches fixing tempest cleanup removing all networks
https://bugs.launchpad.net/tempest/+bug/1812660
* 0001-Remove-deprecated-services-from-cleanup.patch
* 0002-Fix-tempest-cleanup.patch
* 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch
- Update to version 9.0+git.1566405927.c5c03d4:
* Adds ipv6 support to baremetal ServersValidator (SOC-9940)
- Update to version 9.0+git.1565384645.8fcf5db:
* Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939)
- Update to version 9.0+git.1564587526.5db9d5d:
* Flag forward:NORMAL on MANAGEMENT network group (SOC-9939)
- Update to version 9.0+git.1563384666.4c1a3e5:
* Bracketed ipv6 addresses for endpoint urls (SOC-9357)
- added 0001-Fix-volume-revert-to-snapshot-tests.patch
- update to version 2.5.3
- Do not try to use /v1/v1 when endpoint_override is used
- OpenDev Migration Patch
- added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch
- added 0001-Use-unicode-literals-in-test_metrics.patch
- update to version 3.16.2 (bsc#1144027, bsc#1144026)
- update to version 0.17.3
- OpenDev Migration Patch
- Replace openstack.org git:// URLs with https://
- Fixes for Unicode characters in python 2 requests
- Fix functional tests on stable/rocky
- Correct updating baremetal nodes by name or ID
- Support bare metal service error messages
- import zuul job settings from project-config
- Correct update operations for baremetal
- Add simple create/show/delete functional tests for all baremetal resources
- Add a simple baremetal functional job
- Pass microversion info through from Profile
- update to 2.8.4 (SOC-9280)
* Adding fix for nic\_capacity calculation
- Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676)
* python-python-engineio: An issue was discovered in
python-engineio through 3.8.2. There is a Cross-Site WebSocket
Hijacking (CSWSH) vulnerability that allows attackers to make
WebSocket connections to a server
- Switch to new Gerrit Server
- Switch to opendev as external projects are not longer synced to
github. As a result, there is also no automatic change log.
- Updated to 13.0.1~dev146 (d307746a5)
* NSX|V3 adminUtils: detect and clean orphaned section rules
* OpenDev Migration Patch
* Delete SG rules when deleting their remote group
* NSX|V3: Limit number of subnet static routes per backend
* NSX|V: Restrict creating conflicting address_pair in the same network
* NSX|V3: Add verification of num defined address pairs
* constrain rocky dependencies
* Update rocky .gitreview branch
* Handle multiple default SG creation in all plugins
* update tox for stable branch
* NSX|V3: remove redundent code in get_port/s
* NSX|V3: Change status code of SG failure
* NSX|V: enable allow_address_pairs upon request
* Revert 'NSX|V3: Simplify LBaaS implementation'
* NSX|V3: Fix LBaaS loadbalancer creation
* NSX|V: Init FWaaS callbacks only if enabled
* NSX|V3: Simplify LBaaS implementation
* Complete the init of the Neutron main process
* NSX|V3: Respect default keyword for physical_net
* NSX|V admin utils: Find and fix spoofguard policies mismatches
* TVD: Add start_rpc_listeners to the plugin
* Upgrade appdirs lower constraints
* NSX|V+V3: relax FWaaS validation
* Revert 'NSX|V3: Init FWaaS before spawn'
* NSX|V3: prevent user from changing the NSX internal SG
* Fix provider security group exception call
* NSX|V3+V: Handle fwaas policy removal
* NSX|V3: Create port bindings for dhcp ports
* NSX|V3: Fix LB error handling
* Fix security group broken code & tests
* [NSX-V] Ensure binding exists before assigning lswitch_id
* NSX|V: Fix update section header
* NSX|V3: Validate FWaaS cidrs
* Devstack: Delete old project before deciding how to get the new code
* NSX|V3: Init FWaaS before spawn
* Devstack: Fix failed of ml2 directory creation
* Devstack: Fix failed of ml2 directory creation
* Fix cffi lower constraints
* NSX|V3: Do not allow external subnets overlapping with uplink cidr
* Devstack: Fix ml2 config file creation for FWaaS-V2
* NSX|V3 Support expected codes for LB HM
* NSX|V3: Fix ipam to check subnets carefully
* NSX|V3 Fix provider nsx-net create
* NSX-T: Delete subnet in case of dhcp error
* Fix Octavia devstack instructions
* NSX|V3: Fix LB statistics getter
* NSX|V3: Add L2GW connection validation
* Devstack: Create ml2 config file for FWaaS-V2
* NSX|V3: Configure tier0 transit networks
* Use upper-constraints from stable/rocky
* fix lower constraints
* TVD: Add missing VPN driver api
* NSX|V3: FWaaS translate 0.0.0.0 to Any ip
* NSX|V use context reader for router driver
* NSX|V Fix AdminUtils get apis to use the right context
* TVD LBaaS: fix operational status api
* Use tenant context to get router GW network
* NSX-v3: Fix listener for pool not fetched anymore
* NSX-v3: Prevent comparison with None
* NSXv: use admin context for metadata port config
* NSX-v3: Fix LB HTTP/HTTPS monitor impl
* NSX|V Fix orphaned networks and bindings
* NSX|V3 Fix dhcp binding rollback
* NSX|V3: Fix FW(v2) status when deleting an illegal port
* Ensure NSX VS is always associated with NSX LBS
* NSX|V3: validate LBaaS NSX stats fields
* TVD verify loadbalancer project match the LB object project
* TVD: Do not crash in case the project is not found
* NSX|V3: Fix member fip error message
* NSX|V3: Restrict update of LB port with fixed IP
* NSX|V3 Add NO-NAT rules only for routers with enabled SNAT
* NSXv: Metadata should complete init
* TVD: Add LBaaS get_operating_status support
* NSX|V Fill VIF data for upgraded ports
* Devstack plugin: fetch Neutron only when needed
* NSX|V: Improve SG rule service creation
* NSX|V fix LBaaS operation status function params
* NSX|V3: Add LB status calls validations
* NSX|V3 remove lbaas import to allow the plugin to work without lbaas
* NSX|V Allow updating port security and mac learning together
* NSX|V3: Change external provider network error message
* NSX|V+V3: Prevent adding different projects routers to fwaas-V1
* NSX|V: Fix BGP plugin get operations
* NSX|V: Validate DVS Id when creating flat/vlan network
* NSX|V: Fix devstack cleanup for python 3
* NSX|V3: Check specific exception when deleting dhcp port
* NSX|V3 Validate rate-limit value in admin utilitiy
* NSX|V3 adminUtils: Use nsx plugin to get ports
* NSX|V3: Fail on unsupported QoS rules
* NSX|V3: VPN connection status update
* NSX-V3| Fix port MAC learning flag handling
* NSX|V3 update port revision on update_port response
* NSX|V: Avoid updating the default section at init
* NSX|V3: LBaaS operating status support
* NSX|V3: Fix external LB member create
* Devstack: Use the right python version in cleanup
* NSX|V: Fix host groups for DRS HA for AZ
* NSX|V Fix policy security group update
* NSX|V+V3 QoS rbac support
* NSX|V3 update port binding for callbacks notifications
* NSX|V3: Support new icmp codes and types
* NSX|V3: Make sure LB member is connected to the LB router
* NSX|V3: Prevent adding an external net as a router interface
* NSX|V: Shorten the L2 bridge edge name
* NSX|V3: Fix port binding update on new ports
- update to version 13.0.1~dev146
- Switch to opendev as external projects are not longer synced to
github. As a result, there is also no automatic change log.
- update to version 13.0.1~dev24 (ebaacab)
* updates for stable branch
* NSX|V3+P: Change max allowed host routes
* Adding the option to configure disabled mac profile
* OpenDev Migration Patch
* NSX|T: Backend parameter for max subnet static routes
* NSX|T: Add NSX limit of IP address association to port
* Fix nsgroup update to access the logging field safely
* Retry http requests on timeouts
* Added retries if API call fails due to MP cluster reconfig
* Fix check_manager_status to support older NSX versions
* Improve Cluster validation checks
* Add apis to get tier0 uplink cidrs and not just ips
* Support response status codes for LB HM
* Add manager status validation to validate connection
* Handle get_default_headers errors
* Update the max NS groups criteria tags number dynamically
* Fix multi-cluster connectivity
* Amend allowed ICMP types and codes in strict mode
* Fix cluster connectivity
* Fix the revision needed for security rules version
* New api for getting VPN session status
* New api for getting the LB virtual servers status
* NSX|V3: Support new icmp codes and types list-
- update to version 13.0.1~dev24
- Fix the Requires: format in spec file (bsc#1134232)
- 3.4.2
ModerateSUSE bug 1027315SUSE bug 1129729SUSE bug 1133719SUSE bug 1134232SUSE bug 1140512SUSE bug 1141676SUSE bug 1144026SUSE bug 1144027CVE-2015-3448 at SUSECVE-2015-3448 at NVDCVE-2017-17051 at SUSECVE-2017-17051 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-13611 at SUSECVE-2019-13611 at NVDCVE-2019-7164 at SUSECVE-2019-7164 at NVDCVE-2019-7548 at SUSECVE-2019-7548 at NVDCVE-2019-9735 at SUSECVE-2019-9735 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb, mariadb-connector-c (Important)SUSE OpenStack Cloud Crowbar 9
This update for mariadb and mariadb-connector-c fixes the following issues:
mariadb:
- Update to version 10.2.25 (bsc#1136035)
- CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035).
- CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035).
- CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035).
- Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666).
- Adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response
and the pid in a process list as it can take some time till the process is terminated. Otherwise
it can lead to 'found left-over process' situation when regular mariadb is started (bsc#1143215).
mariadb-connector-c:
- Update to version 3.1.2 (bsc#1136035)
- Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088)
ImportantSUSE bug 1126088SUSE bug 1132666SUSE bug 1136035SUSE bug 1143215CVE-2019-2614 at SUSECVE-2019-2614 at NVDCVE-2019-2627 at SUSECVE-2019-2627 at NVDCVE-2019-2628 at SUSECVE-2019-2628 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 to version 1.11.23 fixes the following issues:
- CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880).
- CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882).
- CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883).
- CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885).
- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
- CVE-2019-12308: Fixed a cross site scripting vulnerability in the AdminURLFieldWidget (bsc#1136468).
ImportantSUSE bug 1136468SUSE bug 1139945SUSE bug 1142880SUSE bug 1142882SUSE bug 1142883SUSE bug 1142885CVE-2019-12308 at SUSECVE-2019-12308 at NVDCVE-2019-12781 at SUSECVE-2019-12781 at NVDCVE-2019-14232 at SUSECVE-2019-14232 at NVDCVE-2019-14233 at SUSECVE-2019-14233 at NVDCVE-2019-14234 at SUSECVE-2019-14234 at NVDCVE-2019-14235 at SUSECVE-2019-14235 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-SQLAlchemy (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-SQLAlchemy fixes the following issues:
Security issues fixed:
- CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593).
- CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593).
ImportantSUSE bug 1124593CVE-2019-7164 at SUSECVE-2019-7164 at NVDCVE-2019-7548 at SUSECVE-2019-7548 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-urllib3 fixes the following issues:
Security issues fixed:
- CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
- CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
- CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).
ModerateSUSE bug 1129071SUSE bug 1132663SUSE bug 1132900CVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Werkzeug (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Werkzeug fixes the following issues:
Security issue fixed:
- CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383).
ModerateSUSE bug 1145383CVE-2019-14806 at SUSECVE-2019-14806 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issues:
Security issue fixed:
- CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks (bsc#1138461).
ModerateSUSE bug 1138461CVE-2019-12855 at SUSECVE-2019-12855 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff contains the following fixes:
- 0004-add_ipv6_support_to_synchronize_action_plugin.patch
fixes: bsc#1145967
IPv6 addreses need to be wrapped when used in scp command
in the form scp user@[ipv6address]:port
SOC-10117
- Update to version 9.0+git.1568385829.54601ac:
* Enable Cloud9 parallelised upgrade workflow (SOC-10484)
- Update to version 9.0+git.1568379640.07c5144:
* Enable DB upgrade in ardana-update.yml (SOC-10094)
- Update to version 9.0+git.1567617871.4426809:
* Ensure tls-upgrade.yml called by ardana-update.yml (SOC-9942)
- Update to version 9.0+git.1566486136.e2f6b0f:
* Add deprecations cleanup support (SOC-10275)
- Update to version 9.0+git.1568150980.027f167:
* Enable auth_openidc Apache2 module (SOC-10509)
- Update to version 9.0+git.1568382922.6f2cea4:
* Use galera-upgrade.yml for update/upgrade workflow (SOC-10521)
- Update to version 9.0+git.1568830037.2eea267:
* Add missing DHCP options for NSX-T (SOC-5838)
- Update to version 9.0+git.1568307751.d68a198:
* Add NSX-T QoS service definition (SOC-10479)
- Update to version 9.0+git.1567606893.85b4d54:
* Add NSX-T LBaaS service definition (SOC-9900)
- Update to version 9.0+git.1567416354.e45fd54:
* Add missing policies for NSX-T (SOC-5831)
- Update to version 9.0+git.1567196895.2e056b5:
* Add NSX-T VPNaaS service definition (SOC-9935)
* Add NSX-T FWaaS service definition (SOC-9935)
- Update to version 9.0+git.1567196861.0ca4cc9:
* Add the NSX-T DNS service definition (SOC-9912)
- Update to version 9.0+git.1567196262.39a7dd0:
* Improvements over initial NSX-T support (SOC-5831)
- Update to version 9.0+git.1566918834.1b7a49a:
* Update policy json templates for vmware-nsx (SOC-10254)
- Update to version 9.0+git.1567000146.4569d10:
* Cloud 8to9 upgrade enhancements for glance (SOC-10043)
- Update to version 9.0+git.1566409257.eec6360:
* Add neutron-fwaas.json when neutron-l3-agent is deployed (SOC-10280)
- Update to version 9.0+git.1569535129.ca87ef0:
* Add support for running in Docker container (SOC-8524) (#350)
- Update to version 9.0+git.1567797529.273abf2:
* Use IPv6 validator on baremetal (SOC-10251)
- Update to version 9.0+git.1568835830.10c9689:
* Ensure Manila services don't auto start on reboot (SOC-10641)
- Update to version 9.0+git.1567695427.5974ab2:
* Stop existing mon-api services during upgrade (SOC-10470)
- Update to version 9.0+git.1568817582.a4813e2:
* Fix neutron-ovsvapp-agent status (SOC-10637)
- Update to version 9.0+git.1567606982.697a2bf:
* Let SDNs configure LB service provider (SOC-9900)
- Update to version 9.0+git.1567606981.c612be8:
* API extension paths separated by colon (SOC-10447)
- Update to version 9.0+git.1567000278.309171b:
* Neutron 8to9 upgrade workflow (SOC-10080)
- Update to version 9.0+git.1566503987.df6961f:
* Add policy.d/neutron-fwaas.json.j2 (SOC-10280)
- Update to version 9.0+git.1567630824.aa6dc2d:
* api_db sync needed before db_expand.yml (SOC-10023)
- Update to version 9.0+git.1567125466.9b151d6:
* Enable tls channel for vnc on compute VM (SOC-9942)
- Update to version 9.0+git.1566826931.741980f:
* Install libosinfo package (SOC-10295)
- Update to version 9.0+git.1568362662.7fba216:
* Make octavia heartbeat frequency options configurable (SOC-9285)
- Update to version 9.0+git.1566374458.f58d2bb:
* Include SES variables when configuring image (SOC-9285)
- Update to version 9.0+git.1566593422.813e56c:
* Update ip address validator (SOC-9679)
- Update to version 9.0+git.1567630791.5ca70a6:
* Revert Ansible 2.x compatibility change (SOC-10452)
- Update to version 9.0+git.1567553292.5991a87:
* Configured openvswitch logrotate user based on system settings (SOC-10282)
- Update to version 9.0+git.1569439941.6800991:
* Re-enable streaming of playbook logs (SOC-10720)
- Update to version 9.0+git.1569257240.456c4fc:
* Add condition to avoid case with no compute (SOC-10692)
- Update to version 9.0+git.1568075665.a627f71:
* Fix missing key error for c9 update (SOC-10476)
- Update to version 9.0+git.1567640139.61bbe4e:
* Add support for redhat compute (SOC-9942)
- Update to version 9.0+git.1567530252.4b0dc66:
* Generate vnc server cert on compute host (SOC-9942)
- Update to version 6.0+git.1569587091.3f083d63c:
* barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011)
* Revert 'batch: Use easy_merge for merging (SOC-10505)'
* batch: Use easy_merge for merging (SOC-10505)
- Update to version 6.0+git.1569357869.75e2690cc:
* Update input group to be more specific (SOC-10644)
- Update to version 6.0+git.1569231374.0fa522d5d:
* Revert 'batch: Use easy_merge for merging (SOC-10505)'
- Update to version 6.0+git.1568968829.f21efcf5e:
* batch: Use easy_merge for merging (SOC-10505)
- Update to version 6.0+git.1568744770.09e7a1fe1:
* upgrade: Fix pie chart colors on dashboard (SOC-10619)
- Update to version 6.0+git.1568201547.4dfc6ffec:
* gems: Update easy_diff to 1.0.0 (SOC-10505)
- Update to version 6.0+git.1567846948.0f169d133:
* upgrade: Reload nova services early (SOC-10273)
* upgrade: Update release name (trivial)
* upgrade: Upgrade compute services early (SOC-10273)
- Update to version 6.0+git.1567731275.6019e8f62:
* IPV6:Expose methods in chef NetworkHelper to crowbar_framework (SOC-6397)
- Update to version 6.0+git.1567694723.1a9df112d:
* Allow designate rndc for all nodes (SOC-10339)
- Update to version 6.0+git.1567599465.9b1ea2814:
* upgrade: dump Monasca, Grafana databases (SOC-9772)
- Update to version 6.0+git.1567195728.44b7cf1d0:
* Public ips for dns nodes when designate integration is in use (SOC-9635)
- Update to version 6.0+git.1567161357.ba5de8885:
* network: Check existing upper layers before bond setup (bsc#1120657)
* network: never plug two interface into the same ovs bridge (bsc#1120657)
* network: Avoid plugging the same interface to two ovs bridges (bsc#1120657)
* nic library: some helper for identifying base interface (bsc#1120657)
* network: Rework the vlan port replugging code (bsc#1120657)
* network: DRY out 'kill_nic_files' (noref)
* network: override sysctl netfilter param(SOC-6229)
- Update to version 6.0+git.1567094352.24e2a710d:
* upgrade: Re-run upgrade on non-compute nodes (SOC-10072)
- Update to version 6.0+git.1566808212.3e1e65b69:
* allow user to ask for FQDN as public hostname (SOC-9616)
- Update to version 6.0+git.1567673476.1342c3d:
* Fix typo in error message
- Update to version 6.0+git.1569805311.a94583476:
* Designate: Add dns_domain_ports config (SOC-10740)
- Update to version 6.0+git.1569429613.2b29fd9d6:
* horizon: add back horizon service reload (SOC-10191)
* helper:move config_for_role_exists from horizon to crowbar-openstack(SOC-10191)
* tempest: don't rely on service catalogue (SOC-10633)
- Update to version 6.0+git.1569343076.e8ca90fd9:
* enable LDAP chase_referrals configuration (SOC-7364)
- Update to version 6.0+git.1569255523.d14bb0d9d:
* nova: Don't autoselect nodes for Xen (continued) (bsc#1147144)
- Update to version 6.0+git.1569053948.d0e638900:
* Add pci passthrough filter (SOC-10624)
* glance: don't reuse sync mark names (SOC-10348)
* nova: Don't autoselect nodes for Xen (bsc#1147144)
* database: fix no-op migration 302 (SOC-10623)
* Fix Cloud 8 no-op migrations (SOC-10623)
- Update to version 6.0+git.1568986202.bae13ce05:
* designate: Fix the keys syntax error on migrations (SOC-10660)
- Update to version 6.0+git.1568968817.8df296f0c:
* upgrade: restore Monasca/Grafana DB (SOC-9772)
- Update to version 6.0+git.1568904766.a7e023933:
* Revert 'designate: Mark as user managed (SOC-10233)'
* nova: set default attribute for max_threads_per_process
* Add tempest filter for designate (SOC-10288)
* Allow setting ElasticSearch path.repo from Crowbar (SOC-10440, bsc#1148158)
- Update to version 6.0+git.1568735102.940794f57:
* Use source load balancing for OpenID Connect (SOC-10551)
- Update to version 6.0+git.1568676694.b4ebc087b:
* designate: Mark as user managed (SOC-10233)
* Octavia: Hide UI until complete (SOC-10550)
- Update to version 6.0+git.1568650755.8399d83e9:
* IPV6: Barclamp horizon make IPV6 compliant (SOC-6397)
- Update to version 6.0+git.1568325876.a82d6c3c6:
* designate: Correct missing variable (SOC-10549)
- Update to version 6.0+git.1568242913.38fe0574a:
* designate: cleanup producer HA deployment (SOC-9766)
- Update to version 6.0+git.1568130776.de1686df9:
* designate: No longer care about master/slave (SOC-10456)
* tempest: remove manila test from blacklist (SOC-9298)
* nova: raise neutron client timeout to 5 minutes
* neutron: Small cleanup to neutron_lbaas.conf template
* neutron-lbaas: remove loadbalancer/pool limit
- Update to version 6.0+git.1568004341.35d132726:
* Designate default Bind9 pool config (SOC-10339)
- Update to version 6.0+git.1567626408.bd1a24326:
* nova: Don't put nova-compute roles on monasca node (SOC-10373)
- Update to version 6.0+git.1567522813.05041a6eb:
* Fix OpenID migration (SOC-9616)
- Update to version 6.0+git.1567383972.eeae4cf86:
* designate: Update ns_records with all nameservers (SOC-9636)
- Update to version 6.0+git.1567095011.0d080dce4:
* support OpenID Connect WebSSO (SOC-9616)
- Update to version 6.0+git.1566925661.1e127bf66:
* designate: Deploy producer on a server node (SOC-9766)
- Update to version 6.0+git.1566851961.bda2f922c:
* database: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566629500.bbc0dd82f:
* rabbitmq: Turn off hipe compile
* designate: initialize email in default designate proposal
- Update to version 6.0+git.1566553393.e01147258:
* memcache: lookup memcached servers port only on local node (SOC-10173)
- Update to version 1.3.0+git.1568396400.0344a727:
* upgrade: Add missing precheck titles
- spec file change:
* alter permissions of /etc/grafana and /var/lib/grafana to 755
* alter owner of /etc/grafana/provisioning/dashboards tree to root:root
* this allows installing dashboards via rpms without these rpms depending on this rpm
- Update to version 6.2.5:
* release 6.2.5
* Panel: Fully escape html in drilldown links (was only sanitized before) (#17731)
* Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695)
* config: fix connstr for remote_cache (#17675)
* TablePanel: fix annotations display (#17646)
* middleware: fix Strict-Transport-Security header (#17644)
* Elasticsearch: Fix empty query request to send properly (#17488)
* release 6.2.4
* grafana-cli: Fix receiving flags via command line (#17617)
* HTTPServer: Fix X-XSS-Protection header formatting (#17620)
* release 6.2.3
* cli: grafana-cli should receive flags from the command line (#17606)
* AuthProxy: Optimistic lock pattern for remote cache Set (#17485)
* OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541)
* middleware: add security related HTTP(S) response headers (#17522)
* remote_cache: Fix redis (#17483)
* auth_proxy: non-negative cache TTL (#17495)
- Update to version 6.2.2:
* Security Fix: Prevent csv formula injection attack
* PluginConfig: Fixed plugin config page navigation when using subpath
* Explore: Update time range before running queries
* Perf: Fix slow dashboards ACL query
* Database: Initialize xorm with an empty schema for postgres
* CloudWatch: Avoid exception while accessing results
- Remove phantomjs dependency
* Modified: Makefile
- Update to version 6.2.1
* Bug Fixes
+ Auth Proxy: Resolve database is locked errors.
+ Database: Retry transaction if sqlite returns database is locked error.
+ Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value.
+ Singlestat: Fixes issue with value placement and line wraps.
+ Tech: Update jQuery to 3.4.1 to fix issue on iOS 10 based browers as well as Chrome 53.x.
* Features / Enhancements
+ CLI: Add command to migrate all datasources to use encrypted password fields.
+ Gauge/BarGauge: Improvements to auto value font size.
* Modified: README
- Update to version 6.2.0
* Bug Fixes
+ BarGauge: Fix for negative min values.
+ Gauge/BarGauge: Fix for issues editing min & max options.
+ Search: Make only folder name only open search with current folder filter.
+ AzureMonitor: Revert to clearing chained dropdowns.
+ Dashboard: Fixes blank dashboard after window resize with panel without title.
+ Dashboard: Fixes lazy loading & expanding collapsed rows on mobile.
+ Dashboard: Fixes scrolling issues for Edge browser.
+ Dashboard: Show refresh button in first kiosk(tv) mode.
+ Explore: Fix empty result from datasource should render logs container.
+ Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value.
+ Explore: Makes it possible to zoom in Explore/Loki/Graph without exception.
+ Gauge: Fixes orientation issue after switching from BarGauge to Gauge.
+ GettingStarted: Fixes layout issues in getting started panel.
+ InfluxDB: Fix HTTP method should default to GET.
+ Panels: Fixed alert icon position in panel header.
+ Panels: Fixes panel error tooltip not showing.
+ Plugins: Fix how datemath utils are exposed to plugins.
+ Singlestat: fixed centering issue for very small panels.
+ Search: Scroll issue in dashboard search in latest Chrome.
+ Docker: Prevent a permission denied error when writing files to the default provisioning directory.
+ Gauge: Adds background shade to gauge track and improves height usage.
+ RemoteCache: Avoid race condition in Set causing error on insert. .
+ Build: Fix bug where grafana didn't start after mysql on rpm packages.
+ CloudWatch: Fixes query order not affecting series ordering & color.
+ CloudWatch: Use default alias if there is no alias for metrics.
+ Config: Fixes bug where timeouts for alerting was not parsed correctly.
+ Elasticsearch: Fix view percentiles metric in table without date histogram.
+ Explore: Prevents histogram loading from killing Prometheus instance.
+ Graph: Allow override decimals to fully override.
+ Mixed Datasource: Fix error when one query is disabled.
+ Search: Fixes search limits and adds a page parameter.
+ Security: Responses from backend should not be cached.
* Breaking Changes
+ Plugins: Data source plugins that process hidden queries need to add a 'hiddenQueries: true' attribute in plugin.json.
+ Gauge Panel: The suffix / prefix options have been removed from the new Gauge Panel (introduced in v6.0). #16870.
* Features / Enhancements
+ Plugins: Support templated urls in plugin routes.
+ Packaging: New MSI windows installer package**.
+ Admin: Add more stats about roles.
+ Alert list panel: Support variables in filters.
+ Alerting: Adjust label for send on all alerts to default .
+ Alerting: Makes timeouts and retries configurable.
+ Alerting: No notification when going from no data to pending.
+ Alerting: Pushover alert, support for different sound for OK.
+ Auth: Enable retries and transaction for some db calls for auth tokens .
+ AzureMonitor: Adds support for multiple subscriptions per datasource.
+ Bar Gauge: New multi series enabled gauge like panel with horizontal and vertical layouts and 3 display modes.
+ Build: Upgrades to golang 1.12.4.
+ CloudWatch: Update AWS/IoT metric and dimensions.
+ Config: Show user-friendly error message instead of stack trace.
+ Dashboard: Enable filtering dashboards in search by current folder.
+ Dashboard: Lazy load out of view panels .
+ DataProxy: Restore Set-Cookie header after proxy request.
+ Datasources: Add pattern validation for time input on datasource config pages.
+ Elasticsearch: Add 7.x version support.
+ Explore: Adds reconnect for failing datasource.
+ Explore: Support user timezone.
+ InfluxDB: Add support for POST HTTP verb.
+ Loki: Search is now case insensitive.
+ OAuth: Update jwt regexp to include =.
+ Panels: No title will no longer make panel header take up space.
+ Prometheus: Adds tracing headers for Prometheus datasource.
+ Provisioning: Add API endpoint to reload provisioning configs.
+ Provisioning: Do not allow deletion of provisioned dashboards.
+ Provisioning: Interpolate env vars in provisioning files.
+ Security: Add new setting allow_embedding.
+ Security: Store datasource passwords encrypted in secureJsonData.
+ UX: Improve Grafana usage for smaller screens.
+ Units: Add angle units, Arc Minutes and Seconds.
- Update to version 6.1.6
* Security: Bump jQuery to 3.4.0
* Playlist: Fix loading dashboards by tag.
- Update to version 6.0.2:
* Fixed issue with alert links in alert list panel causing panel not found errors, fixes #15680
* Improved error handling when rendering dashboard panels, fixes #15913
* fix allow anonymous server bind for ldap search
* add nil/length check when delete old login attempts
* fix discord notifier so it doesn't crash when there are no image generated
* fix only users that can edit a dashboard should be able to update panel json
* move to new component to handle focus
* added state to not set focus on search every render
* Snapshots update
* Use app config directly in ButtonRow instead of passing datasources page URL via prop
* Update snapshots
* Fixed url of back button in datasource edit page, when root_url configured
* release: Bumped version
- Update to version 6.0.1:
* Bug Fixes:
+ utils: show string errors
+ Viewers with viewers_can_edit should be able to access /explore
+ log phantomjs output even if it timeout and include orgId when render alert
- Update to version 6.0.0:
* Breaking Changes:
+ Text Panel: The text panel does no longer by default allow unsantizied
HTML. This means that if you have text panels with scripts tags they will no
longer work as before. To enable unsafe javascript execution in text panels
enable the settings disable_sanitize_html under the section [panels] in your
Grafana ini file, or set env variable GF_PANELS_ABLE_SANITIZE_HTML=true.
+ Dashboard: Panel property minSpan replaced by maxPerRow. Dashboard
migration will automatically migrate all dashboard panels using the minSpan
property to the new maxPerRow property
+ Internal Metrics Edition has been added to the build_info metric. This will break any Graphite queries using this metric. Edition will be a new label for the Prometheus metric.
* New Features:
+ Alerting: Adds support for Google Hangouts Chat notifications
+ Elasticsearch: Support bucket script pipeline aggregations
+ Influxdb: Add support for time zone (tz) clause
+ Snapshots: Enable deletion of public snapshot
+ Provisioning: Provisioning support for alert notifiers
+ Explore: A whole new way to do ad-hoc metric queries and exploration. Split view in half and compare metrics & logs and much much more. Read more here
+ Auth: Replace remember me cookie solution for Grafana's builtin, LDAP and OAuth authentication with a solution based on short-lived tokens
+ AzureMonitor: Enable alerting by converting Azure Monitor API to Go
+ Explore A new query focused workflow for ad-hoc data exploration and troubleshooting.
+ Grafana Loki Integration with the new open source log aggregation system from Grafana Labs.
+ Gauge Panel A new standalone panel for gauges.
+ New Panel Editor UX improves panel editing and enables easy switching between different visualizations.
+ Google Stackdriver Datasource is out of beta and is officially released.
+ React Plugin support enables an easier way to build plugins.
+ Named Colors in our new improved color picker.
+ Removal of user session storage makes Grafana easier to deploy & improves security.
* Bug Fixes:
+ Metrics: Fixes broken usagestats metrics for /metrics
+ Dashboard: Fixes kiosk mode should have &kiosk appended to the url
+ Dashboard: Fixes kiosk=tv mode with autofitpanels should respect header
+ Image rendering: Fixed image rendering issue for dashboards with auto refresh,
+ Dashboard: Fix only users that can edit a dashboard should be able to update panel json.
+ LDAP: fix allow anonymous initial bind for ldap search.
+ UX: Fixed scrollbar not visible initially (only after manual scroll).
+ Datasource admin TestData
+ Dashboard: Fixed scrolling issue that caused scroll to be locked to bottom.
+ Explore: Viewers with viewers_can_edit should be able to access /explore.
+ Security fix: limit access to org admin and alerting pages.
+ Panel Edit minInterval changes did not persist
+ Teams: Fixed bug when getting teams for user.
+ Stackdriver: fix for float64 bounds for distribution metrics
+ Stackdriver: no reducers available for distribution type
+ Influxdb: Add support for alerting on InfluxDB queries that use the non_negative_difference function
+ Alerting: Fix percent_diff calculation when points are nulls
+ Alerting: Fixed handling of alert urls with true flags
+ Gauge: Fix issue with gauge requests being cancelled
+ Gauge: Accept decimal inputs for thresholds
+ UI: Fix error caused by named colors that are not part of named colors palette
+ Search: Bug pressing special regexp chars in input fields
+ Permissions: No need to have edit permissions to be able to 'Save as'
+ Search: Fix for issue with scrolling the 'tags filter' dropdown
+ Prometheus: Query for annotation always uses 60s step regardless of dashboard range
+ Annotations: Fix creating annotation when graph panel has ata points position the popup outside viewport
+ Piechart/Flot: Fixes multiple piechart instances with donut bug
+ plus many minor changes and fixes
- Update to version 5.4.3:
* Fixes:
+ Alerting Invalid frequency causes division by zero in alert scheduler
+ Dashboard Dashboard links do not update when time range changes
+ Limits Support more than 1000 datasources per org
+ Backend fix signed in user for orgId=0 result should return active org id
+ Provisioning Adds orgId to user dto for provisioned dashboards
- Update to version 5.4.2:
* Fixes:
+ Datasource admin: Fix for issue creating new data source when same name exists
+ OAuth: Fix for oauth auto login setting, can now be set using env variable
+ Dashboard search: Fix for searching tags in tags filter dropdown.
- Update to version 5.4.1:
* Fixes:
+ Stackdriver: Fixes issue with data proxy and Authorization header
+ Units: fixedUnit for Flow:l/min and mL/min
+ Logging: Fix for issue where data proxy logged a secret when debug logging was enabled, now redacted.
+ InfluxDB: Add support for alerting on InfluxDB queries that use the cumulative_sum function.
+ Plugins: Panel plugins should no receive the panel-initialized event again as usual.
+ Embedded Graphs: Iframe graph panels should now work as usual.
+ Postgres: Improve PostgreSQL Query Editor if using different Schemas,
+ Quotas: Fixed for updating org & user quotas.
+ Cloudwatch: Add the AWS/SES Cloudwatch metrics of BounceRate and ComplaintRate to auto complete list.
+ Dashboard Search: Fixed filtering by tag issues.
+ Graph: Fixed time region issues,
+ Graph: Fixed issue with series color picker popover being placed outside window.
- Update to version 5.4.0:
* Breaking Changes:
+ Postgres/MySQL/MSSQL datasources now per default uses max open connections = unlimited (earlier 10), max idle connections = 2 (earlier 10) and connection max lifetime = 4 hours (earlier unlimited).
* Features:
+ Alerting: Introduce alert debouncing with the FOR setting.
+ Alerting: Option to disable OK alert notifications
+ Postgres/MySQL/MSSQL: Adds support for configuration of max open/idle connections and connection max lifetime. Also, panels with multiple SQL queries will now be executed concurrently
+ MySQL: Graphical query builder
+ MySQL: Support connecting thru Unix socket for MySQL datasource
+ MSSQL: Add encrypt setting to allow configuration of how data sent between client and server are encrypted
+ Stackdriver: Not possible to authenticate using GCE metadata server
+ Teams: Team preferences (theme, home dashboard, timezone) support
+ Graph: Time regions support enabling highlight of weekdays and/or certain timespans
+ OAuth: Automatic redirect to sign-in with OAuth
+ Stackdriver: Template query editor
* Fixes:
+ Cloudwatch: Fix invalid time range causes segmentation fault
+ Cloudwatch: AWS/CodeBuild metrics and dimensions
+ MySQL: Fix $__timeFrom() and $__timeTo() should respect local time zone
+ Graph: Fix legend always visible even if configured to be hidden
+ Elasticsearch: Fix regression when using datasource version 6.0+ and alerting
- Update to version 5.3.4:
* minor bug fixes
- Fix patch novnc-1.0.0-fix-interpreter.patch
* Renamed to patch novnc-1.1.0-fix-interpreter.patch
- Update to 1.1.0:
Application:
* New translations for Russian, Korean, Czech and Chinese (traditional) languages
* Fixed an issue where you didn't get scrollbn your browser on Windows if
you had a touch screen.
* Added the Super/Windows key to the toolbar.
* Added an option to show a dot when there otherwise wouldn't be a visible
cursor.
* View drag is no longer available when in scaling mode.
Library:
* A large number of coding style changes has been made to make the code easier
to read and better to work with.
* Many keyboard issues has been fixed.
* Local cursor is now available on all platforms.
* Fixed a number of crashes related to clipboard.
* Fixed issues that occurred if data from the server was being received slowly.
* A problem has been fixed where the display module would incorrectly handle
high DPI systems causing scrollbars to show when they shouldn't.
- require python3-websockify for recent distros (bsc#1119737)
- Update to version cinder-13.0.7.dev16:
* Dell EMC SC: Handle the mappings of multiattached volume
- Update to version cinder-13.0.7.dev14:
* 3PAR: Add config for NSP single path attach
- Update to version cinder-13.0.7.dev12:
* Fix VolumeAttachment is not bound to a Session
* Fix ceph: only close rbd image after snapshot iteration is finished
- Update to version cinder-13.0.7.dev8:
* Fix NFS volume retype with migrate
- Update to version cinder-13.0.7.dev7:
* Remove experimental openSUSE 42.3 job
- Update to version cinder-13.0.7.dev5:
* Fixing 404's and broken links
- Update to version cinder-13.0.7.dev16:
* Dell EMC SC: Handle the mappings of multiattached volume
- Update to version cinder-13.0.7.dev14:
* 3PAR: Add config for NSP single path attach
- Update to version cinder-13.0.7.dev12:
* Fix VolumeAttachment is not bound to a Session
* Fix ceph: only close rbd image after snapshot iteration is finished
- Update to version cinder-13.0.7.dev8:
* Fix NFS volume retype with migrate
- Update to version cinder-13.0.7.dev7:
* Remove experimental openSUSE 42.3 job
- Update to version cinder-13.0.7.dev5:
* Fixing 404's and broken links
- Update to version horizon-14.0.4.dev11:
* Fix listing security groups when no rules
- Update to version horizon-14.0.4.dev9:
* Fix quoting in zuul for tempest plugins
* Allow creating ICMPV6 rules
- Update to version horizon-14.0.4.dev6:
* Ensure to call patch\_middleware\_get\_user() in api.test\_base
- Update to version horizon-14.0.4.dev5:
* Fixing broken links
- Update to version designate-7.0.1.dev22:
* Fixing 404 link
- Update to version designate-7.0.1.dev22:
* Fixing 404 link
- Update to version glance-17.0.1.dev30:
* Fix manpage building and remove glance-cache-manage
- Update to version glance-17.0.1.dev28:
* Fix doc build after removal of glance-cache-manage man page
- Update to version glance-17.0.1.dev26:
* Updating Ceph 404 URLs
- Update to version glance-17.0.1.dev24:
* Remove experimental openSUSE 42.3 job
* OpenDev Migration Patch
- Update to version glance-17.0.1.dev22:
* Failure in web-dowload kept image in importing state
* Replace openstack.org git:// URLs with https://
* Data remains in staging area if 'file' store is not enabled
* Removed glancecachemanage.rst and updated header.txt
- Update to version glance-17.0.1.dev30:
* Fix manpage building and remove glance-cache-manage
- Rebased patches:
+ 0001-Fix-manpage-building-and-remove-glance-cache-manage.patch dropped (merged upstream)
- Update to version glance-17.0.1.dev28:
* Fix doc build after removal of glance-cache-manage man page
- Update to version glance-17.0.v26:
* Updating Ceph 404 URLs
- Update to version glance-17.0.1.dev24:
* Remove experimental openSUSE 42.3 job
* OpenDev Migration Patch
- Add 0001-Drop-glance-cache-manage-entrypoint-from-setup.cfg.patch (SOC-6366)
This removes the broken entrypoint for /usr/bin/glance-cache-manage
The code behind the executable was already removed upstream
so the executable was not usable
- Update to version glance-17.0.1.dev22:
* Failure in web-dowload kept image in importing state
* Replace openstack.org git:// URLs with https://
* Data remains in staging area if 'file' store is not enabled
* Removed glancecachemanage.rst and updated header.txt
- Add 0001-Fix-manpage-building-and-remove-glance-cache-manage.patch
This fixes the manpage build which is needed after the removal
of glancecachemanage.rst by upstream
- Update to version openstack-heat-11.0.3.dev23:
* Add retries when loading keystone data and fetching endpoints
- Update to version openstack-heat-11.0.3.dev22:
* Use connect\_retries when creating clients
- Update to version openstack-heat-11.0.3.dev20:
* Add retry for sync\_point\_update\_input\_data
- Update to version openstack-heat-11.0.3.dev23:
* Add retries when loading keystone data and fetching endpoints
- Update to version openstack-heat-11.0.3.dev22:
* Use connect\_retries when creating clients
- Update to version openstack-heat-11.0.3.dev20:
* Add retry for sync\_point\_update\_input\_data
- Include heat_policy.json (bsc#1152032)
* Fixed the unexpected error in Horizon when Heat dashboard is enabed
- update to version 1.14.1~dev9
- Hide Graph Metric action of alarm when Grafana is not available
- OpenDev Migration Patch
- Update to version ironic-11.1.4.dev15:
* Fix typo in handling of exception FailedToGetIPAddressOnPort
- Update to version ironic-11.1.4.dev14:
* DRAC: Fix OOB introspection to use pxe\_enabled flag in idrac driver
* iLO firmware update fails with 'update\_firmware\_sum' clean step
- Update to version ironic-11.1.4.dev10:
* CI: remove quotation marks from TEMPEST\_PLUGINS variable
- Update to version ironic-11.1.4.dev15:
* Fix typo in handling of exception FailedToGetIPAddressOnPort
- Update to version ironic-11.1.4.dev14:
* DRAC: Fix OOB introspection to use pxe\_enabled flag in idrac driver
* iLO firmware update fails with 'update\_firmware\_sum' clean step
- Update to version ironic-11.1.4.dev10:
* CI: remove quotation marks from TEMPEST\_PLUGINS variable
- Update to version ironic-python-agent-3.3.3.dev5:
* Fix compatibility with Pint 0.5
- Update to version keystone-14.1.1.dev16:
* Fixing 404 URLs for Rocky
- Update to version keystone-14.1.1.dev15:
* Updating mapping rule link
- Update to version keystone-14.1.1.dev13:
* Fix python3 compatibility on LDAP search DN from id
* Fixing dn\_to\_id function for cases were id is not in the DN
- Update to version keystone-14.1.1.dev9:
* Remove experimental openSUSE 42.3 job
- Update to version keystone-14.1.1.dev16:
* Fixing 404 URLs for Rocky
- Update to version keystone-14.1.1.dev15:
* Updating mapping rule link
- Update to version keystone-14.1.1.dev13:
* Fix python3 compatibility on LDAP search DN from id
* Fixing dn\_to\_id function for cases were id is not in the DN
- Update to version keystone-14.1.1.dev9:
* Remove experimental openSUSE 42.3 job
- Update to version manila-7.3.1.dev6:
* Unmount NetApp active share after replica promote
- Update to version manila-7.3.1.dev4:
* Fixing broken links
- Updateon manila-7.3.1.dev6:
* Unmount NetApp active share after replica promote
- Update to version manila-7.3.1.dev4:
* Fixing broken links
- Update to version neutron-13.0.5.dev50:
* DVR: Cleanup ml2 dvr portbindings on migration
- Update to version neutron-13.0.5.dev49:
* Avoid unnecessary operation of ovsdb and flows
- Update to version neutron-13.0.5.dev48:
* Increase timeouts for OVSDB in functional tests
- Update to version neutron-13.0.5.dev46:
* Fix creation of vlan network with segmentation\_id set to 0
* Add info log about ready DHCP config for ports
- Update to version neutron-13.0.5.dev42:
* Check the namespace is ready in test\_mtu\_update tests
* Create \_mech\_context before delete to avoid race
- Update to version neutron-13.0.5.dev39:
* ML2 plugin: extract and postpone limit in port query
* Increase TestDhcpAgentHA.agent\_down\_time to 30 seconds
- Update to version neutron-13.0.5.dev35:
* Use created subnet in port generator in 'test\_port\_ip\_update\_revises'
- Update to version neutron-13.0.5.dev34:
* Increase number of retries in \_process\_trunk\_subport\_bindings
- Update to version neutron-13.0.5.dev33:
* Filter placement API endpoint by type too
- Update to version neutron-13.0.5.dev31:
* Remove experimental openSUSE 42.3 job
* Initialize phys bridges before setup\_rpc
* Populate binding levels when concurrent ops fail
* Make sure the port still in port map when prepare\_port\_filter
* [DVR] Add lock during creation of FIP agent gateway port
- Update to version neutron-13.0.5.dev50:
* DVR: Cleanup ml2 dvr portbindings on migration
- Update to version neutron-13.0.5.dev49:
* Avoid unnecessary operation of ovsdb and flows
- Update to version neutron-13.0.5.dev48:
* Increase timeouts for OVSDB in functional tests
- Update to version neutron-13.0.5.dev46:
* Fix creation of vlan network with segmentation\_id set to 0
* Add info log about ready DHCP config for ports
- Update to version neutron-13.0.5.dev42:
* Check the namespace is ready in test\_mtu\_update tests
* Create \_mech\_context before delete to avoid race
- Update to version neutron-13.0.5.dev39:
* ML2 plugin: extract and postpone limit in port query
* Increase TestDhcpAgentHA.agent\_down\_time to 30 seconds
- Update to version neutron-13.0.5.dev35:
* Use created subnet in port generator in 'test\_port\_ip\_update\_revises'
- Update to version neutron-13.0.5.dev34:
* Increase number of retries in \_process\_trunk\_subport\_bindings
- Update to version neutron-13.0.5.dev33:
* Filter placement API endpoint by type too
- Update to version neutron-13.0.5.dev31:
* Remove experimental openSUSE 42.3 job
* Initialize phys bridges before setup\_rpc
* Populate binding levels when concurrent ops fail
* Make sure the port still in port map when prepare\_port\_filter
* [DVR] Add lock during creation of FIP agent gateway port
- Update to version group-based-policy-5.0.1.dev472:
* [AIM] Fix HAIP RPC query
- Update to version group-based-policy-5.0.1.dev471:
* Fix implicit ICMPv6 Security Group Rules
- Update to version group-based-policy-5.0.1.dev470:
* Fixed snat port status to be ACTIVE and UP
- Update to version group-based-policy-5.0.1.dev468:
* Revert 'Make DHCP provisioning blocks conditional'
* Some refactoring regarding merge aim statuses
- Update to version group-based-policy-5.0.1.dev464:
* Verify aim\_epg exists before proceeding
- Update to version group-based-policy-5.0.1.dev462:
* Bulk extension support for
- Update to version group-based-policy-5.0.1.dev461:
* [AIM] Eliminate redundant router extension content
- Update to version group-based-policy-5.0.1.dev460:
* Fix for Commit 564905e49a0d418bc891f12b560e291a9fdc4acb 1. The method \_track\_connectivity returns nothing, so, self.track\_success is updated in the method itself
- Update to version nova-18.2.3.dev22:
* lxc: make use of filter python3 compatible
* Fix rebuild of baremetal instance when vm\_state is ERROR
* Fix wrong assertions in unit tests
* Fix 'has\_calls' method calls in unit tests
* Fix non-existent method of Mock
* Retrun 400 if invalid query parameters are specified
- Update to version nova-18.2.3.dev10:
* doc: Fix a broken reference link
- Update to version nova-18.2.3.dev9:
* Restore soft-deleted compute node with same uuid
* Add functional regression recreate test for bug 1839560
* rt: only map compute node if we created it
- Update to version nova-18.2.3.dev3:
* Remove experimental job on openSUSE 42.3
- Update to version nova-18.2.3.dev2:
* Fix misuse of nova.objects.base.obj\_equal\_prims
18.2.2
* Don't generate service UUID for deleted services
* Add 'path' query parameter to console access url
* Replace non-nova server fault message
* Avoid logging traceback when detach device not found
* Fix python3 compatibility of rbd get\_fsid
* Add functional regression test for bug 1778305
* Add functional recreate test for bug 1764556
* Cleanup when hitting MaxRetriesExceeded from no host\_available
* Add functional regression test for bug 1837955
* Revert '[libvirt] Filter hypervisor\_type by virt\_type'
* Avoid crashing while getting libvirt capabilities with unknown arch names
* libvirt: move checking CONF.my\_ip to init\_host()
* Revert resize: wait for events according to hybrid plug
* docs: Correct issues with 'openstack quota set' commands
* doc: Fix a parameter of NotificationPublisher
* Perf: Use dicts for ProviderTree roots
* Fix type error on call to mount device
* Drop source node allocations if finish\_resize fails
* Add functional recreate test for regression bug 1825537
* Stabilize unshelve notification sample tests
* Ignore hw\_vif\_type for direct, direct-physical vNIC types
* Fix double word hacking test
* Disable limit if affinity(anti)/same(different)host is requested
* Delete resource providers for all nodes when deleting compute service
- Update to version nova-18.2.3.dev22:
* lxc: make use of filter python3 compatible
* Fix rebuild of baremetal instance when vm\_state is ERROR
* Fix wrong assertions in unit tests
* Fix 'has\_calls' method calls in unit tests
* Fix non-existent method of Mock
* Retrun 400 if invalid query parameters are specified
- Update to version nova-18.2.3.dev10:
* doc: Fix a broken reference link
- Allow to attach more than 26 volumes (bsc#1118900)
* This is a forward port from SOC7
* Add 0001-Add-method-to-generate-device-names-universally.patch
* Add 0002-Raise-403-instead-of-500-error-from-attach-volume-AP.patch
* Add 0003-Add-configuration-of-maximum-disk-devices-to-attach.patch
- Update to version nova-18.2.3.dev9:
* Restore soft-deleted compute node with same uuid
* Add functional regression recreate test for bug 1839560
* rt: only map compute node if we created it
- Update to version nova-18.2.3.dev3:
* Remove experimental job on openSUSE 42.3
- Update to version nova-18.2.3.dev2:
* Fix misuse of nova.objects.base.obj\_equal\_prims
* Don't generate service UUID fed services
* Add 'path' query parameter to console access url
* Replace non-nova server fault message
* Avoid logging traceback when detach device not found
* Fix python3 compatibility of rbd get\_fsid
* Add functional regression test for bug 1778305
* Add functional recreate test for bug 1764556
* Cleanup when hitting MaxRetriesExceeded from no host\_available
* Add functional regression test for bug 1837955
* Revert '[libvirt] Filter hypervisor\_type by virt\_type'
* Avoid crashing while getting libvirt capabilities with unknown arch names
* libvirt: move checking CONF.my\_ip to init\_host()
* Revert resize: wait for events according to hybrid plug
* docs: Correct issues with 'openstack quota set' commands
* doc: Fix a parameter of NotificationPublisher
* Perf: Use dicts for ProviderTree roots
* Fix type error on call to mount device
* Drop source node allocations if finish\_resize fails
* Add functional recreate test for regression bug 1825537
* Stabilize unshelve notification sample tests
* Ignore hw\_vif\_type for direct, direct-physical vNIC types
* Fix double word hacking test
* Disable limit if affinity(anti)/same(different)host is requested
* Delete resource providers for all nodes when deleting compute service
- remove 0001-Skip-to-remove-resource-provider-if-compute-node-not.patch:
was only for an internal problem that we solved otherwise, and didn't
go upstream.
- Update to version octavia-3.1.2.dev45:
* Fix member API handling of None/null updates
- Update to version octavia-3.1.2.dev43:
* Validate server\_certs\_key\_passphrase is 32 chars
* Work around strptime threading issue
* Fix base (VRRP) port abandoned on revert
- Update to version octavia-3.1.2.dev38:
* Do not run non-voting jobs in gate
* Fix l7rule API handling of None updates
* Fix template that generates vrrp check script
* elements: add arch property for \`\`open-vm-tools\`\`
- Update to version octavia-3.1.2.dev30:
* Prevent UDP LBs to use different IP protocol versions in amphora driver
* Fixed down server issue after reloading keepalived
* Fixed pool and members status with UDP loadbalancers
* Add support for monitor\_{address,port} in UDP members
* Fix auto setup Barbican's ACL in the legacy driver
- Update to version octavia-3.1.2.dev20:
* Fix L7 repository create methods
- Update to version octavia-3.1.2.dev18:
* Add warning log if auth\_strategy is not keystone
- Update to version octavia-3.1.2.dev16:
* Add failover logging to show the amphora details
- Update to version octavia-3.1.2.dev14:
* Revert 'Use the infra pypi mirror for DIB'
- Update to version octavia-3.1.2.dev12:
* Use the infra pypi mirror for DIB
- Update to version octavia-3.1.2.dev10:
* only rollback DB when we have a connection to the DB
- Update to version octavia-3.1.2.dev9:
* worker: Re-add FailoverPreparationForAmphora
- Update to version sahara-9.0.2.dev12:
* Fixing broken links and removing outdated driver
* Fix requirements (bandit, sphinx)
* OpenDev Migration Patch
- Update to version sahara-9.0.2.dev12:
* Fixing broken links and removing outdated driver
* Fix requirements (bandit, sphinx)
* OpenDev Migration Patch
- Add 0001-Handle-path-query-parameter-for-test_novnc.patch
- update to version 1.12.1~dev19
- fix test failure with ironic client
- OpenDev Migration Patch
- pass default_config_dirs variable for config initialization.
- Update Dependencies. There are number of client packages that are
required by watcher ino function correctly. (SOC-4183)
- update to version 1.12.1~dev15
- Provide two arguments to exception's message
- Replace openstack.org git:// URLs with https://
- set watcherclient no voting
- Access to action's uuid by key
- make ceilometer client import optional
- add the systemd unit files for openstack-watcher-api,
openstack-watcher-applier, and openstack-watcher-decision-engine
- Update to version 9.0+git.1568955483.5f039e4:
* subnet/netmaks OR cidr are acceptable in baremetal input model (SOC-10615)
- added 0001-Remove-redundant-cleanups-in-test_volume_backup.patch
and 0001-GET-backup-before-asserting-volume_id-and-snapshot_id.patch
- Add missing dependency on python-six (bsc#1150895)
rubygem-easy_diff:
- updated to version 1.0.0
- Unmerge Arrays containing Hashes
- Handle duplicate values in arrays correctly
- updated to version 0.0.6
- Fix merging arrays of hashes
ModerateSUSE bug 1118900SUSE bug 1119737SUSE bug 1120657SUSE bug 1140267SUSE bug 1145967SUSE bug 1147144SUSE bug 1148158SUSE bug 1150895SUSE bug 1152032cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging (Important)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging fixes the following issues:
Security issues fixed:
- CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back end (pdns, bsc#1129734).
- CVE-2019-15043: Added authentication to a few REST endpoints (Grafana, SOC-10357, bsc#1148383).
Non-security issues fixed:
- Update to version 9.0+git.1568821007.4e73730:
* Include manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609)
- Update to version 9.0+git.1569869028.8edfc22:
* Added command to minify the django compressed css files (SOC-10305)
- Update to version 9.0+git.1570035317.78077ac:
* support OpenID Connect WebSSO (SOC-10509)
- Update to version 9.0+git.1569444107.add6a40:
* Manila parallelised upgrade workflow enhancements (SOC-10609)
- Update to version 9.0+git.1571328680.3a89cb8:
* Add neutron-common role dependencies (SOC-10875)
- Update to version 6.0+git.1571412352.8da4d261f:
* upgrade: Reload repo config in repochecks (SOC-10718)
- Update to version 6.0+git.1571210108.12bd2ffa3:
* crowbar: Give more time for reboot for physical hardware reboots
- Update to version 6.0+git.1570004730.b56b8983b:
* Revert 'Use block-migration when needed' (SOC-10133)
- Update to version 6.0+git.1569911671.d44b0035c:
* Designate: Don't add the admin node to the public network (SOC-10658)
- Update to version 6.0+git.1572264221.3826a58b8:
* Octavia: account for long ops in HA deployments (SOC-9894)
* Octavia: use correct IP addresses for listening (SOC-9894)
* Octavia: fix subnet creation race condition (SOC-9894)
* Updated copyright notices (SOC-9894)
* Octavia: Follow up patch addressing comments from last PR (SOC-9894)
- Update to version 6.0+git.1571986150.c5b827b7a:
* Fix the migration that tried to access Array as a Hash (SOC-10896)
- Update to version 6.0+git.1571731423.957dcfecd:
* mysql: fix WSREP sync race (SOC-10717)
- Update to version 6.0+git.1571660392.997fee49d:
* mysql: stop service for mysql_install_db (SOC-10717)
- Update to version 6.0+git.1571241502.2f673d0a9:
* rabbitmq: fix migration 200 (SOC-10623)
* Changes to integrate with ACI 4.1 and new packages (SOC-10403)
- Update to version 6.0+git.1570143515.9b1546ed3:
* No rndc key if no public DNS server (SOC-10835)
- Update to version 6.0+git.1570048281.815e06ff3:
* create watcher barclamp (SOC-4183)
- Update to version 6.0+git.1569942913.15b24bec5:
* monasca: Fix restore condition (SOC-9772)
* database: really fix migration 102 (SOC-10717)
- Update to version 6.0+git.1569823669.91f267e96:
* Designate: Filter out the admin node (SOC-10658)
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
- Update to version cinder-13.0.8.dev8:
* Extend timeout for database migration tests
13.0.7
* Add context to cloning snapshots in remotefs driver
- Update to version cinder-13.0.7.dev22:
* Add retry to LVM deactivation
* Fix DetachedInstanceError for VolumeAttachment
* Don't allow retype to encrypted+multiattach type
- Update to version cinder-13.0.8.dev8:
* Extend timeout for database migration tests
13.0.7
* Add context to cloning snapshots in remotefs driver
- Update to version cinder-13.0.7.dev22:
* Add retry to LVM deactivation
* Fix DetachedInstanceError for VolumeAttachment
* Don't allow retype to encrypted+multiattach type
- Update to version horizon-14.0.5.dev1:
* Fix aes-xts key length in Horizon Admin Guide / Manage Volumes
14.0.4
- Add python-csscompressor as a requirement
* python-csscompressor will be used to minify compressed css files
- Update to version horizon-14.0.4.dev17:
* Remove the check which causes plugin's quotas update failure
- Update to version horizon-14.0.4.dev16:
* Add Allowed Address Pair/Delete buttons are only visible to admin
- Update to version horizon-14.0.4.dev14:
* Updated max-width to be dynamic for .member class
- Update to version horizon-14.0.4.dev13:
* Avoid forced logout when 403 error encountered
- Update to version manila-ui-2.16.2.dev2:
* Updated to get quotas data for Modify Quotas dialog Share tab
* OpenDev Migration Patch
2.16.1
- Update to version keystone-14.1.1.dev26:
* Make system tokens work with domain-specific drivers
- Update to version keystone-14.1.1.dev24:
* Add test case for expanding implied roles in system tokens
- Update to version keystone-14.1.1.dev22:
* Add retry for DBDeadlock in credential delete
- Update to version keystone-14.1.1.dev20:
* Import LDAP job into project
* Update broken links to dogpile.cache docs
- Update to version keystone-14.1.1.dev26:
* Make system tokens work with domain-specific drivers
- Update to version keystone-14.1.1.dev24:
* Add test case for expanding implied roles in system tokens
- Update to version keystone-14.1.1.dev22:
* Add retry for DBDeadlock in credential delete
- Update to version keystone-14.1.1.dev20:
* Import LDAP job into project
* Update broken links to dogpile.cache docs
- Update to version manila-7.3.1.dev15:
* Fix [Unity] verification and convert mgmt ipv6
- Update to version manila-7.3.1.dev14:
* Adding documentation for User Messages in Manila Documentation
- Update to version manila-7.3.1.dev12:
* [NetApp] Allow extension/shrinking of NetApp replicated share
- Update to version manila-7.3.1.dev11:
* Fix pagination does not speed up queries bug
- Update to version manila-7.3.1.dev9:
* Remove backend spec from share type while creating replica
- Update to version manila-7.3.1.dev8:
* Check NetApp SnapRestore license for pools
- Update to version manila-7.3.1.dev7:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
- Update to version manila-7.3.1.dev15:
* Fix [Unity] verification and convert mgmt ipv6
- Update to version manila-7.3.1.dev14:
* Adding documentation for User Messages in Manila Documentation
- Update to version manila-7.3.1.dev12:
* [NetApp] Allow extension/shrinking of NetApp replicated share
- Update to version manila-7.3.1.dev11:
* Fix pagination does not speed up queries bug
- Update to version manila-7.3.1.dev9:
* Remove backend spec from share type while creating replica
- Update to version manila-7.3.1.dev8:
* Check NetApp SnapRestore license for pools
- Update to version manila-7.3.1.dev7:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
- Update to version neutron-13.0.6.dev3:
* Add radvd\_user config option
* Fix mismatch of tags in dnsmasq options
13.0.5
- Update to version neutron-13.0.5.dev55:
* Handle ports assigned to routers without routerports
- Update to version neutron-13.0.5.dev54:
* fixed\_configured=True when Add/Remove port IPs
- Update to version neutron-13.0.5.dev53:
* raise priority of dead vlan drop
* OVS flows for custom ethertypes must be on EGRESS
- Update to version neutron-13.0.6.dev3:
* Add radvd\_user config option
* Fix mismatch of tags in dnsmasq options
13.0.5
- Update to version neutron-13.0.5.dev55:
* Handle ports assigned to routers without routerports
- Update to version neutron-13.0.5.dev54:
* fixed\_configured=True when Add/Remove port IPs
- Update to version neutron-13.0.5.dev53:
* raise priority of dead vlan drop
* OVS flows for custom ethertypes must be on EGRESS
- Update to version neutron-fwaas-13.0.3.dev2:
* Fix AttributeError with third-party L3 service plugins
- Update to version neutron-fwaas-13.0.3.dev1:
* FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host
13.0.2
- Update to version neutron-fwaas-13.0.3.dev2:
* Fix AttributeError with third-party L3 service plugins
- Update to version neutron-fwaas-13.0.3.dev1:
* FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host
13.0.2
- Update to version neutron-lbaas-13.0.1.dev15:
* Fix lb stats model
- Update to version neutron-lbaas-13.0.1.dev15:
* Fix lb stats model
- Update to version nova-18.2.4.dev18:
* Error out interrupted builds
* Functional reproduce for bug 1833581
* Prevent init\_host test to interfere with other tests
* Add functional test for resize crash compute restart revert
* cleanup evacuated instances not on hypervisor
- Update to version nova-18.2.4.dev8:
* Fix unit of hw\_rng:rate\_period
* Fix exception translation when creating volume
* Skip test\_parallel\_evacuate\_with\_server\_group until fixed
* Handle get\_host\_availability\_zone error during reschedule
* Noop CantStartEngineError in targets\_cell if API DB not configured
- Update to version nova-18.2.4.dev1:
* Stop sending bad values from libosinfo to libvirt
18.2.3
- Update to version nova-18.2.3.dev25:
* Add useful error log when \_determine\_version\_cap raises DBNotAllowed
- Update to version nova-18.2.3.dev23:
* Reduce scope of 'path' query parameter to noVNC consoles
- Update to version nova-18.2.4.dev18:
* Error out interrupted builds
* Functional reproduce for bug 1833581
* Prevent init\_host test to interfere with other tests
* Add functional test for resize crash compute restart revert
* cleanup evacuated instances not on hypervisor
- Update to version nova-18.2.4.dev8:
* Fix unit of hw\_rng:rate\_period
* Fix exception translation when creating volume
* Skip test\_parallel\_evacuate\_with\_server\_group until fixed
* Handle get\_host\_availability\_zone error during reschedule
* Noop CantStartEngineError in targets\_cell if API DB not configured
- Update to version nova-18.2.4.dev1:
* Stop sending bad values from libosinfo to libvirt
18.2.3
- Update to version nova-18.2.3.dev25:
* Add useful error log when \_determine\_version\_cap raises DBNotAllowed
- Update to version nova-18.2.3.dev23:
* Reduce scope of 'path' query parameter to noVNC consoles
- Move tempest tests into the python-octavia package (SOC-9455)
- Update to version octavia-3.2.1.dev1:
3.2.0
* loadbalancer vip-network-id IP availability check
- Update to version octavia-3.1.2.dev46:
* Fix urgent amphora two-way auth security bug
Update image to 0.1.1 to include latest changes in openstack-octavia:
- Update to include version octavia-3.2.1.dev1:
* loadbalancer vip-network-id IP availability check
* Fix urgent amphora two-way auth security bug
* Fix member API handling of None/null updates
* Validate server\_certs\_key\_passphrase is 32 chars
* Work around strptime threading issue
* Fix base (VRRP) port abandoned on revert
* Do not run non-voting jobs in gate
* Fix l7rule API handling of None updates
* Fix template that generates vrrp check script
* elements: add arch property for \`\`open-vm-tools\`\`
* Prevent UDP LBs to use different IP protocol versions in amphora driver
* Fixed down server issue after reloading keepalived
* Fixed pool and members status with UDP loadbalancers
* Add support for monitor\_{address,port} in UDP members
* Fix auto setup Barbican's ACL in the legacy driver
* Fix L7 repository create methods
* Add warning log if auth\_strategy is not keystone
* Add failover logging to show the amphora details
* Revert 'Use the infra pypi mirror for DIB'
* Use the infra pypi mirror for DIB
* only rollback DB when we have a connection to the DB
* Add octavia-v2-dsvm jobs to the gate queue
* Fix for utils LB DM transformation function
* Update amphora-agent to report UDP listener health
* Update tox.ini for new upper constraints strategy
* Add bindep.txt for Octavia
* Fix allocate\_and\_associate DB deadlock
* Treat null admin\_state\_up as False
* Performance improvement for non-udp health checks
* Bandit test exclusions syntax change
* Fix IPv6 in Active/Standby topology on CentOS
* Fix listener API handling of None/null updates
* OpenDev Migration Patch
* Fix a lifecycle bug with child objects
* Fix the amphora base port coming up
* Fix setting of VIP QoS policy
* Fix VIP plugging on CentOS-based amphorae
* Fix possible state machine hole in failover
* Add missing import octavia/opts.py
* Fix the loss of access to barbican secrets
* Fix initialization of Barbican client
* Replace openstack.org git:// URLs with https://
* Fix prefix for vip\_ipv6
* Fix ifup failures on member interfaces with IPv6
* Adds server\_certs\_key\_passphrase to octavia.conf
* Fix LB failover when in ERROR
* Resolve amphora agent read timeout issue
* Fix performance of housekeeping DB clean up
* Encrypt certs and keys
* Enable debug for Octavia services in grenade job
* Fix oslo messaging connection leakage
* Simplify keepalived lvsquery parsing for UDP
* Fix functional tests under Python >= 3.6
* Fix check redirect pool for creating a fully populated load balancer
* Fix missing print format error
- Remove superfluous octavia-db-manage invocation from service
file
- Incorporate the patch from
https://review.openstack.org/#/c/541811/9.
- Update to 4.1.8
* #7604: Correctly interpret an empty AXFR response to an IXFR query,
* #7610: Fix replying from ANY address for non-standard port,
* #7609: Fix rectify for ENT records in narrow zones,
* #7607: Do not compress the root,
* #7608: Fix dot stripping in `setcontent()`,
* #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
* #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
* #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”,
* #7509: Plug `mysql_thread_init` memory leak,
* #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.
* Prevent more than one CNAME/SOA record in the same RRset
- Update to 1.11.24:
* Fixed crash of KeyTransform() for JSONField and HStoreField when using
on expressions with params (#30672).
- update to version 5.2.1
- Update .gitreview for stable/rocky
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- OpenDev Migration Patch
- Remove tox_install.sh
- import zuul job settings from project-config
- Skip the services with no endpoints when parsing service catalog
- update to version 1.6.1
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- OpenDev Migration Patch
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- Make sure we always requests JSON responses
- update to version 2.5.8
- FC: Ignore some HBAs from map for single WWNN
- OpenDev Migration Patch
- Improve iSCSI device detection speed
- update to version 1.30.4
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Fix memcache pool client in monkey-patched environments
- OpenDev Migration Patch
- Pass `flush_on_reconnect` to memcache pooled backend
- update to version 8.1.4
- Replace openstack.org git:// URLs with https://
- Cap Bandit below 1.6.0 and update Sphinx requirement
- Retry to declare a queue after internal error
- Add release note for amqp library TLS/SSL error
- Fix switch connection destination when a rabbitmq cluster node disappear
- Mark telemetry tests nv and remove from gate
- OpenDev Migration Patch
- Issue blocking ACK for RPC requests from the consumer thread
- fix typos
ImportantSUSE bug 1129734SUSE bug 1148383CVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2019-3871 at SUSECVE-2019-3871 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-haml (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-haml fixes the following issue:
- CVE-2017-1002201: Fixed an insufficient character escape that could have led to arbitrary code execution (bsc#1155089).
ModerateSUSE bug 1155089CVE-2017-1002201 at SUSECVE-2017-1002201 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-ecdsa (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:
- CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
- CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).
ModerateSUSE bug 1153165SUSE bug 1154217CVE-2019-14853 at SUSECVE-2019-14853 at NVDCVE-2019-14859 at SUSECVE-2019-14859 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud fixes the following issues:
Security fix for openstack-octavia:
- CVE-2019-17134: Fixed an issue where Octavia Amphora-Agent not requiring Client-Certificate (bsc#1153304).
Security fix for python-psutil:
- CVE-2019-18874: Fixed a double-free vulnerability occured during converting system data into a
Python object (bsc#1155089).
- Update to version 9.0+git.1572311426.a6dc2fd:
* Align Crowbar and Ardana MariaDB configs (SOC-10094)
- Update to version 9.0+git.1573069087.15ffd1c:
* enable debug and insecure_debug on demand (SOC-10934)
- Update to version 9.0+git.1572019823.6650494:
* Correctly setup ardana_notify_... fact (SOC-10902)
- Update to version 9.0+git.1572618171.4460843:
* Update gerrit FQDN in .gitreview (SOC-9140)
- Update to version 6.0+git.1573825081.b1caf60f1:
* Update the testsuite for new upgrade method (SOC-10761)
* upgrade: cold start nova before live migration (SOC-10761)
- Update to version 6.0+git.1573131992.3c660b413:
* [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942)
- Update to version 6.0+git.1573051151.3495e0e94:
* Allow enabling bpdu-forwarding on OVS bridges (SOC-9172)
- Update to version 6.0+git.1573754820.dd036ef77:
* neutron: use octavia-api admin VIP URI for lbaasv2 (SOC-10906)
* octavia: handle certificate ownership in barclamp (SOC-10906)
* octavia: add SSL support to octavia-api (SOC-10906)
- Update to version 6.0+git.1573174019.9965ae9b8:
* designate: change default configuration (SOC-10899)
- Update to version 6.0+git.1572855359.8efafea01:
* Make sure the input file with ssh key exists (SOC-10133)
- Update to version 6.0+git.1572636244.e12406629:
* Change order of Octavia to 102 (SOC-10289)
- Update to version 6.0+git.1572470261.49c0affe1:
* designate: move keystone resource lookup to convergence (SOC-10887)
- Update to version 1.3.0+git.1572871359.50fc6087:
* Add title for XEN compute nodes precheck (SOC-10495)
- Update to version barbican-7.0.1.dev21:
* Fix duplicate paths in secret hrefs
* Fix the bug of pep8 and building api-guide
* OpenDev Migration Patch
- Update to version barbican-7.0.1.dev21:
* Fix duplicate paths in secret hrefs
* Fix the bug of pep8 and building api-guide
* OpenDev Migration Patch
- remove 0001-Fix-duplicate-paths-in-secret-hrefs.patch as it had landed upstream
- Replace openstack.org git:// URLs with https://
- Update to version keystone-14.1.1.dev28:
* Allows to use application credentials through group membership
- Update to version keystone-14.1.1.dev28:
* Allows to use application credentials through group membership
- Update to version neutron-13.0.6.dev8:
* Retry creating iptables managers and adding metering rules
- Update to version neutron-13.0.6.dev6:
* Increase timeout when waiting for dnsmasq enablement
- Update to version neutron-13.0.6.dev4:
* Log OVS firewall conjunction creation
- Update to version neutron-13.0.6.dev8:
* Retry creating iptables managers and adding metering rules
- Update to version neutron-13.0.6.dev6:
* Increase timeout when waiting for dnsmasq enablement
- Update to version neutron-13.0.6.dev4:
* Log OVS firewall conjunction creation
- Update to version group-based-policy-5.0.1.dev476:
* Provide a control knob to use the internal EP interface
* Send port notifications when host\_route is getting updated
- Update to version group-based-policy-5.0.1.dev473:
* Fix pep8 failures seen on submitted patches
- Update to version neutron-lbaas-13.0.1.dev16:
* 'lbaas delete l7 rule' Parameter Passing Error
- Update to version neutron-lbaas-13.0.1.dev16:
* 'lbaas delete l7 rule' Parameter Passing Error
- Update to version nova-18.2.4.dev22:
* Revert 'openstack server create' to 'nova boot' in nova docs
* doc: fix and clarify --block-device usage in user docs
- Update to version nova-18.2.4.dev20:
* Avoid error 500 on shelve task\_state race
- Update to version nova-18.2.4.dev19:
* libvirt: Ignore volume exceptions during post\_live\_migration
- Update to version nova-18.2.4.dev22:
* Revert 'openstack server create' to 'nova boot' in nova docs
* doc: fix and clarify --block-device usage in user docs
- Update to version nova-18.2.4.dev20:
* Avoid error 500 on shelve task\_state race
- Update to version nova-18.2.4.dev19:
* libvirt: Ignore volume exceptions during post\_live\_migration
- Update to version octavia-3.2.1.dev3:
* Improve the error message for bad pkcs12 bundles
- Update to version octavia-3.2.1.dev2:
* ipvsadm '--exact' arg to ensure outputs are ints
- Update to version sahara-9.0.2.dev14:
* Fixing image creation
* Check MariaDB installation
- Update to version sahara-9.0.2.dev14:
* Fixing image creation
* Check MariaDB installation
- Update to version 9.20191025:
* support OpenID Connect (SOC-10510)
ModerateSUSE bug 1153304SUSE bug 1155942SUSE bug 1156525CVE-2019-17134 at SUSECVE-2019-17134 at NVDCVE-2019-18874 at SUSECVE-2019-18874 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for haproxy (Important)SUSE OpenStack Cloud Crowbar 9
This update for haproxy fixes the following issues:
- CVE-2019-18277: Fixed HTTP smuggling in messages with transfer-encoding header missing the 'chunked' value (bsc#1154980).
ImportantSUSE bug 1154980CVE-2019-18277 at SUSECVE-2019-18277 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb to version 10.2.29 fixes the following issues:
MariaDB was updated to 10.2.29 (bsc#1156669)
Security issues fixed:
- CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service
- CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service
- CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service
or data corruption
- CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service
or data corruption
ModerateSUSE bug 1156669CVE-2019-2737 at SUSECVE-2019-2737 at NVDCVE-2019-2739 at SUSECVE-2019-2739 at NVDCVE-2019-2740 at SUSECVE-2019-2740 at NVDCVE-2019-2758 at SUSECVE-2019-2758 at NVDCVE-2019-2805 at SUSECVE-2019-2805 at NVDCVE-2019-2938 at SUSECVE-2019-2938 at NVDCVE-2019-2974 at SUSECVE-2019-2974 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper contains the following fixes:
Security fixes for memcached:
- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() (bsc#1149110).
- CVE-2019-11596: Fixed a denial of service when parsing crafted lru command messages in process_lru_comma() (bsc#1133817).
Security fixes for zookeeper:
- CVE-2019-0201: Fixed a information disclosure vulnerability related to getACL() (bsc#1135773).
Changes in rubygem-crowbar-client:
- Update to 3.9.2
- Enable SES commands in Cloud8 (SOC-11122)
Changes in rubygem-puma:
- Add CVE-2020-5247.patch (bsc#1165402)
'Fixes a problem where we were not splitting newlines in headers
according to Rack spec'
The patch is reduced compared to the upstream version, which was
patching also the parts that are not implemented in our old Puma
version. This applies to unit test as well.
Changes in ardana-ansible:
- Update to version 9.0+git.1587034359.a12678b:
* Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223)
- Update to version 9.0+git.1586793433.f7bbf1b:
* Ensure rabbitmq-server not running during dist-upgrade (SOC-11083)
- Update to version 9.0+git.1586521995.f709c73:
* Upgrade packages before _osconfig-upgrade.yml (SOC-11149)
- Update to version 9.0+git.1584135277.f4d488a:
* Serialise the _ardana-update-base.yml zypper actions (SOC-11083)
- Update to version 9.0+git.1583518616.d4eb33f:
* Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)
Changes in ardana-barbican:
- Update to version 9.0+git.1583953599.cd723bb:
* monitor ardana-node-cert (SOC-10873)
Changes in ardana-cluster:
- Update to version 9.0+git.1585653734.c1fe3b2:
* Use bool filter to ensure valid boolean evaluation (SOC-11192)
Changes in ardana-db:
- Update to version 9.0+git.1586543314.6b6aa20:
* Improve boostrap error handling (SOC-11207)
- Update to version 9.0+git.1583946648.0892bab:
* monitor MySQL TLS certificate (SOC-10873)
- Update to version 9.0+git.1583527362.d9e9436:
* fix mysql output and root password update (SOC-11152)
Changes in ardana-designate:
- Update to version 9.0+git.1583445435.4bd1793:
* Designate zone/pool to worker/producer migration (SOC-10095)
Changes in ardana-input-model:
- Update to version 9.0+git.1584632190.9541c56:
* add port neutron security extension to CI models (SOC-11027)
Changes in ardana-logging:
- Update to version 9.0+git.1585929695.f35b591:
* Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593)
Changes in ardana-monasca:
- Update to version 9.0+git.1586769889.d43d736:
* Retry systemctl status for auto-restarting services (SOC-11210)
- Update to version 9.0+git.1583359379.b92a013:
* Add certificate file check alarm (SOC-10873)
Changes in ardana-mq:
- Update to version 9.0+git.1586350749.a463fd2:
* Actually fail if sync HA queues retries exceeded (SOC-11083)
- Update to version 9.0+git.1583428243.c1a72a8:
* monitor RabbitMQ TLS certificate (SOC-10873)
Changes in ardana-neutron:
- Update to version 9.0+git.1587667603.507fb50:
* Add network.target 'After' option (bsc#1169770)
- Update to version 9.0+git.1584635234.e7e6b08:
* Add symlink for neutron-fwaas.json.j2 (bsc#1166290)
Changes in ardana-octavia:
- Update to version 9.0+git.1587486004.8e99c6b:
* Perform Neutron to Octavia migrate (SOC-11207)
- Update to version 9.0+git.1584737314.873b84c:
* Reconfigure monitor if needed (SOC-10873)
- Update to version 9.0+git.1584682274.4693189:
* fix Octavia client cert redeploy (SOC-10873)
- Update to version 9.0+git.1584392355.7368ea3:
* monitor Octavia client certificate (SOC-10873)
Changes in ardana-osconfig:
- Update to version 9.0+git.1586546715.dbd07ab:
* Ensure ovs_user and ovs_group defined (SOC-11149)
Changes in ardana-tempest:
- Update to version 9.0+git.1587398456.b31cc4a:
* Revert: Remove blacklisted octavia test(SOC-11027)
- Update to version 9.0+git.1586901636.089de51:
* Manila: Skip additional manila tests due to Ardana policy (SOC-11211)
- Update to version 9.0+git.1586875796.43d9039:
* Remove blacklisted octavia test(SOC-11027)
- Update to version 9.0+git.1586350084.01a56ee:
* Manila: Skip ShareNetworksTest due to Ardana policy (SOC-11211)
- Update to version 9.0+git.1585746746.8f38be7:
* Remove deprecated neutron extension from tempest (bsc#1124708)
- Update to version 9.0+git.1582537125.359622b:
* Enable port-security feature in tempest(SOC-11027)
Changes in ardana-tls:
- Update to version 9.0+git.1586301209.c9413b4:
* Simplify VNC cert deployment (SOC-9742)
Changes in crowbar-core:
- Update to version 6.0+git.1587558898.313bb9fd3:
* upgrade: Restart nova services at the end of disruptive upgrade (SOC-11202)
- Update to version 6.0+git.1586175344.480d46e76:
* Revert: Add lb-mgmt-net to network.json (SOC-10904)
- Update to version 6.0+git.1585339930.336361e4c:
* Add lb-mgmt-net to network.json (SOC-10904)
- Update to version 6.0+git.1585229942.1ddd6e742:
* upgrade: Point to config dir instead of config file (SOC-11171)
* upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)
- Update to version 6.0+git.1584974229.c5a263be6:
* Update the default value of OS version (trivial)
* Ignore CVE-2020-5267 in CI (bsc#1167240)
* Ignore CVE-2020-10663 in CI (bsc#1167244)
* upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)
- Update to version 6.0+git.1584564132.03cfcb5d0:
* Remove comment that's no longer relevant (trivial)
* Move role_to_proposal method from model to controller (trivial)
* upgrade: proper check for remote elements (trivial)
* Remove FIXME proposals that won't be fixed (trivial)
* Drop unused suggestion (trivial)
* Drop obsolete code (trivial)
- Update to version 6.0+git.1583841628.7a9cacf85:
* Ignore CVE-2020-8130 in CI (bsc#1164804)
* Ignore CVE-2020-5247 (bsc#1165402)
* Ignore CVE-2020-7595 in CI (bsc#1161517)
* ses: Make SES UI safe for unknown options (trivial)
* ses: Use cinder user for nova (SOC-5269)
- Update to version 6.0+git.1583502199.abec5c91e:
* upgrade: Raise the timeout for nodes evacuation (trivial)
Changes in crowbar-ha:
- Update to version 6.0+git.1586256059.e6f67e1:
* Hide libvirt STONITH option from the UI (bsc#1084739)
- Update to version 6.0+git.1585316150.ee52acc:
* add ssl termination on haproxy (bsc#1149535)
Changes in crowbar-openstack:
- Update to version 6.0+git.1587753188.da39e44a7:
* tempest: retry openstack commands (SOC-11238)
- Update to version 6.0+git.1587560956.475ebae91:
* nova: Hide setup_shared_instance_storage (SOC-11225)
- Update to version 6.0+git.1587110382.e00bbeeb8:
* octavia: remove mgmt_net from UI (SOC-10904)
- Update to version 6.0+git.1586351116.5977d44ce:
* neutron: fix neutron cli to use internal endpoint (bsc#1168512)
- Update to version 6.0+git.1586249148.97e221138:
* neutron: don't add physnets for non-enabled networks (SOC-11204)
* octavia: move management network creation to octavia barclamp (SOC-10904)
* octavia: move amphora changes check to worker recipe
* octavia: use octavia network for health monitors (SOC-10904)
* octavia: rework emanagement network config (SOC-10904)
- Update to version 6.0+git.1585653227.5004f0a1f:
* Disable 'OpenStack RC File (identity API v2)' in horizon (bsc#1163444)
- Update to version 6.0+git.1585444839.ec56032ca:
* Revert 'Octavia: Hide UI until complete (SOC-10550)'
- Update to version 6.0+git.1585282212.df338c7f6:
* Add lb-mgmt-net for Octavia (SOC-10904)
- Update to version 6.0+git.1585237884.e441a435b:
* fix travis CI to handle reverted commits properly (SOC-11180)
- Update to version 6.0+git.1585143832.fa2fd2714:
* nova: Populate cinder SES settings early (SOC-11179)
- Update to version 6.0+git.1585068621.f53f95864:
* tempest: blacklist shelve tests when using RBD ephemeral (SOC-11176)
* tempest: disable block migration when using RBD (SOC-11176)
- Update to version 6.0+git.1584967542.06b4f7cda:
* magnum: Populate SSL configuration (SOC-9849)
* magnum: Add SSL support (SOC-9849)
- Update to version 6.0+git.1584603207.1dc71c848:
* nova: Drop redundant disk_cachemodes (trivial)
* nova: Add option to disable ephemeral on ceph (SOC-5269)
- Update to version 6.0+git.1584540693.0d3b72090:
* keystone: fix keystone node lookup (SOC-11333, bsc#1164838)
* keystone: Register SES RadosGW endpoints (SOC-5270)
* heat: Increase heat_register syncmark timeout (SOC-11103)
* heat: Simplify domain registration code (SOC-11103)
- Update to version 6.0+git.1584437931.10aebd310:
* nova: Setup CEPH secrets later (SOC-11141)
- Update to version 6.0+git.1584347033.7472a6925:
* nova: Enable ephemeral volumes on SES (SOC-5269)
Changes in memcached:
- version update to 1.5.17
* bugfixes
fix strncpy call in stats conns to avoid ASAN violation (bsc#1149110, CVE-2019-15026)
extstore: fix indentation
add error handling when calling dup function
add unlock when item_cachedump malloc failed
extstore: emulate pread(v) for macOS
fix off-by-one in logger to allow CAS commands to be logged.
use strdup for explicitly configured slab sizes
move mem_requested from slabs.c to items.c (internal cleanup)
* new features
add server address to the 'stats conns' output
log client connection id with fetchers and mutations
Add a handler for seccomp crashes
- version update to 1.5.16
* bugfixes
When nsuffix is 0 space for flags hasn't been allocated so don't memcpy them.
- version update to 1.5.15
* bugfixes
Speed up incr/decr by replacing snprintf.
Use correct buffer size for internal URI encoding.
change some links from http to https
Fix small memory leak in testapp.c.
free window_global in slab_automove_extstore.c
remove inline_ascii_response option
-Y [filename] for ascii authentication mode
fix: idle-timeout wasn't compatible with binprot
* features
-Y [authfile] enables an authentication mode for ASCII protocol.
- modified patches
% memcached-autofoo.patch (refreshed)
- version update to 1.5.14
* update -h output for -I (max item size)
* fix segfault in 'lru' command (bsc#1133817, CVE-2019-11596)
* fix compile error on centos7
* extstore: error adjusting page_size after ext_path
* extstore: fix segfault if page_count is too high.
* close delete + incr item survival race bug
* memcached-tool dump fix loss of exp value
* Fix 'qw' in 'MemcachedTest.pm' so wait_ext_flush is exported properly
* Experimental TLS support.
* Basic implementation of TLS for memcached.
* Improve Get And Touch documentation
* fix INCR/DECR refcount leak for invalid items
- modified patches
% memcached-autofoo.patch (refreshed)
Changes in openstack-ceilometer:
- Update to version ceilometer-11.1.1.dev5:
* [stable-only] Cap stestr for python 2
- Update to version ceilometer-11.1.1.dev3:
11.1.0
* Add availability\_zone attribute to gnocchi instance resources
* Set instance\_type\_id in event traits to be a string
* Fix name of option group removed in Rocky
Changes in openstack-ceilometer:
- Update to version ceilometer-11.1.1.dev5:
* [stable-only] Cap stestr for python 2
- Update to version ceilometer-11.1.1.dev3:
11.1.0
* Add availability\_zone attribute to gnocchi instance resources
* Set instance\_type\_id in event traits to be a string
* Fix name of option group removed in Rocky
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev9:
* PowerMax Driver - Legacy volume not found
* NEC driver: fix an undefined variable
- Update to version cinder-13.0.10.dev6:
* RBD: fix volume reference handling in clone logic
- Update to version cinder-13.0.10.dev4:
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
- Update to version cinder-13.0.10.dev3:
* ChunkedBackupDriver: Freeing memory on restore
- Update to version cinder-13.0.10.dev1:
* Don't quote {posargs} in tox.ini
13.0.9
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev9:
* PowerMax Driver - Legacy volume not found
* NEC driver: fix an undefined variable
- Update to version cinder-13.0.10.dev6:
* RBD: fix volume reference handling in clone logic
- Update to version cinder-13.0.10.dev4:
* [Unity] Fix TypeError for test case test\_delete\_host\_wo\_lock
- Update to version cinder-13.0.10.dev3:
* ChunkedBackupDriver: Freeing memory on restore
- Update to version cinder-13.0.10.dev1:
* Don't quote {posargs} in tox.ini
13.0.9
Changes in openstack-designate:
- Update to version designate-7.0.1.dev25:
* Clean up zone locking
Changes in openstack-designate:
- Update to version designate-7.0.1.dev25:
* Clean up zone locking
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev35:
* Ignore Not Found when deleting Keystone role assignment
* Handle OS::Mistral::Workflow resource replacement properly
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev35:
* Ignore Not Found when deleting Keystone role assignment
* Handle OS::Mistral::Workflow resource replacement properly
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev3:
* Make deploy step failure logging indicate the error
11.1.4
- Update to version ironic-11.1.4.dev26:
* Remove rocky grenade jobs
* tell reno to ignore the kilo branch
* [stable] consume virtualbmc from pip packages
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev3:
* Make deploy step failure logging indicate the error
11.1.4
- Update to version ironic-11.1.4.dev26:
* Remove rocky grenade jobs
* tell reno to ignore the kilo branch
* [stable] consume virtualbmc from pip packages
Changes in openstack-ironic-image:
- Add haveged package (bsc#1137622)
It is needed to ensure there's enough entroy available to perform
the iSCSI operations.
Changes in openstack-manila:
- Update to version manila-7.4.2.dev4:
* Increase MANILA\_SERVICE\_VM\_FLAVOR\_DISK
- Update to version manila-7.4.2.dev3:
* If only .pyc exist, the extension API will be disabled
- Update to version manila-7.4.2.dev2:
* Enforce policy checks for share export locations
- Update to version manila-7.4.2.dev1:
* [stable-only] Pin neutron-tempest-plugin to 0.9.0
7.4.1
- Update to version manila-7.4.1.dev2:
* share\_networks: enable project\_only API only
* Fix over-quota exception of snapshot creation
7.4.0
- Update to version manila-7.4.1.dev1:
* Fix over-quota exception of snapshot creation
7.4.0
Changes in openstack-manila:
- Update to version manila-7.4.2.dev4:
* Increase MANILA\_SERVICE\_VM\_FLAVOR\_DISK
- Update to version manila-7.4.2.dev3:
* If only .pyc exist, the extension API will be disabled
- Update to version manila-7.4.2.dev2:
* Enforce policy checks for share export locations
- Update to version manila-7.4.2.dev1:
* [stable-only] Pin neutron-tempest-plugin to 0.9.0
7.4.1
- Rebased patches:
+ cve-2020-9543-stable-rocky.patch dropped (merged upstream)
- Update to version manila-7.4.1.dev2:
* share\_networks: enable project\_only API only
* Fix over-quota exception of snapshot creation
7.4.0
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev28:
* Prioritize port create and update ready messages
- Update to version neutron-13.0.8.dev26:
* Support iproute2 4.15 in l3\_tc\_lib
- Update to version neutron-13.0.8.dev24:
* Add trunk subports to be one of dvr serviced device owners
- Update to version neutron-13.0.8.dev22:
* Filter by owner SGs when retrieving the SG rules
* Delay HA router transition from 'backup' to 'master'
* Increase waiting time for network rescheduling
* Check dnsmasq process is active when spawned
* Wait before deleting trunk bridges for DPDK vhu
* [DVR] Don't populate unbound ports in router's ARP cache
* Optimize DVR related port DB query
- Update to version neutron-13.0.8.dev9:
* Add bulk IP address assignment to ipam driver
- Update to version neutron-13.0.8.dev7:
* Add accepted egress direct flow
- Update to version neutron-13.0.8.dev6:
* Add VLAN type conntrack direct flow
- Update to version neutron-13.0.8.dev4:
* Use rally-openstack 1.7.0 for stable/rocky
- Update to version neutron-13.0.8.dev3:
* Remove extra header fields in proxied metadata requests
* Ensure that default SG exists during list of SG rules API call
13.0.7
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev28:
* Prioritize port create and update ready messages
- Update to version neutron-13.0.8.dev26:
* Support iproute2 4.15 in l3\_tc\_lib
- Update to version neutron-13.0.8.dev24:
* Add trunk subports to be one of dvr serviced device owners
- Update to version neutron-13.0.8.dev22:
* Filter by owner SGs when retrieving the SG rules
* Delay HA router transition from 'backup' to 'master'
* Increase waiting time for network rescheduling
* Check dnsmasq process is active when spawned
* Wait before deleting trunk bridges for DPDK vhu
* [DVR] Don't populate unbound ports in router's ARP cache
* Optimize DVR related port DB query
- Update to version neutron-13.0.8.dev9:
* Add bulk IP address assignment to ipam driver
- Update to version neutron-13.0.8.dev7:
* Add accepted egress direct flow
- Update to version neutron-13.0.8.dev6:
* Add VLAN type conntrack direct flow
- Update to version neutron-13.0.8.dev4:
* Use rally-openstack 1.7.0 for stable/rocky
- Update to version neutron-13.0.8.dev3:
* Remove extra header fields in proxied metadata requests
* Ensure that default SG exists during list of SG rules API call
13.0.7
Changes in openstack-nova:
- Update to version nova-18.3.1.dev17:
* Unplug VIFs as part of cleanup of networks
- Update to version nova-18.3.1.dev16:
* Functional test for UnexpectedDeletingTaskStateError
- Update to version nova-18.3.1.dev15:
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* Replace ansible --sudo with --become in live\_migration/hooks scripts
- Update to version nova-18.3.1.dev11:
* Fix os-keypairs pagination links
- Update to version nova-18.3.1.dev9:
* Enhance service restart in functional env
* Fix hypervisors paginted collection\_name
* Avoid circular reference during serialization
- Update to version nova-18.3.1.dev4:
* Remove global state from the FakeDriver
- Update to version nova-18.3.1.dev3:
* Add retry\_on\_deadlock to migration\_update DB API
* libvirt: Ignore DiskNotFound during update\_available\_resource
18.3.0
Changes in openstack-nova:
- Update to version nova-18.3.1.dev17:
* Unplug VIFs as part of cleanup of networks
- Update to version nova-18.3.1.dev16:
* Functional test for UnexpectedDeletingTaskStateError
- Update to version nova-18.3.1.dev15:
* nova-live-migration: Wait for n-cpu services to come up after configuring Ceph
* Replace ansible --sudo with --become in live\_migration/hooks scripts
- Update to version nova-18.3.1.dev11:
* Fix os-keypairs pagination links
- Update to version nova-18.3.1.dev9:
* Enhance service restart in functional env
* Fix hypervisors paginted collection\_name
* Avoid circular reference during serialization
- Update to version nova-18.3.1.dev4:
* Remove global state from the FakeDriver
- Update to version nova-18.3.1.dev3:
* Add retry\_on\_deadlock to migration\_update DB API
* libvirt: Ignore DiskNotFound during update\_available\_resource
18.3.0
Changes in openstack-octavia:
- Update to version octavia-3.2.3.dev2:
* Pick stale amphora randomly
- Update to version octavia-3.2.3.dev1:
* Remove the barbican 'Grant access' from cookbook
3.2.2
- Add patch 0001-HTTPS-HMs-need-the-same-validation-path-as-HTTP.patch (bsc#1165723)
https://review.opendev.org/#/c/710161/
Change-Id: I2fd51664336dca51f134b3fccd3e8c936b809839
Changes in openstack-octavia-amphora-image:
- Update image to 0.1.3 to include latest changes
Changes in python-cinderclient:
- update to version 4.0.3
- Add missed 'Server ID' output in attachment-list
Changes in python-glanceclient:
- update to version 2.13.2
- OpenDev Migration Patch
Changes in python-ironic-lib:
- update to version 2.14.3
- Use last digit to determine paritition naming scheme
- Erase expected GPT locations in metadata wipe
- Rescan after making partition changes
Changes in python-ironicclient:
- update to version 2.5.4
- fix session cert arguments
Changes in python-keystonemiddleware:
- update to version 5.2.2
- Make tests pass in 2022
- Make sure audit middleware use own context
Changes in python-manila-tempest-plugin:
- added 0002-Fix-export-locations-tests.patch
Changes in python-novaclient:
- update to version 11.0.1
- Add test for console-log and docs for bug 1746534
- Use SHA256 instead of MD5 in completion cache
- Improve the description of optional arguments
- Revert 'Fix crashing console-log'
- Fix up userdata argument to rebuild.
- OpenDev Migration Patch
- Stop silently ignoring invalid 'nova boot --hint' options
- Add missing options in CLI reference
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- Replace openstack.org git:// URLs with https://
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Follow up 'Fix up userdata argument to rebuild'
Changes in python-octaviaclient:
- update to version 1.6.2
- Fix long CLI error messages
- Update tox.ini for new upper constraints strategy
Changes in python-openstackclient:
- update to version 3.16.3
- Fix bug in endpoint group deletion
- OpenDev Migration Patch
- Fix: Restore output 'VolumeBackupsRestore' object is not iterable
- Stable branch combination fix
- Add --name-lookup-one-by-one option to server list
- Fix BFV server list handling with --name-lookup-one-by-one
- Fix compute service set handling for 2.53+
- Don't display router's is_ha and is_distributed attributes always
- Document 2.53 behavior for compute service list/delete
- Remove str() when setting network objects names
Changes in python-os-brick:
- update to version 2.5.10
- Check path alive before get scsi wwn
- Skip cryptsetup password quality checking
- iscsi: Add _get_device_link retry when waiting for /dev/disk/by-id/ to populate
- linuxscsi: Stop waiting for multipath devices during extend_volume
- Handle None value 'inititator_target_map'
- Fix FC scan too broad
- Ignore pep8 W503/W504
Changes in python-oslo.config:
- update to version 6.4.2
- Use constraints when building docs
- Ensure option groups don't change during logging
- OpenDev Migration Patch
Changes in python-oslo.rootwrap:
- update to version 5.14.2
- Run rootwrap with lower fd ulimit by default
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- import zuul job settings from project-config
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
Changes in python-oslo.utils:
- update to version 3.36.5
- import zuul job settings from project-config
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- Make mask_dict_password case insensitive and add new patterns
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- Make mask_password case insensitive, and add new patterns
- Mask encryption_key_id
Changes in python-swiftclient:
- update to version 3.6.1
- OpenDev Migration Patch
- Fix SLO re-upload
- Update .gitreview for stable/rocky
- Changelog for 3.6.1
- import zuul job settings from project-config
- Fix up stable gate
- Use Swift's in-tree DSVM test
Changes in python-watcherclient:
- update to version 2.1.1
- Update .gitreview for stable/rocky
- OpenDev Migration Patch
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
- import zuul job settings from project-config
- Replace openstack.org git:// URLs with https://
- fix watcher actionplan show command
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20200319:
* Update release notes to indicate Designate support has shipped
Changes in zookeeper:
- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch
This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201
Should not allow to read ACL when not authorized to read node
(bsc#1135773)
ModerateSUSE bug 1084739SUSE bug 1124708SUSE bug 1133817SUSE bug 1135773SUSE bug 1137622SUSE bug 1149110SUSE bug 1149535SUSE bug 1163444SUSE bug 1164838SUSE bug 1165402SUSE bug 1165723SUSE bug 1166290SUSE bug 1168512SUSE bug 1168593SUSE bug 1169770CVE-2019-0201 at SUSECVE-2019-0201 at NVDCVE-2019-11596 at SUSECVE-2019-11596 at NVDCVE-2019-15026 at SUSECVE-2019-15026 at NVDCVE-2020-5247 at SUSECVE-2020-5247 at NVDCVE-2020-9543 at SUSECVE-2020-9543 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for nodejs6 (Critical)SUSE OpenStack Cloud Crowbar 9
This update for nodejs6 fixes the following issues:
- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying
properties of Object.prototype (bsc#1166916).
CriticalSUSE bug 1166916SUSE bug 1172443CVE-2020-7598 at SUSECVE-2020-7598 at NVDCVE-2020-8174 at SUSECVE-2020-8174 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
mariadb was updated to version 10.2.32 (bsc#1171550)
- CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server.
Release notes and changelog:
- https://mariadb.com/kb/en/library/mariadb-10232-release-notes
- https://mariadb.com/kb/en/library/mariadb-10232-changelog
- Update to 10.2.32 GA [bsc#1171550]
ModerateSUSE bug 1171550CVE-2020-13249 at SUSECVE-2020-13249 at NVDCVE-2020-2752 at SUSECVE-2020-2752 at NVDCVE-2020-2760 at SUSECVE-2020-2760 at NVDCVE-2020-2812 at SUSECVE-2020-2812 at NVDCVE-2020-2814 at SUSECVE-2020-2814 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nspr, mozilla-nss (Important)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53.1
- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
- Fixed an issue where Firefox tab was crashing (bsc#1170908).
Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
ImportantSUSE bug 1159819SUSE bug 1168669SUSE bug 1169746SUSE bug 1170908SUSE bug 1171978SUSE bug 1173022CVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).
- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).
- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).
- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).
ImportantSUSE bug 1173376SUSE bug 1173377SUSE bug 1173378SUSE bug 1173380CVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues:
Security issues fixed:
- CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576).
- CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).
- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576).
- CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576).
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576).
- CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576).
- CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576).
- CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576).
- CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576).
- CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576).
- CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).
- CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).
- FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).
Non-security issues fixed:
- Fixed interaction with freetype6 (bsc#1173613).
ImportantSUSE bug 1167231SUSE bug 1173576SUSE bug 1173613CVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12415 at SUSECVE-2020-12415 at NVDCVE-2020-12416 at SUSECVE-2020-12416 at NVDCVE-2020-12417 at SUSECVE-2020-12417 at NVDCVE-2020-12418 at SUSECVE-2020-12418 at NVDCVE-2020-12419 at SUSECVE-2020-12419 at NVDCVE-2020-12420 at SUSECVE-2020-12420 at NVDCVE-2020-12421 at SUSECVE-2020-12421 at NVDCVE-2020-12422 at SUSECVE-2020-12422 at NVDCVE-2020-12423 at SUSECVE-2020-12423 at NVDCVE-2020-12424 at SUSECVE-2020-12424 at NVDCVE-2020-12425 at SUSECVE-2020-12425 at NVDCVE-2020-12426 at SUSECVE-2020-12426 at NVDCVE-2020-6813 at SUSECVE-2020-6813 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-ipaddress (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-ipaddress fixes the following issues:
- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing
CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions
in IPv4Interface and IPv6Interface could lead to DOS.
ImportantSUSE bug 1173274CVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for squid (Important)SUSE OpenStack Cloud Crowbar 9
This update for squid fixes the following issues:
- CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling
attack (CVE-2020-15049, bsc#1173455)
ImportantSUSE bug 1173455CVE-2020-15049 at SUSECVE-2020-15049 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
Tomcat was updated to 9.0.36 See changelog at
- CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU
usage for several seconds making potentially the server unresponsive (bsc#1173389).
ImportantSUSE bug 1173389CVE-2020-11996 at SUSECVE-2020-11996 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for SUSE Manager Client Tools (Moderate)SUSE OpenStack Cloud Crowbar 9
This update fixes the following issues:
cobbler:
- Calculate relative path for kernel and inited when generating
grub entry (bsc#1170231)
Added: fix-grub2-entry-paths.diff
- Fix os-release version detection for SUSE
Modified: sles15.patch
- Jinja2 template library fix (bsc#1141661)
- Removes string replace for textmode fix (bsc#1134195)
golang-github-prometheus-node_exporter:
- Update to 0.18.1
* [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345
* [BUGFIX] Fix rollover bug in mountstats collector #1364
* Renamed interface label to device in netclass collector for consistency with
* other network metrics #1224
* The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248
* The labels for the network_up metric have changed, see issue #1236
* Bonding collector now uses mii_status instead of operstatus #1124
* Several systemd metrics have been turned off by default to improve performance #1254
* These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds
* The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255
* [CHANGE] Bonding state uses mii_status #1124
* [CHANGE] Add a limit to the number of in-flight requests #1166
* [CHANGE] Renamed interface label to device in netclass collector #1224
* [CHANGE] Add separate cpufreq and scaling metrics #1248
* [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254
* [CHANGE] Expand systemd collector blacklist #1255
* [CHANGE] Split cpufreq metrics into a separate collector #1253
* [FEATURE] Add a flag to disable exporter metrics #1148
* [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197
* [FEATURE] Add uname collector for FreeBSD #1239
* [FEATURE] Add diskstats collector for OpenBSD #1250
* [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174
* [FEATURE] Add perf exporter for Linux #1274
* [ENHANCEMENT] Add Infiniband counters #1120
* [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143
* [ENHANCEMENT] Move network_up labels into new metric network_info #1236
* [ENHANCEMENT] Use 64-bit counters for Darwin netstat
* [BUGFIX] Add fallback for missing /proc/1/mounts #1172
* [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326
- Add network-online (Wants and After) dependency to systemd unit bsc#1143913
golang-github-prometheus-prometheus:
- Update change log and spec file
+ Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS.
+ Rebase and update patches for version 2.18.0
+ Changed:
* 0002-Default-settings.patch Changed
- Update to 2.18.0
+ Features
* Tracing: Added experimental Jaeger support #7148
+ Changes
* Federation: Only use local TSDB for federation (ignore remote read). #7096
* Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094
+ Enhancements
* TSDB: Significantly reduce WAL size kept around after a block cut. #7098
* Discovery: Add `architecture` meta label for EC2. #7000
+ Bug fixes
* UI: Fixed wrong MinTime reported by /status. #7182
* React UI: Fixed multiselect legend on OSX. #6880
* Remote Write: Fixed blocked resharding edge case. #7122
* Remote Write: Fixed remote write not updating on relabel configs change. #7073
- Changes from 2.17.2
+ Bug fixes
* Federation: Register federation metrics #7081
* PromQL: Fix panic in parser error handling #7132
* Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138
* TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135
* TSDB: Make isolation more robust to panics in web handlers #7129 #7136
- Changes from 2.17.1
+ Bug fixes
* TSDB: Fix query performance regression that increased memory and CPU usage #7051
- Changes from 2.17.0
+ Features
* TSDB: Support isolation #6841
* This release implements isolation in TSDB. API queries and recording rules are
guaranteed to only see full scrapes and full recording rules. This comes with a
certain overhead in resource usage. Depending on the situation, there might be
some increase in memory usage, CPU usage, or query latency.
+ Enhancements
* PromQL: Allow more keywords as metric names #6933
* React UI: Add normalization of localhost URLs in targets page #6794
* Remote read: Read from remote storage concurrently #6770
* Rules: Mark deleted rule series as stale after a reload #6745
* Scrape: Log scrape append failures as debug rather than warn #6852
* TSDB: Improve query performance for queries that partially hit the head #6676
* Consul SD: Expose service health as meta label #5313
* EC2 SD: Expose EC2 instance lifecycle as meta label #6914
* Kubernetes SD: Expose service type as meta label for K8s service role #6684
* Kubernetes SD: Expose label_selector and field_selector #6807
* Openstack SD: Expose hypervisor id as meta label #6962
+ Bug fixes
* PromQL: Do not escape HTML-like chars in query log #6834 #6795
* React UI: Fix data table matrix values #6896
* React UI: Fix new targets page not loading when using non-ASCII characters #6892
* Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018
* Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998
* Scrape: Prevent removal of metric names upon relabeling #6891
* Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986
* Scrape: Fix crash when reloads are separated by two scrape intervals #7011
- Changes from 2.16.0
+ Features
* React UI: Support local timezone on /graph #6692
* PromQL: add absent_over_time query function #6490
* Adding optional logging of queries to their own file #6520
+ Enhancements
* React UI: Add support for rules page and 'Xs ago' duration displays #6503
* React UI: alerts page, replace filtering togglers tabs with checkboxes #6543
* TSDB: Export metric for WAL write errors #6647
* TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651
* PromQL: Refactoring in parser errors to improve error messages #6634
* PromQL: Support trailing commas in grouping opts #6480
* Scrape: Reduce memory usage on reloads by reusing scrape cache #6670
* Scrape: Add metrics to track bytes and entries in the metadata cache #6675
* promtool: Add support for line-column numbers for invalid rules output #6533
* Avoid restarting rule groups when it is unnecessary #6450
+ Bug fixes
* React UI: Send cookies on fetch() on older browsers #6553
* React UI: adopt grafana flot fix for stacked graphs #6603
* React UI: broken graph page browser history so that back button works as expected #6659
* TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616
* TSDB: return an error on ingesting series with duplicate labels #6664
* PromQL: Fix unary operator precedence #6579
* PromQL: Respect query.timeout even when we reach query.max-concurrency #6712
* PromQL: Fix string and parentheses handling in engine, which affected React UI #6612
* PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493
* Scrape: Validate that OpenMetrics input ends with `# EOF` #6505
* Remote read: return the correct error if configs can't be marshal'd to JSON #6622
* Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673
* Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511
* Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693
- Changes from 2.15.2
+ Bug fixes
* TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564
* TSDB: Fixed block compaction issues on Windows. #6547
- Changes from 2.15.1
+ Bug fixes
* TSDB: Fixed race on concurrent queries against same data. #6512
- Changes from 2.15.0
+ Features
* API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442
+ Changes
* Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393
* Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043
+ Enhancements
* TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461
* TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475
* TSDB: Improve replay latency. #6230
* TSDB: WAL size is now used for size based retention calculation. #5886
* Remote read: Added query grouping and range hints to the remote read request #6401
* Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344
* promql: Improved PromQL parser performance. #6356
* React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements.
* promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065
+ Bug fixes
* Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455
* Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378
* Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469
* API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303
- Changes from 2.14.0
+ Features
* API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243
* React UI: implement the new experimental React based UI. #5694 and many more
* Can be found by under `/new`.
* Not all pages are implemented yet.
* Status: Cardinality statistics added to the Runtime & Build Information page. #6125
+ Enhancements
* Remote write: fix delays in remote write after a compaction. #6021
* UI: Alerts can be filtered by state. #5758
+ Bug fixes
* Ensure warnings from the API are escaped. #6279
* API: lifecycle endpoints return 403 when not enabled. #6057
* Build: Fix Solaris build. #6149
* Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270
* Remote write: restore use of deduplicating logger in remote write. #6113
* Remote write: do not reshard when unable to send samples. #6111
* Service discovery: errors are no longer logged on context cancellation. #6116, #6133
* UI: handle null response from API properly. #6071
- Changes from 2.13.1
+ Bug fixes
* Fix panic in ARM builds of Prometheus. #6110
* promql: fix potential panic in the query logger. #6094
* Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145
- Changes from 2.13.0
+ Enhancements
* Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254
* Include the tsdb tool in builds. #6089
* Service discovery: add new node address types for kubernetes. #5902
* UI: show warnings if query have returned some warnings. #5964
* Remote write: reduce memory usage of the series cache. #5849
* Remote read: use remote read streaming to reduce memory usage. #5703
* Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787
* Promtool: show the warnings during label query. #5924
* Promtool: improve error messages when parsing bad rules. #5965
* Promtool: more promlint rules. #5515
+ Bug fixes
* UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098
* Promtool: fix recording inconsistency due to duplicate labels. #6026
* UI: fixes service-discovery view when accessed from unhealthy targets. #5915
* Metrics format: OpenMetrics parser crashes on short input. #5939
* UI: avoid truncated Y-axis values. #6014
- Changes from 2.12.0
+ Features
* Track currently active PromQL queries in a log file. #5794
* Enable and provide binaries for `mips64` / `mips64le` architectures. #5792
+ Enhancements
* Improve responsiveness of targets web UI and API endpoint. #5740
* Improve remote write desired shards calculation. #5763
* Flush TSDB pages more precisely. tsdb#660
* Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667
* Add logging during TSDB WAL replay on startup. tsdb#662
* Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627
+ Bug fixes
* Check for duplicate label names in remote read. #5829
* Mark deleted rules' series as stale on next evaluation. #5759
* Fix JavaScript error when showing warning about out-of-sync server time. #5833
* Fix `promtool test rules` panic when providing empty `exp_labels`. #5774
* Only check last directory when discovering checkpoint number. #5756
* Fix error propagation in WAL watcher helper functions. #5741
* Correctly handle empty labels from alert templates. #5845
- Update Uyuni/SUSE Manager service discovery patch
+ Modified 0003-Add-Uyuni-service-discovery.patch:
+ Adapt service discovery to the new Uyuni API endpoints
+ Modified spec file: force golang 1.12 to fix build issues in SLE15SP2
- Update to Prometheus 2.11.2
grafana:
- Update to version 7.0.3
* Features / Enhancements
- Stats: include all fields. #24829, @ryantxu
- Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff
* Bug fixes
- Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian
- Configuration: Fix env var override of sections containing hyphen. #25178, @marefr
- Dashboard: Get panels in collapsed rows. #25079, @peterholmberg
- Do not show alerts tab when alerting is disabled. #25285, @dprokop
- Jaeger: fixes cascader option label duration value. #25129, @Estrax
- Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo
- Update to version 7.0.2
* Bug fixes
- Security: Urgent security patch release to fix CVE-2020-13379
- Update to version 7.0.1
* Features / Enhancements
- Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney
- Download CSV: Add date and time formatting. #24992, @ryantxu
- Table: Make last cell value visible when right aligned. #24921, @peterholmberg
- TablePanel: Adding sort order persistance. #24705, @torkelo
- Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg
- Transformations: Allow custom number input for binary operations. #24752, @ryantxu
* Bug fixes
- Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani
- Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani
- Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark
- DataLinks: Bring back variables interpolation in title. #24970, @dprokop
- Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney
- Explore/Table: Keep existing field types if possible. #24944, @kaydelaney
- Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova
- Explore: fix undo in query editor. #24797, @zoltanbedi
- Explore: fix word break in type head info. #25014, @zoltanbedi
- Graph: Legend decimals now work as expected. #24931, @torkelo
- LoginPage: Fix hover color for service buttons. #25009, @tskarhed
- LogsPanel: Fix scrollbar. #24850, @ivanahuckova
- MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo
- Organize transformer: Use display name in field order comparer. #24984, @dprokop
- Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark
- PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop
- PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo
- PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark
- PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark
- PanelMenu: Make menu disappear on button press. #25015, @tskarhed
- Postgres: Fix add button. #25087, @phemmer
- Prometheus: Fix recording rules expansion. #24977, @ivanahuckova
- Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian
- Update to version 7.0.0
* Breaking changes
- Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin.
- Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds.
- Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10.
- Datasource/Loki: Support for deprecated Loki endpoints has been removed.
- Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information.
- @grafana/ui: Forms migration notice, see @grafana/ui changelog
- @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog
+ Deprecation warnings
- Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059
- The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins.
* Features / Enhancements
- Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr
- Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal
- Loki: Allow multiple derived fields with the same name. #24437, @aocenas
- Orgs: Add future deprecation notice. #24502, @torkelo
* Bug Fixes
- @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi
- Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark
- Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop
- Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo
- Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn
- Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo
- Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg
- Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop
- Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet
- Data source: Fixes async mount errors. #24579, @Estrax
- Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1
- Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova
- Explore: Fix rendering of react query editors. #24593, @ivanahuckova
- Explore: Fixes loading more logs in logs context view. #24135, @Estrax
- Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo
- Graphite: Makes query annotations work again. #24556, @hugohaggmark
- Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney
- Logs: Fix total bytes process calculation. #24691, @davkal
- Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet
- Plugins: Fix manifest validation. #24573, @aknuds1
- Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist
- Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed
- Search: Save folder expanded state. #24496, @Clarity-89
- Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss
- Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo
- Table: Fixed persisting column resize for time series fields. #24505, @torkelo
- Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark
- Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn
- Transformations: Make transform dropdowns not cropped. #24615, @dprokop
- Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark
- Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark
- Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark
- Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark
- Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas
- SAML: Switch from email to login for user login attribute mapping (Enterprise)
- Update Makefile and spec file
* Remove phantomJS patch from Makefile
* Fix multiline strings in Makefile
* Exclude s390 from SLE12 builds, golang 1.14 is not built for s390
- Add instructions for patching the Grafana javascript frontend.
- BuildRequires golang(API) instead of go metapackage version range
* BuildRequires: golang(API) >= 1.14 from
BuildRequires: ( go >= 1.14 with go < 1.15 )
- Update to version 6.7.3
- This version fixes bsc#1170557 and its corresponding CVE-2020-12245
- Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin
- Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark
- AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken
- Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg
- Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan
- DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo
- Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh
- Security: Fix annotation popup XSS vulnerability. #23813, @torkelo
- Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1
- TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo
- Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark
- Update to version 6.7.2:
(see installed changelog for the full list of changes)
- BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo
- Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop
- DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn
- Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn
- Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo
- Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo
- Plugins: Expose promiseToDigest. #23249, @torkelo
- Reporting (Enterprise): Fixes issue updating a report created by someone else
- Update to 6.7.1:
(see installed changelog for the full list of changes)
Bug Fixes
- Azure: Fixed dropdowns not showing current value. #22914, @torkelo
- BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark
- Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo
- Reporting: fixes migrations compatibility with mysql (Enterprise)
- Reporting: Reduce default concurrency limit to 4 (Enterprise)
- Update to 6.7.0:
(see installed changelog for the full list of changes)
Bug Fixes
- AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo
- BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark
- Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo
- Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo
- Rich History: UX adjustments and fixes. #22729, @ivanahuckova
- Update to 6.7.0-beta1:
Breaking changes
- Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked.
- Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338
- Notice about changes in backendSrv for plugin authors
In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv.
Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI.
To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv.
Bug Fixes
API: Fix redirect issues. #22285, @papagian
Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1
Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal
Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal
Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek
BackendSrv: Fixes POST body for form data. gmark
CloudWatch: Credentials cache invalidation fix. #22473, @sunker
CloudWatch: Expand alias variables when query yields no result. #22695, @sunker
Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk
Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing
Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d
Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo
StatPanel: Fixes base color is being used for null values .
#22646, @torkelo
- Update to version 6.6.2:
(see installed changelog for the full list of changes)
- Update to version 6.6.1:
(see installed changelog for the full list of changes)
- Update to version 6.6.0:
(see installed changelog for the full list of changes)
- Update to version 6.5.3:
(see installed changelog for the full list of changes)
- Update to version 6.5.2:
(see installed changelog for the full list of changes)
- Update to version 6.5.1:
(see installed changelog for the full list of changes)
- Update to version 6.5.0
(see installed changelog for the full list of changes)
- Update to version 6.4.5:
* Create version 6.4.5
* CloudWatch: Fix high CPU load (#20579)
- Add obs-service-go_modules to download required modules into vendor.tar.gz
- Adjusted spec file to use vendor.tar.gz
- Adjusted Makefile to work with new filenames
- BuildRequire go1.14
- Update to version 6.4.4:
* DataLinks: Fix blur issues. #19883, @aocenas
* Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson
* LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen
* LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson
* Singlestat: Fix no data / null value mapping . #19951, @ryantxu
- Revert the spec file and make script
- Remove PhantomJS dependency
- Update to 6.4.3
* Bug Fixes
- Alerting: All notification channels should send even if one fails to send. #19807, @jan25
- AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas
- ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal
- DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop
- DataLinks: Fix url field not releasing focus. #19804, @aocenas
- Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas
- Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark
- Singlestat: Fixed issue with mapping null to text. #19689, @torkelo
- @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop
- @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang
- Update to 6.4.2
* Bug Fixes
- CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron
- Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark
- Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo
- Graph: Switching to series mode should re-render graph. #19623, @torkelo
- Loki: Fix autocomplete on label values. #19579, @aocenas
- Loki: Removes live option for logs panel. #19533, @davkal
- Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha
- Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark
- sted keys in YAML provisioning caused a server crash, #19547
- ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise)
- Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise).
- Changes from 6.4.0
* Features / Enhancements
- Build: Upgrade go to 1.12.10. #19499, @marefr
- DataLinks: Suggestions menu improvements. #19396, @dprokop
- Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova
- Explore: Update broken link to logql docs. #19510, @ivanahuckova
- Logs: Adds Logs Panel as a visualization. #19504, @davkal
* Bug Fixes
- CLI: Fix version selection for plugin install. #19498, @aocenas
- Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo
- Changes from 6.4.0 Beta 2
* Features / Enhancements
- Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker
- Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr
- Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo
- grafana/toolkit: Add plugin creation task. #19207, @dprokop
* Bug Fixes
- Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark
- Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm
- Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz
- Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu
- MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr
- Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh
- MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr
- MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr
- MySQL: Limit datasource error details returned from the backend. #19373, @marefr
- Changes from 6.4.0 Beta 1
* Features / Enhancements
- API: Readonly datasources should not be created via the API. #19006, @papagian
- Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar
- Annotations: Add annotations support to Loki. #18949, @aocenas
- Annotations: Use a single row to represent a region. #17673, @ryantxu
- Auth: Allow inviting existing users when login form is disabled. #19048, @548017
- Azure Monitor: Add support for cross resource queries. #19115, @sunker
- CLI: Allow installing custom binary plugins. #17551, @aocenas
- Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark
- Dashboard: Reuse query results between panels . #16660, @ryantxu
- Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod
- DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu
- DataLinks: Enable access to labels & field names. #18918, @torkelo
- DataLinks: Enable multiple data links per panel. #18434, @dprokop
- Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech
- Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery
- Explore: Add throttling when doing live queries. #19085, @aocenas
- Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney
- Explore: Reduce default time range to last hour. #18212, @davkal
- Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu
- Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal
- Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian
- InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code
- LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh
- Ldap: Add ldap debug page. #18759, @peterholmberg
- Loki: Remove prefetching of default label values. #18213, @davkal
- Metrics: Add failed alert notifications metric. #18089, @koorgoo
- OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon
- OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin
- Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh
- Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati
- Plugins: better warning when plugins fail to load. #18671, @ryantxu
- Postgres: Add support for scram sha 256 authentication. #18397, @nonamef
- RemoteCache: Support SSL with Redis. #18511, @kylebrandt
- SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu
- Stackdriver: Add extra alignment period options. #18909, @sunker
- Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon
- Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar
* Bug Fixes
- Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian
- Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt
- Alerting: fix response popover prompt when add notification channels. #18967, @lzdw
- CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger
- Explore: Fix auto completion on label values for Loki. #18988, @aocenas
- Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark
- Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark
- MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold
- MSSQL: Fix memory leak when debug enabled. #19049, @briangann
- Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt
- TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark
* Breaking changes
+ Annotations
There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented
using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details.
+ Docker
Grafana is now using Alpine 3.10 as docker base image.
+ HTTP API
- GET /api/alert-notifications now requires at least editor access.
New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user.
- GET /api/alert-notifiers now requires at least editor access
- GET /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
- GET /api/annotations no longer returns regionId property.
- POST /api/annotations no longer supports isRegion property.
- PUT /api/annotations/:id no longer supports isRegion property.
- PATCH /api/annotations/:id no longer supports isRegion property.
- DELETE /api/annotations/region/:id has been removed.
* Deprecation notes
+ PhantomJS
- PhantomJS, which is used for rendering images of dashboards and panels,
is deprecated and will be removed in a future Grafana release.
A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use.
Please consider migrating from PhantomJS to the Grafana Image Renderer plugin.
- Changes from 6.3.6
* Features / Enhancements
- Metrics: Adds setting for turning off total stats metrics. #19142, @marefr
* Bug Fixes
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney
- Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors.
- Add missing directories provisioning/datasources and provisioning/notifiers
and sample.yaml as described in packaging/rpm/control from upstream.
Missing directories are shown in logfiles.
- Version 6.3.5
* Upgrades
+ Build: Upgrade to go 1.12.9.
* Bug Fixes
+ Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties.
+ Editor: Fixes issue where only entire lines were being copied.
+ Explore: Fixes query field layout in splitted view for Safari browsers.
+ LDAP: multildap + ldap integration.
+ Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds.
+ Prometheus: Prevents panel editor crash when switching to Prometheus datasource.
+ Prometheus: Changes brace-insertion behavior to be less annoying.
- Version 6.3.4
* Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use.
- Version 6.3.3
* Bug Fixes
+ Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1
+ Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3
+ DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1
+ DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1
+ DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1
+ Explore: Fix loading error for empty queries. #18488 1, @davkal
+ Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2
+ Graphite: Avoid glob of single-value array variables . #18420, @gotjosh
+ Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3
+ Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2
+ TimeSeries: Assume values are all numbers. #18540 4, @ryantxu
- Version 6.3.2
* Bug Fixes
+ Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12
- Version 6.3.1
* Bug Fixes
+ PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2
- Version 6.3.0
* Features / Enhancements
+ OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3
+ Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh
+ Build grafana images consistently. #18224 12, @hassanfarid
+ Docs: SAML. #18069 11, @gotjosh
+ Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas
+ TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2
+ Alerting: Add tags to alert rules. #10989 13, @Thib17 1
+ Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng
+ Alerting: Improve alert rule testing. #16286 2, @marefr
+ Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25
+ Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1
+ Auth: Allow expiration of API keys. #17678, @papagian 3
+ Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1
+ Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1
+ AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1
+ CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu
+ Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu
+ Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax
+ Data links. #17267 11, @torkelo 2
+ Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1
+ Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr
+ Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3
+ Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2
+ Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2
+ Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2
+ Explore: Allow switching between metrics and logs . #16959 2, @marefr
+ Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3
+ Explore: Display log lines context . #17097, @dprokop 1
+ Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr
+ Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2
+ Explore: Support for new LogQL filtering syntax. #16674 4, @davkal
+ Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3
+ Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1
+ Graph: Added new fill gradient option. #17528 3, @torkelo 2
+ GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1
+ InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3
+ Logging: Login and Logout actions (#17760). #17883 1, @ATTron
+ Logging: Move log package to pkg/infra. #17023, @zhulongcheng
+ Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1
+ MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd
+ MySQL: Add support for periodically reloading client certs. #14892, @tpetr
+ Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu
+ Prometheus: Take timezone into account for step alignment. #17477, @fxmiii
+ Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246
+ Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA
+ Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis
+ Refresh picker: Handle empty intervals. #17585 1, @dehrax
+ Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr
+ Snapshot: use given key and deleteKey. #16876, @zhulongcheng
+ Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev
+ Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad
+ Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway
+ Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin
* Bug Fixes
+ PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax
+ OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3
+ cli: fix for recognizing when in dev mode… #18334, @xlson
+ DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2
+ Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2
+ PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson
+ TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2
+ Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2
+ remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke
+ AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax
+ CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr
+ Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr
+ Explore: Fix browsing back to dashboard panel. #17061, @jschill
+ Explore: Fix filter by series level in logs graph. #17798, @marefr
+ Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr
+ Explore: Fix selection/copy of log lines. #17121, @marefr
+ Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas
+ Frontend: Fix for Json tree component not working. #17608, @srid12
+ Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2
+ Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2
+ Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3
+ HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25
+ InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki
+ Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess
+ Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi
+ SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri
- Make phantomjs dependency configurable
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
mgr-cfg:
- Remove commented code in test files
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Add mgr manpage links
mgr-custom-info:
- Bump version to 4.1.0 (bsc#1154940)
mgr-daemon:
- Bump version to 4.1.0 (bsc#1154940)
- Fix systemd timer configuration on SLE12 (bsc#1142038)
mgr-osad:
- Separate osa-dispatcher and jabberd so it can be disabled independently
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Move /usr/share/rhn/config-defaults to uyuni-base-common
- Require uyuni-base-common for /etc/rhn (for osa-dispatcher)
- Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-push:
- Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
mgr-virtualization:
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Fix mgr-virtualization timer
rhnlib:
- Fix building
- Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)
- Bump version to 4.1.0 (bsc#1154940)
- Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)
spacecmd:
- Only report real error, not result (bsc#1171687)
- Use defined return values for spacecmd methods so scripts can
check for failure (bsc#1171687)
- Disable globbing for api subcommand to allow wildcards in filter
settings (bsc#1163871)
- Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
- Bump version to 4.1.0 (bsc#1154940)
- Prevent error when piping stdout in Python 2 (bsc#1153090)
- Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277)
- Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
- Add unit test for schedule, errata, user, utils, misc, configchannel
and kickstart modules
- Multiple minor bugfixes alongside the unit tests
- Bugfix: referenced variable before assignment.
- Add unit test for report, package, org, repo and group
spacewalk-client-tools:
- Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921)
- Spell correctly 'successful' and 'successfully'
- Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)
- Replace spacewalk-usix with uyuni-common-libs
- Return a non-zero exit status on errors in rhn_check
- Bump version to 4.1.0 (bsc#1154940)
- Make a explicit requirement to systemd for spacewalk-client-tools
when rhnsd timer is installed
spacewalk-koan:
- Bump version to 4.1.0 (bsc#1154940)
- Require commands we use in merge-rd.sh
spacewalk-oscap:
- Bump version to 4.1.0 (bsc#1154940)
spacewalk-remote-utils:
- Update spacewalk-create-channel with RHEL 7.7 channel definitions
- Bump version to 4.1.0 (bsc#1154940)
supportutils-plugin-susemanager-client:
- Bump version to 4.1.0 (bsc#1154940)
suseRegisterInfo:
- SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310)
- Bump version to 4.1.0 (bsc#1154940)
zypp-plugin-spacewalk:
- Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462)
ModerateSUSE bug 1113160SUSE bug 1134195SUSE bug 1138822SUSE bug 1141661SUSE bug 1142038SUSE bug 1143913SUSE bug 1148177SUSE bug 1153090SUSE bug 1153277SUSE bug 1154940SUSE bug 1154968SUSE bug 1155372SUSE bug 1163871SUSE bug 1165921SUSE bug 1168310SUSE bug 1170231SUSE bug 1170557SUSE bug 1171687SUSE bug 1172462CVE-2019-10215 at SUSECVE-2019-10215 at NVDCVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2020-12245 at SUSECVE-2020-12245 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xrdp (Important)SUSE OpenStack Cloud Crowbar 9
This update for xrdp fixes the following issues:
- Security fixes (bsc#1173580, CVE-2020-4044):
+ Add patches:
* xrdp-cve-2020-4044-fix-0.patch
* xrdp-cve-2020-4044-fix-1.patch
+ Rebase SLE patch:
* xrdp-fate318398-change-expired-password.patch
- Update patch:
+ xrdp-Allow-sessions-with-32-bpp.patch.patch
ImportantSUSE bug 1173580CVE-2020-4044 at SUSECVE-2020-4044 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
ImportantSUSE bug 1174117SUSE bug 1174121CVE-2020-13934 at SUSECVE-2020-13934 at NVDCVE-2020-13935 at SUSECVE-2020-13935 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mailman (Important)SUSE OpenStack Cloud Crowbar 9
This update for mailman fixes the following issues:
- CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369).
ImportantSUSE bug 1173369CVE-2020-15011 at SUSECVE-2020-15011 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160).
ModerateSUSE bug 1173160CVE-2020-10745 at SUSECVE-2020-10745 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.3 (bsc#1173998):
+ Enable kinetic scrolling with async scrolling.
+ Fix web process hangs on large GitHub pages.
+ Bubblewrap sandbox should not attempt to bind empty paths.
+ Fix threading issues in the media player.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805,
CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,
CVE-2020-13753.
ImportantSUSE bug 1173998CVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9806 at SUSECVE-2020-9806 at NVDCVE-2020-9807 at SUSECVE-2020-9807 at NVDCVE-2020-9843 at SUSECVE-2020-9843 at NVDCVE-2020-9850 at SUSECVE-2020-9850 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for grub2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for grub2 fixes the following issues:
- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
(bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)
- Use overflow checking primitives where the arithmetic expression for buffer
allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur
- Use gcc-9 compiler for overflow check builtins
- Backport gcc-9 build fixes
ImportantSUSE bug 1168994SUSE bug 1173812SUSE bug 1174463SUSE bug 1174570CVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ghostscript (Important)SUSE OpenStack Cloud Crowbar 9
This update for ghostscript fixes the following issues:
- fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout)
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
(bsc#1174415)
ImportantSUSE bug 1174415CVE-2020-15900 at SUSECVE-2020-15900 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.1.0 ESR
* Fixed: Various stability, functionality, and security fixes (bsc#1174538)
* CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514: WebRTC data channel leaks internal address to peer
* CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653: Bypassing iframe sandbox when allowing popups
* CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656: Type confusion for special arguments in IonMonkey
* CVE-2020-15658: Overriding file type when saving to disk
* CVE-2020-15657: DLL hijacking due to incorrect loading path
* CVE-2020-15654: Custom cursor can overlay user interface
* CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
ModerateSUSE bug 1173948SUSE bug 1174538CVE-2020-15652 at SUSECVE-2020-15652 at NVDCVE-2020-15653 at SUSECVE-2020-15653 at NVDCVE-2020-15654 at SUSECVE-2020-15654 at NVDCVE-2020-15655 at SUSECVE-2020-15655 at NVDCVE-2020-15656 at SUSECVE-2020-15656 at NVDCVE-2020-15657 at SUSECVE-2020-15657 at NVDCVE-2020-15658 at SUSECVE-2020-15658 at NVDCVE-2020-15659 at SUSECVE-2020-15659 at NVDCVE-2020-6463 at SUSECVE-2020-6463 at NVDCVE-2020-6514 at SUSECVE-2020-6514 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libX11 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628)
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
- CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
- CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
- CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
- CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).
- CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).
- CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
- CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
- CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
- CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
- CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783).
- CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781).
- CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
- CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775).
- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458).
The following non-security bugs were fixed:
- ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510).
- ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
- bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
- block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
- block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673).
- block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
- block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)).
- btrfs: always wait on ordered extents at fsync time (bsc#1171761).
- btrfs: clean up the left over logged_list usage (bsc#1171761).
- btrfs: do not zero f_bavail if we have available space (bsc#1168081).
- btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
- btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761).
- btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761).
- btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761).
- btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
- btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761).
- btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761).
- btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
- btrfs: remove no longer used logged range variables when logging extents (bsc#1171761).
- btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761).
- btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
- btrfs: remove the logged extents infrastructure (bsc#1171761).
- btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761).
- btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
- CDC-ACM: heed quirk also in error handling (git-fixes).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016).
- clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
- clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
- clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)).
- compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)).
- copy_{to,from}_user(): consolidate object size checks (git fixes).
- crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes).
- dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)).
- dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)).
- dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)).
- dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)).
- dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)).
- dm: various cleanups to md->queue initialization code (git fixes).
- dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)).
- dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)).
- Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618).
- drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510).
- drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes
- drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
- drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes
- drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472)
- drm/radeon: fix double free (bsc#1152472)
- drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
- e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
- e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510).
- EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
- evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
- evm: Fix a small race in init_desc() (bsc#1051510).
- extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510).
- gpiolib: Document that GPIO line names are not globally unique (bsc#1051510).
- HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
- ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
- ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
- ibmvnic: Flush existing work items before device removal (bsc#1065729).
- ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
- iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510).
- iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
- ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510).
- ima: Fix ima digest hash table key calculation (bsc#1051510).
- include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868).
- intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
- KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279).
- kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
- KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904).
- KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
- libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
- livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
- livepatch: Disallow vmlinux.ko (bsc#1071995).
- livepatch: Make klp_apply_object_relocs static (bsc#1071995).
- livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
- livepatch: Remove .klp.arch (bsc#1071995).
- md: Avoid namespace collision with bitmap API (git fixes (block drivers)).
- md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)).
- mmc: fix compilation of user API (bsc#1051510).
- netfilter: connlabels: prefer static lock initialiser (git-fixes).
- netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
- netfilter: not mark a spinlock as __read_mostly (git-fixes).
- net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484).
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592).
- NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
- nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058).
- nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058).
- objtool: Clean instruction state before each function validation (bsc#1169514).
- objtool: Ignore empty alternatives (bsc#1169514).
- overflow: Fix -Wtype-limits compilation warnings (git fixes).
- overflow.h: Add arithmetic shift helper (git fixes).
- p54usb: add AirVasT USB stick device-id (bsc#1051510).
- PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
- PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510).
- PCI: Program MPS for RCiEP devices (bsc#1051510).
- PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510).
- perf: Allocate context task_ctx_data for child event (git-fixes).
- perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
- perf: Copy parent's address filter offsets on clone (git-fixes).
- perf/core: Add sanity check to deal with pinned event failure (git-fixes).
- perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
- perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
- perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
- perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
- perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
- perf/core: Fix error handling in perf_event_alloc() (git-fixes).
- perf/core: Fix exclusive events' grouping (git-fixes).
- perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
- perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
- perf/core: Fix locking for children siblings group read (git-fixes).
- perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)).
- perf/core: Fix perf_event_read_value() locking (git-fixes).
- perf/core: Fix perf_pmu_unregister() locking (git-fixes).
- perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)).
- perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
- perf/core: Fix race between close() and fork() (git-fixes).
- perf/core: Fix the address filtering fix (git-fixes).
- perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
- perf/core: Force USER_DS when recording user stack data (git-fixes).
- perf/core: Restore mmap record type correctly (git-fixes).
- perf: Fix header.size for namespace events (git-fixes).
- perf/ioctl: Add check for the sample_period value (git-fixes).
- perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes).
- perf: Return proper values for user stack errors (git-fixes).
- perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
- perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes).
- perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
- perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes).
- perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes).
- perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable).
- perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
- perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable).
- perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
- perf/x86: Fix incorrect PEBS_REGS (git-fixes).
- perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes).
- perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes).
- perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
- perf/x86/intel: Fix PT PMI handling (git-fixes).
- perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes).
- perf/x86/intel/uncore: Add Node ID mask (git-fixes).
- perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
- perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)).
- perf/x86/uncore: Fix event group support (git-fixes).
- pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)).
- pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510).
- pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510).
- pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510).
- pnp: Use list_for_each_entry() instead of open coding (git fixes).
- powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
- powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729).
- powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
- power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510).
- power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510).
- power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
- raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)).
- resolve KABI warning for perf-pt-coresight (git-fixes).
- Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)).
- Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)).
- Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove'
- rpm/kernel-docs.spec.in: Require python-packaging for build.
- s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
- s390: fix syscall_get_error for compat processes (git-fixes).
- s390/qdio: consistently restore the IRQ handler (git-fixes).
- s390/qdio: lock device while installing IRQ handler (git-fixes).
- s390/qdio: put thinint indicator after early error (git-fixes).
- s390/qdio: tear down thinint indicator after early error (git-fixes).
- s390/qeth: fix error handling for isolation mode cmds (git-fixes).
- scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814).
- scsi: qedf: Add port_id getter (bsc#1150660).
- scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).
- spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510).
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
- staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
- SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624).
- tracing: Fix event trigger to accept redundant spaces (git-fixes).
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
- tty: n_gsm: Fix SOF skipping (bsc#1051510).
- tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510).
- usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510).
- usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510).
- usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510).
- usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510).
- usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
- usb: musb: start session in resume for host port (bsc#1051510).
- usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
- usb: serial: qcserial: add DW5816e QDL support (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes).
- virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)).
- vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
- vmxnet3: add support to get/set rx flow hash (bsc#1172484).
- vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
- vmxnet3: avoid format strint overflow warning (bsc#1172484).
- vmxnet3: prepare for version 4 changes (bsc#1172484).
- vmxnet3: Remove always false conditional statement (bsc#1172484).
- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484).
- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
- vmxnet3: update to version 4 (bsc#1172484).
- vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484).
- w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510).
- work around mvfs bug (bsc#1162063).
- x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
- x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes).
- x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
- x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
- xfrm: fix error in comment (git fixes).
ImportantSUSE bug 1051510SUSE bug 1065729SUSE bug 1071995SUSE bug 1085030SUSE bug 1104967SUSE bug 1114279SUSE bug 1144333SUSE bug 1148868SUSE bug 1150660SUSE bug 1152107SUSE bug 1152472SUSE bug 1152624SUSE bug 1158983SUSE bug 1159058SUSE bug 1161016SUSE bug 1162002SUSE bug 1162063SUSE bug 1168081SUSE bug 1169194SUSE bug 1169514SUSE bug 1169795SUSE bug 1170011SUSE bug 1170592SUSE bug 1170618SUSE bug 1171124SUSE bug 1171424SUSE bug 1171558SUSE bug 1171673SUSE bug 1171732SUSE bug 1171761SUSE bug 1171868SUSE bug 1171904SUSE bug 1172257SUSE bug 1172344SUSE bug 1172458SUSE bug 1172484SUSE bug 1172759SUSE bug 1172775SUSE bug 1172781SUSE bug 1172782SUSE bug 1172783SUSE bug 1172999SUSE bug 1173265SUSE bug 1173280SUSE bug 1173428SUSE bug 1173462SUSE bug 1173514SUSE bug 1173567SUSE bug 1173573SUSE bug 1174115SUSE bug 1174462SUSE bug 1174543CVE-2019-16746 at SUSECVE-2019-16746 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20908 at SUSECVE-2019-20908 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10769 at SUSECVE-2020-10769 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionview-4_2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionview-4_2 fixes the following issues:
- Fixed a potential remote code execution of user-provided local names (bsc#1173144, CVE-2020-8163).
ImportantSUSE bug 1173144CVE-2020-8163 at SUSECVE-2020-8163 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- bsc#1174543 - secure boot related fixes
- bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages
ImportantSUSE bug 1163019SUSE bug 1174543CVE-2020-8608 at SUSECVE-2020-8608 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-ipaddress (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-ipaddress fixes the following issues:
- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing
CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions
in IPv4Interface and IPv6Interface could lead to DOS.
ImportantSUSE bug 1173274CVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma fixes the following issues:
Security fixes included in this update:
ansible1:
- CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503).
grafana:
- CVE-2020-13379: Fixed an incorrect access control issue which could
lead to information leaks or denial of service (bsc#1172409).
- CVE-2020-12052: Fixed an cross site scripting vulnerability related to
the annotation popup (bsc#1170657).
kibana:
- CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909).
python-Django1 to 1.11.29:
- CVE-2020-13254: Fixed a data leakage via malformed memcached keys
(bsc#1172167).
- CVE-2020-13596: Fixed a cross site scripting vulnerability related to
the admin parameters of the ForeignKeyRawIdWidget (bsc#1172166).
- CVE-2020-7471: Fixed a SQL injection via StringAgg delimiter
(bsc#1161919).
- CVE-2020-9402: Fixed a SQL injection via tolerance parameter in GIS
functions and aggregates (bsc#1165022).
- CVE-2019-19844: Fixed a potential account hijack via password reset
form (bsc#1159447).
python-Pillow:
- CVE-2020-10177: Fixed multiple out-of-bounds reads in
libImaging/FliDecode.c (bsc#1173413).
- CVE-2020-11538: Fixed multiple out-of-bounds reads via a crafted JP2
files (bsc#1173420).
- CVE-2020-10994: Fixed multiple out-of-bounds reads via a crafted JP2
files (bsc#1173418).
- CVE-2020-10378: Fixed an out-of-bounds read when reading PCX files
(bsc#1173416).
- CVE-2019-16865: Fixed a denial of service with specially crafted
image files (bsc#1153191).
- CVE-2020-5311: Fixed an SGI buffer overflow (bsc#1160151).
- CVE-2020-5312: Fixed a buffer overflow in the PCX P mode (bsc#1160152).
- CVE-2020-5313: Fixed a buffer overflow related to FLI (bsc#1160153).
- CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py
(bsc#1160192).
python-waitress to version 1.4.3:
- CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF
handling (bsc#1161088).
- CVE-2019-16786: Fixed HTTP request smuggling through invalid
Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: Fixed HTTP Request Smuggling through invalid
whitespace characters (bsc#1160790).
- CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length
header handling (bsc#1161670).
rubygem-activeresource:
- CVE-2020-8151: Fixed possible information disclosure through specially
crafted requests (bsc#1171560).
Non security fixes:
Changes in ansible1.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add 0001-Disallow-use-of-remote-home-directories-containing-..patch
(bsc#1126503, CVE-2019-3828)
Changes in ardana-ansible.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1591138508.e269bdb:
* Use internal endpoint for upload image (SOC-11294)
- Update to version 9.0+git.1589740968.d339a28:
* Reconfigure rabbitmq user permissions on update (SOC-11082)
- Update to version 9.0+git.1588953276.b8b5512:
* Fix incorrect prefix used to collect supportconfig files (bsc#1171273)
Changes in ardana-cobbler.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1588181228.bae3b1f:
* Ensure distro_signatures.json gets updated if needed (SOC-11249)
Changes in ardana-glance.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1593631708.9354a78:
* Idempotent cirros image upload to glance (SOC-11342)
Changes in ardana-input-model.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1589740948.c24fc0b:
* Add default rabbitmq exchange write permissions (SOC-11082)
Changes in ardana-logging.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1591193994.d93b668:
* kibana: set x-frame-options header (bsc#1171909)
Changes in ardana-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1594158642.b5905e4:
* Ensure manila_upgrade_mode is initialised appropriately (SOC-11341)
- Update to version 9.0+git.1593516580.6c83767:
* Skip openstack-manila-share status check during upgrade (SOC-11341)
Changes in ardana-monasca.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1589385256.7fbfaaf:
* Fix stop start/stop logic (SOC-11209)
- Update to version 9.0+git.1588610558.98958f3:
* Fix monasca-thresh-wrapper status action (SOC-11209)
- Update to version 9.0+git.1588343155.0e67455:
* monasca-thresh restart and storm upgrade enhancements (SOC-11209)
Changes in ardana-mq.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1593618110.cbd1a37:
* Ensure epmd.service started/stopped independent of rabbitmq (SOC-6780)
- Update to version 9.0+git.1589715197.9196f62:
* Don't mirror reply queues (SOC-10317)
Changes in ardana-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1590756257.e09d54f:
* Update L3 rootwrap filters (SOC-11306)
Changes in ardana-octavia.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1590079609.a2ae6ab:
* fix octavia to glance communication over internal endpoint (SOC-11294)
Changes in ardana-tempest.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.0+git.1593033709.9495bb2:
* load-balancer: set check timeout to 120 seconds (SOC-11330)
- Update to version 9.0+git.1593010160.cb417d7:
* Blacklist neutron test_snat_external_ip test (SOC-11279)
- Update to version 9.0+git.1592341936.3b5ad41:
* Remove blacklisted octavia test (SOC-11289)
- Update to version 9.0+git.1592239656.b18289a:
* Blacklist NetworkMigration tests (SOC-11279)
- Update to version 9.0+git.1590429931.4fa308a:
* Install only needed tempest pluguins (SOC-11297)
- Update to version 9.0+git.1590164310.9e7888e:
* Enable tempest shelve tests (SOC-9775)
- Update to version 9.0+git.1590151267.16bddd9:
* Add NetworkMigration tests back in neutron filter (SOC-11279)
- Update to version 9.0+git.1589460689.e3bd243:
* Enable test_delete_policies_while_tenant_attached_to_net test (SOC-9235)
- Update to version 9.0+git.1589206665.aedb17d:
* Blacklist some NetworkMigration tests (SOC-11279)
Changes in crowbar-core.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 6.0+git.1594619891.b75a61d0d:
* upgrade: Do not stop pacemaker managed apache service (SOC-11298)
- Update to version 6.0+git.1593156244.533c05c01:
* Ignore CVE-2020-8184 (SOC-11299)
- Update to version 6.0+git.1592589539.e0cbb8c8f:
* provisioner: allow tftp access from admin network only (bsc#1019111)
- Update to version 6.0+git.1590650924.e7548b2ac:
* Ignore latest ruby-related CVEs in the CI (SOC-11299)
- Update to version 6.0+git.1589803358.48ba3f4a6:
* provisioner: Fix ssh key validation (SOC-11126)
- Update to version 6.0+git.1588062060.de79301bf:
* upgrade: disable zypper process check temporarily (SOC-11203)
Changes in crowbar-openstack.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 6.0+git.1591795073.49cb6400e:
* kibana: set x-frame-options header (bsc#1171909, CVE-2020-10743)
- Update to version 6.0+git.1591104467.7de344556:
* Restore undeprecated nova dhcp_domain option (bsc#1171594)
- Update to version 6.0+git.1590579980.5258ac04a:
* tempest: Enable shelve tests when using RBD ephemeral (SOC-11176)
- Update to version 6.0+git.1589957131.fcfccecc1:
* galera: Make sure checks are executed without password (bsc#1136928)
- Update to version 6.0+git.1589573559.3bf36a7cd:
* rabbitmq: sync startup definitions.json with recipe (SOC-11077,SOC-11274)
- Update to version 6.0+git.1589544034.e52fd938a:
* trove: fix rabbitmq connection URL (SOC-11286)
- Update to version 6.0+git.1589389407.5a306c6d3:
* tempest: remove port_admin_state_change workaround (SOC-10029)
- Update to version 6.0+git.1588686448.3c0060ca7:
* Fix monasca libvirt ping checks (bsc#1107190)
- Update to version 6.0+git.1588259003.a4e938422:
* run keystone_register on cluster founder only when HA (SOC-11248)
* ceilometer: Post API removal cleanup (SOC-10124)
- Update to version 6.0+git.1588096476.79154bb30:
* nova: run keystone_register on cluster founder only (SOC-11243)
Changes in grafana.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add CVE-2020-13379.patch
* Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379)
- Add 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
* Security: Fix annotation popup XSS vulnerability
(bsc#1170657, CVE-2020-12052)
- Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#1148383)
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
Changes in kibana.SUSE_SLE-12-SP4_Update_Products_Cloud9:
- Add 0001-Configurable-custom-response-headers-for-server.patch
(bsc#1171909, CVE-2020-10743)
Changes in openstack-barbican.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop python-argparse buildrequires
Changes in openstack-ceilometer.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ceilometer-11.1.1.dev7:
* [stable-only] Add confluent-kafka to test-requirements
- Update to version ceilometer-11.1.1.dev6:
* Temporary failures should be treated as temporary
Changes in openstack-ceilometer.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ceilometer-11.1.1.dev7:
* [stable-only] Add confluent-kafka to test-requirements
- Update to version ceilometer-11.1.1.dev6:
* Temporary failures should be treated as temporary
Changes in openstack-cinder.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version cinder-13.0.10.dev12:
* Remove VxFlex OS credentials from connection\_properties
- Update to version cinder-13.0.10.dev11:
* [stable only] Add warning about rbd\_keyring\_conf
- Update to version cinder-13.0.10.dev10:
* VMAX Driver - Backport fix for Rocky and Queens
Changes in openstack-cinder.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop obsolete python-argparse buildrequires
- Update to version cinder-13.0.10.dev12:
* Remove VxFlex OS credentials from connection\_properties
- Update to version cinder-13.0.10.dev11:
* [stable only] Add warning about rbd\_keyring\_conf
- Update to version cinder-13.0.10.dev10:
* VMAX Driver - Backport fix for Rocky and Queens
Changes in openstack-dashboard.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version horizon-14.1.1.dev6:
* Fix tenant\_id for a new port
- Update to version horizon-14.1.1.dev5:
* Fix .zuul.yaml syntax errors
* Gate fix: use tempest-horizon 0.2.0 explicitly
* Authenticate before Authorization
Changes in openstack-designate.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version designate-7.0.2.dev2:
* Worker should send NOTIFY also to all servers in 'also\_notifies' pool settings
- Update to version designate-7.0.2.dev1:
* Pin stable/rocky tempest tests to 0.7.0 tag
7.0.1
Changes in openstack-designate.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version designate-7.0.2.dev2:
* Worker should send NOTIFY also to all servers in 'also\_notifies' pool settings
- Update to version designate-7.0.2.dev1:
* Pin stable/rocky tempest tests to 0.7.0 tag
7.0.1
Changes in openstack-heat-templates.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 0.0.0+git.1582270132.8a20477:
* Drop use of git.openstack.org
* Add example for running Zun container
* OpenDev Migration Patch
* Replace openstack.org git:// URLs with https://
* Add sample templates for Blazar
* Remove docs, deprecated hooks, tests
* Update the bugs link to storyboard
* Add an example of OS::Mistral::ExternalResource
Changes in openstack-ironic.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ironic-11.1.5.dev6:
* Fix issue where server fails to reboot
- Update to version ironic-11.1.5.dev4:
* Fix SpanLength calculation for DRAC RAID configuration
Changes in openstack-ironic.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version ironic-11.1.5.dev6:
* Fix issue where server fails to reboot
- Update to version ironic-11.1.5.dev4:
* Fix SpanLength calculation for DRAC RAID configuration
Changes in openstack-keystone.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version keystone-14.2.1.dev4:
* Fix security issues with EC2 credentials
* Ensure OAuth1 authorized roles are respected
- Update to version keystone-14.2.1.dev2:
* Check timestamp of signed EC2 token request
- Update to version keystone-14.2.1.dev1:
* Add cadf auditing to credentials
14.2.0
Changes in openstack-keystone.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Remove patches (merged upstream)
* 0002-Check-timestamp-of-signed-EC2-token-request.patch
* 0002-Ensure-OAuth1-authorized-roles-are-respected.patch
* 0002-Fix-security-issues-with-EC2-credentials.patch
- Update to version keystone-14.2.1.dev4:
* Fix security issues with EC2 credentials
* Ensure OAuth1 authorized roles are respected
- Update to version keystone-14.2.1.dev2:
* Check timestamp of signed EC2 token request
- Add security patches (bsc#1171070, bsc#1171071, bsc#1171072):
* 0002-Check-timestamp-of-signed-EC2-token-request.patch
* 0002-Ensure-OAuth1-authorized-roles-are-respected.patch
* 0002-Fix-security-issues-with-EC2-credentials.patch
- Update to version keystone-14.2.1.dev1:
* Add cadf auditing to credentials
14.2.0
Changes in openstack-magnum.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop obsolete python-argparse buildrequires
Changes in openstack-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version manila-7.4.2.dev31:
* [Unity]: Failed to delete cifs share if wrong access set
- Update to version manila-7.4.2.dev29:
* [devstack][ci] Move bgp setup to plugin
- Update to version manila-7.4.2.dev27:
* [devstack][ci] Modify firewall in ds-plugin
- Update to version manila-7.4.2.dev25:
* [devstack][ci] Set public network ID in tempest.conf
* Make manila-tempest-plugin installation optional
- Update to version manila-7.4.2.dev21:
* fix bug in consume from share
- Update to version manila-7.4.2.dev19:
* Conditionally restore default route in setup\_ipv6
- Update to version manila-7.4.2.dev18:
* [NetApp] Fix driver to honor standard extra specs
* [NetApp] cDOT to set valid QoS during migration
- Update to version manila-7.4.2.dev14:
* Remove provisioned calculation on non thin provision backends
- Update to version manila-7.4.2.dev12:
* [NetApp] Fix share replica failing for 'transfer in progress' error
* [NetApp] Fix share shrink error status
* Delete type access list when deleting types
* fix bug in quota checking
* Prevent share type deletion if linked to group types
Changes in openstack-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- drop obsolete python-argparse buildrequires
- Update to version manila-7.4.2.dev31:
* [Unity]: Failed to delete cifs share if wrong access set
- Update to version manila-7.4.2.dev29:
* [devstack][ci] Move bgp setup to plugin
- Update to version manila-7.4.2.dev27:
* [devstack][ci] Modify firewall in ds-plugin
- Update to version manila-7.4.2.dev25:
* [devstack][ci] Set public network ID in tempest.conf
* Make manila-tempest-plugin installation optional
- Update to version manila-7.4.2.dev21:
* fix bug in consume from share
- Update to version manila-7.4.2.dev19:
* Conditionally restore default route in setup\_ipv6
- Update to version manila-7.4.2.dev18:
* [NetApp] Fix driver to honor standard extra specs
* [NetApp] cDOT to set valid QoS during migration
- Update to version manila-7.4.2.dev14:
* Remove provisioned calculation on non thin provision backends
- Update to version manila-7.4.2.dev12:
* [NetApp] Fix share replica failing for 'transfer in progress' error
* [NetApp] Fix share shrink error status
* Delete type access list when deleting types
* fix bug in quota checking
* Prevent share type deletion if linked to group types
Changes in openstack-monasca-agent.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to version 2.8.2~dev5
- Fix libvirt ping_checks documentation
- update to version 2.8.2~dev3
- Add debug output for libvirt ping checks
- Lockdown /bin/ip permissions for the monasca-agent (bsc#1107190)
- add addtional arguments to /bin/ip in sudoers
- Fix missing sudo privleges (bsc#1107190)
- add /bin/ip and /usr/bin/ovs-vsctl to monasca-agent sudoers
- update to version 2.8.2~dev2
- Remove incorrect assignment of ping_cmd to 'True'
- Do not copy /sbin/ip to /usr/bin/monasa-agent-ip
Changes in openstack-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version neutron-13.0.8.dev68:
* [DVR] Related routers should be included if are requested
- Update to version neutron-13.0.8.dev67:
* [EM releases] Move non-voting jobs to the experimental queue
* [OVS] Make QoS OVS agent deletion operations more resilient
* Add 'igmp\_snooping\_enable' config option for OVS agent
- Update to version neutron-13.0.8.dev61:
* Unnecessary routers should not be created
* Ensure that stale flows are cleaned from phys\_bridges
* Do not block connection between br-int and br-phys on startup
* Improve log message when port losts its vlan tag
* [DVR] Reconfigure re-created physical bridges for dvr routers
- Update to version neutron-13.0.8.dev52:
* Fix rocky gates, multiple fixes
- Update to version neutron-13.0.8.dev51:
* Dynamically increase l3 router process queue green pool size
- Update to version neutron-13.0.8.dev49:
* Allow usage of legacy 3rd-party interface drivers
- Update to version neutron-13.0.8.dev47:
* Router synch shouldn't return unrelated routers
- Update to version neutron-13.0.8.dev45:
* Only notify nova of port status changes if configured
- Update to version neutron-13.0.8.dev44:
* Add Rocky milestone tag for alembic migration revisions
- Update to version neutron-13.0.8.dev42:
* Cap pycodestyle to be < 2.6.0
* Report L3 extensions enabled in the L3 agent's config
- Update to version neutron-13.0.8.dev39:
* Adding LOG statements to debug 1838449
- Update to version neutron-13.0.8.dev38:
* Improve VLAN allocations synchronization
* [L3 HA] Add 'no\_track' option to VIPs in keepalived config
* Change ovs-agent iteration log level to INFO
* Refactor the L3 agent batch notifier
* Do not link up HA router gateway in backup node
Changes in openstack-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version neutron-13.0.8.dev68:
* [DVR] Related routers should be included if are requested
- Add 0001-Revert-Do-not-block-connection-between-br-int-and-br.patch (LP#1887148)
- Update to version neutron-13.0.8.dev67:
* [EM releases] Move non-voting jobs to the experimental queue
* [OVS] Make QoS OVS agent deletion operations more resilient
* Add 'igmp\_snooping\_enable' config option for OVS agent
- Update to version neutron-13.0.8.dev61:
* Unnecessary routers should not be created
* Ensure that stale flows are cleaned from phys\_bridges
* Do not block connection between br-int and br-phys on startup
* Improve log message when port losts its vlan tag
* [DVR] Reconfigure re-created physical bridges for dvr routers
- Update to version neutron-13.0.8.dev52:
* Fix rocky gates, multiple fixes
- Update to version neutron-13.0.8.dev51:
* Dynamically increase l3 router process queue green pool size
- Update to version neutron-13.0.8.dev49:
* Allow usage of legacy 3rd-party interface drivers
- Update to version neutron-13.0.8.dev47:
* Router synch shouldn't return unrelated routers
- Update to version neutron-13.0.8.dev45:
* Only notify nova of port status changes if configured
- Update to version neutron-13.0.8.dev44:
* Add Rocky milestone tag for alembic migration revisions
- Update to version neutron-13.0.8.dev42:
* Cap pycodestyle to be < 2.6.0
* Report L3 extensions enabled in the L3 agent's config
- Update to version neutron-13.0.8.dev39:
* Adding LOG statements to debug 1838449
- Update to version neutron-13.0.8.dev38:
* Improve VLAN allocations synchronization
* [L3 HA] Add 'no\_track' option to VIPs in keepalived config
* Change ovs-agent iteration log level to INFO
* Refactor the L3 agent batch notifier
* Do not link up HA router gateway in backup node
Changes in openstack-neutron-vsphere.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- The networking-vsphere repo got moved from github to opendev.org.
We no longer able to automatically generate changelogs from
opendev.org as it doesn't provide the same API as github.
We'll need to manually update it from now on.
- update to version 2.0.1~dev167
- Making networking-vsphere run under Python3
- OVSvApp Security Group Changes
Changes in openstack-nova.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version nova-18.3.1.dev38:
* libvirt: Don't delete disks on shared storage during evacuate
* Add functional test for bug 1550919
- Update to version nova-18.3.1.dev36:
* Fix os\_CODENAME detection and repo refresh during ceph tests
- Update to version nova-18.3.1.dev35:
* Update scheduler instance info at confirm resize
- Update to version nova-18.3.1.dev33:
* Reproduce bug 1869050
- Update to version nova-18.3.1.dev31:
* Revert 'nova shared storage: rbd is always shared storage'
- Update to version nova-18.3.1.dev29:
* Clean up allocation if unshelve fails due to neutron
* Reset the cell cache for database access in Service
* Reproduce bug 1862633
* Make RBD imagebackend flatten method idempotent
- Update to version nova-18.3.1.dev21:
* Add config option for neutron client retries
- Update to version nova-18.3.1.dev19:
* Add retry to cinder API calls related to volume detach
- Update to version nova-18.3.1.dev18:
* Lowercase ironic driver hash ring and ignore case in cache
Changes in openstack-nova.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version nova-18.3.1.dev38:
* libvirt: Don't delete disks on shared storage during evacuate
* Add functional test for bug 1550919
- Update to version nova-18.3.1.dev36:
* Fix os\_CODENAME detection and repo refresh during ceph tests
- Update to version nova-18.3.1.dev35:
* Update scheduler instance info at confirm resize
- Update to version nova-18.3.1.dev33:
* Reproduce bug 1869050
- Update to version nova-18.3.1.dev31:
* Revert 'nova shared storage: rbd is always shared storage'
- Update to version nova-18.3.1.dev29:
* Clean up allocation if unshelve fails due to neutron
* Reset the cell cache for database access in Service
* Reproduce bug 1862633
* Make RBD imagebackend flatten method idempotent
- Update to version nova-18.3.1.dev21:
* Add config option for neutron client retries
- Update to version nova-18.3.1.dev19:
* Add retry to cinder API calls related to volume detach
- Update to version nova-18.3.1.dev18:
* Lowercase ironic driver hash ring and ignore case in cache
Changes in openstack-octavia.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update patch for SUSE distro support
* Fix osutils.py to handle secondary interfaces (SOC-11289)
* Add 020-amphora-logging.conf for configuring log targets
- Update to version octavia-3.2.3.dev7:
* Fix the amphora noop driver
* Validate resource access when creating loadbalancer or member
- Update to version octavia-3.2.3.dev3:
* Fix Rocky v2 scenario and grenade jobs
Changes in openstack-octavia-amphora-image.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update image to 0.1.4 to include latest changes
Changes in openstack-resource-agents.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 1.0+git.1569436425.8b9c49f:
* Add a configurable delay to Nova Evacuate calls
* OpenDev Migration Patch
* NovaEvacuate: fix a syntax error
* NovaEvacuate: Support the new split-out IHA fence agents with backwards compatibility
* NovaEvacuate: Correctly handle stopped hypervisors
* neutron-ha-tool: do not replicate dhcp
* NovaCompute: Support parsing host option from /etc/nova/nova.conf.d
* NovaCompute: Use variable to avoid calling crudini a second time
* NovaEvacuate: Allow debug logging to be turned on easily
Changes in python-Django1.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
* Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
* Pinned PyYAML < 5.3 in test requirements.
* Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
* Fixed timezones tests for PyYAML 5.3+.
* Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
* Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
* Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
* Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596)
* Added patch CVE-2020-13254.patch
* Added patch CVE-2020-13596.patch
Changes in python-Pillow.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add 010-Fix-OOB-reads-in-FLI-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10177, bsc#1173413
- Add 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch
* From upstream, backported
* Fixes CVE-2020-11538, bsc#1173420
- Add 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10994, bsc#1173418
- Add 013-Fix-bounds-overflow-in-PCX-decoding.patch
* From upstream, backported
* Fixes CVE-2020-10378, bsc#1173416
- Remove decompression_bomb.gif and relevant test case to avoid
ClamAV scan alerts during build
- Add 001-Corrected-negative-seeks.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 002-Added-decompression-bomb-checks.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 003-Raise-error-if-dimension-is-a-string.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 004-Catch-buffer-overruns.patch
* From upstream, backported
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 005-Catch-PCX-P-mode-buffer-overrun.patch
* From upstream, backported
* Fixes CVE-2020-5312, bsc#1160152
- Add 006-Catch-SGI-buffer-overruns.patch
* From upstream, backported
* Fixes CVE-2020-5311, bsc#1160151
- Add 007-Ensure-previous-FLI-frame-is-loaded.patch
* From upstream, backported
* Fixes https://github.com/python-pillow/Pillow/issues/2649
* Uncovers CVE-2020-5313, bsc#1160153
- Add 008-Catch-FLI-buffer-overrun.patch
* From upstream, backported
* Fixes CVE-2020-5313, bsc#1160153
- Add 009-Invalid-number-of-bands-in-FPX-image.patch
* From upstream, backported
* Fixes CVE-2019-19911, bsc#1160192
Changes in python-ardana-packager.SUSE_SLE-12-SP4_Update_Products_Cloud9:
- fetch updated nova_host_aggregate from git
- Add missing novaclient required domain entries (bsc#1174006)
- update from git repo
- Add missing novaclient required domain entries (bsc#1174006)
Changes in python-heatclient.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to version 1.16.3
- Replace openstack.org git:// URLs with https://
- OpenDev Migration Patch
Changes in python-neutron-tempest-plugin.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- added 0002-Ensure-that-external-network-dont-have-any-ports-before-deletion.patch
Changes in python-octavia-tempest-plugin.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Fix broken compile options for httpd.bin
Changes in python-os-brick.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Apply patches to resolve CVE-2020-10755 (bsc#1172522)
- 0001-Remove-VxFlex-OS-credentials-from-connection_propert.patch
- 0002-Fix-Remove-VxFlex-OS-credentials-regression.patch
Changes in python-oslo.messaging.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- added 0001-Use-default-exchange-for-direct-messaging.patch
(SOC-11082, SOC-11274, bsc#1159046)
Changes in python-pyroute2.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to 0.5.2
* ndb: read-only DB prototype
* remote: support communication via stdio
* general: fix async keyword -- Python 3.7 compatibility
* <https://github.com/svinota/pyroute2/issues/467>
* <https://bugzilla.redhat.com/show_bug.cgi?id=1583800>
* iproute: support monitoring on BSD systems via PF_ROUTE
* rtnl: support for SQL schema in message classes
* nl80211: improvements
* <https://github.com/svinota/pyroute2/issues/512>
* <https://github.com/svinota/pyroute2/issues/514>
* <https://github.com/svinota/pyroute2/issues/515>
* netlink: support generators
- update to 0.5.1
* ipdb: #310 -- route keying fix
* ipdb: #483, #484 -- callback internals change
* ipdb: #499 -- eventloop interface
* ipdb: #500 -- fix non-default :: routes
* netns: #448 -- API change: setns() doesn't remove FD
* netns: #504 -- fix resource leakage
* bsd: initial commits
- update to 0.5.0
* ACHTUNG: ipdb commit logic is changed
* ipdb: do not drop failed transactions
* ipdb: #388 -- normalize IPv6 addresses
* ipdb: #391 -- support both IPv4 and IPv6 default routes
* ipdb: #392 -- fix MPLS route key reference
* ipdb: #394 -- correctly work with route priorities
* ipdb: #408 -- fix IPv6 routes in tables >= 256
* ipdb: #416 -- fix VRF interfaces creation
* ipset: multiple improvements
* tuntap: #469 -- support s390x arch
* nlsocket: #443 -- fix socket methods resolve order for Python2
* netns: non-destructive `netns.create()`
Changes in python-urllib3.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Skip test_source_address_error as we raise different error with
fixes that we provide in new python2/3
- Update python-urllib3-recent-date.patch to have RECENT_DATE within
the needed boundaries for the test suite.
Changes in python-waitress.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- update to 1.4.3 to include fixes for:
* CVE-2019-16785 / bsc#1161088
* CVE-2019-16786 / bsc#1161089
* CVE-2019-16789 / bsc#1160790
* CVE-2019-16792 / bsc#1161670
- make sure UTF8 locale is used when runnning tests
* Sometimes functional tests executed in python3 failed if stdout was not
set to UTF-8. The error message was:
ValueError: underlying buffer has been detached
- %python3_only -> %python_alternative
- update to 1.4.3
* Waitress did not properly validate that the HTTP headers it received
were properly formed, thereby potentially allowing a front-end server
to treat a request different from Waitress. This could lead to HTTP
request smuggling/splitting.
- drop patch local-intersphinx-inventories.patch
* it was commented out, anyway
- update to 1.4.0:
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
- CRLR handling Security fixes
- update to 1.3.1
* Waitress won’t accidentally throw away part of the path if it
starts with a double slash
- version update to 1.3.0
Deprecations
~~~~~~~~~~~~
- The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
pending removal in a future release.
and https://github.com/Pylons/waitress/pull/246
Features
~~~~~~~~
- Add a new ``outbuf_high_watermark`` adjustment which is used to apply
backpressure on the ``app_iter`` to avoid letting it spin faster than data
can be written to the socket. This stabilizes responses that iterate quickly
with a lot of data.
See https://github.com/Pylons/waitress/pull/242
- Stop early and close the ``app_iter`` when attempting to write to a closed
socket due to a client disconnect. This should notify a long-lived streaming
response when a client hangs up.
See https://github.com/Pylons/waitress/pull/238
and https://github.com/Pylons/waitress/pull/240
and https://github.com/Pylons/waitress/pull/241
- Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how
much waitress will buffer internally before flushing to the kernel, whereas
previously it used to also throttle how much data was sent to the kernel.
This change enables a streaming ``app_iter`` containing small chunks to
still be flushed efficiently.
See https://github.com/Pylons/waitress/pull/246
Bugfixes
~~~~~~~~
- Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
no longer set the version to the string value 'None'. See
https://github.com/Pylons/waitress/pull/252 and
https://github.com/Pylons/waitress/issues/110
- When a client closes a socket unexpectedly there was potential for memory
leaks in which data was written to the buffers after they were closed,
causing them to reopen.
See https://github.com/Pylons/waitress/pull/239
- Fix the queue depth warnings to only show when all threads are busy.
See https://github.com/Pylons/waitress/pull/243
and https://github.com/Pylons/waitress/pull/247
- Trigger the ``app_iter`` to close as part of shutdown. This will only be
noticeable for users of the internal server api. In more typical operations
the server will die before benefiting from these changes.
See https://github.com/Pylons/waitress/pull/245
- Fix a bug in which a streaming ``app_iter`` may never cleanup data that has
already been sent. This would cause buffers in waitress to grow without
bounds. These buffers now properly rotate and release their data.
See https://github.com/Pylons/waitress/pull/242
- Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger
an exception when passed to the ``wsgi.file_wrapper`` callback.
See https://github.com/Pylons/waitress/pull/249
- Trim marketing wording and other platform mentions.
- Add fetch-intersphinx-inventories.sh to sources
- Add local-intersphinx-inventories.patch for generating the docs
correctly
- update to version 1.2.1:
too many changes to list here, see:
https://github.com/Pylons/waitress/blob/master/CHANGES.txt
or even:
https://github.com/Pylons/waitress/commits/master
- Remove superfluous devel dependency for noarch package
Changes in rubygem-activeresource.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add bsc#1171560-CVE-2020-8151-encode-id-param.patch
Prevent possible information disclosure issue that could allow
an attacker to create specially crafted requests to access data
in an unexpected way (bsc#1171560 CVE-2020-8151))_
Changes in rubygem-json-1_7.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244)
Changes in rubygem-puma.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Fix indentation in gem2rpm.yml_
- Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077)
- Add chunked-request-handling.patch (needed for CVE-2020-11076.patch)
- Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076)
- Add all patches to gem2rpm.yml
Changes in release-notes-suse-openstack-cloud.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update:
- Update to version 9.20200610:
* Terraform support validation release note added (SOC-11314)
- Update to version 9.20200504:
* language change for accuracy - MANAGEMENT network group (SOC-10106)
* add limitation about MANAGEMENT network group (SOC-10106)
- Update to version 9.20200429:
* Mark identity api v2 as deprecated (bsc#1163446)
- Update to version 9.20200428:
* Update release notes to indicate Octavia support has shipped (SOC-11241)
ModerateSUSE bug 1019111SUSE bug 1107190SUSE bug 1126503SUSE bug 1136928SUSE bug 1153191SUSE bug 1159046SUSE bug 1159447SUSE bug 1160151SUSE bug 1160152SUSE bug 1160153SUSE bug 1160192SUSE bug 1160790SUSE bug 1161088SUSE bug 1161089SUSE bug 1161670SUSE bug 1161919SUSE bug 1163446SUSE bug 1165022SUSE bug 1170657SUSE bug 1171070SUSE bug 1171071SUSE bug 1171072SUSE bug 1171273SUSE bug 1171594SUSE bug 1171909SUSE bug 1172166SUSE bug 1172167SUSE bug 1172409SUSE bug 1172522SUSE bug 1173413SUSE bug 1173416SUSE bug 1173418SUSE bug 1173420SUSE bug 1174006CVE-2019-16785 at SUSECVE-2019-16785 at NVDCVE-2019-16786 at SUSECVE-2019-16786 at NVDCVE-2019-16789 at SUSECVE-2019-16789 at NVDCVE-2019-16792 at SUSECVE-2019-16792 at NVDCVE-2019-16865 at SUSECVE-2019-16865 at NVDCVE-2019-19844 at SUSECVE-2019-19844 at NVDCVE-2019-19911 at SUSECVE-2019-19911 at NVDCVE-2019-3828 at SUSECVE-2019-3828 at NVDCVE-2020-10177 at SUSECVE-2020-10177 at NVDCVE-2020-10378 at SUSECVE-2020-10378 at NVDCVE-2020-10743 at SUSECVE-2020-10743 at NVDCVE-2020-10755 at SUSECVE-2020-10755 at NVDCVE-2020-10994 at SUSECVE-2020-10994 at NVDCVE-2020-11538 at SUSECVE-2020-11538 at NVDCVE-2020-12052 at SUSECVE-2020-12052 at NVDCVE-2020-13254 at SUSECVE-2020-13254 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDCVE-2020-13596 at SUSECVE-2020-13596 at NVDCVE-2020-5311 at SUSECVE-2020-5311 at NVDCVE-2020-5312 at SUSECVE-2020-5312 at NVDCVE-2020-5313 at SUSECVE-2020-5313 at NVDCVE-2020-7471 at SUSECVE-2020-7471 at NVDCVE-2020-8184 at SUSECVE-2020-8184 at NVDCVE-2020-9402 at SUSECVE-2020-9402 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for LibVNCServer (Important)SUSE OpenStack Cloud Crowbar 9
This update for LibVNCServer fixes the following issues:
- security update
fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
ImportantSUSE bug 1173477SUSE bug 1173691SUSE bug 1173694SUSE bug 1173700SUSE bug 1173701SUSE bug 1173743SUSE bug 1173874SUSE bug 1173875SUSE bug 1173876SUSE bug 1173880CVE-2017-18922 at SUSECVE-2017-18922 at NVDCVE-2018-21247 at SUSECVE-2018-21247 at NVDCVE-2019-20839 at SUSECVE-2019-20839 at NVDCVE-2019-20840 at SUSECVE-2019-20840 at NVDCVE-2020-14397 at SUSECVE-2020-14397 at NVDCVE-2020-14398 at SUSECVE-2020-14398 at NVDCVE-2020-14399 at SUSECVE-2020-14399 at NVDCVE-2020-14400 at SUSECVE-2020-14400 at NVDCVE-2020-14401 at SUSECVE-2020-14401 at NVDCVE-2020-14402 at SUSECVE-2020-14402 at NVDCVE-2020-14403 at SUSECVE-2020-14403 at NVDCVE-2020-14404 at SUSECVE-2020-14404 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libX11 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628).
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xerces-c (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for xerces-c fixes the following issues:
- CVE-2017-12627: Processing of external DTD paths could have resulted in a
null pointer dereference under certain conditions (bsc#1083630)
ModerateSUSE bug 1083630CVE-2017-12627 at SUSECVE-2017-12627 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.4 (bsc#1174662):
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,
CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.
ImportantSUSE bug 1174662CVE-2020-9862 at SUSECVE-2020-9862 at NVDCVE-2020-9893 at SUSECVE-2020-9893 at NVDCVE-2020-9894 at SUSECVE-2020-9894 at NVDCVE-2020-9895 at SUSECVE-2020-9895 at NVDCVE-2020-9915 at SUSECVE-2020-9915 at NVDCVE-2020-9925 at SUSECVE-2020-9925 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dovecot22 (Important)SUSE OpenStack Cloud Crowbar 9
This update for dovecot22 fixes the following issues:
- CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922).
- CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923).
ImportantSUSE bug 1174922SUSE bug 1174923CVE-2020-12673 at SUSECVE-2020-12673 at NVDCVE-2020-12674 at SUSECVE-2020-12674 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for grub2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for grub2 fixes the following issues:
- CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).
- Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745).
ImportantSUSE bug 1172745SUSE bug 1174421CVE-2020-15705 at SUSECVE-2020-15705 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
- CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
- CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).
ImportantSUSE bug 1174633SUSE bug 1174635SUSE bug 1174638CVE-2020-14345 at SUSECVE-2020-14345 at NVDCVE-2020-14346 at SUSECVE-2020-14346 at NVDCVE-2020-14347 at SUSECVE-2020-14347 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573).
- CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574).
ImportantSUSE bug 1174910SUSE bug 1174913CVE-2020-14361 at SUSECVE-2020-14361 at NVDCVE-2020-14362 at SUSECVE-2020-14362 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
ModerateSUSE bug 1175070SUSE bug 1175071SUSE bug 1175072CVE-2020-11985 at SUSECVE-2020-11985 at NVDCVE-2020-11993 at SUSECVE-2020-11993 at NVDCVE-2020-9490 at SUSECVE-2020-9490 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
CVE-2019-17639
* Class Libraries:
- JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
- JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
- TRANSLATION MESSAGES UPDATE FOR JCL
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Java Virtual Machine:
- IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
- LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
* JIT Compiler:
- CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
IN DEBUGGING MODE
- INTERMITTENT ASSERTION FAILURE REPORTED
- CRASH IN RESOLVECLASSREF() DURING AOT LOAD
- JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
- SEGMENTATION FAULT WHILE COMPILING A METHOD
- UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
APPLICATION ON IBM Z PLATFORM
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
- CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
- IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH
DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
- IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
KEYFACTORY CLASS
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for nodejs6 (Important)SUSE OpenStack Cloud Crowbar 9
This update for nodejs6 to version 6.17.1 fixes the following issues:
Security issues fixed:
- CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing
an arbitrary path overwrite and access via 'bin' field (bsc#1159352).
ImportantSUSE bug 1159352CVE-2019-16775 at SUSECVE-2019-16775 at NVDCVE-2019-16776 at SUSECVE-2019-16776 at NVDCVE-2019-16777 at SUSECVE-2019-16777 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for squid (Critical)SUSE OpenStack Cloud Crowbar 9
This update for squid fixes the following issues:
- CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671).
- CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665).
- CVE-2020-15810: Enforce token characters for field-name (bsc#1175664).
CriticalSUSE bug 1175664SUSE bug 1175665SUSE bug 1175671CVE-2020-15810 at SUSECVE-2020-15810 at NVDCVE-2020-15811 at SUSECVE-2020-15811 at NVDCVE-2020-24606 at SUSECVE-2020-24606 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libX11 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for libX11 fixes the following issues:
- CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239).
ModerateSUSE bug 1175239CVE-2020-14363 at SUSECVE-2020-14363 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621
CVE-2020-14593 CVE-2020-14583 CVE-2019-17639
* Class Libraries:
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
- Mozilla Firefox ESR 78.2
MFSA 2020-38 (bsc#1175686)
* CVE-2020-15663 (bmo#1643199)
Downgrade attack on the Mozilla Maintenance Service could
have resulted in escalation of privilege
* CVE-2020-15664 (bmo#1658214)
Attacker-induced prompt for extension installation
* CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
bmo#1656957)
Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- Fixed Firefox tab crash in FIPS mode (bsc#1174284).
- Fix broken translation-loading. (bsc#1173991)
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes
- Google API key is not usable for geolocation service any more
ModerateSUSE bug 1173991SUSE bug 1174284SUSE bug 1175686CVE-2020-15663 at SUSECVE-2020-15663 at NVDCVE-2020-15664 at SUSECVE-2020-15664 at NVDCVE-2020-15670 at SUSECVE-2020-15670 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
- cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
- cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
- cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127).
- ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
- ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
- ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
- ipvs: fix the connection sync failed in some cases (bsc#1174699).
- kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
- kabi: mask changes to struct ipv6_stub (bsc#1165629).
- mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
- ocfs2: add trimfs dlm lock resource (bsc#1175228).
- ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix remounting needed after setfacl command (bsc#1173954).
- ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
- ocfs2: load global_inode_alloc (bsc#1172963).
- ocfs2: load global_inode_alloc (bsc#1172963).
- powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
- powerpc/pseries: PCIE PHB reset (bsc#1174689).
- Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b.
- Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47.
- scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978).
- selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
- Update patch reference for a tipc fix patch (bsc#1175515)
- x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
- xen: do not reschedule in preemption off sections (bsc#1175749).
ImportantSUSE bug 1058115SUSE bug 1071995SUSE bug 1144333SUSE bug 1154366SUSE bug 1165629SUSE bug 1171988SUSE bug 1172428SUSE bug 1172963SUSE bug 1173798SUSE bug 1173954SUSE bug 1174205SUSE bug 1174689SUSE bug 1174699SUSE bug 1174757SUSE bug 1174784SUSE bug 1174978SUSE bug 1175112SUSE bug 1175127SUSE bug 1175213SUSE bug 1175228SUSE bug 1175515SUSE bug 1175518SUSE bug 1175691SUSE bug 1175749SUSE bug 1176069CVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24394 at SUSECVE-2020-24394 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for shim (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for shim fixes the following issues:
- Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)
This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by
disallowing binaries signed by the previous SUSE UEFI signing key from booting.
This update should only be installed after updates of grub2, the Linux kernel and (if used)
Xen from July / August 2020 are applied.
Additional fixes:
+ shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
ModerateSUSE bug 1168994SUSE bug 1175626SUSE bug 1175656CVE-2020-10713 at SUSECVE-2020-10713 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libsolv (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for libsolv fixes the following issues:
This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.
libsolv was updated to version 0.6.36 fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
ModerateSUSE bug 1120629SUSE bug 1120630SUSE bug 1120631SUSE bug 1127155SUSE bug 1131823SUSE bug 1137977CVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for perl-DBI (Important)SUSE OpenStack Cloud Crowbar 9
This update for perl-DBI fixes the following issues:
Security issues fixed:
- CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412).
- CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409).
ImportantSUSE bug 1176409SUSE bug 1176412CVE-2020-14392 at SUSECVE-2020-14392 at NVDCVE-2020-14393 at SUSECVE-2020-14393 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rack (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rack to version 1.6.13 fixes the following issues:
- CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1173351).
- CVE-2020-8161: Fixed a directory traversal (bsc#1172037).
- CVE-2019-16782: Fixed an information leak / session hijack vulnerability (bsc#1159548).
ModerateSUSE bug 1159548SUSE bug 1172037SUSE bug 1173351CVE-2019-16782 at SUSECVE-2019-16782 at NVDCVE-2020-8161 at SUSECVE-2020-8161 at NVDCVE-2020-8184 at SUSECVE-2020-8184 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionview-4_2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionview-4_2 fixes the following issues:
- CVE-2020-15169: Fix cross-site scripting in translation helpers (bsc#1176421)
ImportantSUSE bug 1176421CVE-2020-15169 at SUSECVE-2020-15169 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091).
- CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface
could have led to denial of service (bsc#1173274).
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
- CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).
- If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).
ImportantSUSE bug 1088004SUSE bug 1088009SUSE bug 1130840SUSE bug 1141853SUSE bug 1149955SUSE bug 1153238SUSE bug 1162423SUSE bug 1173274SUSE bug 1174091SUSE bug 1174701CVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ovmf (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ovmf fixes the following issues:
- CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476).
- Use openSUSE CA for the opensuse flavor (bsc#1175674)
ModerateSUSE bug 1175476SUSE bug 1175674CVE-2019-14562 at SUSECVE-2019-14562 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Important)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established
a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
(CVE-2020-1472, bsc#1176579).
- Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369).
- Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120);
ImportantSUSE bug 1174120SUSE bug 1174316SUSE bug 1176579CVE-2020-1472 at SUSECVE-2020-1472 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libqt5-qtbase (Important)SUSE OpenStack Cloud Crowbar 9
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315)
- Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515)
ImportantSUSE bug 1172515SUSE bug 1176315CVE-2020-17507 at SUSECVE-2020-17507 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
-Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)
- CVE-2020-15677: Download origin spoofing via redirect
- CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a
contenteditable element
- CVE-2020-15678: When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-free scenario
- CVE-2020-15673: Fixed memory safety bugs
- Enhance fix for wayland-detection (bsc#1174420)
- Attempt to fix langpack-parallelization by introducing separate
obj-dirs for each lang (bsc#1173986, bsc#1167976)
ImportantSUSE bug 1167976SUSE bug 1173986SUSE bug 1174420SUSE bug 1176756CVE-2020-15673 at SUSECVE-2020-15673 at NVDCVE-2020-15676 at SUSECVE-2020-15676 at NVDCVE-2020-15677 at SUSECVE-2020-15677 at NVDCVE-2020-15678 at SUSECVE-2020-15678 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2020-25602: Fixed an issue where there was a crash when
handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)
- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path
(bsc#1176341,XSA-334)
- CVE-2020-25604: Fixed a race condition when migrating timers between x86
HVM vCPU-s (bsc#1176343,XSA-336)
- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)
- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)
- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)
- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)
- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)
- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)
- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)
- CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534).
- Various bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1175534SUSE bug 1176339SUSE bug 1176343SUSE bug 1176344SUSE bug 1176345SUSE bug 1176346SUSE bug 1176347SUSE bug 1176348SUSE bug 1176349SUSE bug 1176350CVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for perl-DBI (Important)SUSE OpenStack Cloud Crowbar 9
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).
- CVE-2013-7490: Fixed memory corruption when using many arguments
to methods for CallbacksUsing (bsc#1176496).
ImportantSUSE bug 1176496SUSE bug 1176764CVE-2013-7490 at SUSECVE-2013-7490 at NVDCVE-2019-20919 at SUSECVE-2019-20919 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_0-openjdk fixes the following issues:
- java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157)
- JDK-8028431, CVE-2020-14579: NullPointerException in
- DerValue.equals(DerValue)
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
- sun.security.util.DerInputStream.getUnalignedBitString()
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8238925: Enhance WAV file playback
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
- JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c
- JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError
- JDK-8077982: GIFLIB upgrade
- JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions
- JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded'
- JDK-8155691: Update GIFlib library to the latest up-to-date
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
- JDK-8203190: SessionId.hashCode generates too many collisions
- JDK-8217676: Upgrade libpng to 1.6.37
- JDK-8220495: Update GIFlib library to the 5.1.8
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- JDK-8229899: Make java.io.File.isInvalid() less racy
- JDK-8230597: Update GIFlib library to the 5.2.1
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
ImportantSUSE bug 1174157CVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon (Critical)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon fixes the following issues:
Security changes on this update:
grafana:
- CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple XSS
vulnerabilities, caused by an incomplete fix for CVE-2018-12099
(bsc#1172450).
- CVE-2020-11110: Fixed a stored XSS in dashboard snapshots (bsc#1174583).
openstack-nova:
- CVE-2020-17376: Fixed an information leak during live migration
(bsc#1175484).
python-Flask-Cors:
- CVE-2020-25032: Fixed a potential information leak through path
traversal (bsc#1175986).
rubygem-crowbar-client:
- CVE-2018-17954: Fixed an issue where provision leaks admin password to all nodes in cleartext (bsc#1117080)
Non security changes on this update:
Changes in ardana-ansible:
- Ensure that installing SOC 9 triggers removal of any existing
ardana-freezer package, which is not available for SOC 9 (SOC-9779)
- Update to version 9.0+git.1596813072.110811d:
* Update the Swift XFS inode size check (SOC-10300)
- Update to version 9.0+git.1596487185.d56da1b:
* Remove lingering Cloud9 development hack (SOC-5480)
- Update to version 9.0+git.1596479802.67906d5:
* Enable SLE12 SP3 LTSS for SMT deployments (SOC-11223)
- Update to version 9.0+git.1596209332.4ce15a6:
* Fix upgrade validations Keystone V3 check target (SOC-10300)
Changes in ardana-cinder:
- Update to version 9.0+git.1596129576.0b3d3ce:
* Install python-swiftclient as cinder-backup dependency (SOC-11364)
Changes in ardana-cobbler:
- Update to version 9.0+git.1588258487.3acf8ad:
* Rip out unsupported distributions (SOC-9008)
Changes in ardana-installer-ui:
- Ensure SOC 9 package obsoletes HOS 8 equivalent package (SOC-11184)
Changes in ardana-opsconsole-ui:
- Add BuildRequires for ardana-devel so that the ardana_description
macro is defined.
- Ensure SOC 9 package obsoletes HOS 8 equivalent package (SOC-11184)
Changes in ardana-osconfig:
- Update to version 9.0+git.1597427032.a062830:
* Check for HOS 8 release package being installed (SOC-11184)
Changes in crowbar-core:
- Update to version 6.0+git.1598519900.770074aa7:
* upgrade: Allow transition from crowbar_upgrade to rebsct (trivial)
Changes in grafana:
- BuildRequire go1.14 explicitly
- Add recompress source service
- Add go_modules source service to create vendor.tar.gz
containing 3rd party go modules.
- Adjust spec to work for Grafana-6.7.4
- Adjust Makefile to work for Grafana-6.7.4
- Remove CVE-2019-15043.patch (merged upstream)
- Remove CVE-2020-13379.patch (merged upstream)
- Remove 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
(merged upstream)
- Update to version 6.7.4 (bsc#1172450, CVE-2018-18623,
CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110)
* Only allow 32 hexadecimal digits for the avatar hash
* 6.7.3 cherry-picks (#23808)
* Fix CI for pushing a multi-architecture manifest (#23327)
* AzureMonitor: Fix Log Analytics and Application Insights
for Azure China (#21803) (#22753)
* Revert 'grafana/data: PanelTypeChangedHandler API update
to use PanelModel instead of panel options object
[BREAKING] (#22754)'
* Bumped version
* Snapshots: Sanitize orignal url (#23254)
* Plugins: Expose promiseToDigest (#23249)
* Variables: Do not update variable from url when value is
the same (#23220)
* DashboardSave: Add new dashboard check (#23104)
* Fix: reverted back to `import * as module` instead of
using namespaces (#23069)
* BackendSrv: Adds config to response to fix external
plugins that use this (#23032)
* DataLinks: make sure we use the correct datapoint when
dataset contains null value. (#22981)
* Fix mysterious Babel plugin errors (#22974)
* Select: Fixed select text positition (#22952)
* grafana/data: PanelTypeChangedHandler API update to use
PanelModel instead of panel options object [BREAKING]
(#22754)
* Docs: Fix Broken Link (#22894)
* Panels: Fixed size issue with panels when existing panel
edit mode (#22912)
* Azure: Fixed dropdowns not showing current value (#22914)
* BackendSrv: only add content-type on POST, PUT requests
(#22910)
* Check if the datasource is of type loki using meta.id
instead of name. (#22877)
* CircleCI: Pin grabpl to 0.1.0 (#22904)
* Design tweaks (#22886)
* Rich history UX fixes (#22783)
* AzureMonitor: support workspaces function for template
variables (#22882)
* SQLStore: Add migration for adding index on
annotation.alert_id (#22876)
* Plugins: Return jsondetails as an json object instead of
raw json on datasource healthchecks. (#22859)
* Backend plugins: Exclude plugin metrics in Grafana's
metrics endpoint (#22857)
* Graphite: Fixed issue with query editor and next select
metric now showing after selecting metric node (#22856)
* Stackdriver: Fix GCE auth bug when creating new data
source (#22836)
* @grafana/runtime: Add cancellation of queries to
DataSourceWithBackend (#22818)
* Rich history: Test coverage (#22852)
* Datasource config was not mapped for datasource
healthcheck (#22848)
* upgrades plugin sdk to 0.30.0 (#22846)
* Rich History: UX adjustments and fixes (#22729)
* TablePanel: Enable new units picker (#22833)
* Fix dashboard picker's props (#22815)
* Grafana-UI: Add invalid state to Forms.Textarea (#22775)
* SaveDashboard: Updated modal design/layout a bit (#22810)
* Forms: Fix input suffix position (#22780)
* AngularPanels: Fixed inner height calculation (#22796)
* Fix: fixes issue with headers property with different
casing (#22778)
* DataSourceWithBackend: use /health endpoint for test
(#22789)
* Chore: remove expressions flag and allow (#22764)
* Core: Pass the rest of to props to Select (#22776)
* Add support for sending health check to datasource
plugins. (#22771)
* Datasource: making sure we are having the same data field
order when using mixed data sources. (#22718)
* DashboardSave: Autofocus save dashboard form input
(#22748)
* @grafana/e2e: cherry picked
4fecf5a7a65f5b7b4c03fefb9a3da15cee938f02 (#22739)
* CircleCI: Implement new release pipeline (#22625)
* Toolkit: use fs-extra instead of fs (#22723)
* What's new docs for 6.7 release (#22721)
* Backend Plugins: use sdk v0.26.0 (#22725)
* PanelInspector: Add Stats Tab (#22683)
* Revert 'Graph: Improve point rendering performance
(#22610)' (#22716)
* Docs: add rendering configuration in reporting (#22715)
* reverting the changes that failed the e2e tests. (#22714)
* Remove multiple occurrences of 'before' (#22710)
* Datasources: Update dashboards (#22476)
* API: Fix redirect issues (#22285)
* Explore: adds QueryRowErrors component, moves error
display to QueryRow (#22438)
* RichHistory: Design Tweaks (#22703)
* Modals: Unify angular/react modals backdrop color (#22708)
* Graphite: Don't issue empty 'select metric' queries
(#22699)
* support duplicate field names in arrow format (#22705)
* UX: Update new form styles to dark inputs (#22701)
* Docs: Grammar corrections
* Docs: Overcoming Grammatical errors (#22707)
* Pass dashboard via angular directive (#22696)
* Docs: Replace 'API' by 'Integration' key for PagerDuty
(#22639)
* Docs: Edited Enterprise docs (#22602)
* CloudWatch: Expand alias variables when query yields no
result (#22695)
* Dependency: sdk's dataframe package renamed to data
(#22700)
* @grafana/e2e: include Cypress tsconfig in published
package (#22698)
* Graphite: Update config editor (#22553)
* @grafana/e2e: fix runtime ts-loader errors with Cypress
support files (#22688)
* Docs: Add version note about Azure AD OAuth2 (#22692)
* StatPanel: Return base color when there is no value set
(#22690)
* Send jsondata for Datasources on DatasourceConfig for
backend plugins (#22681)
* Explore: Rich History (#22570)
* XSS: Fixed history XSS issue (#22680)
* Fix caching problem (#22473)
* on update for checkbox and switch (#22656)
* Notification Channel: Make test button wider (#22653)
* Backend plugins: Updates due to changes in SDK (#22649)
* Make sure commit hook in FieldPropertiesEditor is
invalidated when value changes (#22673)
* Docs: Plugin.json: Fix property descriptions, add missing
properties, add example (#22281)
* Alerting: Fixed bad background color for default
notifications in alert tab (#22660)
* Webpack: Updated terser plugin (#22669)
* Core: DashboardPicker improvements (#22619)
* Storybsck: Forms.Form docs (#22654)
* Templating: Migrates some variable types from Angular to
React/Redux (#22434)
* Grafana UI: Fix Forms.Select onChangeWithEmpty (#22647)
* Azure Monitor: Fix app insights source to allow for new
__timeFrom and __timeTo (#21879)
* @grafana/e2e: install necessary dependencies for published
package (#22657)
* DashboardSave: Correctly overwrite dashboard when saving
(#22650)
* StatPanel: Fixes base color is being used for null values
(#22646)
* FieldOverrides: Add value mappings editor to standard
config properties registry (#22648)
* Docs: Update gauge.md (#22637)
* Docs: Create Intro grafana (#22522)
* Toolkit: wrap plugin signing stub with error checking
(#22626)
* @grafana/e2e: fix empty bundle files (#22607)
* Toolkit: include a github release utility (#22520)
* Rendering: Have phantomjs wait a bit before rendering to
give fonts a change to load (#22623)
* Cascader: Do not override default width behavior (#22620)
* Update documentation-style-guide.md (#22581)
* Adds signed in user to backend v2 plugins requests
(#22584)
* CloudWatch: updated namespaces - Athena, DocDB, and
Route53Resolver (#22604)
* Graph: Improve point rendering performance (#22610)
* Alerting: Fix state age test failures (#22606)
* Docs: Update image_rendering.md (#22586)
* UI: Segment improvements (#22601)
* remove section about alias imports (#22585)
* Backend Plugins: Support handling of streaming resource
response (#22580)
* Stackdriver: Migrate GCE default project (#22593)
* Toolkit: plugin ci needs to cooperate better with
make/mage (#22588)
* surround CloudWatch dimension names with double quotes
(#22222)
* Fix: when reloading page make sure that time picker
history is converted to dateTime.
* Core: add active users stat (#22563)
* Chore: Modules tidy and vendor (#22578)
* Loki: use series API for stream facetting (#21332)
* Testing code owners for backend code (#22572)
* Azure Monitor: config editor updates, update sameas
switch, fix test snaps (#22554)
* Grafana-UI: Use value for Radio group id (#22568)
* Chore: fix moment import in alerting tests (#22567)
* avoid aliased import in cli (#22566)
* Chore: Avoid aliasing importing models in api package
(#22492)
* ShareModal: able to extend tabs (#22537)
* Tests: fix alerting reducers tests (#22560)
* Logs: Improve log level guess (#22094)
* DataSourceWithBackend: apply template variables (#22558)
* @grafana/e2e: added support for plugin repositories
(#22546)
* Add fallback to search_base_dns if group_search_base_dns
is undefined. (#21263)
* Docs: Added a Markdown Style Guide (#22425)
* Old AsyncSelect: Add story (#22536)
* Chore: add missing aria-label for rendered panel image
(e2e tests) (#22543)
* Form migrations: Dashboard- and TimeZonePicker (#22459)
* Migration: Share dashboard/panel modal (#22436)
* Revert 'Select: scroll into view when navigate with
up/down arrows (#22503)' (#22535)
* Backend plugins: Prepare and clean request headers before
resource calls (#22321)
* Cascader: Add size for input (#22517)
* ArrowDataFrame: allow empty results (#22524)
* Migration: Save dashboard modals (#22395)
* Toolkit: don't clean dist folder before build (#22521)
* Docs: Add Storybsck guidelines (#22465)
* Docs: Removed menu links to SDK Reference until we are
ready for 7.0 (#22509)
* Stackdriver: Project selector (#22447)
* Select: scroll into view when navigate with up/down arrows
(#22503)
* Elastic: To get fields, start with today's index and go
backwards (#22318)
* API: Include IP address when logging request error
(#21596)
* chore: avoid aliasing imports in services (#22499)
* Grafana-UI: add storysource addon to Storybsck (#22490)
* canary 404 previous versions (#22495)
* Fix Dockerfile lint errors (#22496)
* Migration: Invite Signup (#22437)
* Core: add hideFromMenu for child items (#22494)
* Dashboard: Adds support for a global minimum dashboard
refresh interval (#19416)
* CI: Deploy enterprise image (#22488)
* changelog: adds note about breaking change (#22480)
* chore: avoid alias for models in plugins (#22483)
* chore: avoid aliasing models in middleware (#22484)
* Grafana UI: Add missing argument (#22487)
* NewPanelEditor: Angular panel options, and angular
component state to redux major change (#22448)
* @grafana/ui: Create slider component (#22275)
* Icons: add reports icon (#22445)
* Panel inspect: Horizontal scrolling in Data table (#22245)
* Alerting: Fixed the issue/bug of diff and percent_diff
functions *Breaking change* (#21338)
* App Plugins: support react pages in nav (#22428)
* Optimized package.json files (#22475)
* Toolkit: add junit reporting and jest.config.js to plugin
build (#22450)
* Grafana UI: Add forwardRef (#22466)
* Docs: Update Getting started (#22422)
* pkg/api/pluginproxy: Access token provider should handle
access tokens without ExpiresOn field (#19928)
* Documentation: Specify usage of datasource whitelist
(#22412)
* Form: Allow default values updates (#22435)
* NewPanelEditor: Wait a bit before resending query result
on panel editor exit (#22421)
* Grafana-UI: update date picker (#22414)
* grafana-cli: Upgrade to urfave/cli v2 (#22402)
* Docs: adding first version of the auto-generated packages
API docs. (#22107)
* NewPanelEditor: Panel edit tweaks (#22415)
* Core: Make application title customizable for WL (#22401)
* Fix: making select to return empty list when no values are
selected in multivalue mode.
* Fix: Added missing 'remove'-icon for light theme.
* Docs: adding API reference documentation support for the
packages libraries. (#21931)
* Accessibility: Makes tag colors more accessible (#22398)
* Admin: fix images on license page (#22413)
* DataSourceWithBackend: Add a get/post resource standard
path (#22408)
* Docs: Fix examples, grammar, add links (#22406)
* Docs: Add links, fix grammar, formatting, wording (#22381)
* Changelog: adds missing enterprise features (#22399)
* Docs: Add info on active LDAP sync (#22347)
* Docs: Fixed formatting issue in new stat docs (#22390)
* @grafana/toolkit: completed support for source maps in
plugin builds (#22379)
* UX: BackButton left arrow icon (#22369)
* Scrollbar: Show scrollbar on only on hover (#22386)
* NewPanelEditor: Fixed cleanup that could cause crash
(#22384)
* Theme: Fixed bug in sass file (#22382)
* Alerting: Don't include image_url field with Slack message
if empty (#22372)
* Docs: New doc pages for panels Stat, Gauge & Bar Gauge
(#22335)
* Docs: Update front-end style guide (#22197)
* Chore: Update latest.json (#22345)
* CircleCI: Fix publishing of releases (#22342)
* Changelog: v6.6.2 (#22341)
* CircleCI: Switch to new master build pipeline (#22158)
* Docs: Update white-labeling.md (#22224)
* Webpack: Upgrade terser webpack plugin (#22332)
* grafana/ui: Export TextArea under Forms namespace (#22328)
* Suggesting couple of changes to the document (#22298)
* Correcting Line 22 (#22292)
* Docs: Fix 'enable' steps formatting (#22324)
* [Docs] Improvised instructions for adding data source.
(#22305)
* DashLinks: Add pull right to dropdown menu (#22233)
* Migration: User invite (#22263)
* Select: Fix focus issue and remove select container
(#22309)
* Annotations: Call panel refresh when table transform
changes to annotations (#22323)
* Docs: Couple of changes to the document (#22291)
* Docs: Typo correction in Line 19 (#22297)
* Rendering: Store render key in remote cache (#22031)
* Backend Plugins: Provide proper plugin config to plugins
(#21985)
* New panel edit: data links tweaks (#22304)
* Metrics: Add gauge for requests currently in flight
(#22168)
* OAuth: Enforce auto_assign_org_id setting when role
mapping enabled using Generic OAuth (#22268)
* CircleCI: Upgrade Ubuntu base image to 19.10 also for
enterprise (#22315)
* CI: check ubuntu and alpine images with trivy (#22314)
* Docker: Upgrade Ubuntu to 19.10 (#22306)
* grafana/data: runtime dependencies moved from
devDependencies (#22283)
* PanelInspector: Fixed issue in panel inspector (#22302)
* grafana/ui: Add basic horizontal and vertical layout
components (#22303)
* Field Config Editors: Remove namespacing from standard
field config editors (#22296)
* CircleCI: Increase nodejs max memory (#22295)
* Update rpm.md (#22284)
* FieldConfigs: String select type & cell display mode added
to table panel (#22274)
* LinkSrv: Add newlines so I can read code
* Docs: Fix TestData docs (#22279)
* API: Improve recovery middleware when response already
been written (#22256)
* Update mac.md (#22280)
* @grafana/toolkit: lint fix option now writes changes to
disk (#22278)
* Docs: minor fixes (#22223)
* Reorder cipher suites for better security (#22101)
* Docs: Minor typo fix (#22221)
* NewPanelEdit: Add back datalinks and new table panel fix
(#22267)
* Prometheus: Implement region annotation (#22225)
* Table: Fixed header alignment (#22236)
* Data proxy: Log proxy errors using Grafana logger (#22174)
* TimePicker: fixing weird behavior with calendar when
switching between months/years (#22253)
* Update timeseries.md (#20795)
* Auth: Don't rotate auth token when requests are cancelled
by client (#22106)
* Elastic: Map level field based on config. (#22182)
* Sqlstore: guard against getting a dashboard without
specifying identi… (#22246)
* Migrations: Signup page (#21514)
* Storybsck: Add color theme and theme switcher (#22005)
* NewPanelEditor: Making angular panels reuse data and
render on edit mode enter (#22229)
* PanelEdit: Title tweaks (#22237)
* NewPanelEdit: Minor changes (#22239)
* Chore: Fixed strict null errors (#22238)
* NewPanelEditor: Thresholds v2 (#22232)
* Toolkit: support sass style for plugins (#22235)
* add CloudWatch Usage Metrics (#22179)
* FieldOverrides: Fix issue with same series name for every
display value (#22234)
* Inspector: find the datasource from the refId, not the
metadata (#22231)
* New panel editor: Persist panel editor ui state (#22210)
* Toolkit: don't create declaration files for plugins (by
default) (#22228)
* Docs: Update windows.md (#22185)
* Docs: Add linking topic (#21986)
* Docs: Refactored Enterprise side menu (#22189)
* CircleCI: Push master Docker images without revision in
tag (#22218)
* Alerting: Update the types of recipient supported by the
Slack notifier (#22205)
* docs: change URL occurences to uppercase (#22151)
* Docs: Fix link for provisioning data sources (#22159)
* DevEnv: update frontend dependencies - tests (#22140)
* DevEnv: update frontend dependencies - type definitions
(#22141)
* Make Explore panel link work when grafana served from sub
url (#22202)
* DevEnv: update frontend dependencies - node (#22139)
* API: Fix redirect issue when configured to use a subpath
(#21652)
* Inspect: Inspect header design update (#22120)
* FieldOverrides: FieldOverrides UI (#22187)
* Azure OAuth: enable teamsync (#22160)
* Docs: Organize basic concepts and getting started (#21859)
* FieldOverides: apply field overrides based on
configuration (#22047)
* Docs: Suggesting few changes to the doc (#22115)
* Docs: Update phrasing line 35 (#22152)
* Docs: Correcting Typo in Line131 (#22155)
* Dashboard: fixed padding inconsistency
* BackendSrv: Fixes a stupid mistake with a missing return
(#22177)
* PanelEdit: Fixed timing and state related issues (#22131)
* Elastic: Replace range as number not string (#22173)
* change sync target branch to master (#21930)
* e2e: Fixed issue with aria label (#22166)
* Fix: Do not remove whitespace in PanelLink url (#22087)
* React Migration: Migrates FolderPicker from angular to
react (#21088)
* Auth: Azure AD OAuth (#20030)
* DevEnv: update frontend dependencies - grunt (#22136)
* Bugfix: updates cloudwatch query editor test async render
to prevent it from throwing error (#22150)
* NewPanelEdit: Design tweaks (#22156)
* TestData: Update streaming.json (#22132)
* DevEnv: update frontend dependencies - babel (#22135)
* Docs: Fix port config list formatting (#22113)
* Explore: Refactor active buttons css (#22124)
* Forms/Switch: Simplifies and adjusts CSS/Markup (#22129)
* Datasource/Loki: Fixes issue where live tailing displayed
date as invalid (#22128)
* NewPanelEditor: Fixed issue going back to dashboard after
pull page reload (#22121)
* Loki, Prometheus: Fix PromQL and LogQL syntax highlighting
(#21944)
* NewPanelEdit: Added visualization tab / selection view
(#22117)
* Increase ts fork check mem limit (#22118)
* NewPanelEditor: Panel editor tabs in state (url) (#22102)
* Delete report.20200209.125304.14262.0.001.json
* Annotation & Alerts: Makes various annotation and alert
requests cancelable (#22055)
* Select zindex (#22109)
* Docs: Add doc templates (#21927)
* Fix mentioning Slack users/groups (#21734)
* Docs: Update rules.md (#21989)
* Docs: Update metrics.md (#21988)
* Docs: Update dashboard.md (#21951)
* Docs: Added release notes tag (#22012)
* Forms/RadioButtonGroup: Improves semantics and simplifies
CSS (#22093)
* Docs: add LDAP active sync limitation for single bind
configuration (#22098)
* Docs: Update behind_proxy.md to include HTTPS and URL
rewrite example (#21832)
* DataLinks: Avoid null exception in new edit mode (#22100)
* Docs: Image rendering improvements (#22084)
* Fix display of multiline logs in log panel and explore
(#22057)
* Fix/add width to toggle button group (#21924)
* NewPanelEditor: Introduce redux state and reducer
(#22070)
* Prometheus: make $__range more precise (#21722)
* New panel edit: data links edit (#22077)
* Docs: fix minor typos in datasources.md (#22092)
* Toolkit: add a warning about tslint migration (#22089)
* Read `target` prop from the links in the footer (#22074)
* CircleCI: Publish enterprise Docker dev image for new
master pipeline (#22091)
* CircleCI: Include build ID in version for new master
pipeline (#22013)
* Alerting: Handle NaN in reducers (#22053)
* Toolkit: create manifest files for plugins (#22056)
* Backend Plugins: make transform work again (#22078)
* Docs: Fix broken link (#22010)
* Docs: Fix formatting typo (#22067)
* CircleCI: Publish enterprise ARM variants from master
pipeline (#22011)
* Chore: Adds cancellation to backendSrv request function
(#22066)
* Dashboard: Move some plugin & panel state to redux
(#22052)
* Docs: Clarify that extraction of zip is required to
install plugin (#22061)
* Chore: Fixes non utc tests (#22063)
* Grafana ui/time of day picker ui improvements (#21950)
* Links: Assure base url when single stat, panel and data
links are built (#21956)
* BackendSrv: Returns correct error when a request is
cancelled (#21992)
* Make zoom and time shift work after emmitter change
(#22051)
* New Editor: refresh when time values change (#22049)
* New Editor: Add ValuePicker for overrides selection
(#22048)
* Collapse: add a controlled collapse (#22046)
* Cascader: Fix issue where the dropdown wouldn't show
(#22045)
* New Editor: add display modes to fix ratio with actual
display (#22032)
* Chore: Use forwardRef in ButtonSelect (#22042)
* DashNavTimeControls: remove $injector and rootScope from
time picker (#22041)
* New panel edit: field overrides ui (#22036)
* Select: Portaling for Select (#22040)
* New Select: Fix the overflow issue and menu positioning
(#22039)
* Upgrade: React layout grid upgrade (#22038)
* PanelChrome: Use react Panel Header for angular panels.
(#21265)
* New Editor: add a tabs row for the query section (#22037)
* New Editor: use unit picker (#22033)
* Dashboard: Refactor dashboard reducer & actions (#22021)
* New panel editor: Add title editor (#22030)
* UnitPicker: Use the new Cascader implementation (#22029)
* FieldEditor: extendable FieldConfig UI (#21882)
* Cascader: Add enable custom value (#21812)
* New panel edit: support scrolling (#22026)
* Thresholds: get theme from context automatically (#22025)
* New Panel Edit: works for panels with and without queries
(#22024)
* PanelEditor: use splitpane for new editor (#22022)
* Select: Fixed allow custom value in
Select/UnitPicker/Segment/AsyncSegment (#22018)
* Chore: export arrow dataframe utilities (#22016)
* TSLint → ESLint (#21006)
* Docker: Publish enterprise image with master-commit tag
(#22008)
* Chore: Resolve random failure with golangci-lint (#21970)
* New panel edit: don't query when entering edit mode
(#21921)
* Fix bad grammar in Dashboard Link page (#21984)
* Update documentation-style-guide.md (#21736)
* Prometheus: Allow sub-second step in the prometheus
datasource (#21861)
* Update latest.json versions to 6.6.1 (#21972)
* Change log for 6.6.1 (#21969)
* Datasource: updates PromExploreQueryEditor to prevent it
from throwing error on edit (#21605)
* Explore: Adds Loki explore query editor (#21497)
* @grafana/ui: Fix displaying of bars in React Graph
(#21968)
* Prometheus: Do not show rate hint when increase function
is applied (#21955)
* Elastic: Limit the number of datapoints for the counts
query (#21937)
* Storybsck: Update categories (#21898)
* Quota: Makes sure we provide the request context to the
quota service (#21949)
* Docs: Documentation for 6.6 Explore and Logs panel
features (#21754)
* Annotations: Change indices and rewrites annotation find
query to improve database query performance (#21915)
* Prometheus: Fixes default step value for annotation query
(#21934)
* Dashboard edit: Fix 404 when making dashboard editable
* Publish from new master pipeline (#21813)
* Metrics: Adds back missing summary quantiles (#21858)
* delete redundant alias (#21907)
* grafana/ui: Fix displaying of bars in React Graph (#21922)
* Docs: Added developer-resources.md (#21806)
* Fix formatting (#21894)
* New Select: Blur input on select (#21876)
* Fix/add default props to prom query editor (#21908)
* Graph Panel: Fixed typo in thresholds form (#21903)
* Disable logging in button (#21900)
* DatasourceEditor: Add UI to edit custom HTTP headers
(#17846)
* Datasource: Show access (Browser/Server) select on the
Prometheus datasource (#21833)
* Docs: Update dashboard.md (#21896)
* Docs: Update dashboard.md (#21200)
* Docs: Make upgrading instructions for Docker work (#21836)
* deps so can mock in tests (#21827)
* Templating: Add new global built-in variables (#21790)
* Fix: Reimplement HideFromTabs in Tabs component (#21863)
* grafana/data: Remove unused PanelSize interface (#21877)
* New Select: Extend creatable select api (#21869)
* Backend plugins: Implement support for resources (#21805)
* Docker: change plugin path in custom docker (#21837)
* Image Rendering: Fix render of graph panel legend aligned
to the right using Grafana image renderer plugin/service
(#21854)
* Docs: Update _index.md (#21700)
* grafana/toolkit: Fix failing linter when there were lint
issues (#21849)
* DatasourceSettings: Fixed issue navigating away from data
source settings page (#21841)
* AppPageCtrl: Fix digest issue with app page initialisation
(#21847)
* Explore: adds basic tests to TableContainer checking the
render and output on 0 series returned
* Explore: adds MetaInfoText tests
* Explore: adds export of MetaItem and its props
* Explore: updates TableContainer to use MetaInfoText
component
* Explore: updates Logs component to use MetaInfoText
component
* Explore: adds MetaInfoText component
* Explore: removes unnecessary styles for panel logs
* Explore: updates Table container render to avoid rendering
table on empty result
* Explore: updates explore table container to show a span on
0 series returned
* docs/cli: Fix documentation of reset-admin-password with
--homepath (#21840)
* Replace ts-loader with Babel (#21587)
* Docs: Add information about license expiration (#21578)
* Fix digest issue with query part editor's actions menu
(#21834)
* Graphite: Fixed issue with functions with multiple
required params and no defaults caused params that could
not be edited (groupByNodes groupByTags) (#21814)
* TimePicker: Should display in kiosk mode (#21816)
* Chore: Upgrade Storybsck to 5.3.9 (#21550)
* Table: Make the height of the table include header cells
(#21824)
* StatPanels: Fixed migration from old singlestat and
default min & max being copied even when gauge was disbled
(#21820)
* Docs: Update docker image run and configuration
instructions (#21705)
* DataFrame: update golden test files (#21808)
* Docs: Alphabetize datasource names in sidebar under
docs/Features/DataSources (#21740)
* Inspect: Add error tab (#21565)
* Select: Fix direct usages of react-select to make the
scroll great again (#21822)
* TablePanel: display multi-line text (#20210)
* Fixed strict errors (#21823)
* Fix: prevents the BarGauge from exploding when the
datasource returns empty result. (#21791)
* Select: Fix scroll issue (#21795)
* Fix: Fixes user logout for datasourceRequests with 401
from datasource (#21800)
* Azure Monitor: Fix Application Insights API key field to
allow input (#21738)
* Influxdb: Fix cascader when doing log query in explore
(#21787)
* Devenv: OpenTSDB dashboard (#21797)
* MSI: License for Enterprise (#21794)
* OpenTSDB: Add back missing ngInject (#21796)
* Heatmap: Legend color range is incorrect when using custom
min/max (#21748)
* Config: add meta feature toggle (#21786)
* Logs panel: Rename labels to unique labels (#21783)
* Add link guide for installing new renderer (#21702)
* Chore: Lowers strict error limit (#21781)
* Chore: Removes Cypress record (#21782)
* Docs: Document configuration of console, file and syslog
log formats (#21768)
* Annotations: Fixes this.templateSrv.replace is not a
function error for Grafana datasource (#21778)
* Fix typos in the communication documentation (#21774)
* Chore: Fixes various strict null errors (#21763)
* Forms: Allow custom value creation in async select
(#21759)
* Chore: bump react-select to 3.0.8 (#21638)
* grafana/data: Add type for secure json in DataSourceAPI
(#21772)
* Influxdb: Fix issues with request creation and parsing
(#21743)
* Explore/Loki: Fix handling of legacy log row context
request (#21767)
* 6.6.0 latest (#21762)
* Docs: Updates Changelog for 6.6.0 (#21753)
* Docs: Update image rendering (#21650)
* Docs: misc. nitpicks to the HTTP API docs (#21758)
* Dashboard: fixes issue with UI not being re-rendered after
moving dashboard
* Dashboard: fixed issues with re-rendering of UI when
importing dashboard (#21723)
* Build: Added devenv docker block for testing grafana with
traefik.
* Update What's new in 6.6 (#21745)
* Footer: Display Grafana edition (#21717)
* BackendSrv: Fixes POST body for form data (#21714)
* Docs: Update CloudWatch and Stackdriver docs for 6.6
(#21679)
* BackendSrv: Adds missing props back to response object in
datasourceRequest (#21727)
* Explore: Fix context view in logs, where some rows may
have been filtered out. (#21729)
* Toolkit: add canvas-mock to test setup (#21739)
* TablePabel: Sanitize column link (#21735)
* Docs: Fix getting started links on Windows installation
page (#21724)
* Docs: Enterprise 6.6 (#21666)
* Template vars: Add error message for failed query var
(#21731)
* Loki: Refactor editor and syntax hooks (#21687)
* Devenv: Fixed devenv dashboard template var datasource
(#21715)
* Footer: added back missing footer to login page (#21720)
* Admin: Viewer should not see link to teams in side menu
(#21716)
* Annotations: Fix issue with annotation queries editors
(#21712)
* grafana/ui: Remove path import from grafana-data (#21707)
* Loki: Fix Loki with repeated panels and interpolation for
Explore (#21685)
* CircleCI: Add workflow for building with Grafana Build
Pipeline (#21449)
* StatPanels: Fixed possible migration issue (#21681)
* Make importDataSourcePlugin cancelable (#21430)
* Docs: Update what's new in 6.6 (#21699)
* Docs: Fix broken link in upgrade notes (#21698)
* Alerting: Support passing tags to Pagerduty and allow
notification on specific event categories (#21335)
* PhantomJS: Fix rendering of panels using Prometheus
datasource
* backendSrv: Only stringifies request body if payload isn't
already a string (#21639)
* Update changelog generation to ignore not merged pull
requests (#21641)
* StatPanel: minor height tweak (#21663)
* Circle: Introduce es-check to branches & pr workflow
(#21677)
* Run query when region, namespace and metric changes
(#21633)
* Explore: Fixes some LogDetailsRow markup (#21671)
* SQLStore: Fix PostgreSQL failure to create organisation
for first time (#21648)
* Migrations: migrate admin user create page (#21506)
* Docs: Whats new updates (#21664)
* CloudWatch: Auto period snap to next higher period
(#21659)
* Login: Better auto sizing of login logo (#21645)
* Chore: Fixes PhantomJs by adding polyfills for fetch and
AbortController (#21655)
* Alert: Minor tweak to work with license warnings (#21654)
* Toolkit: copyIfNonExistent order swapped (#21653)
* Doc: Update configuration.md (#21602)
* Explore: Fix log level color and add tests (#21646)
* Templating: A way to support object syntax for global vars
(#21634)
* CloudWatch: Add DynamoDB Accelerator (DAX) metrics &
dimensions (#21644)
* next version 6.7.0 (#21617)
* latest.jso: Update latest beta 6.6.0-beta1 (#21623)
* Docs: Update changelog with attribution (#21637)
* Docs: Updated what's new article (#21624)
* Plugins: Apply adhoc filter in Elasticsearch logs query
(#21346)
* Changelog: v6.6.0-beta1 (#21619)
* Chore: Remove angular dependency from backendSrv (#20999)
* Emotion: Add main package with version 10 (#21560)
* TestData: allow negative values for random_walk parameters
(#21627)
* Update musl checksums (#21621)
* CloudWatch: Expand dimension value in alias correctly
(#21626)
* Devenv: InfluxDB logs dashboard (#21620)
* Build: adds missing filters required to build oss msi
(#21618)
* BigValue: Updated test dashboard and made some chart
sizing tweaks (#21616)
* TestData: Adds important new features to the random walk
scenario (#21613)
* graphite: does not modify last segment when... (#21588)
* grafana/ui: Add synced timepickers styling to TimePicker
(#21598)
* Explore: Remove destructuring of empty state in
LogRowMessage (#21579)
* Build: enables deployment of enterprise msi (#21607)
* CI: MSI for Enterprise (#21569)
* E2E docs: Add guide to debuging PhantomJS (#21606)
* Toolkit: fix prettier error reporting (#21599)
* Render: Use https as protocol when rendering if HTTP2
enabled (#21600)
* Typescript: null check fixes, and news panel fix (#21595)
* Inspect: table take full height in drawer (#21580)
* OAuth: Fix role mapping from id token (#20300)
* ButtonCascader: Fix error in Explore (#21585)
* CloudWatch: Fix ordering of map to resolve flaky test take
2 (#21577)
* Redux: Fixed function adding a new reducer (#21575)
* Minor style changes on upgrade page (#21566)
* Revert 'Babel: use babel-loader instead of ts-loader,
ng-annotate with babel-plugin-angularjs-annotate (#21554)'
(#21570)
* Explore: Context tooltip to copy labels and values from
graph (#21405)
* Config: Use license info instead of build info for feature
toggling (#21558)
* Fix merge problem (#21574)
* CloudWatch: Fix ordering of map to resolve flaky test
(#21572)
* Docs: What's new in Grafana v6.6 Draft (#21562)
* Explore: Create unique ids and deduplicate Loki logs
(#21493)
* Chore: Fix go vet problem (#21568)
* Provisioning: Start provision dashboards after Grafana
server have started (#21564)
* CloudWatch: Calculate period based on time range (#21471)
* Inspect: Download DataFrame to Csv (#21549)
* CloudWatch: Multi-valued template variable dimension alias
fix (#21541)
* Babel: use babel-loader instead of ts-loader, ng-annotate
with babel-plugin-angularjs-annotate (#21554)
* Stackdriver: Support meta labels (#21373)
* CI: Revert msi build (#21561)
* Alerting: Fix image rendering and uploading timeout
preventing to send alert notifications (#21536)
* CI: adds missing files for ee msi (#21559)
* CI: Enterprise MSI (#21518)
* Add component: Cascader (#21410)
* CloudWatch: Display partial result in graph when max
DP/call limit is reached (#21533)
* Dashboards: Default Home Dashboard Update (#21534)
* Docs: Update rpm.md (#21547)
* Docs: Update mac.md (#20782)
* Templating: update variables on location changed (#21480)
* Vendor: grafana-plugin-sdk-go v0.11.0 (#21552)
* fix dateMath import in grafana-ui (#21546)
* Explore/Loki: Filter expression only treated as regex when
regex operator is used (#21538)
* Fix TypeScript error (#21545)
* Build: Ignore content of /pkg/extensions, not directory
(#21540)
* Update latest to 6.5.3 (#21509)
* Explore: Ensures queries aren't updated when returning to
dashboard if browser back is used (#20897)
* Inspect: Use AutoSizer for managing width for content in
tabs. (#21511)
* Changelog generation: Generate grafana/ui changelog
(#21531)
* Toolkit: support less loader (#21527)
* AppPlugin: remove simple app from the core repo (#21526)
* @grafana/toolkit: cleanup (#21441)
* DataFrames: add arrow test and capture metadata parsing
errors (#21524)
* DataLinks: allow using values from other fields in the
same row (#21478)
* grafana/data: Update plugin config page typings (BREAKING)
(#21503)
* Fix regex in convertCSSToStyle, add test coverage (#21508)
* CloudWatch: Annotation Editor rewrite (#20765)
* Admin: Add promotional page for Grafana Enterprise
(#21422)
* Add changelog for 6.5.3
* Backend Plugins: Collect and expose metrics and plugin
process health check (#21481)
* Auth: Rotate auth tokens at the end of requests (#21347)
* Tabs: Hide Tabs on Page header on small screens (#21489)
* Fix importing plugin dashboards (#21501)
* SideMenu: Fixes issue with logout link opened in new tab
(#21488)
* DataLinks: Make data links input grow again (#21499)
* Templating: use default datasource when missing (#21495)
* Explore: Fix timepicker when browsing back after switching
datasource (#21454)
* Add disabled option for cookie samesite attribute (#21472)
* Chore: Adds basic alerting notification service tests
(#21467)
* ImportDashboardCommand: Validate JSON fields (#21350)
* Docs: add test for website build (#21364)
* Fix: when clicking a plot on a touch device we won't
display the annotation menu (#21479)
* Backend Plugins: add a common implementation (#21408)
* Alerting: new min_interval_seconds options to enforce a
minimum eval frequency (#21188)
* Panel: Use Tabs in panel inspector (#21468)
* Docs: Update rpm install (#21475)
* Alerting: Enable setting of OpsGenie priority via a tag
(#21298)
* Alerting: fallbackText added to Google Chat notifier
(#21464)
* Plugins: Move backend plugin manager to service (#21474)
* Backend Plugins: Refactor backend plugin registration and
start (#21452)
* Admin: New Admin User page (#20498)
* Docs: Update cli.md (#21470)
* Fix: Tab icons not showing (#21465)
* Chore: Add react-table typings to Table (#21418)
* Login: Refactoring how login background is rendered
(#21446)
* StatPanel: Refactoring & fixes (#21437)
* Chore: Migrates reducers and actions to Redux Toolkit
(#21287)
* DeleteButton: Button with icon only was not centered
correctly. (#21432)
* Logos: Refactoring a bit how logos are rendered (#21421)
* Docs: Update documentation-style-guide.md (#21322)
* More datasource funcs poc (#21047)
* Docs: Update plugin installation and CLI (#21179)
* Docs: Update debian.md (#21339)
* Alerting: Adds support for sending a single email to all
recipients in notification channel (#21091)
* ThreemaNotifier: Use fully qualified status emoji (#21305)
* Settings: Env override support for dynamic settings
(#21439)
* Security: refactor 'redirect_to' cookie to use 'Secure'
flag (#19787)
* Logs: Fix parsing for logfmt fields that have parens
(#21407)
* Improve documentation for the Prometheus data source
(#21415)
* Heatmap: fix formatting (#21433)
* Docs: Fixed broken links of Datasource doc at Grafana
plugin page (#21363)
* ApiUser: Fix response when enabling, disabling or deleting
a nonexistent user (#21391)
* grafana/ui: Create Tabs component (#21328)
* Inspector: support custom metadata display (#20854)
* Table: Added text align option to column styles (#21175)
* PluginPage: Add appSubUrl string to config pages url
(#21414)
* Docs: Remove comment about upcoming alerting for
singlestat and table panels (#21416)
* Footer: Single footer component for both react & angular
pages (#21389)
* API: Added alert state validation before changing its
state (#21375)
* AddDataSource: Added missing phantom plugin (#21406)
* Plugins: Use grafana-plugin-sdk-go v0.5.0 (#21116)
* UnitPicker: show custom units on load (#21397)
* Cloud Watch: Standardize Config Editor Implementation
(#20489)
* CloudWatch: dimension_values templating fix (#21401)
* Docs: explain how to setup the apt repo without helpers
(#21194)
* Build: prevent changes to pkg/extentions/main.go from
throwing error on merge
* TimeZones: fix utc test (#21393)
* Build: package all binaries for enterprise (#21381)
* Datasource: fixes prometheus datasource tests - adds align
range
* CircleCI: Testing upgrade to CircleCI 2.1 (#21374)
* Storybsck: Remove reference to jquery.flot.pie file from
storybsck config (#21378)
* Cloudwatch: Fixed crash when switching from cloudwatch
data source (#21376)
* Docs: Added Squadcast notifications (#21372)
* Chore: upgrade d3 (#21368)
* Datasource: fix a bug where deleting data source will
trigger save and test events (#21300)
* Forms: revamped select (#21092)
* Toolkit: add git log info to the plugin build report
(#21344)
* Docs: Use https scheme for Grafana playground links
(#21360)
* fix docs links (#21359)
* AddDatasourcePage: Refactoring & more Phantom plugins
(#21261)
* Chore: Remove empty flot.pie file (#21356)
* Docs: Fix link (#21358)
* Docs: Fix InfluxDB templated dashboard link (#21343)
* Rendering: Fix panel PNG rendering when using sub url &
serve_from_sub_path = true (#21306)
* NewsPanel: update default feed url (#21342)
* docs: fix influxdb templated dashboard link (#21336)
* Docs: Update Windows.md (#21333)
* Arrow: don't export arrow... breaking phantomjs e2e test
(#21331)
* DataFrame: round trip metadata to arrow Table (#21277)
* Prometheus: user metrics metadata to inform query hints
(#21304)
* Panel: disable edit/duplicate/delete entry for repeat
panel (#21257)
* Prometheus: Disable suggestions at beginning of value
(#21302)
* grafana/ui: Do not build in strict mode as grafana/ui
depends on non-strict libs (#21319)
* Docs: Update security.md (#20981)
* @grafana/data: use timeZone parameter rather than isUtc
(#21276)
* Units: support dynamic count and currency units (#21279)
* Docs: Added sudo and removed $ where inconsistent.
(#21314)
* ImgUploader: add support for non-amazon S3 (#20354)
* Fix: tooltips value disappear when label has too long word
(#21267)
* Docs: Update provisioning.md (#21303)
* Docs: Update alerting_notification_channels.md (#21245)
* Loki: fix filter expression suggestions (#21290)
* Prometheus: Fix label value suggestion (#21294)
* Prometheus: Fix term completion that contain keywords
(#21295)
* Docs: Fixed broken links in Basic Concepts (#21035)
* Docs: Edited Windows install instructions (#20780)
* Docs: Update troubleshooting.md (#21244)
* Fix internal links in http_api/dashboard.md (#21255)
* Docs: Update README.md (#21274)
* Docs: Fix aliases/redirects (#21241)
* Docs: Document tracing.jaeger configuration (#21181)
* Websockets: upgrade websocket libray to 1.4.1 (#21280)
* FieldConfig: add thresholds and color modes (#21273)
* Prometheus: improve tooltips (#21247)
* Explore: Moves PromContext from query level to
DataQueryRequest level (#21260)
* BridgeSrv: do not strip base from `state.location.url`
(#20161)
* Graph: another tooltip fix (#21251)
* Alerting: Add configurable severity support for PagerDuty
notifier (#19425)
* Graph: Fixed no value in graph tooltip (#21246)
* Units: support farenheit (existing misspelling) (#21249)
* Docs: fix typo (#21190)
* Promtheus: Fix hint and error display for query rows
(#21242)
* Docs: fixed broken doc link for graph and table panels
(#21238)
* Docs: fix of broken doc link in the dashlist panel's help
section (#21230)
* Docs: Update the link to docs for singlestat (#21225)
* Docks: Update provisioning.md with proper Slack settings
(#21227)
* Editor: Ignore closing brace when it was added by editor
(#21172)
* Explore: moves add query row button below query rows
(#20522)
* Explore: adds PrometheusExploreQueryEditor (#20195)
* Simplify adjustInterval (#21226)
* Sass: Checked in tmpl files
* Table: Component progress & custom FieldConfig options
(#21231)
* Chore: remove StreamHandler and DataStreamState (#21234)
* DashboardGrid: Fixed flickering while resizing (#21221)
* docs: rename premium plugins to enterprise plugins
(#21222)
* NewsPanel: add news as a builtin panel (#21128)
* grafana/toolkit: Readme update (#21218)
* grafana/toolkit: Resolve modules correctly (#21216)
* New bar gauge style: Unfilled (#21201)
* Dashboard: new updated time picker (#20931)
* Metrictank: fix bundled dashboard (#21209)
* Tooltip: preventing xss injections via the colors
variable. (#21203)
* Livetailing: set table withd to 100% (#21213)
* Docs: Fix broken link in debian.md (#21199)
* Added back logo file (#21198)
* Docs: fix ordering of apt setup (#21192)
* Docs: Fix Azure ad generic OAuth code markdown formatting
(#21189)
* docs: rendering plugin required for reporting (#21162)
* Chore: Fixes wrong e2e path in .gitignore (#21186)
* e2e: Waits for login before moving forward (#21185)
* PanelChrome: Mini refactor (#21171)
* Tracing: Support configuring Jaeger client from
environment (#21103)
* @grafana/toolkit: webpack extend TS→JS (#21176)
* [docs] Azure monitor link in templating (#21173)
* grafana/toolkit: Add option to override webpack config
(#20872)
* Docs: Adds best practices after visit and a link back to
e2e.md (#21117)
* Changelog: Add PagerDuty breaking change (#21170)
* DashboardGrid: Change grid margin to 8, to align to 8px
grid (#21167)
* Alerting: Add more information to webhook notifications
(#20420)
* Panel: Show inspect panel in Drawer instead of Modal
(#21148)
* Prometheus: Fix typehead after binary operators (#21152)
* docs: always updates docker image before building docs
site (#21165)
* Table: Matches column names with unescaped regex
characters (#21164)
* DataLinks: Sanitize data/panel link URLs (#21140)
* Dashboard: Only show resize-handle on hover (#21160)
* PagerDuty: Fix custom_details to be a JSON object instead
of a string (#21150)
* grafana/ui: New table component (#20991)
* e2e: Migrates query variable CRUD tests to new framework
(#21146)
* Chore: Upgrade react, react-dom, react-test-renderer
versions (#21130)
* Fix log row when query is short (#21126)
* Prometheus: Display HELP and TYPE of metrics if available
(#21124)
* e2e: Updates truth image (#21132)
* Cloudwatch ECS Container Insights Support (#21125)
* FontSize: Change base font size to 14px (#21104)
* Explore: Refactor log rows (#21066)
* phantomjs: performance.getEntriesByType not supported
(#21009)
* New panel editor (behind feature toggle) (#21097)
* e2e: Adds ScenarioContext and video recordings to e2e
(#21110)
* DashboardImport: Fixes broken import page in prod builds
(#21101)
* Dependencies: Bump npm from 6.9.0 to 6.13.4 (#21095)
* Docs: Fix broken link in loki.md (#21098)
* Dependencies: Upgrade grunt-contrib-compress to resolve
issues with iltorb (#21096)
* Update CODEOWNERS (#21093)
* E2E: Testing recording e2e tests (#21094)
* FieldConfig: set min/max automatically for gauge (#21073)
* Postgres/MySQL/MSSQL: Adds support for region annotations
(#20752)
* Azure Monitor: Use default from datasource if not saved on
dashboard/query (#20899)
* Azure Monitor: Copy AM Creds to Log Analytics When Using
Same As (#21032)
* Docs: Add minimal hugo build, update docs README (#20905)
* CI: Added junit test report (#21084)
* UI: ConfirmButton component (#20993)
* Angular/React: Migrates team creation form to react
(#21058)
* Templating: Fixes digest issues in Template Variable
Editor (#21079)
* OrgSwitcher: Fixed issue rendering org switcher even when
it's not open (#21061)
* Chore: Remove rejected files (#21072)
* e2e: Uses should on first element after visit to prevent
flakiness (#21077)
* FieldConfig: support overrides model (#20986)
* AngularPanels: fixed transparency issue (#21070)
* Docs: Update configuration.md for #3349 (#21069)
* OAuth: Removes send_client_credentials_via_post setting
(#20044)
* API: Validate redirect_to cookie has valid (Grafana) url
(#21057)
* Explore: Refactor log details table (#21044)
* Prometheus: Prevents validation of inputs when clicking in
them without changing the value (#21059)
* Prometheus: Fixes so user can change HTTP Method in config
(#21055)
* MetricSegment: Fix metric segment UI crash in prod builds
(#21053)
* OpenTSDB: Adding lookup limit to OpenTSDB datasource
settings (#20647)
* Templating: Fixes default visibility for submenu to same
as dashboard (#21050)
* Create CODEOWNERS (#21045)
* Elastic: Add data links in datasource config (#20186)
* Alerting: Fix panic in dingding notifier (#20378)
* Logs: Optional logs label column (#21025)
* Chore: updated to latest stable version (#21033)
* Docs: change log for release v6.5.2 (#21028)
* Chore: Improve rendering logging (#21008)
* Modules: Add patched goavro dependency for extensions
(#21027)
* Explore: Sync timepicker and logs after live-tailing stops
(#20979)
* Fix: Shows SubMenu when filtering directly from table
(#21017)
* Alerting: Fix template variable in query check (#20721)
* Toolkit: remove unused plugin-ci report types (#21012)
* MixedDatasources: Do not filter out all mixed data sources
in add mixed query dropdown (#20990)
* Docs: Change checkout to check out where necessary
(#20926)
* Promtheus: Improve tab completion (#20938)
* build: adds IANA timezone info to windows build (#21001)
* Loki: fix labels fetching when no initial range given
(#21000)
* Docs: Update datasource API examples (#20951)
* UI: Segment fixes (#20947)
* Stackdriver: Make service list searchable (#20989)
* Remove un-used imports (#20937)
* upgrade aws-sdk-go (#20957)
* UI: ConfirmModal component (#20965)
* Docs: Updates from puppeteer to Cypress (#20962)
* e2e: Adds better log information during test runs (#20987)
* Alert: If the permission is forbidden, keep the historical
alarm data present. (#19007)
* Graph: Add fill gradient option to series override line
fill (#20941)
* use https for fetch gravatar by default (#20964)
* Prometheus: disable dynamic label lookup on big
datasources (#20936)
* Loki: Fix datasource config page test run (#20971)
* Devenv: Fix loki block (#20967)
* e2e: Replaces truth image (#20966)
* Forms: introduce RadioButtonGroup (#20828)
* Fix: Adds e2e as a package that needs to be built (#20961)
* Make sure datasource variable is being used everywhere
(#20917)
* Refactor: Navigates directly to add data source page
instead (#20959)
* Alerting: Improve alert threshold handle dragging behavior
(#20922)
* DisplayProcessor: Interpret empty strings as NaN instead
of 0 to support empty value map texts in Singlestat
(#20952)
* Prometheus: Refactor labels caching (#20898)
* e2e: Uses Cypress instead of Puppeteer (#20753)
* Renderer: Add user-agent to rendering plugin requests
(#20956)
* DataSource: remove delta option (#20949)
* Elasticsearch: set default port to 9200 in ConfigEditor
(#20948)
* Loki: Remove appending of (?i) in Loki query editor if not
added by user (#20908)
* Datasource/Loki: Loki now goes to Logs mode when importing
prom queries (#20890)
* Cloudwatch: Defined explore query editor for cloudwatch
(#20909)
* Datasource/Loki: Empty metric name no longer replaced by
query (#20924)
* Revert 'Modules: Add goavro dependency for extensions
(#20920)' (#20928)
* Docs: Update debian.md (#20910)
* UI: Segment Input change (#20925)
* Modules: Add goavro dependency for extensions (#20920)
* UI: Segment Input (#20904)
* Remove escaping of \ ( ) characters (#20915)
* AngularPanels: Check for digest cycle on root scope
(#20919)
* InfluxDB: Use new datasource update option funcs (#20907)
* Docs: Update debian-ubuntu installation instructions
(#20875)
* Search: Fixed angular digest issues (#20906)
* Remove false positive error message for expression and id
field (#20864)
* fix notifications page (#20903)
* Update documentation-style-guide.md (#20871)
* Docs: update content to work with website repo (#20693)
* Elastic: Fix multiselect variable interpolation for logs
(#20894)
* Singlestat: Fixed unit not showing and switched to new
unit picker (#20892)
* MetaAnalytics: Minor fix for meta analytics event (#20888)
* Explore: Cleanup redundant state variables and unused
actions (#20837)
* Chore/Tech debt: Remove (most) instances of $q angular
service use (#20668)
* AngularPanels: Fixed loading spinner being stuck in some
rare cases (#20878)
* TeamPicker: Increase size limit from 10 to 100 (#20882)
* Echo: mechanism for collecting custom events lazily
(#20365)
* StatPanel: change to beta
* Azure Monitor: Standardize Config Editor Implementation
(#20455)
* GraphTooltip: added boundaries so we never render tooltip
outside window. (#20874)
* Graphite: Use data frames when procesing annotation query
in graphite ds (#20857)
* Elastic: Fix parsing for millisecond number timestamps
(#20290)
* Docs: Sync docs with website repo via GitHub Action
(#20694)
* Gauge/BarGauge: Added support for value mapping of 'no
data'-state to text/value (#20842)
* UI: Use SelectableValue as Segment value (#20867)
* Datasource/Loki: Fixes issue where time range wasn't being
supplied with annotation query (#20829)
* Server: Return 404 when non-pending invite is requested
(#20863)
* Explore: Fix reset reducer duplication (#20838)
* CLI: Return error and aborts when plugin file extraction
fails (#20849)
* Datasource/Loki: Simplifies autocompletion (#20840)
* Update README.md (#20820)
* ValueFormats: dynamically create units (#20763)
* @grafana/data: don't export ArrowDataFrame (#20855)
* @grafana/data: export ArrowDataFrame (#20832)
* Docs: Add section about derived fields for Loki (#20648)
* Migration: Migrate org switcher to react (#19607)
* Remove screencasts.md (#20845)
* Update requirements.md (#20778)
* Explore: Log message line wrapping options for logs
(#20360)
* AlertNotifier: Support alert tags in OpsGenie notifier
(#20810)
* Fix prettier (#20827)
* Loki: Support for template variable queries (#20697)
* Explore: Export timezone from redux state (#20812)
* Forms: introduce checkbox (#20701)
* OpenTsdb: Migrate Config Editor to React (#20808)
* TablePanel, GraphPanel: Exclude hidden columns from CSV
(#19925)
* DataFrame: add utilities to @grafana/data that support
apache arrow (#20813)
* Panels: Fixed transparency option for angular panels
(#20814)
* CloudWatch: Upgrade aws-sdk-go (#20510)
* Update documentation-style-guide.md (#20777)
* Chore: Move Prometheus datasorce tests from specs folder
and merge duplicated test files (#20755)
* Profile: Remove sign-out tab from profile page (#20802)
* Doc: Change inline comment on interface to doc comment
(#20794)
* Server: Fail when unable to create log directory (#20804)
* Update stale.yml
* Rename config.yaml to config.yml
* GitHub: Add link to forum when adding new issue (#20798)
* Datasource/Loki: Fixes regression where enhanceDataFrame
was not called (#20660)
* Updated changelog
* Docs: Updated changelog
* SQLStore: Test admins/editors/viewers stats validity
(#20751)
* Graph-Panel: Center option for bar charts (#19723)
* Packages: Fixed rollup issue with grafana-ui (#20790)
* Stalebot: update issue config (#20789)
* Stalebot: Automatically label PRs with no activity after
14 days as stale, then after 30 days close (#20179)
* StatPanel: ColorMode, GraphMode & JustifyMode changes
(#20680)
* Units: Remove SI prefix symbol from new
milli/microSievert(/h) (#20650)
* Graphite: Add metrictank dashboard to Graphite datasource
(#20776)
* Docs: Remove typo from mssql.md (#20748)
* Navigation: Fix navigation when new password is chosen
(#20747)
* Cleanup: use the local variable (#20767)
* Prometheus: Fix caching for default labels request
(#20718)
* Release: Updates latest.json and
grafana/packages/*/package.json (#20734)
* Release: Updates Changelog for 6.5.1 (#20723)
* ReactMigration: Migrate Graphite config page to React
(#20444)
* SQLStore: Rewrite system statistics query to count users
once (#20711)
* Docs: Clean up influxdb.md (#20618)
* CloudWatch: Region template query fix (#20661)
* Units: remove unreachable code (#20684)
* Tests: Skipping Template Variable tests for now (#20707)
* Datasource/Loki: Fix issue where annotation queries
weren't getting their variables interpolated (#20702)
* Documentation: Add missing blank in docker run command
(#20705)
* Server: Defer wg.Done call to ensure it's called (#20700)
* Fix: Fixes templateSrv is undefined for plugins that do
not use @@ngInject (#20696)
* Server: Clean up startup logic/error checking (#20679)
* CloudWatch: Annotations query editor loading fix (#20687)
* OAuth: Add missing setting from defaults.ini (#20691)
* DataLinks: Refactor title state (#20256)
* Forms: TextArea component (#20484)
* Explore: Adjust the max-width of the tooltip (#20675)
* Units: Add currency and energy units (#20428)
* transform: update to use sdk with frame.labels moved to
frame.[]field.labels (#20670)
* dev: fix pre-commit typo in toolkit (#20673)
* Docs: Update change user password payload in http api
(#20666)
* Chore: Sync defaults.ini with sample.ini (#20645)
* Loki: Fix query error for step parameter (#20607)
* Fix: Disable draggable panels on small devices (#20629)
* Chore: Remove several instances of non-strict null usage
(#20563)
* StatPanel: Rename singlestat2 to stat (#20651)
* Panels: Add support for panels with no padding (#20012)
* CloudWatch: Docs updates after feedback (#20643)
* Explore: Update docs with updated images (#20633)
* Build: Update latest.json (#20638)
* Forms: Introduce form field (#20632)
* docs: update versions (#20635)
* Changelog: 6.4.5 (#20625)
* Changelog: 6.5.0 (#20620)
* Docs: 6.5 update (#20617)
* Chore: Improve grafana-server profiling and tracing
(#20593)
* grafana/toolkit: Update FAQ (#20592)
* Forms: Introduce new Switch component (#20470)
* E2E: Adds tests for QueryVariable CRUD (#20448)
* Toolkit: Do not continue after compile error (#20590)
* BarGauge/Gauge: Add back missing title option field
display options (#20616)
* VizRepeater/BarGauge: Use common font dimensions across
repeated visualisations (#19983)
* Update services.md (#20604)
* Docs: CloudWatch docs fixes (#20609)
* Changelog: Add v6.3.7 (#20602)
* Cloudwatch: Docs improvements (#20100)
* Fix: Wrong path when sending package build time (#20595)
* CloudWatch: Fix high CPU load (#20579)
* Explore: UI changes for split view and live tailing
(#20516)
* Explore: Keep logQL filters when selecting labels in log
row details (#20570)
* Instrumentation: Edition and license info to usage stats
(#20589)
* Metrics: Add metric for each package build time (#20566)
* grafana/toolkit: Smaller output after successful upload
(#20580)
* Table: Use the configured field formatter if it exists
(#20584)
* TextPanel: Fixes issue with template variable value not
properly html escaped (#20588)
* Docs: Update Explore docs for 6.5 (time-sync button & log
details) (#20390)
* Explore: UI changes for derived fields (#20557)
* Docker: Custom dockerfiles, docker and image rendering
docs update (#20492)
* Tooltip: Fix issue with tooltip throwing an error when
retrieving values (#20565)
* Changelog: Reference a few more issues that were fixed
(#20562)
* Enable theme context mocking in tests (#20519)
* Chore: Remove angular dependency from prometheus
datasource (#20536)
* Build: Verify checksums when downloading PhantomJS
(#20558)
* DevEnv: updates nodejs from 10.x to 12.x and golang to
1.13 in ci-deploy dockerfile. (#20405)
* Explore: updates responsive button to pass all the div
element props
* Explore: fixes explore responsive button ref
* Explore: adds a ref to responsive button
* Explore: updates responsive button to forward ref
* Explore: UI fixes for log details (#20485)
* Document required Go version in developer guide (#20546)
* UserTableView: Show user name in table view (#18108)
* CloudWatch: enable min_interval (#20260)
* CI: fix release script remove filtering (#20552)
* Update dashboards (#20486)
* CI: Build all platforms for Enterprise (#20389)
* Alerting: Propagate failures to delete dashboard alerts
(#20507)
* Cloudwatch: Fix LaunchTime attribute tag bug (#20237)
* Fix: Prevents crash when searchFilter is non string
(#20526)
* docs: what's new fixes (#20535)
* What's new in 6.5 - adding CloudWatch topics (#20497)
* grafana/ui: Expose Icon component (#20524)
* Backend plugins: Log wrapper args formatting fix (#20521)
* Build: Clean up scripts/grunt/options/phantomjs.js
(#20503)
* MySql: Fix tls auth settings in config page (#20501)
* Backend plugins: Log wrapper args formatting (#20514)
* CloudWatch: Remove HighResolution toggle since it's not
being used (#20440)
* API: Optionally list expired keys (#20468)
* Image-rendering: Cleanup of rendering code (#20496)
* Build: Reports times and outcomes from CircleCI jobs
(#20474)
* Chore: Upgrade prettier for grafana-toolkit (#20476)
* TimePicker: Fixed update issue after plugin uses
getLocationSrv().update (#20466)
* Docs: Add explore images to What's new in v6.5 (#20442)
* Chore: Bumps prettier version for new typescript syntax
support (#20463)
* handle PartialData status (#20459)
* CloudWatch: Make sure period variable is being interpreted
correctly (#20447)
* Forms: New Input component (#20159)
* UsersPage: Removed icon in external button (#20441)
* Build: Fix RPM verification (#20460)
* Dashboard Migrator: persist thresholds param if already
set (#20458)
* Docs: Fix developer guide link (#20434)
* Fix package signing (#20451)
* Build: Fix signing (#20450)
* transform: changes to support sdk v0.2.0 (#20426)
* Reporting: Handle timeouts in rendering (#20415)
* Build: Upgrade build-container Docker image version
(#20443)
* Upgrade build-container image (#20438)
* Provisioning: Fix unmarshaling nested jsonData values
(#20399)
* Fail when server is unable to bind port (#20409)
* Devenv: Fix integration of postgres and fake-data-gen
containers (#20329)
* Util: Modify SplitHostPortDefault not to return an error
for empty input (#20351)
* InfluxDB: convert config editor to react (#20282)
* Packages: stable release tags update (#20417)
* Chore/Go-dep: change sdk to use new tag (#20422)
* Chore: Log actual error when oauth pass thru fails
(#20419)
* Grafana/Loki: Adds support for new Loki endpoints and
metrics (#20158)
* Chore: Fix error caused by typescript upgrade (#20408)
* Chore: Upgrade typescript to 3.7 (#20375)
* NavLinks: Make ordering in navigation configurable
(#20382)
* Fix flot overriding onselectstart/ondrag events (#20381)
* Docs: Updates docs for redux framework (#20377)
* chore: fix 'testing' version is latest.json (#20398)
* transform_plugin: stop plugin when grafana stops (#20397)
* Chore: Update latest.json (#20393)
* Docs: What's new in Grafana v6.5 Draft (#20368)
* Update changelog for v6.5.0-beta1 (#20350)
* Chore: Move and wrap Cascader component to @grafana/ui
(#20246)
* MySql: Fix password regression in MySQL datasource
(#20376)
* CloudWatch: Datasource improvements (#20268)
* grafana/toolkit: remove aws-sdk and upload to grafana.com
API endpoint (#20372)
* LDAP: last org admin can login but wont be removed
(#20326)
* Devenv: Replace deprecated SQL Server docker image
(#20352)
* DataFrame processing: Require table rows to be array
(#20357)
* grafana/ui: Add Icon component (#20353)
* Telegram: Check error before adding defer close of image
(#20331)
* ValueFormats: fix description for dateTimeAsUS (#20355)
* Fix alert names in dev dashboard (#20306)
* Docs: Getting started edits (#19915)
* Bus: Remove unused wildcard handlers and clean up tests
(#20327)
* Explore: updates breakpoint used to collapse datasource
picker
* Elastic: Fix Elastic template variables interpolation when
redirecting to Explore (#20314)
* transform_plugin: pass encoded dataframes through (#20333)
* Links: Updated links to grafana.com (#20320)
* Avatar: Don't log failure to add existing item to cache
(#19947)
* Devenv: Enable tracing for loki docker block (#20309)
* Build: adds make target run-frontend (#20227)
* Devenv: fix kibana in elastic7 docker block (#20308)
* Build: Fix Docker builds (#20312)
* Devenv: Add nginx_proxy_mac/nginx_login_only.conf (#20310)
* Build: Build Ubuntu based Docker images also for ARM
(#20267)
* Devenv: fix connection in elastic 5 and 6 blocks (#20304)
* Prometheus: Adds hint support to dashboard and fixes
prometheus link in query editor (#20275)
* Explore: Fix always disabled QueryField for InfluxDB
(#20299)
* Docker blocks: Add loki blocks for loki releases (#20172)
* Explore: Fix interpolation of error message (#20301)
* PanelLinks: fixed issue with old panel links and grafana
behind a subpath (#20298)
* ColorPicker: Fixes issue with ColorPicker disappearing
too quickly (#20289)
* Configuration: Update root_url to reflect the default
value (#20278)
* Templating: Made default template variable query editor
field a text area with dynamic automatic height (#20288)
* Transformations: filter results by refId (#20261)
* PanelData: Support showing data and errors in angular
panels (#20286)
* Fix: URL Encode Groupd IDs for external team sync (#20280)
* Build: Collect frontend build time metric (#20254)
* Datasource: fixes prometheus metrics query query field
definition (#20273)
* Update version (#20271)
* Admin: Adds setting to disable creating initial admin user
(#19505)
* Tests: We should not click on default button when there is
only one ds (#20266)
* AuthProxy: additions to ttl config change (#20249)
* Graphite: add metrictank meta in response (#20138)
* Docker: Add dependencies to support oracle plugin in
alpine (#20214)
* ReactMigration: Migrate Prometheus config page to React
(#20248)
* Templating: highlight first item when searching a variable
dropdown (#20264)
* e2eTests: Adds cleanup of created datasource and dashboard
(#20244)
* Gauge Panel: fix the default value of thresholds cannot be
modified (#20190)
* AuthProxy: Can now login with auth proxy and get a login
token (#20175)
* DataFrame: move labels to field (#19926)
* Add Dockerfiles for Ubuntu (#20196)
* Graph: Fixed no graph in panel edit mode (#20247)
* Explore: Configure explore series colours via field config
(#20239)
* LDAP: Fixing sync issues (#19446)
* Docs: Added alias for old reporting page location (#20238)
* ReactPanels: Adds Explore menu item (#20236)
* Elasticsearch: Support rendering in logs panel (#20229)
* Alerting: Add alert_state to the kafka message Fixes
#11401 (#20099)
* Graph: introduce Tooltip to React graph (#20046)
* @grafana/runtime: Expose datasourceRequest in backendSrv
* Auth Proxy: replace ini setting ldap_sync_ttl with
sync_ttl (#20191)
* DevEnv: updates prometheus random data golang image to
1.13.0
* Provisioning: fix for cannot save provisioned dashboard
(#20218)
* DisplayProcessor: improve time field support (#20223)
* Docs: Adding how to use plugin version, through docker env
variable (#19924)
* Docs: Add docs abscout time range URL query params
(#20215)
* MixedQuery: refactor so other components could also batch
queries (#20219)
* SharedQuery: don't explode when missing logo (#20187)
* LDAP: Interpolate env variable expressions in ldap.toml
file (#20173)
* Chore: Update latest.json (#20216)
* build: Ignore Azure test snapshot for msi build (long file
name) (#20217)
* Explore: fixes toolbars datasource selector and date
picker responsiveness (#19718)
* Logs Panel: Generate valid logQL for multi-select template
variable (#20200)
* Fix when only icon is present (#20208)
* TablePanel: Prevents crash when data contains mixed data
formats (#20202)
* OAuth: Make the login button display name of custom OAuth
provider (#20209)
* Explore: Add custom DataLinks on datasource level for Loki
(#20060)
* QueryField: Prevent query runs on blur in Explore (#20180)
* Azure Monitor: Datasource Config Type (#20183)
* PluginLoader: export classes on @grafana/ui (#20188)
* Changelog: 6.4.4 release (#20201)
* CLI: Reduce memory usage for plugin installation (#19639)
* DataLinks: fix syntax highlighting not being applied on
first render (#20199)
* SafeDynamicImport: Updates so that it does not act as an
ErrorBoundary (#20170)
* grafana/data: Make display processor work with time fields
(#20174)
* update triggers to use new deployment_tools location
(#20194)
* mysql: fix encoding in connection string (#20192)
* pkg/util: Replace custom pbkdf2 implementation by
maintained version (#19941)
* Datasource/Elasticsearch: Fix logs which were displayed
with incorrect timestamp in Explore logs tab (#20009)
* Error Handling: support errors and data in a response
(#20169)
* OAuth: Generic OAuth role mapping support (#17149)
* sdk: update to latest (#20182)
* Docs: Add introduction to time series (#20068)
* Docs: Simplify headings and make active (#20163)
* Docs: Add 'the' to license reference in README (#20167)
* LDAP: All LDAP servers should be tried even if one of them
returns a connection error (#20077)
* Dashboards: add panel inspector (#20052)
* Docker: Reduce layers in build container and modified
initialization of PATH env in final container (#20132)
* Docs: Display panels alphabetically (#20130)
* Docs: Updates getting_started.md for spelling mistake
'configuered' to 'configured' (#20027)
* fix: modifying AWS Kafka dimension names to correct ones
(#19986)
* Templating: Makes so __searchFilter can be used as part of
regular expression (#20103)
* Dashboard Editor: use chevron icon rather than >
(#19588)
* Docs: update datasources that support alerting (#20066)
* Units: Add milli/microSievert, milli/microSievert/h and
pixels (#20144)
* Toolkit: copy full directory structure for img,libs,static
(#20145)
* Heatmap: Insert div to fix layout (#20056)
* Build: adds the pkg/errors dependency that was missing
from go.mod (#20143)
* Explore: Memory leak fix due to dedup selector (#20107)
* DataLinks: Fix access to labels when using Prometheus
instant queries (#20113)
* PluginLoader: fix imports for react-redux (#19780)
* LDAP Debug: No longer shows incorrectly matching groups
based on role (#20018)
* Licensing service (#19903)
* Explore: Add titles to query row action buttons (#20128)
* Graph: Added series override option to have hidden series
be persisted (#20124)
* grafana/ui: Drawer component (#20078)
* Depedency: Bump crewjam/saml to the latest master (#20126)
* grafana/ui: fix button icon styles (#20084)
* Explore: UI change for log row details (#20034)
* api/dashboard: fix panic on UI save (#20137)
* grafana/toolkit: Fixup save artifacts in a zip id in the
folder (#20071) (#20139)
* Docs: Fix InfluxDB Typos (#20004)
* Docs: Data Sources subsection naming (#20127)
* Docs: Update basic_concepts.md (#20102)
* GEL: include the expression count in the request (#20114)
* GEL: wrap arrow utils in async load (#20134)
* grafana/toolkit: save artifacts in a zip id in the folder
(#20123)
* remove editor keys and null coalescing (#20115)
* Emails: Update notification templates (#19662)
* Docs: Ordering and formatting of datasources in docs
(#19485)
* Docs: Improve remote image renderer documentation (#20031)
* Add devenv block for apache proxy working for Mac (#20119)
* Allow saving of provisioned dashboards (#19820)
* Update Azure AD instructions in generic-oauth.md (#20091)
* Docs: Fixed a broken link to LogQL in the docs (#20106)
* Explore: Fix deferred rendering of logs (#20110)
* Templating: Adds typings to Variables (#20117)
* Chore: Reorg packages (#20111)
* Chore: Moves QueryField to @grafana/ui (#19678)
* Docs: Consolidate backend guidelines (#19823)
* transform: add expressions to query editor (w/ feature
flag) (#20072)
* DataSource: don't filter hidden queries automatically
(#20088)
* Docker: makes it possible to parse timezones in the docker
image (#20081)
* Plugins: Transform plugin support (#20036)
* Add data link from panel to cloudwatch console (#20061)
* DataLinks: Fix blur issues (#19883)
* Explore: Remove datasource testing on selector (#19910)
* Grafana/ui: Refactor button and add default type = button
(#20042)
* Add some typings for react events (#20038)
* PanelQuerRunnerrremove logging (#20073)
* Enable errcheck for golangci-lint (#19976)
* DataLinks: Implement javascript callback (#19851)
* Chore: correct typo in word Fahrenheit (#20040)
* ReactMigration: Migrate Loki and Elastic config pages to
React (#19979)
* api: new v2 metrics query endpoint
* Forms: Introduce new Primary, Secondary and Destructive
buttons (#19973)
* grafana/ui: Fix modal component (#19987)
* WIP: Spawn backend plugins v2 (#19835)
* build: Fix building of Enterprise Docker images (#19992)
* Docker: Build and use musl-based binaries in alpine images
to resolve glibc incompatibility issues (#19798)
* PluginPage: replace plugin absolute url with relative
(#19956)
* Add info about static files (#19965)
* Explore: Change loading state to done after live-tailing
stops (#19955)
* pkg/util: Check errors (#19832)
* Core: Show browser not supported notification (#19904)
* grafana/toolkit: Support js plugins (#19952)
* Forms: Introduce typographic form elements (#19879)
* SingleStat: apply mappings to no data response (#19951)
* Docs: Clean up contribute docs (#19716)
* pkg/models: Check errors (#19839)
* pkg/setting: Check errors (#19838)
* pkg/tsdb: Check errors (#19837)
* Docs: Document Makefile (#19720)
* Explore: Add functionality to show/hide query row results
(#19794)
* pkg/services: Check errors (#19712)
* API: Fix logging of dynamic listening port (#19644)
* Cloudwatch: Make it clear that role switching is not
supported (#19706)
* Update Apache configuration to work with MPMs as shared
modules (#19900)
* Cloudwatch: Lowercase Redshift Dimension entry for service
class and stage (#19897)
* Units: Added mega ampere and watt-hour per kg Units
(#19922)
* Clarify use of custom.ini on deb/rpm platforms (#19939)
* Update ISSUE_TRIAGE.md (#19942)
* docs: improved setup instructions for reporting (#19935)
* grafana/ui: Enable mdx imports in stories (#19937)
* Refactor: Suggestion plugin for slate (#19825)
* grafana/ui: Enable storybsck docs (#19930)
* Fix: Correct color on TagItems (#19933)
* Dependencies: Update yarn.lock (#19927)
* Chore: Updates yarn.lock (#19919)
* pkg/plugins: Only warn if plugins fail to load. Fixes
#19846 (#19859)
* Chore: Bump storybsck to 5.2.4 (#19895)
* QueryEditor: move QueryEditorRows to its own component
(#19756)
* ReactMigration: Migrate DataSource HTTP Settings to React
(#19452)
* TemplateVariables: Introduces $__searchFilter to Query
Variables (#19858)
* Forms: Introduce new spacing variables to GrafanaTheme
(#19875)
* Forms: Introduce new color variables to GrafanaTheme
(#19874)
* Chore: Bump Angularjs 1.6.6 -> 1.6.9 (#19849)
* Update documentation.md
* Edited Contribute docs
* devenv: have bra watch attempt graceful shutdown (#19857)
* Release: Update latest (#19866)
* DataFrame: guess number field when on NaN (#19833)
* Loki: Remove param (#19854)
* InputDataSource: Fixed issue with config editor (#19818)
* Fix: Unsubscribe from events in dashboards (#19788)
* Explore: Add unit test to TimeSyncButton (#19836)
* build: update scripts go.(mod|sum) (#19834)
* Loki: Return empty result if no valid targets (#19830)
* DataLinks: Fix url field not releasing focus (#19804)
* Alerting: All notification channels should always send
(#19807)
* @grafana/toolkit: Check if git user.name config is set
(#19821)
* pkg/middleware: Check errors (#19749)
* Fix: clicking outside of some query editors required 2
clicks (#19822)
* pkg/cmd: Check errors (#19700)
* grafana/toolkit: Add font file loader (#19781)
* Select: Allow custom value for selects (#19775)
* Docs: Add database architecture docs (#19800)
* Call next in azure editor (#19799)
* grafana/toolkit: Use http rather than ssh for git checkout
(#19754)
* DataLinks: Fix context menu not showing in singlestat-ish
visualisations (#19809)
* Elasticsearch: Adds support for region annotations
(#17602)
* Docs: Add additional capitalization rules (#19805)
* Docs: Add additional word usage rule (#19812)
* Update aws-sdk-go (#19138)
* Dashboard: Allows the d-solo route to be used without slug
(#19640)
* pkg/bus: Check errors (#19748)
* Panels: Fixes default tab for visualizations without
Queries Tab (#19803)
* Chore: Refactor grafana-server (#19796)
* Add missing info about stylesFactory
* Types: Adds type safety to appEvents (#19418)
* Docs: Split up Sharing topic (#19680)
* Update README.md (#19457)
* Docs: Link to architecture docs from Developer guide
(#19778)
* toolkit linter line number off by one (#19782)
* pkg/plugins: Check errors (#19715)
* Explore: updates live button to responsive button
* Explore: fixes live button margin
* Explore: fixes a responsive fold of live tailing button
* updated live tailing text
* updated live tail button - responsive fold
* updated toolbar - added media query for tail buttons
* Docs: Add docs on services (#19741)
* fix: export Bus on search service (#19773)
* Chore: Refactor GoConvey into stdlib for search service
(#19765)
* Quick typo fix (#19759)
* Docs: Fixes go get command in developer guide (#19766)
* Datasource: Add custom headers on alerting queries
(#19508)
* Docs: Add API style/casing rule (#19627)
* Explore: updates clear all button to responsive button
(#19719)
* pkg/infra: Check errors (#19705)
* Docs: Update Prometheus Custom Query Parameters docs.
(#19524)
* Docs: Fix playlist layout issues (#19739)
* Docs: Update instructions and flows in Playlist.md
(#19590)
* pkg/components: Check errors (#19703)
* UX: Fix empty space in select (#19713)
* pkg/login: Check errors (#19714)
* enforce GO111MODULE=on when running make run (#19724)
* Docs: Add Troubleshooting section to Developer guide
(#19721)
* Update README.md (#19551)
* Singlestat: Fixed issue with mapping null to text (#19689)
* Don't truncate IPv6 addresses (#19573)
* Tests: Fix runRequest test (#19711)
* Docs: Update pkg\README.md (#19615)
* Feature: Adds connectWithCleanup HOC (#19629)
* Docs: Add 'repository' case, and 'open source' to style
guide
* React group by segment poc (#19436)
* Graph: make ContextMenu potitioning aware of the viewport
width (#19699)
* pkg/api: Check errors (#19657)
* Explore: Synchronise time ranges in split mode (#19274)
* build: use vendored packages for circle backend tests
(#19708)
* Docs: Add correct casing for API and ID to style guide
(#19625)
* API: added dashboardId and slug in response after import
(#19692)
* Docs: Simplify README (#19702)
* Docs: Move dev guide from README (#19707)
* Explore: Expand template variables when redirecting from
dashboard panel (#19582)
* Alerting: Fix dates stored in local time when pausing
alerts (#19525)
* Explore/UI: Removes unnecessary grafana-info-box wrapper
around InfluxCheatSheet (#19701)
* Docs: Updating to 6.4.0 (#19698)
* Chore: Fixes lines that exceeded 150 chars (#19694)
* Chore: Updates latest.json for 6.4.2 (#19697)
* Chore: Updates Changelog for 6.4.2 (#19696)
* Docs: Update folder.md (#19674)
* build: use vendor folder for building (#19677)
* Table: Proper handling of json data with dataframes
(#19596)
* SharedQuery: Fixed issue when using rows (#19610)
* SingleStat: Fixes $__name postfix/prefix usage (#19687)
* Chore: Upgrade Docker images to Go 1.13.1 (#19576)
* Grafana Image Renderer: Fixes plugin page (#19664)
* Units: consistent Meter spelling and abbreviations
(#19648)
* CloudWatch: Changes incorrect dimension wmlid to wlmid
(#19679)
* Loki: Fix lookup for label key token (#19579)
* Documentation: Fix time range controls formatting (#19589)
* Docs: Add additional style rules (#19634)
* De-duplicate `lint-go` step (#19675)
* Docs: Update keyboard shortcuts formatting (#19637)
* AzureMonitor: Alerting for Azure Application Insights
(#19381)
* ci-build: Improve build-deploy script (#19653)
* Rename live option in queries (#19658)
* Docs: Update README.md (#19456)
* Docs: Update typos, make docs more consistent. (#19633)
* Docs: Fix operating system names (#19638)
* Docs: Move issue triage docs to contribute (#19652)
* DataFormats: When transforming TableModel -> DataFrame ->
Table preserve the type attribute (#19621)
* Graph: Updated auto decimals logic and test dashboard
(#19618)
* Graph: Switching to series mode should re-render graph
(#19623)
* Revert 'Feature: Adds connectWithCleanup HOC (#19392)'
(#19628)
* Feature: Adds connectWithCleanup HOC (#19392)
* Panels: Progress on new singlestat / BigValue (#19374)
* Units: fixed wrong id for Terabits/sec (#19611)
* Docs: General improvements to docs, and a fix in oauth
(#19587)
* Docs: Replace ampersands with and (#19609)
* Profile: Fix issue with user profile not showing more than
sessions some times (#19578)
* Azure Monitor : Query more than 10 dimensions ( Fixes
#17230 ) (#18693)
* Login: Show SAML login button if SAML is enabled (#19591)
* UI: Adds Modal component (#19369)
* Prometheus: Fixes so results in Panel always are sorted by
query order (#19597)
* Docs: Improve guides for contributing (#19575)
* Migration: Migrates Admin settings from angular to react
(#19594)
* Chore: Converts HelpModal from angular to react (#19474)
* Fix typo (#19571)
* Chore: Upgrade to Go 1.13 (#19502)
* Explore: Move data source loader into the select (#19465)
* Release: Fix issue with tag script on osx (#19557)
* Release: Update latest (#19559)
* Docs: Updates about Loki annotations (#19537)
* Theme: follow-up fix for snapshot
* UI: Centers the filter tags in input field (#19546)
* Update README.md (#19515)
* Docs: Updated changelog (#19558)
* Theme: fix theme issue
* Provisioning: Handle empty nested keys on YAML
provisioning datasources (#19547)
* Docs: updates to what's new in 6.4 (#19539)
* Loki: remove live option for logs panel (#19533)
* Chore: Updates to 6.4.0 stable (#19528)
* CloudWatch: Add ap-east-1 to hard-coded region lists
(#19523)
* ChangeLog: Release 6.4.0 Stable (#19526)
* Docs: Add notice about plugins that need updating (#19519)
* Panels: Skip re-rendering panel/visualisation in loading
state (#19518)
* Docs: LDAP Debug View documentation (#19513)
* Docs: reports feature (#19472)
* SeriesOverrides: Fixed issue with color picker
* Build: Fix building when $LDFLAGS is set (#19509)
* API: Add `createdAt` and `updatedAt` to api/users/lookup
(#19496)
* Fix logs panel image path
* Logs: Publish logs panel (#19504)
* Explore: Update broken link to logql docs (#19510)
* Chore: Remove console.log (#19412)
* Refactor: Split LogRow component (#19471)
* Build: Upgrade go to 1.12.10 (#19499)
* CLI: Fix version selection for plugin install (#19498)
* Upgrade grafana-plugin-model (#19438)
* grafana-ui: Moves slate types from devDependencies to
dependencies (#19470)
* Docs: Improve guide descriptions on docs start page #19109
(#19479)
* Explore: Generate log row uid (#18994)
* Editor: Brings up suggestions menu after clicking
suggestion (#19359)
* Docs: Add Live tail section in Explore (#19321)
* Docs: Add guide for developing on macOS (#19464)
* API: Add createdAt field to /api/users/:id (#19475)
* Docs: Updated heading to sentence case (#19450)
* grafana/toolkit: Remove hack to expose plugin/e2e exports
& types (#19467)
* Testdata: Rename package to circumvent convention in go
(#19409)
* Docs: Update package's manual release guide (#19469)
* Users: revert LDAP admin user page (#19463)
* Explore: Take root_url setting into account when
redirecting from dashboard to explore (#19447)
* Refactor: RefreshPicker export things as statics on class
(#19443)
* grafana/ui: Fix value time zone names to be capitalized
(#19417)
* Release: Make sure packages are released from clean git
state (#19402)
* Docs: Add styling.md with guide to Emotion at Grafana
(#19411)
* Docs: Update SECURITY.md (#19385)
* Debt: Simplifies actionCreatorFactory (#19433)
* Update PLUGIN_DEV.md (#19387)
* Release: Create cherrypick task work for enterprise repo
(#19424)
* Theme: Generate colors SASS
* DisplayFormat: use toLocaleString for infinity
* Docs: Update Loki docs with new syntax and features
(#19370)
* UI: Add orangeDark color to theme (#19407)
* grafana/toolkit: Improve contribution readme (#19400)
* Docs: Remove hard wrap (#19413)
* Tests: Adds throwUnhandledRejections to jest setup
(#19398)
* DataLinks: suggestions menu improvements (#19396)
* Dev: Sets `preserveSymlinks` to `false` in top-level
tsconfig (#19395)
* Build: fixed signing script issue with circle-ci (#19397)
* Docs: Update readme with info about ongoing migration
(#19362)
* PanelData: Adds timeRange prop to PanelData (#19361)
* Docs: Update Playlist.md (#19382)
* Update documentation-style-guide.md (#19389)
* Build: Fix correct sort order of merged pr's in cherrypick
task (#19379)
* dependencies: Update yarn.lock (#19377)
* ValueFormats: check for inf (#19376)
* Update UPGRADING_DEPENDENCIES.md (#19386)
* Update ROADMAP.md (#19384)
* Update SUPPORT.md (#19383)
* Update ISSUE_TRIAGE.md (#19280)
* Update datasource_permissions.md (#19336)
* MySQL: Limit datasource error details returned from the
backend (#19373)
* MySQL, Postgres: Update raw sql when query builder updates
(#19209)
* MySQL, Postgres, MSSQL: Fix validating query with template
variables in alert (#19237)
* Explore: Do not send explicit maxDataPoints for logs.
(#19235)
* grafana/ui: Add Timezone picker (#19364)
* Heatmap: use DataFrame rather than LegacyResponseData
(#19026)
* Explore: Refactor mode selection (#19356)
* Dashboard: Fix export for sharing when panels use default
data source (#19315)
* Azure Monitor: Revert support for cross resource queries
(#19115)' (#19346)
* grafana/ui: Add electrical units mAh and kAh (#19314)
* grafana/ui: Add Indian Rupee (INR) to currencies (#19201)
* Chore: Bump typescript to version 3.6.3 (#19308)
* Explore: Refactor live tail controls (#19328)
* Docs: Documentation for return-to-dashboard feature
(#19198)
* Select: Set placeholder color (#19309)
* Keybindings: Improve esc / exit / blur logic (#19320)
* Plugins: Skips existence of module.js for renderer plugins
(#19318)
* Explore: Fix unsubscribing from Loki websocket (#19263)
* Release: update latest.json (#19312)
* Docs: Uppercase HTTP acronyms (#19317)
* Multi-LDAP: Do not fail-fast on invalid credentials
(#19261)
* DataLinks: Small UX improvements to DataLinksInput
(#19313)
* Alerting: Prevents creating alerts from unsupported
queries (#19250)
* Chore: Update Slate to 0.47.8 (#19197)
* Chore: Upgrades react-redux to version 7.1.1 (#19272)
* Docs: Update documentation-style-guide.md (#19292)
* Admin/user: fix textarea postion in 'Pending Invites' to
avoid page scrolling (#19288)
* Changelog update for 6.3.6
* Revert 'Changelog update for 6.3.6'
* Changelog update for 6.3.6
* Build: Split up task in the CI pipeline to ease running
outside circleci (#18861)
* Build: Scanning grafana master docker image with trivy in
ci (#19195)
* Dashboard: Hides alpha icon for visualization that is not
in alpha/beta stage #19300
* Update changelog task to generate toolkit changelog too
(#19262)
* QueryEditor: Clean-up interface to only have one PanelData
(#19249)
* Docs: Add style rule for Git (#19277)
* Docs: Update CONTRIBUTING.md (#19273)
* Docs: Add glossary (#19148)
* Docs: Add style guide for docs (#19190)
* Vector: remove toJSON() from interface (#19254)
* MySQL, Postgres, MSSQL: Only debug log when in development
(#19239)
* Graphite: Changed range expansion from 1m to 1s (#19246)
* AlertBox: Merged Alertbox into Alert (#19212)
* Explore: live tail UI fixes and improvements (#19187)
* Docs: Update theming docs (#19248)
* grafana/toolkit: Fix toolkit not building @grafana/toolkit
(#19253)
* CloudWatch: ContainerInsights metrics support (#18971)
* Alerting: Truncate PagerDuty summary when greater than
1024 characters (#18730)
* grafana/toolkit: Add plugin scaffolding (#19207)
* Snapshots: store DataFrameDTO instead of MutableDataFrame
in snapshot data (#19247)
* Revert 'Graphite: Changed range expansion from 1m to 1s,
#11472'
* Graphite: Changed range expansion from 1m to 1s, #11472
* Fix docs issues (#19240)
* Docs: Minor edits to the README and several md files
(#19238)
* LDAP: Show non-matched groups returned from LDAP (#19208)
* plugins: expose whole rxjs to plugins (#19226)
* SQL: Rewrite statistics query (#19178)
* CI: Update frontend ci metrics for strict null checks
* grafana/ui: Add disabled prop on LinkButton (#19192)
* Cloudwatch: Fix autocomplete for Gamelift dimensions
(#19145) (#19146)
* Backend: Remove redundant condition of `ROLE_VIEWER`
(#19211)
* FieldDisplay: Update title variable syntax (#19217)
* Docs: Note when using For and No Data in alert rule
(#19185)
* Docker: Upgrade packages to resolve reported
vulnerabilities (#19188)
* MSSQL: Revert usage of new connectionstring format
(#19203)
* Prometheus: datasource config with custom parameters
string (#19121)
* Contributing: Add guidelines for contributing docs
(#19108)
* LDAP debug page: deduplicate errors (#19168)
* Menu: fix menu button in the mobile view (#19191)
* Dashboard: Fixes back button styles in kiosk mode (#19165)
* API: adds redirect helper to simplify http redirects
(#19180)
* docs: image rendering (#19183)
* Chore: Update latest.json (#19177)
* Chore: Update version to next (#19169)
* Docs: What's new in 6.4 update (#19175)
* Devenv: create slow_proxy_mac (#19174)
* Chore: Changelog for v6.4.0-beta1 (#19171)
* Revert 'Chore: Update Slate to 0.47.8 (#18412)' (#19167)
* Chore: Update Slate to 0.47.8 (#18412)
* Changelog: Breaking changes and deprecation notes for v6.4
(#19164)
* Docs: What's new 6.4 draft (#19144)
* Docs: Add docs around feature toggles config (#19162)
* Azure Monitor: Add support for cross resource queries
(#19115)
* Api: Readonly datasources should not be created via the
API (#19006)
* Explore: Update live tail buttons (#19143)
* LDAP: only show tab if LDAP is enabled (#19156)
* TimePicker: Fixes onBlur issue with FireFox on MacOS
(#19154)
* Feature: Encapsulated dynamic imports with error boundary
and suspense (#19128)
* Metrics: Adds setting for turning off total stats metrics
(#19142)
* Add directions for more details provided when not anymore
on issue triage (#19116)
* grafana/data: Reorganise code (#19136)
* Login: fix Footer to be visible (#19147)
* Chore: fix prettier error after github suggestions commit
(#19150)
* Alerts: show a warning/error if transformations are
configured (#19027)
* Explore: No logs should show an empty graph (#19132)
* Ldap: Add LDAP debug page (#18759)
* Elasticsearch: allow templating queries to order by
doc_count (#18870)
* Chore: cross-package security bumps (#19131)
* Close the connection only if we establish it. (#18897)
* Fix: Fixes crash using back button with zoomed graph
(#19122)
* Routing: Update routing to require sign in on every route
(#19118)
* Graph: constant series as override (#19102)
* Login: fix login page failing when navigating from reset
password views (#19124)
* DataFrame: Fixes to dealing with empty results (#19119)
* Explore: calculate intervals when building data source
request (#19107)
* Graph: Adds onHorizontalRegionSelected (#19083)
* Loki: Updated cheat sheet with new filter syntax (#18947)
* grafana/toolkit: Find module files correctly and add basic
error tracing (#19089)
* Templating: Clicking Selected should deselect all if 1 or
more are already selected (#19104)
* NotificationChannels: Add delete button to edit page
(#19103)
* Dashboard: Fix arrow positioning in button while in panel
edit mode (#19084)
* Update _index.md (#19045)
* CLI: Fix installing plugins on windows (#19061)
* LDAP: Allow an user to be synchronised against LDAP
(#18976)
* Docs: Adds a requirements page (#18917)
* DataLinks: enable access to labels & field names (#18918)
* Singlestat: fix format messes up on negative values if
select duratio… (#19044)
* Explore: Move throttling before processing (#19095)
* Prometheus: Fix response states (#19092)
* Explore: Fix how log bars in graph are stacking (#19015)
* Explore: Add throttling when doing live queries (#19085)
* Stackdriver: Add extra alignment period options (#18909)
* QueryProcessing: Added missing error event for angular
editors (#19059)
* Explore: Fixes issue with lastResult being null (#19081)
* GraphPanel: don't listen to legacy onDataReceived events
(#19054)
* QueryProcessing: Fixes showing last result in initial
loading state (#19057)
* toolkit: fix master build, avoid null check (#19055)
* Auth: Allow inviting existing users when login form is
disabled (#19048)
* MSSQL: Fix memory leak when debug enabled (#19049)
* Update CONTRIBUTING.md (#19051)
* Update README.md (#19047)
* toolkit: pipe execa output to console.stdout (#19052)
* QueryProcessing: Observable query interface and RxJS for
query & stream processing (#18899)
* Fix exit live mode icon: change back to Stop. (#19043)
* Loki: Fix vertical alignment issue in label selector
(#18943)
* Fix: Align buttons and label in ToggleButtonGroup (#19036)
* toolkit: run make for backend plugins (#19029)
* Explore: Fix auto completion on label values for Loki
(#18988)
* TimeSeries: Replace fieldName with fieldIndex (#19030)
* DataLinksInput - change the way enter key is handled
(#18985)
* TimeSeries: Add data frame index and field name (#19005)
* Packages: update versioning and release process (#18195)
* API: Add `updatedAt` to api/users/:id (#19004)
* PageContent: fix logic in Page.Contents (#19002)
* Calcs: Fixed calc reducer (#18998)
* AlphaNotice: replaced big popover tooltip with native
tooltip (#18997)
* grafana/ui: Add Time of day picker (#18894)
* QueryOptions: update maxDataPoints text and show any value
that is configured (#18761)
* Piechart: fix unit selector when scrolling is required
(#18932)
* Refactor: Move sql_engine to sub package of tsdb (#18991)
* Refactor: move ScopedVars to grafana/data (#18992)
* Units: Adding T,P,E,Z,and Y bytes (#18706)
* Image rendering: Add deprecation warning when PhantomJS is
used for rendering images (#18933)
* Singlestat: render lines on the panel when sparklines are
enabled (#18984)
* Explore: Unify background color for fresh logs (#18973)
* Annotations: Add annotations support to Loki (#18949)
* TimeSeries: datasources with labels should export tags
(not labels) (#18977)
* Explore: UX/UI improvements for pausing and resuming of
live tailing (#18931)
* Annotations: Fix query editor rendering on datasource
change (#18945)
* Bump lodash-es from 4.17.11 to 4.17.15 (#18963)
* Bump fstream from 1.0.11 to 1.0.12 (#18962)
* Bump mixin-deep from 1.3.1 to 1.3.2 (#18960)
* Bump lodash.template from 4.4.0 to 4.5.0 (#18961)
* Alerting: fix response popover prompt when add
notification channels (#18967)
* Build: Fix potential case-insensitive import collision for
github.com/Unknwon/com (#18915)
* MixedDataSource: refactor, cleanup, and add tests (#18948)
* Bump lodash.mergewith from 4.6.1 to 4.6.2 (#18959)
* Units: Add electrical charge - ampere-hour unit
* Transformers: configure result transformations after
query(alpha) (#18740)
* grafana/toolkit: Add default mock for stylesheet imports
for Jest (#18955)
* grafana/toolkit: Improve readme (#18747)
* Docs: Add PR review practices link (#18937)
* Build: Allow extending of LDFLAGS in build.go (#18954)
* Build: Support SOURCE_DATE_EPOCH for reproducible builds
(#18953)
* LDAP: Fetch teams in debug view (#18951)
* Dashboard: Fixes dashboard overwriting behavior (#18944)
* Grafana: Create new playlist/dashboard/channel card is not
visible when there are no items in the list (#18890)
* Storybsck: fix type error (#18934)
* Sass: changed color in gradient in template files to lower
case (#18921)
* Notification is sent when state changes from no_data to ok
(#18920)
* SASS: Add pointer events none to .disabled class (#18919)
* Explore: Adds ability to save a panel's query from Explore
(#17982)
* Loki: support loki with streaming in dashboards (#18709)
* UserProfile: convert user organizations section to react
(#18707)
* Annotations: Check that timeEnd if defined before
comparing to avoid false truthiness (#18903)
* Sass: Align generated file with tmpl (#18896)
* LDAP: Add API endpoint to query the LDAP server(s) status
(#18868)
* Add South African Rand (ZAR) to currencies (#18893)
* Annotations: check if the name exists before creating a
new annotation (#18880)
* ErrorHandling: Error boundary for every container (#18845)
* Precommit: Fixed precommit task issue (#18883)
* Docs: Quick typo fix in readme (#18874)
* CI: no longer using grafana-master... package. (#18884)
* Styles: fixed gradient in logo so it doesn't go outside
the logo and get a defined start and end color, changed
brand gradient to be the same as in logo, created new
variable for vertical gradient (#18882)
* Webpack: Fix accidental double typechecking (#18881)
* Explore: elastic small fixes (#18879)
* Explore: Add typings for queryTransaction.request (#18847)
* LDAP: Add API endpoint to debug user mapping from LDAP
(#18833)
* PanelQueryState: restore comment
* grafana/toolkit: fix common webpack config (#18862)
* Explore: Use DataFrame to derive graph/table/logs (#18859)
* Updated is time series test
* Fixed unit test
* alerting: add lock on job to prevent a race condition
(#18218)
* Reworked ResultProcessor tests
* Explore: everything seems to be working again
* WIP: Use data frames in explore
* Explore: Allow pausing and resuming of live tailing
(#18836)
* CI: stop deployment to s3 (#18831)
* Performance/Webpack: Introduces more aggressive
code-splitting and other perf improvements (#18544)
* Explore: Introduces PanelData to ExploreItemState (#18804)
* Core: Adding DashboardPicker component (#18811)
* Git: Precomit hook slimmed down
* DataSourceSettings: Fixed issue changing data source name,
fixes #18660 (#18826)
* Prometheus: Fixed Prometheus query editor error (plus new
ErrorBoundaryAlert component) (#18838)
* Explore: Style panel containers (#18834)
* Snapshot: Fix http api (#18830)
* Open new window when exploring panel metrics (#18802)
* Release: update latest.json
* Docs: Update changelog with v6.3.5 issues (#18827)
* Build: Update ua-parser/uap-go (#18788)
* Build: Use the latest build container which has go 1.12.9
(#18807)
* DataFrame: split DataFrameHelper into MutableDataFrame
and FieldCache (#18795)
* MixedDatasource: don't filter hidden queries before
sending to datasources (#18814)
* Enterprise: add dependencies for upcoming features
(#18793)
* Editor: Fixes issue where only entire lines were being
copied (#18806)
* Explore: Fixed query status issue (#18791)
* DashboardMigrator: Fixed issue migrating incomplete panel
link models (#18786)
* Explore: Fixes query hint issues (#18803)
* Build: Optional skipping of typescript checking in dev
bundler (#18772)
* Docs: Improve API tutorial intro content and readability
(#18762)
* Panels: Destroy panel model when recreating repeated
panels (#18799)
* Singlestat: Various fixes to singlestat and DataFrame
(#18783)
* Explore: Fixed issue in PanelQuery state arround
cancellation (#18771)
* Going to Explore from a panel with mixed data sources now
works (#18784)
* Changelog update (#18780)
* Explore: Add memoization and remove unused props (#18775)
* Prometheus: Changes brace-insertion behavior to be less
annoying (#18698)
* Datasource: Support min time interval input in ms (#18719)
* Explore: Use PanelQueryState to handle querying (#18694)
* Chore: Improve err message for notifications (#18757)
* @grafana/toolkit: add package versions to the ci report
(#18751)
* @grafana/data: Matchers and Transforms (#16756)
* Docs: Document LDAP config reload in admin http api
(#18739)
* center NoDataSourceCallToActionCard in Explore (#18752)
* DataLinks: enable data links in Gauge, BarGauge and
SingleStat2 panel (#18605)
* DashboardDatasource: reuse query results within a
dashboard (#16660)
* Plugins: show a clear error on the plugin page when it
failed to load (#18733)
* Chore: Use ruleId instead of alertId as log keyword
(#18738)
* @grafana/data: improve the CircularVector api (#18716)
* QueryEditor: check if optional func toggleEditorMode is
provided (#18705)
* Emails: remove the yarn.lock (#18724)
* OAuth: Support JMES path lookup when retrieving user email
(#14683)
* Emails: resurrect template notification (#18686)
* Email: add reply-to and direct attachment (#18715)
* Dashboard: Adds Logs Panel (alpha) as visualization option
for Dashboards (#18641)
* Heatmap: Add Cividis and Turbo color schemes (#18710)
* Units: add counts/sec (cps) and counts/min (cpm) in
Throughput (#18702)
* Dev Docker: Use golang:1.12.9-alpine to prevent glibc
mismatch. (#18701)
* Docs: Fix broken link for the Grafana on RHEL or Ubuntu
tutorial (#18697)
* Fixes several usability issues with QueryField component
(#18681)
* convert teams section of user profile to react (#18633)
* Singlestat/Gauge/BarGauge: Improvements to decimals logic
and added test dashboard (#18676)
* Emails: Change text (#18683)
* Streaming: improve JSDocs for DataSourceAPI streaming
support (#18672)
* TimeSrv: Enable value time windowing in TimeSrv (#18636)
* Explore: Fixes so Show context shows results again
(#18675)
* Graph: Updated y-axis ticks test dashboard (#18677)
* Add typings to package.json in packages (#18640)
* Plugins: better warning when plugins fail to load (#18671)
* SingleStat2: save options to defaults not override
(#18666)
* Packages: Fix path import from grafana/data (#18667)
* SingleStat: use DataFrame results rather than
TimeSeries/TableData (#18580)
* TestData: attach labels to series results (#18653)
* Singlestat: Disable new singlestat gauge usage (#18610)
* Explore: Fixes query field layout in splitted view for
Safari browsers (#18654)
* MSI: new long file names are causing error building MSI
(#18646)
* Auth: change the error HTTP status codes (#18584)
* Refactor: EmptyListCTA (#18516)
* Build: Upgrade to go 1.12.9 (#18638)
* Chore: Revert React 16.9.0 bump (#18634)
* Azure Monitor and Log Analytics converted and separated
into components (#18259)
* Rewrite user profile edit to react (#17917)
* Docs: remove codecov badge (#18623)
* Prometheus: Prevents panel editor crash when switching to
Prometheus datasource (#18616)
* Chore: Rename Popper to Popover (#18543)
* SingleStat: add a gauge migration call to action button in
the editor (#18604)
* Build: update revive dependency (#18585)
* LDAP: multildap + ldap integration (#18588)
* Docker: switch docker image to alpine base with phantomjs
support (#18468)
* Backend: Adds support for HTTP/2 (#18358)
* Explore: Fixes error when switching from prometheus to
loki data sources (#18599)
* TimePicker: Set time to to 23:59:59 when setting To time
using calendar (#18595)
* Prometheus: Return labels in query results (#18535)
* Docs: Update changelog and docs for annotation region
change (#18593)
* Refactor: move KeyValue and deprecation warning to
@grafana/data (#18582)
* Annotations: use a single row to represent a region
(#17673)
* Docs: Update upgrading guide (#18547)
* Docs: Adds tests requirement to bugs checklist (#18576)
* DataFrame: convert from row based to a columnar value
format (#18391)
* Packages: Temporarily skip canary releases if packages
build fail (#18577)
* Update latest.json to latest stable version (#18575)
* Docs: Update changelog for v6.3.3 (#18569)
* Graph: Fixed issue clicking on series line icon (#18563)
* grafana/toolkit: Unpublish previous 'next' version when
releasing a new one (#18552)
* Toolkit: write PR report to a folder with the circle build
number (#18560)
* CI: Fail build if yarn.lock is not up to date (#18555)
* Chore: Updates react-dependant packages to address react
warnings (#18549)
* Prometheus: Fix regression of rerunning query on
legend/interval change (#18147)
* Explore/Prometheus: More consistently allows for
multi-line queries (#18362)
* Login: Fixes undefined redirect (#18545)
* Plugins: expose react-redux, redux (#18501)
* TimeSeries: assume values are all numbers (#18540)
* Login: Angular to React (#18116)
* InfoTooltip: Info icon with tooltip (#18478)
* Annotations: Fix failing annotation query when time series
query is cancelled (#18532)
* remotecache: support SSL with redis (#18511)
* QueryData: Handle that response data must be array
(#18504)
* React: Rename deprecated UNSAFE_componentWillReceiveProps
(#18526)
* Explore: Replaces TimeSeries with GraphSeriesXY (#18475)
* API: Restrict anonymous user information access (#18422)
* Fix: failing build after React bump (#18514)
* strictNullChecks: First batch (#18390)
* Chore: bump React to 16.9.0 (#18502)
* Docs: Adds a new security section (#18508)
* Docs: Update issue triage doc with external PRs section
(#18464)
* Typo: fix typo in processDataFrame.ts comment (#18492)
* Explore: Fix loading error for empty queries (#18488)
* Fix: Fixes stripping of $d in Explore urls (#18480)
* grafana/ui: fix toTimeTicks error (#18448)
* Docs: Adds details to Pull Request Checklist (#18471)
* DataLinks: respect timezone when displaying datapoint's
timestamp in graph context menu (#18461)
* Chore: strictNullChecks, ColoringEditor and
time_region_manager (#18442)
* Backend: Do not set SameSite cookie attribute if
cookie_samesite is none (#18462)
* DataLinks: Apply scoped variables correctly (#18454)
* DataLinks: Use datapoint timestamp correctly when
interpolating variables (#18459)
* API: Minor fix for team creation endpoint when using API
key (#18252)
* Login: Adjust space between skip and its icon (#18407)
* Docs: Update Auth Proxy documentation (#18444)
* Docs: Minor Readme update (#18438)
* OAuth: return GitLab groups as a part of user info (enable
team sync) (#18388)
* Fix: Avoid glob of single-value array variables (#18420)
* DataLinks: Enable multiple data links per panel (#18434)
* Markdown: Handle undefined/null strings (#18433)
* Docs: Update changelog and latest with 6.3.1 and 6.3.2
releases (#18437)
* Explore: Fixes Legend overflow in splitted view (#18396)
* Docs: changelog for docker 6.3 (#18429)
* Panels: Fixed crashing dashboards with panel links
(#18430)
* DataFrame: remove dateFormat (#18424)
* backend: null.Float NaN -> null for json marshal (#18284)
* Frontend: adds folder name in home dash choose menu
(#18346)
* TestData: Query variable support (nested + glob queries)
(#18413)
* Update latest.json (#18417)
* Changelog 6.3.0 (#18414)
* PanelLinks: Fix render issue when there is no panel
description (#18408)
* e2e tests: Make pageObjects mandatory (#18406)
* Documentation: document the 'Mixed' Data Source (#18398)
* Explore: Moves GraphSeriesXY and DisplayValue to
grafana/data (#18400)
* Explore: Fixes incorrect handling of utc in timeEpic
(#18386)
* Postgres: Add support for scram sha 256 authentication
(#18397)
* Update behind_proxy.md with linkback to nginx.com (#18150)
* Do not set SameSite for OAuth cookie if cookie_samesite is
None (#18392)
* Gauge/BarGauge: Rewrite of how migrations are applied
(#18375)
* MSSQL: Change connectionstring to URL format to fix using
passwords with semicolon (#18384)
* CloudWatch: Fix alerting for queries with Id (using
GetMetricData) (#17899)
* Chore: Update strictNullChecks error limit (#18387)
* Chore: Fixes some strict errors (#18381)
* Graph: Improved graph tick decimals logic arround
significant digits (#18370)
* CI: Added metric to track strict null erros (#18379)
* Auth: Do not search for the user twice (#18366)
* grafana/toolkit: improve CI task (#18189)
* Alerting: Also include configured AlertRuleTags in
Webhooks (#18233)
* Loki: Apply start parameter to speed up test query
(#18266)
* Docs: Changelog 6.3.0 beta4 (#18359)
* Select: Fixes issue where ToggleButtonGroup overlapped
DataSourcePicker in Firefox (#18361)
* SignIn: Update redirect on reroute (#18360)
* Gauge/BarGauge: Support decimals for min/max
toFloatOrUndefined (#18368)
* FieldDisplay: Return field defaults when there are no data
(#18357)
* Auth: introduce more tests for middleware module (#18365)
* Docs: updated latest.json (#18363)
* LDAP: nitpicks (#18309)
* Docs: mention unsupported versions of PostgreSQL (#18307)
* Navigation: Fixed double settings menus (#18349)
* Build: allow bash to expand the wildcard (#18354)
* Gauges: Fixes error when mappings array was undefined
(#18353)
* Frontend: Fixes progress tracker close button to use
`$link-hover-color` (#18352)
* Frontend: Fixes hard-coded font-weight properties to use
variables (#18350)
* LDAP: Align ldap example with the devenv testdata (#18343)
* Auth: consistently return same basic auth errors (#18310)
* cli: fix for recognizing when in dev mode. (#18334)
* QueryEditors: Fixes flakey text edit mode toggle (#18335)
* Refactor: use data rather than series in stream
callback(#18126)
* Keybindings: Disable on login url (#18331)
* Fix failing end to end tests job for release (#18323)
* Fix OAuth error due to SameSite cookie policy (#18332)
* Chore: noImplictAny no errors left (#18303)
* [Shortcuts] Fixes shortcuts for moving time range
backwards and forwards (#18305)
* TablePanel: Remove scroll option on TablePanel (#18318)
* Keyboard Shortcuts: Sign in to enable them (#18271)
* GitHub Templates: Pull Request Template update (#18300)
* Auth Proxy: Include additional headers as part of the
cache key (#18298)
* grafana/toolkit: support windows paths (#18306)
* Chore: noImplicitAny Sub 500 errors (#18287)
* Plugins: return a promise for loadPluginCss (#18273)
* Utils: avoid calling console.warn() too often for
deprecation warnings (#18269)
* CLI: Allow installing custom binary plugins (#17551)
* Docs: Update link to example app (#18253)
* GettingStarted: Skip Query for getting started (#18268)
* v6.3.0-beta2 is latest testing (#18283)
* Release: Changelog update with v6.3.0-beta2 (#18281)
* Chore: Upgrades typescript to version 3.5 (#18263)
* docs: team sync (#18239)
* SAML: Only show SAML login button on Enterprise version
(#18270)
* Permissions: Show plugins in nav for non admin users but
hide plugin configuration (#18234)
* CI: Change target branch in CI task trigger-docs-update
(#18255)
* Plugins: Include build number and PR in metadata (#18260)
* Run End-to-End tests for release builds (#18211)
* DataLinks: Fixed interpolation of series name, fixes
#18250 (#18251)
* Timerange: Fixes a bug where custom time ranges didn't
respect UTC (#18248)
* Loki: Remove prefetching of default label values (#18213)
* Build: fix use of env vars in parentheses execs (#18249)
* TimePicker: Increase max height of quick range dropdown
(#18247)
* TimePicker: Fixed css issue casued by CSS Optimizer
(#18244)
* Revert 'Timerange: Fixes a bug where custom time ranges
didn't respect UTC (#18217)' (#18246)
* Timerange: Fixes a bug where custom time ranges didn't
respect UTC (#18217)
* LDAP: improve POSIX support (#18235)
* Instrumentation: Add failed notifications metric (#18089)
* Docs: update links to sample plugins (#18240)
* Build: Removed webpack from default grunt task, fixes
#18232 (#18242)
* Packages: update package.json files (#18173)
* Replaced ubuntu:latest with ubuntu:18.04; specific image
version to make grafana build images consistent (#18224)
* Build: correct verify script (#18236)
* remote_cache: Fix redis connstr parsing (#18204)
* Auth: do not expose disabled user disabled status (#18229)
* Build: Introduce shellcheck (#18081)
* Docs: Update documentation with new SAML features (#18163)
* Typo: fix threshodsWithoutKey (#18228)
* alerting: more specific error when missing threshold
(#18221)
* Graph: fix time label description for datalink suggestions
(#18214)
* Explore: Reduce default time range to last hour (#18212)
* alerting: return err when SetAlertState fails to save to
sql (#18216)
* PhantomJS: Fixes rendering on Debian Buster (#18162)
* Docs: sudo is required on the apt-key add not on wget
(#18180)
* Build: watch and dev mode webpack improvements (#18153)
* Plugin: AzureMonitor - Reapply MetricNamespace support
(#17282)
* Refactor: move end-to-end test infrastructure to
@grafana/toolkit (#18012)
* SAML: add auth provider label (#18197)
* Plugins: avoid app importDashboards() NPE (#18128)
* Plugins: fix previous commit, output 'build' property in
json
* SAML: add metrics (#18194)
* Plugins: add build info to plugin metadata (#18164)
* datasource: testdata - add predicatable csv wave scenario
(#18183)
* Docs: SAML idp_metadata_url option (#18181)
* Panel: Show error in edit mode (#18175)
* E2E: saving a dashboard should wait for success (#18171)
* @grafana/toolkit: integrate latest improvements (#18168)
* Build: change definition of the vars in makefile (#18151)
* noImplicitAny: Down approx 200 errors (#18143)
* datasource: testdata - add predictable pulse scenario
(#18142)
* Minor 6.3.0 beta1 changes (#18048)
* Docs: SAML (#18069)
* Docs: prioritize use of `make run` to `bra` (#18154)
* Fix provision alerts generation script (#18145)
* SQLStore: use bscl pointer instead of string (#18111)
* Registry: add a reusable function registry (#17047)
* grafana/toolkit: test improvements and show stats (#18137,
#18138)
* Metrics: use consistent naming for exported variables
(#18134)
* Build: copy .browserslistrc to node build container
(#18141)
* @grafana/toolkit: HtmlWebpackPlugin when in watch mode
(#18130)
* update yarn.lock (#18125)
* grafana/toolkit: prettier and lint fix in dev mode
(#18131)
* Chore: Fix about 200 noImplicitAny errors (#18067)
* Build: allow dynamically change docker image (#18112)
* grafana/toolkit: update the way config is being passed to
jest cli (#18115)
* Build: detect changes to packages based on the git diff
(#18118)
* Build: Release packages under next tag when changes
detected on master (#18062)
* SQLStore: allow to look for `is_disabled` flag (#18032)
* Metrics: add LDAP active sync summary metric (#18079)
* Docs: correct issue_triage.md texts
* ValuMapping: start with some values (#18092)
* Docs: Simplify download links & instructions and make
download link clearer (#18090)
* FieldDisplay: move threshold and mapping to Field (#17043)
* InfluxDB: Enable interpolation within ad-hoc filter values
for InfluxDB data source (#18077)
* Docs: Move data links down (#18072)
* grafana/toolkit: improve CircleCI integration (#18071)
* Build: consistently reference go binary (#18059)
* devenv: Fix typo in nginix docker for mac (#18068)
* noImplicitAny: 1670 errors (#18035)
* Add missing pull requests to Changelog (#18061)
* provisioning: escape literal '$' with '$$' to avoid
interpolation (#18045)
* grafana/toolkit: improve CircleCI stubs (#17995)
* Docs: clarify the ttl units (#18039)
* Update docs readme for running MySQL/Postgres tests
* Auth: Duplicate API Key Name Handle With Useful HTTP Code
(#17905)
* Chore: upgrade node-sass to 4.12.0 (#18052)
* API: Minor fix for nil pointer when trying to log error
during creating new dashboard via the API (#18003)
* Chore: update lodash (#18055)
* Update latest.json (#18043)
* Update Changelog (#18042)
* Chore: bump master version number to 6.4.0-pre
* Explore/Loki: Display live tailed logs in correct order
(#18031)
* Fix unused variable errors (#18030)
* Docs: First draft of whats new in 6.3 (#17962)
* Packages: create shared tsconfig.json (#18010)
* CLI: Fix encrypt-datasource-passwords fails with sql error
(#18014)
* LDAP: Adds bind before searching LDAP for non-login cases.
(#18023)
* Users: show badges for each auth provider (#17869)
* Loki: Don't use _ numerical separator (#18016)
* grafana-cli: allow installing plugins from a local zip
file (#18021)
* grafana/toolkit: Copy or extract static files (#18006)
* Packages: Use lerna for release orchestration (#17985)
* AnnoList: add alpha annotations list plugin (#17187)
* grafana/toolkit: Use babel-plugin-angularjs-annotate
(#18005)
* CSV Export: Timezone based on dashboard setting (#18002)
* LDAP: Adds back support for single bind. (#17999)
* Reducers: consistent result for first/last reducer
shortcut (#17911)
* SAML: Show SAML login button even if OAuth is disabled
(#17993)
* Fix: Break redirect loop if oauth_auto_login = true and
OAuth login fails (#17974)
* Refactor: fix range util imports (#17988)
* Refactor: move dom utils to @grafana/ui (#17976)
* Docs: Documents new features available with Loki data
source in Explore (#17984)
* Prometheus: added time range filter to series labels query
(#16851)
* Explore: Adds support for new loki 'start' and 'end'
params for labels endpoint (#17512)
* Chore: Removes custom debounce utility in favor of
lodash/debounce (#17977)
* Api: Fix auth tokens returning wrong seenAt value (#17980)
* Refactor: move more files to @grafana/data (#17972)
* @grafana/data: export dateMath and rangeUtil (#17971)
* Refactor: move some files to @grafana/data (#17952)
* noImplicitAny: Azure Monitor (#17966)
* grafana/toolkit: initial CI task and various small
improvements (#17914)
* First version of prettier checks in toolkit (#17964)
* LDAP: finishing touches (#17945)
* Graphite: Refactor lexer and parser (#17958)
* noImplicitAny: Datasource files, under 2500 (#17959)
* Auth: saml enabled check. (#17960)
* Auth: SAML login button. (#17932)
* grafana/toolkit: Add support for extensions styling
(#17938)
* Datasource: Refactor Graphite to class (#17942)
* SAML: Configuration defaults, examples and dependencies
(#17954)
* OAuth: deny login for disabled users (#17957)
* Build: Adds pre-commit check that fails if node versions
are not synced (#17820)
* Docs: minor ha-setup edit (#17950)
* Docs: Added very basic docs about revoking user sessions
(#17931)
* Docs: Updates documentation regarding logs integration in
Explore (#17896)
* noImplicitAnys: Fix InfluxDB type issues #17937)
* TimePicker: align position between dashboard and explore
(#17940)
* AzureMonitor: remove duplicate query logic on the frontend
(#17198)
* UserProfilePage: Fix team avatar urls #17866 (#17930)
* Explore: Introduces storage keys for last used data source
on per-orgId basis (#17934)
* Docs: added version notice to new ldap feature docs
(#17929)
* Explore: Restricts query text edit toggle to metrics mode
(#17921)
* grafana/runtime: Expose SystemJS from @grafana/runtime
(#17927)
* Templating: Correctly display __text in multi-values
variable after refresh (#17918)
* grafana/toolkit: bundle plugins with webpack (#17850)
* Explore: Adds orgId to URL for sharing purposes (#17895)
* grafana/toolkit: copy sass files (#17888)
* ChangePassword: Rewrite change password page to react
(#17811)
* AngularPanels: Fixed loading state indication for angular
panels (#17900)
* Explore: Adds support for toggling text edit mode in
explore (#17870)
* LDAP: Divide the requests (#17885)
* Build: fixes missing shebang in release tagging script.
(#17894)
* Teams: show proper label for each auth provider (#17860)
* Logging: Login and Logout logging actions (#17760)
(#17883)
* Loki: Adds comment explaining usage of RFC3339Nano string
(#17872)
* Explore: Query rows are now reset when changing data
sources (#17865)
* Codestyle: add guidelines for removing the m alias for
models (#17890)
* Docs: How to work with themes (#17876)
* Docs: Fix developing plugins index page (#17877)
* StatsPicker: Fix multiple value input layout etc. (#17827)
* Chore: Build grafana-cli when running bra run (#17788)
* Build: use golangci-lint as a make command (#17739)
* Explore:?Log highlights only update when user stops typing
(#17845)
* Loki: getHighlighterExpressionsFromQuery Returns null if
filter term is not quoted (#17852)
* Docs upgrading deps (#17657)
* Testing: Include BatchRevoke for all tokens in the fake.
(#17728)
* Refactor: rename SeriesData to DataFrame (#17854)
* devenv: switch OpenTSDB docker block (#17849)
* Devenv:LDAP: couple simplifications for LDAP (#17807)
* Login: divide login errors by pkg and service (#17835)
* Auth Proxy: Respect auto_sign_up setting (#17843)
* OAuth: return github teams as a part of user info (enable
team sync) (#17797)
* noImplicitAny: Sub 3000 errors (#17821)
* TimePicker: Style and responsive fixes, restored dashboard
settings (#17822)
* Templating: Correctly display __text in multi-values
variable (#17840)
* Elasticsearch: Fix default max concurrent shard requests
(#17770)
* Explore: Fix filter by series level in logs graph (#17798)
* Docs: Add v6.3 version notes and encryption format
information (#17825)
* Graphite: use POST for /metrics/find requests (#17814)
* Dashboard: Force update after dashboard resize (#17808)
* Toolkit: moved front end cli scripts to separate package
and introduced very early version of plugin tools
* Explore: Uses new TimePicker from Grafana/UI (#17793)
* Explore: Uses RFC3339Nano string to retrieve LogRow
contexts from Loki API (#17813)
* noImplicitAny: Lower count to about 3450 (#17799)
* Graphite: Fixes issue with seriesByTag & function with
variable param (#17795)
* noImplicitAny: Reduce errors to 3800-ish (#17781)
* Graphite: remove feature that moves alias function last
(#17791)
* Explore: Adds URL support for select mode (#17755)
* TestData: add option to increase the number of test
streams (#17789)
* Usage Stats: Update known datasource plugins (#17787)
* Docs: Adds section on Querying Logs for Elasticsearch
(#17730)
* Docs: Adds section on Querying Logs for InfluxDB (#17726)
* Devenv: makes the grafana users default for saml. (#17782)
* Explore: Displays only one Time column as configured in
TimeZone settings (#17775)
* Markdown: Replace rendering library (#17686)
* ApiKeys: Fix check for UTC timezone (#17776)
* Prometheus: Minor style fix (#17773)
* Docs: fixed notifications table
* Auth: Allow expiration of API keys (#17678)
* 17278 prometheus step align utc (#17477)
* Docs: Update release guide (#17759)
* release: update latest.json to v6.2.5 (#17767)
* release: 6.2.5 changelog (#17766)
* Fix typo s/Applicaiton/Application/ in error messages
(#17765)
* UserAdmin: UI for disabling users (#17333)
* API: get list of users with additional auth info (#17305)
* TimePicker: fixed minor issues with new timepicker
(#17756)
* Explore: Parses and updates TimeSrv in one place in
Explore (#17677)
* @grafana/ui: release (#17754)
* Password: Remove PasswordStrength (#17750)
* Devenv:SAML: devenv block with saml test app (#17733)
* LDAP:Docs: add information on LDAP sync feature and update
LDAP sync default (#17689)
* Graph: Add data links feature (click on graph) (#17267)
* Explore: Changes LogsContainer from a PureComponent to a
Component (#17741)
* Chore: Remove tether and tether drop dependency in
grafana/ui (#17745)
* noImplicitAny: time region manager etc. (#17729)
* Panel: Fully escape html in drilldown links (was only
sanitized before) (#17731)
* Alerting: Improve alert rule testing (#16286)
* Elasticsearch: Visualize logs in Explore (#17605)
* Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB
packages and config/homepath are now global flags (#17695)
* Add guidelines for SQL date comparisons (#17732)
* Docs: clarified usage of go get and go mod (#17637)
* Project: Issue triage doc improvement (#17709)
* Improvement: Grafana release process minor improvements
(#17661)
* TimePicker: New time picker dropdown & custom range UI
(#16811)
* RemoteCache: redis connection string parsing test (#17702)
* Fix link in pkg/README (#17714)
* Dashboard: Use Explore's Prometheus editor in dashboard
panel edit (#15364)
* Settings: Fix typo in defaults.ini (#17707)
* Project: Adds a security policy (#17698)
* Project: Adds support resource docs (#17699)
* Document issue triage process (#17669)
* noImplicitAny: slate (#17681)
* config: fix connstr for remote_cache (#17675)
* Explore: Improves performance of Logs element by limiting
re-rendering (#17685)
* Docs: Flag serve_from_sub_path as available in 6.3
(#17674)
* @grafana/runtime: expose config and loadPluginCss (#17655)
* noImplicitAny: Fix basic errors (#17668)
* Docs: Update readme to reference correct repo (#17666)
* LDAP: small improvements to various LDAP parts (#17662)
* Chore: Fix noImplicitAny issues (#17636)
* AddPanel: Fix issue when removing moved add panel widget
(#17659)
* TablePanel: fix annotations display (#17646)
* middleware: fix Strict-Transport-Security header (#17644)
* Build: add @grafana/data package (#17436)
* Update latest.json for 6.2.4
* Update latest.json for 6.2.3
* Update the changelog with v6.2.4 information
* Build: Updates node image for e2e job (#17632)
* Explore: Prometheus query errors now show (#17470)
* Chore: Lowered implicit anys limit to 4599 (#17631)
* noImplicitAny: SingleStat panel (#17616)
* Build: Update node image for test-frontend job step
(#17628)
* grafana-cli: Fix receiving flags via command line (#17617)
* Typescript: Removes implicit anys (#17625)
* Explore: Removes minus button in adhoc query field
(#17573)
* Correct 6.2.3 release date (#17624)
* codestyle: styleguide and arch for grafanas backend
(#17545)
* JsonTree: fix jsonTree angular binding (#17608)
* HTTPServer: Fix X-XSS-Protection header formatting
(#17620)
* Changelog: Add known issues for v6.2.3 (#17615)
* Update the changelog with v6.2.3 information (#17612)
* Refactor buttons (#17611)
* Tests: Replaces e2e tests truth screenshot (#17609)
* cli: grafana-cli should receive flags from the command
line (#17606)
* AppPlugin: Fix load legacy plugin app (#17574)
* Typescript: A batch of implicit any fixes (#17590)
* RefreshPicker: Handle empty intervals (#17585)
* Docker: Switch base to ubuntu:latest (#17066)
* SQLStore: extend `user.SearchUsers` method (#17514)
* Explore: Tag and Values for Influx are filtered by the
selected measurement (#17539)
* ldap: makes mocks available for testing. (#17576)
* Devenv: Add nginx proxy for mac (#17572)
* Graph: Added new fill gradient option (#17528)
* Typescript: Reduce implicit any errors (#17550)
* SinglestatPanel: Manages when getColorForValue() function
returns null value. Closes #9747 (#17552)
* LDAP: refactoring (#17479)
* Elasticsearch: Fix empty query request to send properly
(#17488)
* SinglestatPanel: fix min/max config in singlestat
sparklines (#17543)
* AuthProxy: Optimistic lock pattern for remote cache Set
(#17485)
* Explore: Includes context parameter when invoking
getExploreState() from Prometheus datasource (#17569)
* Tests: Replaces truth image (#17570)
* Fix: Fixes merge conflict (#17568)
* Build: Fix failing e2e tests and implicit any check
(#17567)
* Explore: Fixes implicit any error in
AdHocFilterField.test.tsx (#17565)
* Fix so that correct cache is provided to di registry
(#17566)
* Build: Upgrades to golang 1.12.6 (#17542)
* Explore: Adds ability to remove filter from
<AdHocFilterField /> key dropdown (#17553)
* codestyle: moves cache to infra (#17519)
* Docs feedback: installation/debian.md (#17563)
* Chore: Lowered implicit anys limit to 5131 (#17562)
* Influx: Reset logs query field on clear all and clear row
in explore (#17549)
* Devenv: Add telegraf with log parsing to influxdb docker
block (#17546)
* Explore: Runs query when measurement/field and pairs are
selected in logs mode for influx (#17523)
* Influx: Adds start page for logs in Explore (#17521)
* OAuth: Fix for wrong user token updated on OAuth refresh
in DS proxy (#17541)
* middleware: add security related HTTP(S) response headers
(#17522)
* Docs: Clarifies from which version the Patch VERB is
available (#17532)
* Chore: Hugo upgrade (#17494)
* Codestyle: Fix some goconst issues (#17530)
* Docs: Adds clarification to the provider name for
provisioned dashboards (#17524)
* Singlestat: Add y min/max config to singlestat sparklines
(#17527)
* Explore: Clear queries when switching between metrics and
logs (#17505)
* 16223 user auth token list and revoke (#17434)
* Feature: Parse user agent string in user auth token api
response (#16… (#17504)
* Tests: Adds better logging to e2e tests (#17511)
* Codestyle: Add typecheck and unused linters (#17491)
* Docs: Add CircleCI step trigger-docs-update (#17481)
* remote_cache: Fix redis (#17483)
* auth_proxy: non-negative cache TTL (#17495)
* Explore: Adds LogQueryField for InfluxDb (#17450)
* sqlstore: clean quota and user_auth_tokens when removing
users (#17487)
* Prometheus: Preallocate data for Prometheus backend
response parsing (#17490)
* Docs: Fix a typo in Elasticsearch docs (#17492)
* gtime: some code style refactoring (#17369)
* Build: make bra a local dependency (#17414)
* Add tests for multildap (#17358)
* RefreshPicker: SetInterval comments to rxjs code added
(#17404)
* metrics: expose stats about roles as metrics (#17469)
* Explore: Handle newlines in LogRow Highlighter (#17425)
* Alerting: Add tags to alert rules (#10989)
* Config: Add comment before log_queries in sample ini file
(#17462)
* CLI: Search perf test data (#17422)
* Prometheus: Use overridden panel range as $_range instead
of dashboard range (#17352)
* Update latest (#17456)
* NavModel: Fixed page header ui tabs issues for some admin
pages (#17444)
* Update changelog for 6.2.2 (#17452)
* PluginConfig: Fixed plugin config page navigation when
using subpath (#17364)
* Tracing: allow propagation with Zipkin headers (#17009)
* Perf: Fix slow dashboards ACL query (#17427)
* Explore: Fixes crash when parsing date math string with
whitespace (#17446)
* Cloudwatch: Add AWS DocDB metrics (#17241)
* Provisioning: Support folder that doesn't exist yet in
dashboard provisioning (#17407)
* Codestyle: Fix govet issues (#17178)
* @grafana/runtime: expose location update (#17428)
* Fix: Adds context to list of keys that are not part of
query (#17423)
* Prometheus: Correctly escape '|' literals in interpolated
PromQL variables (#16932)
* Explore: Makes it possible to use a different query field
per mode (#17395)
* DataSourceApi: remove ExploreDataSourceApi (#17424)
* Fix: change angular loader paths (#17421)
* Build: specify build flag for `docker-compose up` (#17411)
* Add a @grafana/runtime package with backendSrv interface
(#16533)
* Database: Initialize xorm with an empty schema for
postgres (#17357)
* docs: configuring custom headers in the dataproxy (#17367)
* Explore: Queries the datasource once per run query and
uses DataStreamObserver (#17263)
* Feature: Adds redux action logging toggle from url params
(#17368)
* Build: Adds e2e tests back to master workflow with better
error messages and with artifacts (#17374)
* Explore: Handle datasources with long names better in ds
picker (#17393)
* Annotations: Improve annotation option tooltips (#17384)
* InfluxDB: Fixes single quotes are not escaped (#17398)
* Chore: Bump axios to 0.19.0 (#17403)
* Alerting: golint fixes for alerting (#17246)
* Batch disable users (#17254)
* Chore: Remove unused properties in explore (#17359)
* MySQL/Postgres/MSSQL: Add parsing for day, weeks and year
intervals in macros (#13086)
* Security: Prevent csv formula injection attack (#17363)
* LDAP: remove unused function (#17351)
* Enterprise: remove gofakeit dep (#17344)
* Explore: Update time range before running queries (#17349)
* Build(package.json): improve npm commands (#17022)
* Chore: upgrade webpack analyser (#17340)
* NewDataSourcePage: Add Grafana Cloud link (#17324)
* CloudWatch: Avoid exception while accessing results
(#17283)
* Build: ignore absence of docker-compose (#17331)
* Build(makefile): improve error handling (#17281)
* adds auth example for the cli cherrypick task (#17307)
* docs: remove my email from docs examples (#17325)
* 16365 change clashing variable names (#17140)
* Frontend/SeriesData: Fix for convert SeriesData to Table
format (#17314)
* Frontend/utils: Import has only from lodash (#17311)
* Frontend/utils: Add missing type (#17312)
* update v6.2-beta1 changelog with missing pr (#17308)
* explore: don't parse log levels if provided by field or
label (#17180)
* HTTP Server: Serve Grafana with a custom URL path prefix
(#17048)
* update latest.json to latest stable version (#17306)
* release: v6.2.1 changelog update (#17303)
* Build: Removes e2e-tests from Grafana master workflow
(#17301)
* Build(devenv): correct the context issue (#17291)
* Build: Enables end-to-end tests in build-master workflow
(#17268)
* Gauge/BarGauge: font size improvements (#17292)
* Chore: Update jquery to 3.4.1 in grafana ui (#17295)
* CLI: Add command to migrate all datasources to use
encrypted password fields (#17118)
* Auth Proxy: Log any error in middleware (#17275)
* devenv: metricbeat and kibana for elasticsearch 7 block
(#17262)
* LDAP: reduce API and allow its extension (#17209)
* database: retry transaction if sqlite returns database is
locked error (#17276)
* Tech: Update jQuery to 3.4.1 (#17290)
* fix typo in basic_concepts.md (#17285)
* Feature: do dev environment via makefile (#17136)
* devenv: adds auth proxy load test (#17271)
* Table: various minor fixes (alpha panel) (#17258)
* Singlestat: fixes issue with value placement and line
wraps (#17249)
* Devenv: Update Graphite port in dev datasources (#17255)
* Chore: bump grafana-ui version (#17256)
* Release: Updated latest.json
* Auth: Logout disabled user (#17166)
* docs: fixes typo in provisioning docs (#17248)
* CloudWatch: Made region visible for AWS Cloudwatch
Expressions (#17243)
* Panel: Pass transparency prop down to React panels.
(#17235)
* Build: Fix filter for building msi during release (#17236)
* DataSourcePlugin: Avoid anuglar injector if only one
parameter (#17239)
* Alerting: Support for configuring content field for
Discord alert notifier (#17017)
* Explore: Update the way Loki retrieve log context (#17204)
* Docs: Fix grammar in docs (#17233)
* LDAP: consistently name the LDAP entities (#17203)
* Panels: Show Drilldown links in top-left corner of custom
React panels (#17142)
* Build: Fix final prompt for @grafana/ui npm publish
confirmation
* Docs: Updated versions selector
* Docs: Example for multiple LDAP servers (#17216)
* Release: Updated changelog
* Release: updated changelog with v6.2 entries (#17201)
* Search: removed old not working search shortcuts (#17226)
* azuremonitor: revert to clearing chained dropdowns
(#17212)
* Search: changed how search filter on current folder works
(#17219)
* AzureMonitor: docs for multiple subscriptions (#17194)
* Defer closing of files (#17213)
* Docs: Add guidelines for PR/commit messages (#17190)
* Users: Disable users removed from LDAP (#16820)
* docs: what's new in v6.2 fixes (#17193)
* DataSourceMeta: add an option to get hidden queries
(#17124)
* Panel: Apply option defaults on panel init and on save
model retrieval (#17174)
* BarGauge: Fix for negative min values (#17192)
* Azuremonitor: multiple subscription support for alerting
(#17195)
* AppPlugin: add types for jsonData (#17177)
* MSI: Generate sha256sum during MSI build process in
circleci (#17120)
* explore: fix null checks (#17191)
* Fix: Fixes so new data is pushed during live tailing
(#17189)
* testdata: logs scenario (#17182)
* testdata: scenarios returned are now sorted in a
consistent way (#17181)
* TablePanel: Check for table using keys (#17185)
* Fix gosimple issues (#17179)
* AppPlugin: add an init function (#17150)
* Fix: Changes WebSocket protocol to wss:// for https
(#17173)
* alerting: golint fixes for alert notifiers. (#17167)
* LDAP: add tests for initialBind (#17132)
* Explore: Adds Live option for supported datasources
(#17062)
* alerting: fix a bunch of lint issues. (#17128)
* chore: mocks plugin loader for DataSourceSettingsPage
tests (#17157)
* Release: Improved cherry pick task (#17087)
* Explore: Fix selection/copy of log lines (#17121)
* Explore: Fix empty space in toolbar on smaller devices
(#17110)
* Explore: display log line context (#17097)
* Plugins: expose rxjs matching 6.4.0 (#17148)
* Chore: fix codespell issue with build (#17144)
* Feature: LDAP refactoring (#16950)
* explore: fix issues when loading and both graph/table are
collapsed (#17113)
* explore: make sure datasource is added to target (#17116)
* Fix: tighten revive exit code & make it happy (#17127)
* GraphPanel: Don't sort series when legend table & sort
column is not visible (#17095)
* Chore: Update grafana-ui version to 6.2.0-alpha.0 (#17109)
* add support for periodically reloading mysql client certs
(#14892)
* Chore: Deduplicate sqlstore transaction code (#17069)
* Alertmanager: Replace illegal chars with underscore in
label names (#17002)
* Adjusted documentation for gcs to reflect the code
(#16947)
* fix: Initial url update in Explore should replace existing
url history #17030 (#17061)
* Explore: Allow switching between metrics and logs
(#16959)
* Chore: explore possibilities of using makefile (#17039)
* Chore: Bump jest to 24.8.0 (#17094)
* Chore: Bump ts-node to 8.1.0 (#17093)
* Release: Updated changelog
* backend: replace /pkg/errors with errutil (#17065)
* Explore: Fixes filtering in Prometheus queries when
clicking in Table (#17083)
* Remotecache: Avoid race condition in Set causing error on
insert. (#17082)
* Build: Support publishing MSI to grafana.com (#17073)
* InputDataSource: better empty value support (#17075)
* Panels: Fixed alert icon position in panel header (#17070)
* GraphPanel: use SeriesData directly (skip legacy
transformation) (#17037)
* Streaming: support streaming in MetricsPanelCtrl (#17034)
* Gauge: Fix switching orientation issue when switching from
BarGauge to Gauge (#17064)
* serverlock: run tests async should be more linear time
wise (#17059)
* InfoPopover: Fixes transclude undefined error (#17063)
* Dashboard: Fixes lazy loading & expanding collapsed rows
on mobile (#17055)
* fix: Azure Monitor adds missing closing div tag to query
editor (#17057)
* Chore: Use executable dir instead of pwd in CLI for isDev
check (#16974)
* Search: Set element height to 100% to avoid Chrome 74's
overflow (#17054)
* Docs: adds note about removing session storage (#17003)
* Chore: remove use of `== false` (#17036)
* Explore: use @grafana/ui legend (#17027)
* tech: avoid alias for importing models in alerting
(#17041)
* DataSourcePlugin: support custom tabs (#16859)
* Dashboard: Fixes scrolling issues for Edge browser
(#17033)
* SeriesData: remove color from Field (#17044)
* chore: remove x character in explore
* Dashboard: show refresh button in kiosk mode (#17032)
* Devenv: Updated gauge test dashboard
* Chore: reintroduce gosec (#17021)
* Gauge: tweaks to background color and height usage
(#17019)
* Feature: provide multildap server configuration (#16914)
* (feat/explore): Support for new LogQL filtering syntax
(#16674)
* fix(explore): Prevent double querying for Prometheus and
Loki (#17004)
* Chore: No implict any fixes (#17020)
* move log package to /infra (#17023)
* Chore: Lowered implicit anys limit to 5386
* Chore: Updated snapshot
* Select: Fixed isOpen issue
* Chore: Typescript no-implicit any fixes progress (#17018)
* GraphPanel: show results for all SeriesData (#16966)
* Fix: Wrap value of multi variable in array when coming
from URL (#16992)
* GettingStarted: add key and remove ng-class (#17007)
* explore: add some extra time for angular query editors to
update query (#16955)
* Explore: Align Explore with Dashboards and Panels (#16823)
* Explore: Fix empty result from datasource should render
logs container (#16999)
* Explore: Fixes zoom exception in Loki/Graph (#16991)
* PanelEditor: Fix queries tab now showing, wrong
skipDataQuery logic (#16994)
* DataSourceApi: convert interface to abstract class
(#16979)
* Panels: Fixed error panel tooltip (#16993)
* Docker: Prevent a permission denied error when writing
files to the default provisioning directory (#16831)
* Notification: attempt to send notifications to all given
email addresses (#16881)
* GettingStarted: convert to react panel plugin (#16985)
* Plugins: Remove dataFormats key and add skipDataQuery
(#16984)
* AlertList: removed icon
* MetricsPanelCtrl: use shared queryRunner to support query
execution (#16659)
* TableData: support name (#16983)
* Changelog: Typo guage -> gauge (#16982)
* TestData: stream via fetch (#16963)
* plugins: fix how datemath utils are exposed to plugins
(#16976)
* NewDataSource: Updated page header title
* fix(prometheus): issue with click label to filter for
recording rules in Explore
* Explore: Removes Promise.All from runQueries thunk
(#16957)
* Chore: Add prometheus basic auth proxy (#16882)
* Snapshot: use given key and deleteKey (#16876)
* DataSourcePlugins: more generics improvements (#16965)
* AddDataSource: Updated page design & categories (#16971)
* Templating: Support selecting all filtered values of
multi-value variable (#16873)
* Chore: Add Input stories (#16897)
* FieldDisplay: Don't use group ui elements in field editors
(#16953)
* GettingStarted: Fixes layout issues, fixes #16926 (#16941)
* PanelModel: Fix crash after window resize, fixes #16933
(#16942)
* Singlestat: fixed centering issue for very small panels
(#16944)
* Tests: Adds end-to-end tests skeleton and basic smoke test
scenario (#16901)
* Chore: Replaces moment with Grafanas DateTime (#16919)
* InfluxDB: Fix HTTP method should default to GET (#16949)
* Chore: Skip unnecessary checks on pre commit (#16946)
* http: remove dualstack since its deprecated (#16940)
* devenv: add slow reverse proxy (#16943)
* AppPlugin: Menu Edit Url Fix (#16934)
* DataSource Plugins: consistent generics order
<TQuery,TOptions> (#16936)
* Plugins: update beta notice style (#16928)
* Chore: update version number for 6.3 (#16927)
* Plugins: Support templated urls in routes (#16599)
* changelog: add 5.4.4 release
* docs: add download link to what's new in v6.2
* update changelog
* Update changelog for 6.2.0-beta1
* AzureMonitor: adds support for multiple subscriptions per
datasource (#16922)
* docs: what's new in v6.2 (#16909)
* Chore: ban importing from @grafana/ui in grafana ui files
(#16920)
* BarGauge: New multi series enabled gauge like panel with
horizontal and vertical layouts and 3 display modes
(#16918)
* alerting: no notification when going from nodata ->
pending (#16905)
* rpm: start grafana after mysqld process (#16917)
* Build: fix failing grafana/ui build (#16913)
* BarGauge: Updated test dashboards and threshold fix
(#16911)
* PanelModel: Clear queryRunner on destroy (#16906)
* Panels: No title will no longer make panel header take up
space (#16884)
* Elasticsearch: Fix pre-v7.0 and alerting error (#16904)
* Gauge: Better handling of gauge repeat title (#16886)
* Refactor: move datemath to grafana/ui (#16890)
* PanelQueryState: check for existing running query (#16894)
* devenv: add alert list panel (#16896)
* Security: Add new setting allow_embedding (#16853)
* build: fix integer overflow in pkg/tsdb tests on 32bit
platforms (#16818)
* Security: Responses from backend should not be cached
(#16848)
* Alert: Support variables in Alert List filters (#12583)
(#16892)
* Chore: Lowered implicit anys limit to 5617
* FieldDisplay: shared options model for singlestat panels
(#16703)
* Refactor: rename statsCalculator to fieldReducer (#16867)
* PanelModel: expose isInView property to PanelModel
(#16877)
* CSV: escape quotes in toCSV (#16874)
* Dashboard: Lazy load out of view panels (#15554)
* LDAP: Added reload endpoint for LDAP config (#15470)
* PluginsList: Removed icons and updated snapshots (#16872)
* Panels: Fixed issue with panel type change and data
updates (#16871)
* Chore: fix modes for non-executable files (#16864)
* DataSourceSettings: Minor fix for uncontrolled input
(#16863)
* Chore: Lowered implicit anys limit to 5623
* TestData: Add dashboards to testdata (#16855)
* Input Datasource: convert from angular config to react
ConfigEditor (#16856)
* DataSources: minor typescript cleanups and comments
(#16860)
* TestDataDatasource: Add config editor (#16861)
* App Plugins: support react pages and tabs (#16586)
* Add Windows MSI generation to build process (#16502)
* Datasources: add support for POST HTTP verb for InfluxDB
(#16690)
* Add pattern validation in configs (#16837)
* Search: Enable filtering dashboards in search by current
folder (#16790)
* FormLabel: allow any rather than just a string for tooltip
(#16841)
* prometheus: fix regression after adding support for
tracing headers (#16829)
* area/circleci: Speed up circleci build process for
branches and pr (#16778)
* DataProxy: Restore Set-Cookie header after proxy request
(#16838)
* docs: clarify page parameter version support for
folder/dashboard search (#16836)
* Chore: revise some of the gosec rules (#16713)
* Refactor: consistant plugin/meta usage (#16834)
* Explore: Use SeriesData format for loki/logs (#16793)
* Refactor: move NavModel to @grafana/ui (#16813)
* Auth: Enable retries and transaction for some db calls for
auth tokens (#16785)
* Provisioning: Show file path of provisioning file in
save/delete dialogs (#16706)
* Add tracing headers for prometheus datasource (#16724)
* Config: Fixes bug where timeouts for alerting was not
parsed correctly (#16784)
* build: removes gopkg files from dev docker file (#16817)
* Provisioning: Trying to fix failing test (#16800)
* Table: React table fix rotate support in storybsck
(#16816)
* TestData: add log level in dummy message (#16815)
* removes gopkg.lock from root folder
* Explore: Support user timezone (#16469)
* Plugins: rename vizPlugin to panelPlugin (#16802)
* Plugins: move app/feature/plugin properties into
PluginMeta (#16809)
* Plugins: move PanelPluginMeta to grafana/ui (#16804)
* Plugins: move datasource specific meta out of the main
meta type (#16803)
* updates changelog for 6.1.6
* Fix: Fetch histogram series from other api route (#16768)
* phantomjs: set web-security to true
* Chore: Lowered implicit anys limit to 5668
* build: restore postgres integration tests (#16801)
* docs: explain correct access control model of GCS buckets
(#16792)
* Chore: Fixed no implicit any Typescript errors (#16799)
* Feature: introduce LdapActiveSyncEnabled setting (#16787)
* Plugins: ReactPanelPlugin to VizPanelPlugin (#16779)
* UX: Improve Grafana usage for smaller screens (#16783)
* ThresholdEditor: Minor style fix for smaller screens
(#16791)
* Build: Use isolated modules for ts-jest (#16786)
* LDAP Refactoring to support syncronizing more than one
user at a time. (#16705)
* build: removes unused vendored files
* (fix/explore): remove vertical-align looks better for long
logs (#16736)
* Chore: bump jQuery to 3.4.0 in grafana/ui (#16781)
* Devenv: Updated home dashboard and added new influxdb test
dashboard
* Chore: Lowered implicit anys limit to 5946
* RefreshPicker: minor design update (#16774)
* Streaming: support streaming and a javascript test
datasource (#16729)
* GraphLegendEditor: use stats picker rather than switches
(#16759)
* Feature: add cron setting for the ldap settings (#16673)
* Build: Disables gosec until identified performance
problems (#16764)
* Chore: bump jQuery to 3.4.0 including prototype pollution
vulnerability fix (#16761)
* elasticsearch: add 7.x version support (#16646)
* Provisioning: Add API endpoint to reload provisioning
configs (#16579)
* Config: Show user-friendly error message instead of stack
trace (#16564)
* Chore: Lowered implicit anys limit to 5954
* Feature: Enable React based options editors for Datasource
plugins (#16748)
* sqlstore: use column name in order by (#16583)
* user friendly guide (#16743)
* Provisioning: Interpolate env vars in provisioning files
(#16499)
* admin: add more stats about roles (#16667)
* Feature: Migrate Legend components to grafana/ui (#16468)
* playlist: fix loading dashboards by tag (#16727)
* CloudWatch: Use default alias if there is no alias for
metrics (#16732)
* Provisioning: Support FolderUid in Dashboard Provisioning
Config (#16559)
* Refactor: Make SelectOptionItem a generic type to enable
select value typing (#16718)
* docs: fix upgrade instructions
* Chore: Small improvements to grafana-cli (#16670)
* Chore: Use x/xerrors instead of pkg/errors (#16668)
* Chore: a bit of spring cleaning (#16710)
* Fixes #15863 (#16684)
* Docs: Update notification services (#16657)
* PanelQueryRunner: add datasource name to queries (#16712)
* Chore: remove session storage references (#16445)
* Dashboard: Minor settings UI Update (#16669)
* Templating: Do not copy hide option (#16696)
* Docs: Fix advanced variable formatting examples (#16691)
* QueryEditors: pass PanelData and filtered PanelData to
each editor (#16692)
* Chore: remove extra logging (#16688)
* DashboardSrv: export getDashboardSrv to react (#16687)
* Refactor: split PanelQueryRunner into runner and state
(#16685)
* Docs: Googlechat provisioning config example (#16682)
* TestDataDatasource: add the query refId to each result
* AppPlugin: avoid app plugin navigation slowness (#16675)
* Refactor: improvements to PanelQueryRunner (#16678)
* Refactor: move getQueryRunner() to PanelModel (#16679)
* Docs: initial backend plugins development guide (#16631)
* build: remove dep config files since they are not used
anymore
* Fix typo in PULL_REQUEST_TEMPLATE.md
* refactor: move timeInfo to DataRequestInfo (#16664)
* QueryRunner: Move queryRunner to panelModel (#16656)
* PanelQueryRunner: move error handling to
QueryRunnerOptions (#16654)
* refactor: Merge PanelChrome and DataPanel, do query
execution in PanelQueryRunner (#16632)
* Search: Fixed search issue introduced in recent PR
(#16652)
* Cloudwatch: fix for flaky tests (#16649)
* UI: Remove old icons (#16335)
* Search: Fixes search limits and adds a page parameter
(#16458)
* Chore: Upgrade lodash to v4.17.11 (#16645)
* Chore: Lock dependencies (#16644)
* tech: replace bmizerany/assert with stretchr/testify
(#16625)
* Chore: update yarn.lock (#16637)
* Panel Plugins: pass query request/response to react panel
plugins (#16577)
* Explore: Adds logs highlighting in Explore on keypress
(#16596)
* Build: adding dependency used by extensions (#16622)
* TimePicker: Re-add apply button in time picker (#16619)
* Chore: refactor auth proxy (#16504)
* Docs: updated help for changelog cli task (#16615)
* replace dep with go modules (#16017)
* Docs: Updated changelog for 6.1.4
* Heatmap: Fixed auto decimals when bucket name is not
number but contains dots, fixes #13019 (#16609)
* build: partially replace gometalinter with golangci-lint
(#16610)
* Explore & Dashboard: New Refresh picker (#16505)
* Build: Fix missing icon typing (#16601)
* Plugins: added missing prop to type
* CloudWatch: GetMetricData refactoring & fix label handling
(#16383)
* Chore: prepare our SQL for cockroach db (#16471)
* AppPlugins: fix app support and add an alpha example
(#16528)
* Switch: made minor styling tweaks to switch to align to
4px grid (#16593)
* Docs: minor docs update for old urls
* Chore: Add more explicit typing (#16594)
* Chore: Lowered implicit anys limit to 5977
* Chore: Adds typings to lodash (#16590)
* PanelEditor: Change Queries heading to Query (#16536)
* Security: Store datasource passwords encrypted in
secureJsonData (#16175)
* More development dashboards (#16550)
* build: upgrades to golang 1.12.4 (#16545)
* Use package libfontconfig1, instead of libfontconfig
(#16548)
* Adjust Send on all alerts to default label (#16554)
* Chore: Lower limit of implicit anys to 6676
* DirectInput: new alpha datasource that lets you enter data
via CSV
* Plugins: expose getBackendSrv() to plugins (#15268)
* DataPanel: Added built-in interval variables to scopedVars
(#16556)
* TestData: Add minInterval query option
* Chore: Remove implicit anys for DashboardModel and tests
(#16553)
* Pushover alert, support for different sound for OK
(#16525)
* Chore: Lowered implicit anys limit to 6816
* CloudWatch: Fix template variable expand bug (#16405)
* CloudWatch: fix color order (#16408)
* Plugins: Unifying alpha state & options for all plugins
(#16530)
* Revert 'Build: Upgrades to go 1.12.3 (#16491)' (#16544)
* Annotations: Annotation list style improvements (#16541)
* QueryInspector: Now shows error responses (#16514)
* Build: Upgrades to go 1.12.3 (#16491)
* Build: Update master version number (#16532)
* Elasticsearch: Format elasticsearch test dashboard json
(#16537)
* Update jwt regexp to include = (#16521)
* Chore: docs fixes underscore formatting (#16516)
* Fix: Pass missing maxDataPoints to query in Explore
(#16513)
* Fix: Recalculate intervals in Explore on run queries
(#16510)
* devenv: add elasticsearch v6 filebeat integration (#16493)
* devenv: add worldmap panel panels for elasticsearch
(#16313)
* Plugins: Optionally preload some plugins during frontend
app bsct (#15266)
* Panels: Add types for DataList and range (#16500)
* Chore: Lowered implicit anys limit to 6818
* PanelData: Rename ColumnStats type to FieldStats (#16494)
* DataSourceApi: add getCollapsedText(query) to
DataSourceApi (#16482)
* Graph: Add some typescript types for data (#16484)
* Build: Updates goconvey to work on go1.12 (#16483)
* Provisioning: Do not allow deletion of provisioned
dashboards (#16211)
* Chore: lower limit for implicit anys to 6829
* Singlestat-v2/Gauge: Show title when repeating (#16477)
* Docs: fix grammar in query hint, tests, and documentation
(#16444)
* Heatmap: Fix empty graph if panel is too narrow (#16460)
* Release: updated latest.json
* Docs: Updated changelog
* docs: fixes and update current version
* Docs: Updated changelog for v6.1.3
* Graph: fixed png rendering with legend to the right
(#16463)
* Fix: Disables auto open datasource picker on focus
(#16398)
* add some mock/stub guidelines to testing guideline
(#16466)
* Feat: Suggestion list in Explore is virtualized (#16342)
* Docs: Updated roadmap issue to link to the pinned roadmap
issues
* Graph: Fixed auto decimals in legend values (#16455)
* Styling: Aligned heading (#16456)
* add PromQL keyword for adhoc filter (#16426)
* Singlestat: Use decimal override when manually specified
(#16451)
* Graph: follow-up graph decimals fix, #16414 (#16450)
* Chore: use remote cache instead of session storage
(#16114)
* Docs: Minor changelog tweak
* Docs: Updated changelog with v6.1.2 release issues
* datasource: fix disable query when using mixed datasource
(#16409)
* Graph: Fixed series legend color for hidden series
(#16438)
* Templating: Fixed loading React variable query editor
(#16439)
* Styles: Fixed left menu highlight (#16431)
* Fix: remove test artefact (#16411)
* Theme: Reworking button styling (#16362)
* Graph: Fixed tooltip highlight on white theme (#16429)
* BarGauge: Round sizing to avoid float widths
* Graph: Allow override decimals to fully override (#16414)
* Units: Correctly use the override decimals (#16413)
* Docs: Remove broken youtube link in timerange reference
(#16415)
* BarGauge: Fixed minor margin issue (#16419)
* Docs: Updated GitHub PR Template
* Bar Gauge: Show tile (series name) & refactorings & tests
(#16397)
* Fix: align panel padding between sass & js theme (#16404)
* Fix: playlist now preserve the correct url query params
(#16403)
* Fix: Graphite query rendering fix (#16390)
* Fix: Query editor toggle edit mode fix (#16394)
* Refactor: Plugin exports & data source / panel types
(#16364)
* Chore: Update lockfile (#16380)
* Alerting: Notification channel http api fixes (#16379)
* Chore: Add task to find FocusConvey tests (#16381)
* CloudWatch: Update AWS/IoT metric and dimensions (#16337)
* Fix: Table Panel fix to re-render panel when options are
updated (#16376)
* Docs: Fix typo in Prometheus documentation (#16369)
* build: Fixed incorrect permissions for repo folders in
ci-deploy. (#16360)
* Docs: remove embedd info about samesite cookie from app,
docs only is better
* Chore: Lowered error count limit
* build: fixes bug in verification script.
* Tech: Bump typescript and jest (#16354)
* Automation: Updates to yarn cli cherrypick & changelog
tasks (#16357)
* Feat: Improve embed panel info text (#16344)
* Fix: Cloudwatch fix for dimension value (#16356)
* build: Script to check that our repos work and what the
latest package version is (#16350)
* Fix: Autoprefixer is now working (#16351)
* Chore: docs updates to what's new for 6.1 (#16346)
* build: Fix for renamed package for armv6.
* Chore: bump storybsck and add build script (#16340)
* Refactor: React Panels to only use SeriesData[] (#16306)
* Docs: Suggest add-apt-repository to install APT repos
(#16333)
* Units: Add angle units, Arc Minutes and Seconds (#16271)
* Chore: Lowered implicit any limit to 6850
* Feat: Adds reconnect for failing datasource in Explore
(#16226)
* docs: improve alert notification channel provisioning
(#16262)
* Build: Moved the failing appveyor file so we can get green
builds in master
* Fix: Build report the correct directives before failing
(#16312)
* Fix: input elements autofill background (#16295)
* Fix: Bring back styles on Switch components when checked
* Chore: breaks build if certain FrontEnd limits are
exceeded (#16301)
* Fix: Graphite query ast to string fix (#16297)
* Fix: Template query editor this bind exception fix
(#16299)
* Fix: Alerting Notification channel http api fixes (#16288)
* Refactor: Move LogLevel and Labels utils to @grafana/ui
(#16285)
* Refactor: Rename Tags to Labels in SeriesData (simple)
(#16284)
* Elasticsearch: Fix view percentiles metric in table
without date histogram (#15686)
* Configuration: Improve session_lifetime comments (#16238)
* Alerting: Makes timeouts and retries configurable (#16259)
* Fix: Correct SnapshotData typing (#16279)
* Feat: Angular panels & SeriesData to Table/TimeSeries
(#16266)
* Fix: React Graph & Show message on no data (#16278)
* Feature: added actionable message in Explore when no
datasource configured (#16252)
* Feature: Case insensitive Loki search (#15948)
* Feat: Singlestat panel react progress & refactorings
(#16039)
* Chore: Implement gosec (#16261)
* Fix: Updated snapshot unit test that was failing
* Refactor: Theme & Removed the last rems (#16245)
* Refactor: Theme input padding variables (#16048)
* Feat: More robust csv support (#16170)
* Docs: Fix rpm dependencies example (#16272)
* Fix: HTML meta tags fix for iOS (#16269)
* Feature: Introduced CallToActionCard to @grafana/ui
(#16237)
* Refactor: Rename TimeSeriesVM to GraphSeriesXY (#16216)
* Chore: Implement revive (#16200)
* InfluxDB: Fix tag names with periods in alerting (#16255)
* Fix: Table Panel and string values & numeric formatting
(#16249)
* Tech: Patch lib updates, update yarn.lock (#16250)
* Chore: docs whats new article for the 6.1 release (#16251)
* Chore: Storybsck improvements (#16239)
* Feat: Introduce Button and LinkButton components to
@grafana/ui (#16228)
* Chore: changelog adds note for #16234
* Fix: Prometheus regex ad-hoc filters w/ wildcards (#16234)
* Chore: changelog notes for #13825,#15205,#14877,#16227
* Fix: Alert email variable name typo fixed (#16232)
* Fix: scripts changelog cli per page set to 100
* Fix: Dashboard history diff & white theme fix (#16231)
* Merge pull request #16241 from
grafana/hugoh/no-implicit-any
* Chore: Theme consistency, rems => pixels or variables
(#16235)
* Chore: Theme consistency, rems => pixels (#16145)
* changelog: adds notes for #16229 and #16227
* Fix: Elasticsearch fix template variables in the alias
field (#16629)
* Fix: TablePanel column color style now works even after
removeing styles, fixes #16162 (#16227)
* Docs: Updated changelog for 6.1 release (#16224)
* Alerting: Notification channel http api enhancements
(#16219)
* Upgrades: Patch updates to yarn lock (#16215)
* Fix: DatasourceApi query response typing fix (#16214)
* chore(influx): no point of reading response when bad
status (#16212)
* docs: loki provisioning
* docs(dev): Update docs about devenv dir (#16208)
* fix(dashboard): time regions spanning across midnight
(#16201)
* fix(InfluxDB): Reads body and close request body even for
error status codes (#16207)
* chore: more TableData to SeriesData renaming (#16206)
* fix(panels/graph): Default option name for spaceLength was
accidentally changed (#16205)
* fix(explore): only show split close button when split is
active (#16203)
* fix(react2angular): Fixed react to angular wrapper
watching function expressions causing infinte digest loop,
fixes #16194 (#16196)
* fix(Alerting): Fixed alert rules with eval in day units,
fixes #16174 (#16182)
* fix(panel/table): Fix for white text on white background
when value is null
* refactor(grafana/ui): Replace <input />with Input
component from grafana/ui (#16085)
* fix(loki): Hide empty labels column
* build: fixes publishing version.
* refactor(data models): Renamed TableData to SeriesData
(#16185)
* chore(core/utils): Add typings to datemath.ts (#16195)
* only call onPanelMigration when the version actually
changes (#16186)
* feat(explore): make it possible to close left pane of
split view (#16155)
* feat(Explore): make sure Loki labels are up to date
(#16131)
* build: makes sure grafana.version is available when
deploying.
* fix: added missing event to function signature Fixes:
#16055
* build: refactoring
* build: updated build container with support for rpi1.
* build: support for publishing armv6.
* build: builds armv6 with rpi1 compat gcc.
* fix: added target and datasource as isMetric property
Fixes: #15862
* chore: Removed implicit anys in react container and test
helpers
* Pamels: Options are always there
* Panels: Support angular -> react migration via
PanelMigrationHandler
* Panels: Added more tests for change panel plugin
* Panels: Refactoring how panel plugins sets hooks and
components, #16166
* clarify notifications API docs
* remove processTimeSeries
* merge master
* don't use process timeseries
* rename stat to show in UI
* use display value in pie chart
* keep plugin versions
* remove panel plugin setters
* renamed float to flot
* prevOptions should be optional
* moved migration hook to its own function
* Minor refactoring of stats picker / shared singlestat code
* Makes it possible to navigate back/forward with browser
buttons in Explore (#16150)
* Moved DisplayValueOptions type back, #16134
* adding check for decimals
* add one more test
* Graphite: fixed variable quoting when variable value is
nummeric, fixes #2078
* Minor refactoring of #16127
* Update provisioning.md
* Graphite: Fixed issue with using series ref and series by
tag, fixes #15237
* move typings to types,
* Link license corrections
* remove logging
* add stat picker to single stat
* removed option to not check strings
* drop one level of nesting
* cleanup and guess all columns
* Small license correction
* update cloudwatch metrics/dimensions list
* Enable sass theme change in Storybsck
* replaced rems with pixels or variables
* adding test
* updating usages in singlestat
* Sorting imports
* adding function
* Use grafana's logger implementation
* another change that didn't come with earlier commit
* change that didn't come with in last commit
* reversed dashboard-padding
* Update CloudWatch metrics/dimension list (#16102)
* brought back dashboard-padding and panel-padding
variables, made dashboard-padding more specific
* replaced rem with pixels or variables
* fix(prometheus): Change aligment of range queries
(#16110)
* fix, assign by event.time
* Minor refactoring of testdata query order PR #16122
* simplify
* deduplicate same value annotation
* cleaner version
* maintain query order
* Remove sleeps in test code by overriding time.Now()
* Update PLUGIN_DEV.md
* Abstract encrypt/encode and decode/decrypt into their own
functions
* Rename dispatched commands to make them easy to grok
* show all colums in graph
* Use structured logging instead of printf
* Make all http auth setting labels the same width
* Merge with master, and updated logo and name
* Rewrote creation of images tag
* Added missing commas
* Don't include non-existing image in MS Teams alert
* cast to column
* update table data model
* show all columns in singlestats
* fix(graphite): nonNegativeDerivative argument hidden if 0,
fixes #12488
* Correct table names of sql storage for remotecache
* more fixes to snapshot
* more fixes to snapshot
* Fixed gofmt issue in PR #16093
* removed empty space in snapshot
* fix: Update snapshot related to new jest version
* fixed snapshot for test
* Regenerate lockfile due to the amount of merge conflicts.
* removed dashboard variables, removed headings-font-family
variable, created theme variables for links and z-index,
removed unused class in _panel_editor and _dashboard
* Remove commented code
* flot pairs
* add more functions and tests
* Update org_user.go
* Minor progress on fixing no-implicit any issues
* refactor: merged types and updated references
* Remove leftover from first iteration
* Only keep certain query params when going to next playlist
* Snapshot update
* fix: ts issue on SelectOption test
* chore: Bump react and react-dom to 16.8.4
* Update latest.json
* Update templating.md
* chore: cleaning up noimplicit anys in search_srv and tests
progress: #14714
* Fix threshold editor color picker not working for custom
colors
* Updated comments
* Updated threshold editor test
* Re-render gauge / singlestat panels when changing options
* fix: refactored so members are loaded by TeamPages and use
hideFromTabs instead of filtering out children in navModel
* teams: explains the external property of a team
membership.
* fix: fixed snapshots and permission select not beeing able
to click
* fix: new team link goes nowhere for viewers
* teams: refactor so that you can only delete teams if you
are team admin
* permissions: removes global access to bus from
MakeUserAdmin.
* teams: local access to bus, moving away from dep on
global.
* teams: better names for api permissions.
* teams: refactor.
* permissions: refactor.
* teams: refactor.
* teams: hide tabs settings and groupsync for non team
admins
* teams: refactored db code.
* teams: disable new team button if user is viewer
* refactor: moved test from TeamMembers to TeamMemberRow
* refactor: splitted TeamMembers to TeamMemberRow
* teams: comment explaining input validation
* teams: cleanup.
* teams: cleanup.
* dashboards: simplified code.
* teams: disable buttons for team members
* teams: moved logic for searchteams to backend
* teams: viewers and editors can view teams
* teams: editor/viewer team admin cant remove the last
admin.
* teams: changed permission to permission type instead of
int
* teams: defaulting invalid permission level to member
permission level
* team: uses PermissionType instead of int64 for
permissions.
* teams: editors can't remove the last admin from a team.
* teams: tests use the new message for modifying team
members.
* team: renames teams.CanUpdate teamguardian.CanAdmin
* teams: remov permission select for non admin users
* docs: First take on describing feature toggle
* config: updated feature toggle name
* teams: cleanup.
* dashboard: only admin permission added to dashboard in
folder.
* dashboards: better error handling
* teams: team listing shows only your teams (editors).
* teams: teams guard on all teams update methods.
* teams: added delete team guard
* teams: removed feature toggle as it is already in
middleware
* teams: added feature toggle and refactor tests
* teams: cleanup.
* teams: test refactorings.
* teams: bugfix, user pointer.
* teams: start of team update guardian for editors
* teams: team update test
* teams: change back to permissionlevel for Member to 0
* teams: make sure we use TeamPermissionLevel enum
* teams: update only the selected user
* teams: only write error message if error
* teams: enabled so that user can update permission for team
members
* teams: feature toggle component
* teams: test for update team member.
* teams: can update team members permission.
* teams: basic ui for permission in team members view
* teams: editor added as admin for created teams.
* teams: editors can work with teams.
* teams: show teams and plugins for editors that can own
* teams: make test cases pass again
* folder: uses service to make user admin of created folder.
* permissions: broken out func for making creator admin.
* folders: admin for created folders
* dashboards: user automatically becomes admin for created
dashboards
* fix(ci): frontend tests was accidentially commented out
* Use SecretFormField in MSSql and Postgres datasources
* Add SecretFormField component
* Add possibility to pass custom input component to
FormField
* Allow angular react bridge to use kebab case attribute
names
* adding story and fixing tests
* build: migrates the build container into the main repo.
* build: updated deploy container with crcmod.
* build: crcmod speedups rsync to gcp for deploy.
* Update style_guides/backend.md
* remove the error collector
* Copied from new timepicker and unified component branch
* docs: renamed file and added redux framework file
* docs: moved examples to frontend.md
* docs: intial draft for frontend review doc
* Use ora#fail instead of console.log
* reorder imports
* test
* rename to char
* sorting imports
* moving
* Remove .only function
* Add more patterns to no-only-test task
* chore: Cleaning up implicit anys in DashboardExporter and
tests progress: #14714
* rename reducer to statsCalculator
* Great progress on bar gauge look
* Explore: Fix log stats for long labels
* calculate the column width
* disable react table cell measure
* dont test exists in the test... it will fail if not found
* add random_walk_table scenario
* adds backend code style guide
* add test file
* add startAt to random walk scenario
* get values from base options
* use singlestat base where appropriate
* feature(explore/table): Add tooltips to explore table
(#16007)
* Update changelog
* Bar gauge gradient mode
* Bar gauge auto lcd cell count
* Add check for Env before log
* Update index.md
* chore: Cleaning up implicit anys in manage_dashboard.ts
and manage_dashboard.test.ts progress: #14714
* chore: Cleaning up implicit anys in app.ts progress:
#14714
* panels: fix loading panels with non-array targets (add
tests)
* changelog: adds note about closing #15836
* set correct return type
* panels: fix loading panels with non-array targets
(refactor)
* Bar gauge styling tweaks
* panels: fix loading panels with non-array targets
* changelog: adds note about closing #6359 and #15931
* add partial
* no inheratance
* improve single stat display
* revert most options sharing
* Refactoring the bar gauge and the orientation modes
* add migration tests
* renaming function
* using refId from panel model
* Tooltip: show percent instead of value
* Add check so that header is not sent for anonymous users
* Update config docs
* Add custom header with grafana user and a config switch
for it
* changelog: adds note about closing #10816
* Right tooltip position
* Add 'No data points' message
* use constants for cache type
* makes variables template prettier complient
* Make recently used auth_module test more robust by adding
another 'log in'
* changelog: adds note about #15744
* updates old distcache names
* dont allow inifinite expiration
* chore: Upgrade all babel related packages that is lagging
behind
* return error if cache type is invalid
* Add more info to victorOps alert notifications
* fix: papaparse must have gone missing during rebase
* chore: Bump jest to 24
* fix: describe() should not be async
* fix: Use proper syntax for plugin-syntax-dynamic-import
* fix: Downgrade ts-node to 8.0.2 due to broken theme
generation
* chore: Bump ora
* chore: Bump tslint (again)
* chore: Bump axios
* chore: Bump npm
* chore: Bump glob
* fix: Invalid css
* chore: Bump clean-webpack-plugin,
html-webpack-harddisk-plugin, postcss-reporter
* chore: Bump file-loader and css optimizer webpack plugin
* chore: Bump css-loader and remove minimize option since
its removed in css-loader
* chore: Bump npm packages and lock down some versions
* chore: Bump mini-css-extract-plugin
* chore: Lock down versions of expose-loader and html-loader
* chore: Bump fork-ts-checker-webpack-plugin
* chore: Prod builds should not cache
* chore: Replace Uglify with Terser
* chore: Bump webpack, webpack-bundle-analyzer, webpack-cli
and webpack-dev-server to latest
* reuse more gauge settings in bargauge
* set the unit on time data
* add error when not found
* Added metric math docs
* check types better
* check types better
* docs: Change type of 'tags' in annotationQuery result
example to list
* single hook
* Change import path for social in the tests
* Change import path for social since it has moved
* generic repeater
* generic repeater
* Remove todo about index on user_id in user_auth because it
exists
* Add function in ds_proxy to handle oauthPassThru headers
* Remove auth_module settings from oauthPassThru ui
* Remove auth module from ds_proxy oauth test
* Get most recent oauth token from db, rather than lookup by
auth_module
* Improve tooltip look
* explore/logs: Hide empty duplicates column
* merge master
* fix for firefox checkboxes not appearing properly, added
appearance as none
* Always return most recently used auth_module from
GetAuthInfo
* used regex instead of string replacing
* Fixed issue with alert links in alert list panel causing
panel not found errors, fixes #15680
* Add comments
* Add simple test for the ColorPicker
* Use render props pattern in color picker
* Move ColorPicker trigger to separate component and cleanup
css
* Improved error handling when rendering dashboard panels,
fixes #15913
* fix return type
* Only send ci metrics to hosted metrics instance
* adding types
* Added back branch guard
* moved delete button from sidebar to general tab and
renamed it
* Refactoring the ci metrics a bit more making it easier to
re-use
* removed unused and very specific variables, also variables
with same value as general variable
* reduce loglevel to debug
* Updated bar gauge snapshot
* added some comments about state of components things
* better comments
* comment cleanup
* force circleci to try again
* format
* touch
* touch
* make sure the validator is called before setState
* API to fix/update properties before load
* more tests
* more options in storybsck
* adding simple widget to pick the reducer
* heatmap: fix for negative values
* Fixed more typescript no implicit any issues
* Also push to ci metrics to new shared HM instance
* move sort to table processing
* Fixed type issues introduced by adding angular types
* Typescript noAny fixes, start of a long journey
* Updated code stats collection
* Updated path to new script
* POC on collecting metrics in ci process
* changelog: add notes about heatmap issues #15683 #14019
* added two new variables in default theme for panel
padding, replaced panelhorizontalpadding and
variables.panelverticalpadding with new variables
* renamed default variables: s -> sm, m -> md, l -> lg
* removed gf-form-margin variable and replaced with space-
variables where it was used
* add table reducer
* heatmap: able to hide buckets with zero value #12080
* s -> sm, m -> md, l -> lg
* heatmap: fix prometheus buckets sorting, closes #15637
* s -> sm, m -> md, l -> lg
* removed headings-margin-bottom variable
* rename to displayValues
* remove kbn test
* more tests
* use new settings
* fix tests
* make value processing reusable
* Call ora instead of instantiating it
* Added scopedVars argument in datasourceSrv.get in
DataPanel
* MutableColumn
* cleanup after review
* rename handleXXX to onXX events
* torkel feedback
* onCellClick
* heatmap: able to reverse Y buckets order, #15683
* fix(explore/logs) not collapsing whitespace (#15737)
* Refactoring of multi-value datasource PR #15812
* fixed minor misstake with dashboard padding
* removed -margin, replaced with new general variables
* Move oauth token migrations in user_auth_mig
* heatmap: fix middle bucket bound for prometheus
* Refactoring / fixing password hint PR #15868
* chore: Move sidemenu out of context service and use the
logic we have in the router already for hiding the
sidemenu
* Fix deduplication results displaying wrong data (#15755)
* added new space variables to margins in AddPanelWidget,
add_data_source, dashboard_settings and sidemenu
* use `Get` instead of `Find`
* avoid exposing cache client directly
* add docs about remote cache settings
* renames distcache -> remotecache
* renames key to cache_key
* build steps for cache servers
* code layouts and comments
* rename put -> set
* reverts package.json I made during the flight >.>
* `memcache` -> `memcached`
* removes memory as distcache option
* test redis and memcached during integration tests
* adds config to default settings
* avoid exporting test helpers
* uses set instead of add for memcache
* adds memory as dist storage alt
* extract tests into seperate files
* avoid exposing internal structs and functions
* heatmap: don't display cut cards
* heatmap: fix error when series empty
* heatmap: middle bucket bound option, #15683
* rotate!
* added new variables for spacing, set margins in _cards
with new variables
* better css
* Revert 'Fix Datasource Update to no User/Password'
* rotate!
* fix imageurl in notification test
* add comment
* attach themes to table story
* reuse deprecationWarning
* move to string.ts
* move stringToJsRegex
* get field mapping to actually work
* add variable size storybsck
* cell builder cleanup
* minor storybsck cleanup
* fix typos
* autofill space rather than force with/height values
* return table directly, not the debug info
* Minor fix in values to histogram conversion
* Fix histogram x-axis min/max
* moved utillities to util
* Change xaxis min and max form input types to number
* Fix histogram xaxis min/max tests
* Optionally set histogram x-axis min/max
* table using MultiGrid
* cleanup
* cleanup
* adding toolbar
* adding stub table input CSV
* docs: Fix indentation level for OAuth2 config
* docs: update CONTRIBUTING.md
* merge master
* docs: update slack alert notification settings
* docs: update admin and user http api documentation
* feat(api): support list/revoke auth token in admin/current
user api
* support get user tokens/revoke all user tokens in
UserTokenService
* @grafana/ui - release docs v1 (#15835)
* Minor refactoring of copy tags when saving feature, #15446
* Simple implementation for preserve tags, closes #11627
* Updated prettierignore
* Refactoring of PR #14772
* Simple storybsck
* fix typo in pr template
* add nil/length check when delete old login attempts
* Minor refactoring of new react text panel
* Improve rendering
* fix allow anonymous server bind for ldap search
* changed all rems to pixels in defaults and template,
changed back root font size
* piechart -> pieChart
* Rename: Piechart -> PieChart
* Import only what is used from d3
* less nesting and add test
* remove type field and add helper functions to check if
data isTableData
* add storybsck
* fixes typo in redis devenv
* add support for memcached
* add support for redis storage
* add garbage collector for database cache
* test at interface level instead impl
* cache: initial version of db cache
* don't include stuff from app/...
* fix scss
* rename to Table
* rename to Table
* fix type errors
* move to grafana/ui
* better sort function
* use TableData, not interface
* Make password hint configurable from settings/defaults.ini
* move toTableData to grafana/ui
* don't require x & y columns for timeSeries
* use TableData for timeseries in react
* Update README.md
* heatmap: reduce number of legend segments to reasonable
value and round x values to prevent gaps
* heatmap: fix legend padding
* heatmap: fix legend for small values, #14019 #15683
* status: alpha
* changed root font to 100%(default 16px), changed font-size
from px to rem, updated rem sizes in template and
default.ts files, removed display classes and variables
since not used, removed lead class and variables since not
usedremoved serif font since not used and probably never
should be used
* Update core:start cli command to watch theme changes again
(#15856)
* Updated pull request template
* Updated pull request rtemplate
* Removed title case from issue template title
* Updated issue template titles
* Updated issue templates
* Updated templates
* fix: Update error message and replace npm with yarn #15851
* fix: Make sure we dont add &autofitpanels to the url if it
already exists #15849
* fix: Update test snapshot
* fix: Logo goes Home instead of toggling side menu #15482
* Update upgrading.md for wrong spell
* remove _
* cleanup
* use pure component
* return the same panelData unless it changes
* sortable class
* Map dataSourceTypeSearchQuery state from redux to search
input.
* move rendering to its own file
* try virtualized
* Initial tooltip
* Minor refactoring of PR #15770
* Revert 'Fix for leaving playlist mode'
* Alternative fix to detecting when to stop a playlist,
fixes #15701 and #15702
* fix discord notifier so it doesn't crash when there are no
image generated
* fix: Consistency in unit labels #15709
* Update latest.json
* Run prettier
* position from add panel, dimensions from copied panel
* Fix donut rendering
* Run prettier
* Fix pieType change
* changelog: add notes about closing #14509 #15179
* Render svg instead of canvas
* fix: Add class for input fields with help icon to avoid
icon hiding the text #15771
* restore to current folder when restoring old dashboard
version
* fix(renderer): Vendor ansicolor as typescript
* log phantomjs output even if it timeout and include orgId
when render alert
* keep size from copied panel and not from add panel widget
* Added basic cherry pick helping task
* Prevent search in VizPicker from stealing focus (#15802)
* fix only users that can edit a dashboard should be able to
update panel json
* Updated changelog task
* Fixed image rendering issue for dashboards with auto
refresh, casued by missing reloadOnSearch flag on route,
fixes #15631
* use props.replaceVariables rather than templateSrv
* Updated to add PR author, skip PR issue references
* Added first iteration/poc of changelog task
* Enable @grafana/ui version bump based on package.json
contents
* Fixed styling of gicon's in dropdown menus
* cleanup plugin versions
* use explore icon
* fix comments
* typescript functions on replace
* remove console.log
* add ScopedVars to replace function
* Make datasource variables multiselect and dashboard
repeatable
* set height
* add test file (ignored)
* fix variable name
* use typescrit in angular table
* use react-table
* add a basic alpha react table
* Ensure clean master only when publishing package to npm
* Remove log
* Ensuring master branch when performing release
* upgrade xorm packages to latest versions
* Expose onQueryChange to angular plugins
* docker: update prometheus2 block to version 2.7.2
* use replaceVariables
* Add a keybinding that toggles all legends in a dashboard
* fix allow anonymous initial bind for ldap search
* changelog: adds note for #8253
* prettier
* Aftermerge fixes
* use default min interval of 1m for sql datasources
* changelog: adds note about closing #15608
* Fixed scrollbar not visible due to content being added a
bit after mount, fixes #15711
* Added comment to Docker file
* moving
* style: add gicon-shield to sidemenu class Closes #15591
* remove `UseBool` since we use `AllCols`
* fix: Move chunk splitting from prod to common so we get
the same files in dev as prod
* fix: update datasource in componentDidUpdate Closes #15751
* changelog: add notes about closing #15739
* Moved Server Admin and children to separate menu item on
Side Menu (#15592)
* update version to 6.1.0-pre
* Viewers with viewers_can_edit should be able to access
/explore (#15787)
* Fixed scrolling issue that caused scroll to be locked to
the bottom of a long dashboard, fixes #15712
* reordered import
* Wrapperd playlist controls in clickoutsidewrapper
* Turn off verbose output from tar extraction when building
docker files, fixes #15528
* Hide time info switch when no time options are specified
* Made sure that DataSourceOption displays value and fires
onChange/onBlur events (#15757)
* Updated react select fork to 2.4.1
* utils: show string errors. Fixes #15782
* Update frontend.md
* Update frontend.md
* Minor refactor of cli tasks (core start, gui publishing)
* Fixed url of back button in datasource edit page, when
root_url configured (#15759)
* use onOptionsChange
* use replaceVariables rather than onInterpolate
* use updateOptions rather than onChange
* changelog: add notes about closing #15650
* changelog: add notes about closing #15765
* fix: Kiosk mode should have &kiosk appended to the url
#15765
* changelog: add notes about closing #15077
* org admins should only be able to access org admin pages
* only editor/admin should have access to alert
list/notifications pages
* Added MaximumUsedTransactionIDs metric to list of AWS RDS
metrics.
* fix: When in tv-mode, autofitpanel should not take space
from the navbar #15650
* devenv: fixes incorrect influxdb config.
* Fixes #15739
* Don't mutate seriesList parameter in mergeSeriesByTime
(#15619)
* new stable docs version
* Fix: #14706 Incorrect index pattern padding in alerting
queries
* fix
* changelog: adds note about closing #14239
* fix: prevent datasource json data stored as nil (#15508)
* changelog: adds note about closing #10506
* changelog: adds note about closing #15651
* Return 404 on user not found (#15606)
* Catch bad regex exception at controller level
* Prettier fix
* Add PiechartOptionsBox
* docs: missing field added to example
* 11780: invalid reg value can cause unexpected behaviour
* Fixed right side scrollbar margin on dashboard page
* fix: Return url when query dashboards by tag
* Fix prettier
* Initial rendering
* Add PiechartType enum
* Install d3
* Remove extra props
* Removed commented code
* Fixed alias in Cloudwatch Expressions
* Explore: Enable click on name label
* Bumping grafana ui version (#15669)
* Style and grammar fixes
* big text option
* Need this to be available for plugins
* service: fix for disabled internal metrics.
* docs: 6.0 whats new
* Toggle stack should trigger a render, not a refresh
* Updated latest.json with 6.0
* docs: grafana 6.0 has been released.
* moves social package to /login
* moves tracing packge into /infra
* changelog: adds notes for #14509 and #15179
* graph: fixes click after scroll in series override menu
* moves metric package to /infra
* Explore: Make sure line graphs get different colors
* stackdriver: change reducer mapping for distribution
metrics
* stackdriver: fix for float64 bounds for distribution
metrics
* update
* style tweaks
* Refactoring orientation stuff
* Refactoring bar gauge
* Refactoring bar gauge
* Added missing file
* refactoring repeater and code in gauge and bar gauge to
reuse more code
* docs: link to azure monitor from what's new in v6.0
* Fixed value dropdown not updating when it's current value
updates, fixes #15566
* docs: tweaks to AzureMonitor docs
* Added feature toggle to defaults.ini and sample.ini after
PR comments
* Moved variable to config struct after PR comments
* Added feature toggle editors_can_own
* updates all cols except created so user and password of
the database can be chaned to no user and password
* Fixed bug with getting teams for user
* Improve Loki logs render with ANSI colors (#15558)
* grafana/ui 6.0.0-alpha.0 release version bump
* removed color in color variables names
* changelog: add notes about closing #15303
* changelog: add notes about closing #1441
* update changelog
* grafana/ui 1.0.0-alpha.0 release
* Update grafana/ui readme
* docs: landing page update
* Bring back plugins page styles
* docs: layout fixes
* prettier fix
* Make published package public by default
* docs: fix link
* docs: fix order of datasources in menu/index and update
alert support
* Fixed prettier issue in color picker
* Update docs to match current npm scripts
* Added keywords and description go grafana/ui package
* Fixed failing tests because of circular dependency
* Fix version and name in grafana/ui package.json
* Imports updates
* Implemented scripts for building and releasing grafana/ui
* changed some more color variables to use variables
* fixed tests
* panel: defensive coding that fixes #15563
* Minor fix/polish to gauge panel and threshold editor
* copying options between visualizations
* fixed issue in dark sass template
* Updated body & page variables to use variables from code
theme
* updated building from source docs
* fixed snapshots failing in master
* Synced variable template files
* fix: mysql query using __interval_ms variable throws error
* Fixed scrollbar issue introduced in theme changes
* Fix build
* minor touch ups
* Fix heading levels in generic-oauth.md
* updated colors in light, dark and theme files, in template
file basic colors uses variables from dark/light files,
also changed to -basic in some files
* ValueOptions -> PiechartValueEditor
* Make it build
* fixes
* added orientation option
* export PiechartDataPoint from @grafana/ui
* change valueOptions
* get label and color from series
* prettier fix
* PieChartDataPoint -> PiechartDataPoint
* Rename PieChartPanelEditor to PiechartPanelEditor
* docs: adds Azure Monitor docs
* Fix blue in dark theme
* Readme update
* Minor fixes
* Review fixes
* Fixes after merging #15468
* Pass dashboardModel to PanelCtrl class. Fixes #15541
* Add piechart to builtInPlugins
* logo: svg -> png
* Remove old overwritten sass vars
* first draft of repeater component
* docs: howto for recreating our debian repositories.
* fix: Filter out values not supported by Explore yet #15281
* Bump Prettier version (#15532)
* updated theme variables to master
* updated theme template files variables to master
* add new issue templates
* Fixes #15506
* chore: graph2 panel plugin should use the new
ReactPanelPlugin from @grafana/ui
* fix: Have the tab param removed from the url when leaving
edit mode #15485
* reduce loglevel to debug
* Fixes #15505
* fix native annotation filtered by template variable with
pipe
* Fixed navbar backbutton padding
* Updated explore icon and style tweaks Lowered icon size
and improved paddings, tried to align placement between
dashboard and explore
* Display graphite function name editor in a tooltip
* Fixing array direction, adding simple render test, fixes
#15478 Fixed unit test and updated gauge Added migration
for threshold order
* changelog: adds note for #15500
* fixed page-header-bg
* cli: chmod 755 for backend plugin binaries
* reversed most of grays in dark theme
* Fixes #15477
* Changed how react panels store their options (#15468)
* Remove maxDataPoints and interval props from props to
remember in panel model
* Fix typo in view mode cykle button
* Variables regenerated
* Make clear that variable scss files are generated from
templates
* Fixed spelling issue in templating docs
* Removed primary class from Add Query button, and changed
name of Panel Options tab o General Options
* improved formatting of variable docs
* Datasource docs for Loki
* Replace require with import in start task
* Added enable_gzip documentation (#15322)
* Add Lux to units
* Fixed issue with PanelHeader and grid-drag-handle class
still being applied in fullscreen, fixes #15480
* Began work on handling panel type switching and keep
setting
* Fixed unit tests
* Fixed gauge issue that will require migration later and
also value options editor did not handle null decimals or
0 decimals
* Added missing Gauge props
* Bar gauge icon updated
* Added bar gauge icon
* Began work on adding options
* Added basic tests
* bar-gauge storybsck
* Began experimenting with a bar gauge
* Also remove nested options prop that was there due to bug
* Moved gauge value options into a sub oject and made editor
more generic, will be moved out of gauge pane later and
shared between singlestat, gauge, bargauge, honecomb
* Added a ReactPanelPlugin as the interface that react
panels export, this way react panels have clearer api, and
gives us hooks to handle migrations and a way for panel to
handle panel changes in the future
* Changed how react panels store their options
* Fixed prettier issue (#15471)
* Initial commit
* Added bar gauge icon
* Began work on adding options
* Added basic tests
* run db tests in all packages
* bar-gauge storybsck
* new dark-3 became new dark-2, created new lighter dark-3,
changed panel-bg, empty-cta etc to dark-2
* Began experimenting with a bar gauge
* docs: suggested changes
* docs: fix header
* fixed handling of alert urls with true flags, fixes #15454
* Fixed dashboard navbar buttons being visible in
fullscreen, fixes #15450
* Added missing strict type checking options to grafana/ui
and fixed type errors
* Extracted common code for diff calculation
* fix spelling error
* whats new: rename security section
* Fix percent_diff calculation when points are nulls
* Restored loading spinner to DataPanel
* rearrange bullet points in PR template
* added another error message scenario
* link to contributing guidelines in pr template
* Fixes to error handling and clearing, also publishing of
legacy events so old query editors work with react panels
fully
* contributing: adds link to help wanted label
* contributing: adds link to our CLA
* removes testing instruction from contributing doc
* docs: move alerting above session
* docs: mention samesite setting
* increased blue in dark-1-5, dark-3 and dark-4
* docs: adds note about new login cookie name
* changed color for blue light in light theme + small
changes in naming etc
* Add missing nodemon dependency
* make bug/feature titles more verbose
* mentioned closes/fixes for new features
* docs: improve removal of session storage for what's new in
v6.0
* docs: add upgrade notes for v6.0
* docs: add note regarding auth proxy and user session
requirement
* docs: fix typo
* removed more unused variables, restyled scrollbar
* allow 90 percent of alertTimeout for rendering to complete
vs 50 percent
* Fixed issue with sass variables used from typescript, the
prettier lowercases export variables
* using error callback from datapanel instead
* docs: add availability note regarding non-compliant
providers
* Fixed sass vars template files
* Added deprecation warning to npm watch script - use start
script instead
* added new dark variable to dark theme(the color used for
page-bg), changed some backgroud colors that doesn't use
variables to use variables, made some slight tweaks to
dark variables, fixed so item hover is the same as card
hover
* Simple CLI for running grafana in dev env
* Added common theme variabless generation, created
GrafanaThemeCommons interface
* contributing: improve guide for bug fixes
* Changed devenv default data source to testdata
* added support for influxdb non_negative_difference
function in tsdb
* added support for influxdb non_negative_difference
function in tsdb for alerting
* Remove precommit from npm scrips
* More files that has fixed with prettier
* Added prettierignore and check script
* devenv: use grafana:dev image in ha test per default
* devenv: send nginx logs to loki in ha test
* devenv: proper fluentd conf for grafana and loki
* devenv: use grafana/fluent-plugin-loki
* devenv: trying to make fluentd with inoffical
fluent-plugin-loki work
* fixed issue with updatePopperPosition
* Prettier had not been running as a precommit hook for some
time so had to run in on all files again
* removed _plugins.scss and _settings_permissions.scc,
removed unused classes in _login.scss, reduced dark
variabels in light theme and alignied light theme a bit
with dark theme, turned blue-gray, dark-3 and panel-bg
variables into one variable and removed gray-7 in dark
theme
* feat: Add EmptySearchResult ui component and use it in
VizTypePicker
* Revert 'feat: Add css-support for invalid form input
elements'
* Revert 'feat: Highlight vizpicker input when there are no
panels matching the search query'
* Regenerating variabless sas on theme edit v1
* Fixed a minor plugin json lingering issue
* Removed some icons in action button Trying to align some
title case issues
* implement show error in panelcorner
* Forgot about the snapshots
* Renamed to FilterInput and added label and search icon
* feat: Highlight vizpicker input when there are no panels
matching the search query
* Updated a few plugin json files with dataFormats
* feat: Add css-support for invalid form input elements
* remove comments
* bubble error from datapanel to panelchrome
* Changed noQueries to a dataFormats array that will allow a
panel to define supported formats and prefered (first in
array)
* use authtoken for session quota restrictions
* Fixed issues with double page body and husky pre-commit
hook
* fix: No need to have edit permissions to be able to 'Save
as' a dashboard
* Revert 'chore: wip: Replace brace with ace-builds to get
latest version of ace'
* chore: wip: Replace brace with ace-builds to get latest
version of ace
* fix: Error tooltip should have white text on red
background. Not red text on red background
* Move explore selectors to a separate file
* removes unused session code
* chore: Rename renderPanel to renderPanelBody
* chore: Rename renderDataPanel to renderPanel
* chore: Rename renderHelper > renderDataPanel and move
logic to smaller functions
* chore: PR feedback, shorten bsclean check
* chore: Rename isDataPanel to noQueries
* chore: Only show Queries tab for panel plugins with
isDataPanel set to true
* feat: Only use the DataPanel component when panel plugin
has isDataPanel set to true in plugin.json. And fix
PanelData when using snapshots
* feat: Add util to convert snapshotData to PanelData
* feat: Introduce IsDataPanel attribute to plugin.json
* fix: Add missing typing
* Fixes #15372 with number input and parseFloat
* Revert 'hard move'
* chore: PR feedback, shorten bsclean check
* chore: Rename isDataPanel to noQueries
* Merge with master
* Found another input that was tied to a regexp
* Fixes bug #12972 with a new type of input that escapes and
unescapes special regexp characters
* enable testing provsioned datasources
* Fixed elastic5 docker compose block
* Added one more test case for color resolving helper
* Fix error caused by named colors that are not part of
named colors palette
* Fixed issue with gauge requests being cancelled
* Update package.json
* changelog: adds note for #15363
* Move deduplication calculation from Logs component to
redux selector
* style tweak to alert
* Removed plus icons
* hard move
* restoring green CTA
* Removed double page container
* chore: Only show Queries tab for panel plugins with
isDataPanel set to true
* Removing default thresholds values.
* adds edition to build_info metric
* Updated lint-staged
* changelog: adds note for #14623
* Fixed double page class on api keys and org details page
* Color tweaks
* azuremonitor: don't use make for maps and array
* changed back to old green in light theme
* changelog: add notes about closing #15258
* changelog: add notes about closing #15223
* changelog: add notes about closing #15222
* changelog: add notes about closing #15122
* changelog: add notes about closing #15219
* changelog: add notes about closing #14432
* update changelog
* changelog: adds note for #15131
* changelog: add notes about closing #15284
* Fixed issue with light theme introduced by #15333
* devenv test dashboard
* minor style update
* revert ds_proxy timeout and implement dataproxy timeout
correctly
* changelog: adds note about closing #15295
* azuremonitor: fix auto interval calculation on backend
* Minor style fixes
* Remove not related code
* make sure opentsdb takes dashboard timezone into
consideration
* make sure influx takes dashboard timezone into
consideration
* Do not read store state from toggle panelaction creator
* make sure graphite takes dashboard timezone into
consideration
* Review changes
* return series label if selected stat is name
* Fix plugin loading failure message not being displayed
* fixes invalid folder check
* extract notifiers folder creation to new if statement
* interval: make the FormatDuration function public
* Fixed missing time axis on graph due to width not being
passed
* make sure notifiers dir exists for provisioning in docker
* should be able to navigate to folder with only uid
* renames usage state name for auth token
* Clear visualization picker search on picker close
* Update README.md
* changelog: adds note about closing #15288
* v1
* removed extra semi-colon
* Commented out the Loki dashboard query editor
* added old green to dark-theme
* Fixed issue with logs graph not showing level names
* set secondary to new blue
* removed unused directive
* Fixed issue where double clicking on back button closes
sidemenu
* changelog: add notes about closing #8570
* update changelog
* changelog: add notes about closing #14233
* changelog: add notes about closing #15189
* changelog: add notes about closing #13324
* azuremonitor: small refactoring
* azuremonitor: handles timegrain set to auto on backend
* Navbar back button, no title edit this time
* provide time range to angular query controllers
* azuremonitor: add test for dimension filter
* azuremonitor: refactor azure monitor api code into own
file
* azuremonitor: handle multi-dimensions on backend
* use timeSrv in metricFindQuery as timeRange
* remove unnecessary spy
* azuremonitor: add support for aggregations on backend
* Fix formatting
* Add aws ec2 api metrics for cloudwatch
* Improve usability showing disabled lines in forms
* Fixed issues with plus button in threshold and panel
option header, and current state in viz picker, fixes
#15329
* support three letter hex color strings
* azuremonitor: simple alerting for Azure Monitor API
* use unique datasource id when registering mysql tls config
* azuremonitor: builds a query and sends it to Azure on the
backend
* mark packages as Apache license
* Minor refactoring around theme access
* Use TS instead of JS to store theme variables@next
* Do not use js theme variables in sass (poor dev experience
for now)
* Update config mock in metrics panel controller test
* ldap: refactoring.
* ldap: fixes #14432. Fix for IPA v4.6.4
* ldap: adds docker block for freeipa
* feat: Only use the DataPanel component when panel plugin
has isDataPanel set to true in plugin.json. And fix
PanelData when using snapshots
* feat: Add util to convert snapshotData to PanelData
* feat: Introduce IsDataPanel attribute to plugin.json
* fix: Add missing typing
* slight tweaks
* fixed explore width-0 issue, fixes #15304
* Persis deduplication strategy in url
* Support ANSI colors codes in Loki logs
* adds usage stats for sessions
* Panel edit navbar poc
* make sure to create provisioning/notifiers directory for
deb and rpm packages
* log root cause error when reading from provisioning
directories
* moves usage stats sender to new package
* changelog: add notes about closing #15291
* Removed unnecessary code from ColorPicker and extended
theme type
* Selecting theme variable variant helper function
* added reducers tests
* update docs
* added way to test action called from react component
* Added annother initDashboard test
* removes cleanup setting from docs
* make hourly cleanup the default behavior
* fix single gauge
* removed direction and series mode options, cleaned up the
code somewhat
* Simplified condition
* support json format templating
* support /api/v1/labels
* devenv: update ha test and load test
* run token cleanup job when grafana starts, then each hour
* Added another error object message detection
* Fixed some remaining issues
* Improved dashboard page test
* Improved dashboard page test
* Big refactoring for dashboard init redux actions
* Fix SemVersion.isGtOrEq
* making changes suggested in review and improving typings
* fix
* show timeseries label under gauge
* Minor cleanup
* Added test for SASS variable retrieval function from JS
definition
* Updated stories to use new theming
* move authtoken package into auth package
* vertical and horizontal, removed mode option
* move UserToken and UserTokenService to models package
* Add failing test
* Rename version_test to version.test
* change UserToken from interface to struct
* replaced some hex values with variables
* some changes i forgot to save in first push in
variables.dark
* removed trailing whitespace
* removed unused theme variables, removed empty sections,
aligned the order of sections in the files
* combine mode with avg value
* Fix issue with graph legend color picker disapearing on
color selection
* changelog: add notes about closing #12546
* Added a basic test for initDashboard thunk
* docs: update annotaions http api
* azuremonitor: improve autocomplete UX
* Added DashboardPage tests that tests view mode transition
logic
* azuremonitor: fix autocomplete menu height
* Revert 'chore: Replace sizeMe with AutoSizer in
DashboardGrid'
* Revert 'chore: Remove react-sizeme'
* fix spelling
* wip: tests
* middleware fix
* enhanced expiration logic for lookup token
* changelog: add notes about closing #15265
* Address review comments
* auth token clean up job now runs on schedule and deletes
all expired tokens
* changes needed for api/middleware due to configuration
settings
* change configuration settings in auth package
* document login, short-lived tokens and secure cookie
configurations
* refactor login/auth token configuration settings
* remove unused code
* Added ServerlessDatabaseCapacity metric to list of AWS RDS
metrics.
* changelog: add notes about closing #8207
* Minor code simplification
* Delete template.html
* cloudwatch: Add tests for resource_arn template query
* cloudwatch: Add resource_arns template query function
Implements feature request #8207
* update to aws-sdk-go v1.16.15
* Updated add panel related flows
* Update types and themes usage in components
* Implemented theme context and renamed/moved theme related
types
* refactor panel
* changelog: adds note for #15182
* Breaking init dashboard up in to fetch & init
* stackdriver: fixes #15182
* Closing timepicker when clicking outside the picker
* Optimized so we only do checks when dropdown is opened
* stackdriver: add some more typings
* Fixed so that we close angular TimePicker when user clicks
outside the dropdown
* Moved remove panel logic to dashboard srv
* first working draft
* Removed unused controllers and services
* Improved error handling
* fix: Update snapshot
* chore: Explore: Remove inner AutoSizer, spread the
size-object to width/height, change height type to number
* chore: Remove react-sizeme
* fix: Calculation issue with AutoSizer in explore
* chore: Replace withSize with AutoSizer in
explore/Graph.tsx
* chore: Replace sizeMe with AutoSizer in DashboardGrid
* Prevent viewers from going into edit mode
* Expand rows for panels in collapsed rows
* Basic loading state for slow dashboards
* Fixes #15223 by handling onPaste event because of bug in
Slate
* Fixed add panel should scroll to top
* minor layout change, simple render test
* azuremonitor: improve autocomplete experence
* docs: fixes #14940
* Added custom scrollbar and remember scroll pos to jump
back to same scroll pos when going back to dashboard from
edit mode
* created new color variables, changed primary to blue,
changed success-btns to primary-btns.
* azuremonitor: more autocomplete suggestions for built-in
functions
* Updated playlist test
* added missing typing to explore props
* added comment to initDashboard
* improve the stackdriver logo
* Fixed so onBlur event trigger an QueryChange and
QueryExecute if values differ
* Renamed initialQueries to queries
* Added PATCH verb end point for annotation op
* move auth token middleware/hooks to middleware package
* auth package refactoring
* render after leaving fullscreen
* added flags to vizpicker from query param
* Added playlist controls to new react DashNav
* Fixed lots of loading flow issues and updated solo route
page
* Set page title on dashboard load
* now /api/login/ping returns Response
* Added handling of kiosk mode
* WIP Enable js defined theme to be used in SASS
* fix: Explore: Query wrapping on long queries #15222
* azuremonitor: fix where suggestions
* prepping go to visualization
* azuremonitor: use kusto editor for App Insights
* basic layout
* fixed unit test
* Made dashboard view state srv panel view state obsolete
* fix: Set ace editor min height to avoid problem with
scrollbar overlapping ace content #15122
* Missed to save
* fix: Data source picker in panel queries options should
overlap content below, including ace scrollbar #15122
* Fixed handling of orgId
* Fixed template variable value changed handling
* Fixed bug with removing a QueryRow thats not part of
nextQueries
* Now handles all dashbord routes
* Replaced intialQueris with queryKeys
* fix util for splitting host and port
* azuremonitor: where clause autocomplete
* azuremonitor: don't go back to dashboard if escape pressed
in the editor
* azuremonitor: suggest tables initially
* azuremonitor: add more builtin functions and operators
* Reverted redux-logger
* Added more typings
* added submenu, made sure submenu visibility is always up
to date
* changelog: add notes about closing #14231
* Removed modifiedQueries from state
* fixing logging action
* devenv: switching back using loki master plus various
fixes
* Fix save provisioned dashboard modal
* Merge with master
* Refactor of action, actionTypes and reducer
* More types and some refactoring
* Alignment of interfaces and components
* Removed the on every key change event
* Add AWS/Neptune to metricsMap and dimensionsMap
* added time picker
* refactorings and cleanup
* mssql: pass timerange for template variable queries
* improving dash nav react comp
* fixed panel removal
* Added more buttons in dashboard nav
* wip: progress
* Url state -> dashboard model state sync starting to work
* Dashboard settings starting to work
* wip: dashboard in react starting to work
* wip: minor progress
* wip: dashboard react
* base64 encode encrypted oauth token fields
* Add string quote func
* Remove option used to control within browser
* Remove length from text columns
* Add oauth pass-thru option for datasources
* did not add file, removing centerered
* Legend toggle should only trigger a re-render, not a
refresh
* first stuff
* updated snapshot
* Adding pointer to colorpicker
* Minor post review changes
* More style tweaks to panel option group add button
* Made some style tweaks
* setting margin on label
* Make runQueries action independent from datasource loading
* fixing test
* add button in header
* minor fix
* Made really good progress on loki support in dashboards
* Temporarily run queries independently from UI state of
explore panels
* Remove extra newline
* Clearify the Run from master instructions
* Use slate-plugins from app/features/explore
* Remove newline && runner plugins
* Move prism to app/features/explore
* Restoring explore panels state from URL
* Remove version.ts
* introduce samesite setting for login cookie
* sending paneldata to component, gauge can handle table
data
* always delete session cookie even if db delete fails
* New solo panel route working in all scenarios I can test
* Removed unused factory and fixed index based mapper lookup
* Fixed dashboard row title not updating when variable
changed, fixes #15133
* Removed comment from panel editor
* signout user if /api/login/ping returns 401 unauthorized
* must return json response from /api/login/ping
* adds more tests signing out session
* changes some info logging to debug
* wip
* tailing grafana logs and temporaily using an older build
* add missing ngInject annotation
* renames signout function
* delete auth token on signout
* typing data
* changelog: adds note about closing #10780
* Do not render time region line or fill if colors not
provided
* Fixed row options html template location, fixes #15157
* creating table data type
* wip: New react container route for solo panels that
supports both angular and react panels
* build: enterprise release co project.
* Fixed another type of fluent reducerFactory
* Moved dashboard state components to state folder
* Moved time_srv to services folder, this should not belong
to dashboard feature but it is too dependant on dashboard
to move it out now, needs a bigger refactoring to isolate
from dashboard
* Moved a few things around
* Removed then clauses, no need to test the test within the
test
* Updated what's new article
* Added reducerTester, reducer tests and tests
* Removed ActionTypes and fixed a
noPayloadActionCreatorFactory
* Replace usages of kbn.valueFormats with ui/getValueFormat
* Refactored Datasources as POC
* Fix anchor
* Added download links to docs
* Updated docs
* Updated version again
* Updated version and made some changes to changelog and
what's new article
* docs: Added version notice for time range variables
* Added loki video
* spell fixes
* chore: Add typings for react-grid-layout and
react-virtualized
* fix: Don't open panel menu when dragging (react-)panel in
dashboard #14946
* chore: Add missing typings in PanelResizer
* chore: Fix typings and remove bindings for arrow functions
in DashboardGrid
* Updated explore section again
* Updated explore section
* fixe merge issue
* updated what's new article
* adjusting types to match
* Add storybsck script to run it from root dir
* Minor change to Action interfaces
* Simplified inteface for reducerFactory
* Fixed a small bug and added case sensitivity
* docs: whats new tweaks
* Added reducerFactory and tests
* Minor updates to text and image placements
* docs: add video link to what's new
* whats new: note about session storage
* first implementation
* Added actionCreatorFactory and tests
* whats new: provisioning for alert notifiers
* Rename SetInitialQueries action to QueriesImported
* Add missing code
* changelog: adds note for #15129
* docs: update to what's new
* docs: wip - what's new for 6.0
* Minor style fix to button group
* Fixed failing unit test
* Added basic docs
* Minor refactoring and adding some typing
* changelog: add notes about closing #14709
* fixed sqlite issue introduced by #14709
* Change primaryAggregation to crossSeriesReducer in
Stackdriver
* update changelog
* changelog: add notes about closing #12764
* fix: Remove legacy title-prop and update document.title
when navModel is changed #15108
* Explore: query field should not propagate non-text change
* Wait for queries to be imported before proceeding with
datasource change
* removing alpha
* Remove commented code
* Tweaked panel option group styles
* Import queries before datasource is changed
* fixed prettier on switch component
* adding from and to built in variables
* azuremonitor: adds macros to slate intellisense
* Fixed issue with explore changeTime redux action not being
hooked up, fixes #15115
* Fixed explore query editor styling issues
* azuremonitor: remove wrong completions
* azuremonitor: autocomplete on enter
* Progress on tooltip style update
* azuremonitor: fix tests
* devenv: loki provisioned datasource
* azuremonitor: revert 'memory for webpack build'
* Azure Monitor: replace monaco by slate with initial Kusto
syntax
* docker: block for loki
* Make language provider cancelable in Loki and Prometheus
QueryField, to avoid setting state on unmounted component
* Add util for handling promise cancelation to avoid setting
state on unmounted components
* stackdriver: remove beta notice from config page
* increasing font size on longer strings
* magic number solution
* Propagate event to onChange prop in Switch component
* two minor bug fixes introduced in recent refactorings
* Minor progress on react query editor support, solving
updating query persisted state
* did some styling changes
* Updated Explore query styles to align them to other query
editor to make them fit in better
* chore: Fix typings and add Page-component to
FolderPermissions #14762
* chore: Fix typings and add Page-component to ServerStats
#14762
* chore: Fix typings and add Page-component to AlertRuleList
#14762
* chore: Fix typings and add Page-component to
DataSourceDashboards #14762
* fix: Add plugins to StoreState interface
* chore: Fix typings and add Page-component to
NewDataSourcePage #14762
* chore: Fix typings and add Page-component to
DataSourceSettingsPage #14762
* chore: Fix typings and add Page-component to
FolderSettingsPage #14762
* test: Updated snapshot
* chore: Fix typings and add Page-component to TeamPages
#14762
* fix: Add pageName default to avoid 'Loading undefined...'
* changelog: adds note about closing #10487
* pkg/util/{filepath.go,shortid_generator.go}: Fix golint
issues
* pkg/util/{ip.go,url.go}: Fix some golint issues
* pkg/util/*: Add missing function comments.
* docs: updates docs to refer to using uid
* azuremonitor: increase memory for webpack build
* gofmt issue
* moves test files into testdata folder
* renames alert_notifications -> notifiers
* changelog: add notes about closing #14711
* update inline documentation
* extract parsing of datasource tls config to method
* extract tls auth settings directive from datasource http
settings directive
* changelog: add notes about closing #13711
* changelog: add notes about closing #5699
* Fix for annotations not clearing when switching
dashboards, fixes #15063
* Import fix
* build: ignore latest
* Spelling/grammar fixes in top level markdown files
* build: publishes armv6 to grafana.com.
* Removed the initial data source as I could not see it
being used anywhere
* Initialize named colors palete lazily
* Fix thresholds default colors not being applied
* removes unnessecary db request
* Making sure we do not pass a long invalid queries and save
to state
* single import for types from @grafana/ui
* tab/spaces formatting
* Revert 'Updated home dashboard, removed home dashboard
header'
* Fixed wrong line in test
* Made sure we only resetTypeahead if mounted
* Delayed explore query loading indicator and implemented
minor ux improvements to it
* fixing test
* support both uid and id for showing/removing notifiers
* Revert 'Use the same panel loading indicator in explore as
on dashboard's panel'
* Firing off an action instead of listening to location
changes
* Handle undefined graph and table results
* enable explore by default
* Use the same panel loading indicator in explore as on
dashboard's panel
* Prevents query result cleaning when new query trransaction
starts
* Changes after PR Comments
* Made ExplorerToolbar connected and refactored away
responsabilities from Explore
* Removed some split complexity
* Fixed some more styling
* Fixed close split look and feel
* Fixed position of Closesplit
* Fixed small issue with TimePicker dropdown position
* Simplified some styles and dom elements
* Fixed some more with the sidemenu open and smaller screens
* Fixed so heading looks good with closed sidemenu
* Restructure of component and styling
* Refactored out ExploreToolbar from Explore
* updating state if no panel
* updated the color palette
* Fixed reinitialise of Explore
* changelog: add notes about closing #13929
* changelog: add notes about closing #14558
* changelog: add notes about closing #14484
* changelog: add notes about closing #13765
* changelog: add notes about closing #11503
* changelog: add notes about closing #4075
* changelog: add notes about closing #14722
* update changelog
* changelog: add notes about closing #10322
* changelog: add notes about closing #12991
* update changelog
* Update datasource before the loading has started
* Add cursor pointer to color swatches
* Fixed import path
* changelog: adds note about closing #14701
* upgrade golang to 1.11.5
* moves timeout tests to an integration test
* Moving a few things from dashboard folder
* Correct formatting of sqlstore_test.go
* pkg/services/dashboards/dashboard_service.go: simplify
return
* Updated url query param encoding to exctly match angular
encoding
* Updated snapshot
* Added missing props not being passed to scrollbar
component, fixes #15058
* Parse database host correctly when using IPv6
* Document /api/health
* some working solution, needs refactor
* changelog: adds note for #15062
* Do not update color picker popover position on tab change
* change default rotate_token_minutes to 10 minutes
* Rename deprecation warning helper
* Implemented tests for ColorPickerPopover and
NamedColorsPalette
* fix
* load test/ha fixes
* set low login cookie rotate time in ha mode
* Fix light theme issues with named colors disabled
* Stories cleanup
* fix multiple piechart instances bug
* scripts/build/*: Fix some golint issues
* scripts/build/*: Fix golint issues Url => URL
* build: fixes building grafana completely within docker.
* dont specify domain for auth cookies
* monaco-kusto: fix imports
* use @alexanderzobnin/monaco-kusto package for kusto syntax
highlight
* New snapshot reflecting changes
* Makes the clickable side menu header look great in light
theme again
* org id fix for load test
* user auth token load tests using k6.io
* add global datasource proxy timeout setting
* moves cookie https setting to [security]
* Azure Monitor: build monaco with webpack WIP
* Use Switch to control y-axis in series color picker
* Move Switch component to grafana-ui
* improves readability of loginping handler
* Bug Fix #14961
* minor styling changes to gaps, font-size and width
* makes sure rotation is always higher than urgent rotation
* use defer to make sure we always release session data
* Enable custom picers on color color picker popovers (for
y-axis support in legend picker)
* feat: Use CustomScrollbar in explore #14752
* chore: Better comment
* chore: Remove comment and unneeded export
* fix: Enable -webkit-scrollbar related css when there's no
overlay scrollbar #14807
* fixes broken test
* Make series overrides color picker display correctly
* removes unused/commented code
* removes old cookie auth configuration
* makes auth token rotation time configurable
* Update story for NamedColorsPalette
* Update imports of NamedColorsPalette
* Restore missing styles
* Fixed issue with color name retrieval not being aware of
current theme
* Fixed dashboard import issue after move
* Moved add panel panel and renamed it to add panel widget
* Fixed react key warning for loki start page
* Moved row options to it's own component folder
* Removed old query inspector (that was opened by clickin
error in panel title) think the new query insector from
Queries tab can replace this old one.
* Moving files to better locations
* Disable query should trigger refresh
* added docs entry for check_for_updates config flag, fixes
##14940
* Loki query editor is starting to work, had to make changes
to explore query field in order to update query from the
outside without unmount between
* store oauth login error messages in an encrypted cookie
* Removed sass import of spectrum.scss
* replaced palette colors with current palette adjusted for
dark and light theme
* Remove spectrum.js vendor dependency from grafana/ui
* changed light-theme tool-tip to be a bit lighter, trying
different paddings
* Fix hide timeout for color picker
* Rename colorsPalette util to namedColorsPalette
* Make small swatches react to theme changes
* redirect logged in users from /login to home
* Explore: Fix scanning for logs
* Update styles of selected named color swatch
* restrict session usage to auth_proxy
* Implement pointer component for spectrum palette sliders
* minor updates
* Make default color picker close on trigger mouse leave
* Moved ad hoc filters and upload directive
* Added deprecation warning to old color picker API props.
Moved named color support handling to color popovers
* changed color for label tooltips from blue/red-yellow
gradient to black/white
* Moved dashboard srv and snapshot ctrl
* Moved share modal
* Moved dashboard save modals to components folder
* Moved unsaved changes service and modal
* Removed unused alertingSrv
* Moved view state srv to services
* Moved timepicker to components
* Moved submenu into components dir
* Moved dashboard settings to components
* Moved dashboard permissions into components dir
* Moved history component, added start draft of frontend
code style guide
* fix: Use custom whitelist for XSS sanitizer to allow class
and style attributes
* Reduce padding in color picker popover
* Began work on improving structure and organization of
components under features/dashboard, #14062
* Fix a typo in changelog
* Implemented new spectrum palette
* Update ROADMAP.md
* use resetfolder instead so it shows current folder
* Updated home dashboard, removed home dashboard header
* fixes nil ref in tests
* add setting for how to long we should keep expired tokens
* stores hashed state code in cookie
* creates new config section for login settings
* based on encodeURIComponent() using strict RFC 3986
sub-delims
* fix: Dispatch the correct action (#14985)
* passing middleware tests
* Stories update for color picker
* Make named colors optional in color picker, enable named
colors in graph legend series picker
* Storybsck - add actions addon
* fixes:#14282 - Do not change folder for persisted
dashboards
* extract auth token interface and remove auth token from
context
* Fixed issues with the sanitizie input in text panels,
added docs, renamed config option
* build: removes arm32v6 docker image.
* Updated version in package.json to 6.0.0-pre1
* build: armv6 docker image.
* build: skips building rpm for armv6.
* build: builds for armv6.
* CustomScrollbar - expose underlying's
react-custom-scrollbars API to allow scroll tracks config.
* Explore: mini styling fix for angular query editors
* Removed unused props & state in PromQueryField
* chore: Remove logging and use the updated config param
* chore: Reverse sanitize variable so it defaults to false
* feat: wip: Sanitize user input on text panel
* fix: Text panel should re-render when panel mode is
changed #14922
* Minor rename of LogsProps and LogsState
* Splitted up LogLabels into LogLabelStats and LogLabel
* Make popover hide delay configurable to enable better UX
* Stories - fix import
* Enable new color picker in Gauge and Thresholds editor,
use ThemeProvider instead of ContextSrv
* Updated table tests to new behavior for colors (values are
always rendered as hex/rgb)
* Make named colors usable in angular code pt 1
* Story updates
* Update grafana/ui exports
* Refactor color picker to remove code duplicartion
(introduced colorPickerFactory). Allow popver position
update on content change
* Fix lint
* Updated stories
* Rendering arrows for color picker, applying color changes
to time series
* Fix TS errors
* Stories updates
* Unified color picker API, allowed for color specified for
theme selection, updated code to changes in
PopperController API
* Get rid of unused renderContent prop on PopperController
* Enabled knobs for storybsck and implemented some stories
* Lint fix
* Render series color picker with correct theme
* Added config provider to be able to access config easily
from react components
* Migrating color pickers to Popper from drop.js pt1
* Updates to Popper to be positions correctly within window
* Move tooltip themes to Tooltip component making
Popper/PopperController theme agnostic
* WIP Basics of named color picker
* Refactored out LogRow to a separate file
* Removed strange edit
* Added link to side menu header and fixed styling
* Moved ValueMapping logic and tests to separate files
* more auth token tests
* Fixed data source selection in explore
* Added refId to missing queries on panel model init
* adds cleanup job for old session tokens
* Fixed loading of default query editor
* Changed null logic for range value mappings after PR
comments
* fix tests after renaming now
* Added check for null value in ValueMappings and added
tests
* s/print/log
* avoid calling now() multiple times
* passing auth token tests
* fixed trailing whitespace
* handle expired tokens
* fixed circleci script run path for gometalinter
* Fixed circleci name for gometalinter exec step
* moved script and added exit_if_fail
* Moved gometalinter to a script instead of seperate
commands in circleci file, removed megacheck and added
staticcheck
* set userToken on request when logging in
* moves initWithToken to auth package
* set cookie name from configuration
* Added function hasAccessToExplore in ContextSrv and
refactored tests
* change rotate time
* mixor fixes
* dead code
* fix ip address parsing of loopback address
* removes commented code
* moves rotation into auth since both happens before
c.Next()
* fix: Viewers can edit means that viewers have acces to
Explore #14281
* Add loop counter for full refresh in playlist
* decreased panel height in edit mode
* toggle collapse when clicking on collapse state text
* Query editor row style update & sass cleanup
* Delete .all.ts@neomake_22624_74.ts
* Further refinements of typings
* more typings work around data query and data source
* wip: progress on adding query types
* wip: more typings
* wip: typings
* Revert 'Specify expected encoding for access/secret key'
* Moved add query button to the right
* Updated removing notification channel by uid
* Check that alert notification with id already exists in
notification settings
* change enabled to true
* Fixed scrollbar issue where it jumped to the top
* Added test case dashboard
* fix: Hack for getting the same height in splitted view,
view could use refactor IMHO #14853
* Minor refactoring and name changes
* Fixed issue with explore angular query editor support
introduced by recent angular query editor changes
* Redid logic for fontcolor and thresholds in Gauge and
added tests
* Make sure we do not change -Infinity
* Passed the theme to Gauge
* Added tests for formatted value
* Small refactor of Gauge and tests
* Added typings and refactored valuemappings code
* Moved Gauge to ui/components
* Preparing move to ui/viz
* Fixed getFontColor, added tests and fixed thresholds logic
* Removed baseColor
* add timeout test for alert handling.
* remove maxage from session token
* fix broken code
* fix cannot set cookie when response is written
* began work on react query editor props and integration
* Added data source type to explore state
* updated snapshot
* renaming DataSource type to DataSourceSettings and moved
to grafana ui
* Fixed issue with team and user picker, fixes #14935
* Moved data source and data query types
* Moved plugin types to @grafana/ui
* log fix
* inital code for rotate
* wip: moved plugin exports
* build: usage instruction for repo test.
* build: comments
* Minor fix scrollpos when duplicating
* build: updates ci deploy.
* build: fixes the path for gsutil and gcloud.
* build: fixes permissions issue.
* removed unused props from angular query component
interface
* Additional query editor row tweaks
* Query editor row in react is working
* shortening callback functions
* Explore: Fix datasource selector being empty with single
datasource
* Scroll to top when visualization picker is opened
* Made scrollbar have scrollTop and setScrollTop props so we
can control scroll position
* build: only build amd64 for enterprise.
* azuremonitor: guard for when switching from monaco editor
* azuremonitor: move files into grafana
* Query editor row react progress, buttons working
* build: test script for rpm repo.
* chore: Replace the deprecated SFC with FC
* chore: Wrap footer with React's memo hoc
* chore: Reduce code duplication by letting the page
component adding the header and taking care of the page
title
* mini stylefix to select component
* cloudwatch.md - quick typo fix
* removing Label and going with FormLabel
* Use light theme in storybsck
* Toggle edit mode works
* login users based on token cookie
* test: Update snapshots and mocks
* build: deb repo update test usage instructions.
* fix: Use Page component on 'Api Keys' and 'Preferences'
under Configuration
* build: uploads binaries before metadata in deb repo.
* feat: Generate page titles from navModel
* test: Updated snapshots
* chore: Better way of getting the body node
* chore: Reactify footer
* fix: Add Pages component to Plugins and TeamList
* fix: Configuration: Users should also use the Page
component
* feat: Possibility to change document title on pages using
the Page component
* fix: Add CustomScroller on DataSources page
* fix: Proper types for linter
* test: Snapshot update
* fix: Fix import path after Scrollbar move to @grafana/ui
* POC of page layout component
* Added uid to AlertNotification json
* Converted notification id to uid via fmt for old alert
notification settings
* Returned id for alert notifications which were created
without uid
* Formatted errors to err
* Using func InitNotifier for verifying notification
settings
* Added uid for alert notifications
* Renamed validation funcs for alert notification
* Commented alert_notifications sample config
* Instantiating notifiers from config before using
* Added parameter org_name of alert notification to
documentation
* Added orgName parameter for alert_notifications
* Added alert_notification configuration
* redoing input props
* another minor style change
* More style tweaks to thresholds
* fix: Manually trigger a change-event when autofill is used
in webkit-browsers #12133
* move styling
* renaming after pr feedback
* minor style change
* wip: testing new query editor row design
* Removed snapshot
* Refactored ValueMappings
* Moved ValueMappings to grafana/ui/component and renamed it
ValueMappingsEditor
* Moved Label to grafana/ui/components
* build: repo update testable and more robus.
* Experimenting with generating doc for ui component
* Move action properties to payload
* Fixed small bug with entries outside the min max values
* Fixed NaN issue when parsing
* Remove BasicGaugeColor from state
* Fixed so that we can not change base threshold
* Fixed so added threshold colors are always unique
* Fixed issue with changing value not changing index
* Fixed styling for small screens
* Reordered the input row
* Fixed the circle
* Fixed styling
* Refactored logic in ThresholdEditor
* File organization, action naming, comments
* Fix reducer issues
* Connect Explore child components to store
* Update comments
* Move types to types/explore
* Save state in URL and fix tests
* Allow multiple Explore items for split
* WIP Explore redux migration
* Fixed a bug with prefix and suffix not showing when using
value mappings
* fixing imports, minor fix on mapping row
* test and minor fix on mapping row
* updated snapshot
* Added suffix interpolation
* Scrollbar select fix
* Remove duplicated import
* Initial commit
* changelog: adds note for #14795
* Move ColorPicker leftovers to @grafana/ui
* inject login/logout hooks
* begin user auth token implementation
* utils
* fix: It should be possible to scroll in the unit picker
before selecting a value #14871
* fix go fmt
* [Feature request] MySQL SSL CA in datasource connector
https://github.com/grafana/grafana/issues/8570
* removes debug2 logging
* removes error2 logger
* WIP: good progress on react query editor support
* Updates to latest checking.
* 5.4.3 changelog
* changelog: adds ntoe about closing #12864
* fix that alert context and result handle context do not
use the same derived context.
* docs: add a title to the Explore docs
* stackdriver: converts some variables from any to types
* FormGroup component and implements
* Restored http settings directive that was hidden in an
unused angular controller page
* stackdriver: small fixes after reactifying
* changelog
* stackdriver: add help text for bucket alias
* Prometheus: Fix annotation step calculation
* stackdriver: fixes space before caret icon in query editor
* Fixed Syntax for folder permission's JSON
* avoid infinite loop in the dashboard provisioner
* build: fixes release problems.
* changelog: add notes about closing #5968
* wip: another wip commit
* Moved panel editing components to it's own folder
* removed old unused angular stuff, rename
* wip: react query editors
* Move panel width/height calculation to PanelChrome
* Updated singlestat to use new value format function syntax
and capitalized unit categories, fixes #12871
* build: build specific enterprise version when releasing.
* Fixed Gauge being cropped when resizing panel
* units: adds back velocity units. Fixes #14851
* Fix bug tls renegociation problem in Notification channel
(webhook) #14800
* Fix Error 500 on unexisting /api/alert-notification/<id>
* updated snapshot
* Minor renames and other fixes
* pushover: add support for attaching images (closes #10780)
* panel option section moved to grafana-ui and new panel
option grid component
* Simplified folder structure in grafana-ui lib
* Addedd assertions about raw time range when panel time
overriden
* Panel time override tests
* add feedback to what interval is being used (calculated in
the backend)
* use typings for ds and template srv
* value formats: another rename and updates code to use new
valueFormats func
* value formats: renamed folder
* Reverted move of defaults for GaugePanelOptions
* refactoring alias by
* Move Select styles to grafana/ui
* Moved defaultProps to ui/components
* Moved the rest of Threshold dependencies to ui/components
* Renamed Threshold files
* Renamed Thresholds to ThresholdsEditor
* Moved Thresholds and styles to grafana/ui/components
* Removed default export for colors
* Fixed typings
* Small change in SeriesColorPickerPopoverProps
* Moved colorpicker to ui/components
* Fixing test and small refactor
* Moving to grafana ui, fix issue with TestRuleResult
* Fix panel time overrides not being applied fully
* access scope directly from this. update tests
* build: makes sure all builds use the latest container.
* changelog: docker images for arm.
* Renamed Select related components: Picker* to Select*,
Option* to SelectOption*
* build: removes curl install from build.
* build: tags arm as well as amd64 as latest.
* Docker image for ARM
* Fixing TS and updating snapshot
* make sure frequency cannot be zero
* refactoring. fix broken test
* Migrate Select components to @grafana/ui
* provide angular directive scope props correctly
* docker: enable flux in influxdb docker block
* Moved Thresholds and styles to grafana/ui/components
* Update README.md
* 11503: escape measurement filter regex value
* 4075: Interpolate tempvar on alias
* rename
* fixing unitpicker
* removing tests
* React graph panel options component rename
* Minor refactor of Gauge panel
* Revert 'Docker image for ARM'
* Revert 'build: fixes docker push.'
* build: fixes docker push.
* feat: Add brand as tooltip theme and use it on panel edit
tabs #14271
* Docker image for ARM
* fix broken test
* chore: Remove ScrollBar component, superseded by
CustomScrollbar
* Update storybsck static files option to load statics
correctly
* unregister event listener correctly
* Changes after PR comments
* Removed unused refClassNameprops from Propper
* Fixed a small bug when toggling items in toolbar
* build: deploys enterprise to its own repo.
* build: inline docs
* build: publishes beta releases to separate repos.
* refactoring
* build: makes repo update enterprise compatible.
* build: uses official deployment image.
* build: adds aptly and createrepo to deploy tools.
* build: handles unexpected cases.
* build: only adds the correct packages to the repo.
* build: rpm repo deploy.
* build: repo update input error.
* build: release of debs to our debian repo.
* Added tests for TestRuleButton
* Removed Test Rule button from Angular and view
* Added TestRuleButton
* Hint for user on when the repeat is applied
* Removes unnecessary warnings from webpack output about
missing exports
* Use factors for max repeated panels per row
* Fixing TS errors and updating snapshot
* Move Portal to @grafana/ui
* chore: Move sass code related to custom scrollbar into
@grafana/ui #14759
* Post merge updates
* chore: Move CustomScrollbar to @grafana/ui #14759
* changed light theme page background gradient
* WIP
* Max number of repeated panels per row
* wip
* Make tooltips persistent when hovered
* docs: rpm/deb beta repo.
* update snapshot
* add form grow
* fix: Clean up per PR feedback. Thanks @dprokop
* removing duplicated things
* minor code refactor
* splitting into more files
* Moved AlertTab and StateHistory to app/features/alerting
* fix: When loki is default data source, datasource is
passed as undefined to QueryOptions #14667
* remove redundant max-width. it's already declared in
gf-form-select-box__menu-list
* add typing for metric descriptor
* Removed unused Popover component
* Update components to fit updated PopperController API
* make templateSrv a prop
* Refactored withPoper HOC to PopperController using render
prop
* use correct event handler name convention. register
directive on startup
* fix: Remove the onRenderError prop and add an
ErrorBoundary component
* replace fragment with empty jsx tags
* refactoring tests
* ugly fix. will be removed later on
* adds note for #13914 and #14581
* moved all units
* fix: GraphPanel should be a PureComponent
* fix more broken tests
* feat: Display error when plot fail to render
* wip: fix broken tests
* adding more units and functions
* Remove the jump effect on run query button
* ugly temporary fix for scope issue. will be removed later
on
* refactoring
* fix filter bug
* fix: Light theme corner bg color update
* set max width on the whole menu list instead
* bind array instead of function
* feat: Add 'theme' to Tooltip
* Notify user on query error
* Revert 'Revert 'add max width to group header
description''
* Revert 'add max width to group header description'
* remove not used property
* fix broken tests
* use correct type for select option
* set issearchable default value to true
* make variable type more slim
* remove group name from select component. let the parent
set group name instead
* move component to components dir. also move directive
registration out from datasource
* add template variable type
* rename template variables prop
* rename selected prop
* rename searchable prop
* improve component performance
* add max width to group header description
* remove debug logging
* rollback test state to before template variables were
added
* cleanup
* move template variable logic to component
* remove extra arrow div
* fix condition that expands group if it has a selected
child. also make it possible to pass expanded as a prop
* align input widths
* remove console log
* rename directive
* remove linebreak
* remove old group heading
* use new generic picker
* remove on metric type change
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* update failing tests
* remove redundant default value
* use new option group in aggregation directive
* remove redundant default value
* wip: add option group component
* wip: add basic option header
* Wrap react select component in angular directive
* updated scrollbar snapshot
* remove not used files
* Fixed new gometalinter issues
* fix JSON in responses for Admin API documentation
* 14722 - removing unnecessary arn check that breaks assume
role feature in other AWS partitions
* Fixed issue with cut legend in firefox & mobile devices,
fixes #14744 and #14489
* Some cleanup
* EqualFold()
* forgot go fmt
* pull connection string args from url instead
* Add mean on distribution as well
* docs: updated debian and centos repo.
* Fix stackdriver aggregation series merge
* first stuff
* Updated documentation for new macros
* Minor refactoring of EditorTabBody
* Fixed timepicker css issue introduced by PR #14700 and
remove hotfix from 297241c
* AlertTab style fixes
* Updated alert tab layout & markup
* Changed datasource list page default layout mode
* Fixed timepicker css issue introduced by PR #14700
* Added macros to mysql
* FIxed syntaxis mistake unixEpochNanoFrom and
unixEpochNanoTo
* Added previous macros to mssql
* Added unixEpochNanoTo and unixEpochNanoFrom macros to
postgresql
* Renamed unixEpochFilterNano to unixEpochNanoFilter
* cleanup
* add aggregation tests
* add tests
* Fix issue with value disappearing when selecting stat
* Fixing issue with value color being wrong
* initial design for way to build value formats lazily and a
backward compatability layer via Proxy
* fix template variable bug
* Don't cut off subsecond precision for postgres macros
* Nanosecond timestamp support postgresql
* remove not used file
* Fixed new gotmetalinter warning
* add support for defining additonal database connection
string args via extra_connection_string_args
* clear history
* cleanup. remove comments, not used files etc
* state history tab
* fix broken tests
* use correct type for select option
* set issearchable default value to true
* make variable type more slim
* remove group name from select component. let the parent
set group name instead
* move component to components dir. also move directive
registration out from datasource
* add template variable type
* rename template variables prop
* rename selected prop
* rename searchable prop
* improve component performance
* add max width to group header description
* remove debug logging
* rollback test state to before template variables were
added
* cleanup
* move template variable logic to component
* remove extra arrow div
* fix condition that expands group if it has a selected
child. also make it possible to pass expanded as a prop
* align input widths
* remove console log
* rename directive
* remove linebreak
* remove old group heading
* use new generic picker
* remove on metric type change
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* update failing tests
* remove redundant default value
* use new option group in aggregation directive
* remove redundant default value
* wip: add option group component
* wip: add basic option header
* Wrap react select component in angular directive
* s/initialDatasourceId/initialDatasource/
* add alert in react instead of angular
* Fixed issues with panel size in edit mode, fixes #14703
* hide protip if not defined
* fix filter bug
* add help text component
* Tweak datetime picker layout for mobile
* Explore: Remember last use datasource
* Update yarn.lock
* Logs data model: add more log levels
* Review feedback
* Explore: fix loading indicator z-index on panel container
* Loki: change query row to be single field again
* Explore: logging UI style fixes
* Loki: query limit configurable in datasource
* Removed rxjs compat
* ldap: adds extra debug logging
* reactify annotation query editor
* adds orgId to user dto for provisioned dashboards
* Update rxjs
* closes the body properly on successful webhooks
* makes cache mode configurable
* Fix general tab typos
* added node-sass as dev dependency, needed after I removed
grunt-sass
* Husky and sasslint fixes, fixes #14638
* Added a form component to @grafana/ui
* created visualizations folder
* Fixed JQuery typing issues
* Typings issues
* wip: moving react graph component to grafana/ui
* Don't do a full frontend release build in test-frontend
job, added typescheck (tsc noEmit) instead, fixes #14639
* Moved sass for component to @grafana/ui lib
* Moving a couple of types to @grafana/ui
* Testing moving out one type to grafana/ui
* Increased margin between controls in logs panel, fixes
#14637
* Fixed dashboard links not updating after variable or time
range change, fixes #14493
* Fixed group button tooltip placement from auto to bottom,
fixes #14634
* Removing erroneous backtick in docs
* Updating docs for auth_proxy whitelist CIDR support
* Add timestamp back to log entry type
* Update
public/app/plugins/datasource/loki/result_transformer.ts
* Loki: fix timestamp field
* Fixed panel height & scroll issue with flexbox in firefox,
fixes #14620
* remove segment srv prop
* use ds template srv reference
* remove not used stuff
* add event handler
* add help component
* Add support for InfluxDB's time zone clause (backend)
* note to future me
* delete works
* grunt test task update
* Add support for InfluxDB's time zone clause
* @grafana/ui lib now contains one components, seperate lint
& tsc steps
* changelog: add notes about closing #14519
* Grafana ui lib is starting to work
* typings and renamings
* breaking up grafana into multiple packages poc
* add project and help component
* add alias by component
* add alignment periods component
* cleanup aggregation picker
* move alignment population code to parent component. make
alignment a stateless component instead.
* flatten target obj
* Grafana ui library poc
* elasticsearch: support bucket script pipeline aggregations
* Add units for blood sugar concentration 💉
* on deselect when reducer is set to none
* add alignment component
* Fixes undefined issue with angular panels and editorTabs
* changelog: adds note about closing #14562
* refactor aggregation picker
* use render props pattern
* Update field name
* Add documentation
* use template variable prop
* cleanup
* Rename the setting and add description
* export init notifier func
* render editor toolbar buttons
* Increase recent and starred limit in search and home
dashboard, closes #13950
* changelog: adds note about closing #14486
* Panel help view fixes
* rewrite angular view
* Add min/max height when resizing and replace debounce with
throttle
* changelog: adds note about closing #14546
* Adding tests for auth proxy CIDR support
* fix only add column if not exists for mysql
* changelog: adds note about closing #14109
* fix handling of indices with multiple columns (mysql)
* fix only create/drop database indices if not exists/exists
* fix signed in user for orgId=0 result should return active
org id
* Another take on resizing the panel, now using
react-draggable
* only update session in mysql database when required
* Raise datasources number to 5000
* improve component performance
* add max width to group header description
* copy props to state to make it visible in the view
* remove debug logging
* rollback test state to before template variables were
added
* cleanup
* move template variable logic to component
* remove extra arrow div
* refactor to not crash when no links
* updating snaps
* renaming component
* panel help working
* snapshots: Close response body after error check
* fix condition that expands group if it has a selected
child. also make it possible to pass expanded as a prop
* align input widths
* Update sample and default configs
* Add OAuth provider flag to indicate if it's broken
* Register BrokenAuthHeaderProviders if needed
* Add units for Floating Point Operations per Second
* remove console log
* rename directive
* remove linebreak
* remove old group heading
* use new generic picker
* remove on metric type change
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* update failing tests
* remove redundant default value
* use new option group in aggregation directive
* remove redundant default value
* wip: add option group component
* wip: add basic option header
* Wrap react select component in angular directive
* Minor update
* Make sure panel id is unique since some datasources
(Graphite) will cancel ongoing requests with the same
panel id
* changelog: adds note about closing #14548
* Adding CIDR capability to auth_proxy whitelist
* Minor cleanup now that angular panel edit is no longer
* Gauge option form markup fixes
* toolbaritems viztab
* filter out table responses that don't have columns and
rows
* enable goto explore from query panel editor for all
datasources
* started with component for generic panel help
* moves migrations to /sqlstore/migrations
* adds integration tests to ci build
* renames main lock function
* clean up integration tests
* change from db_text to nvarchar
* adds server lock package
* initial verison of server lock
* Minor react graph panel refactorings and fixes
* sorting tests for change value
* Fixes issues with user and team picker
* fixing coloring
* upgrade to golang 1.11.4
* remove printed index
* updating test
* adding threshold
* Refactoring react graph
* updated dropdown typeahead to place down instead of up,
works better when inside scrollable area
* minor style tweak
* propagate initial state back to explore query runner
* Update gitlab.md
* Update github.md
* minor style fixes
* Updated snapshot
* Switched to react-select fork
* ldap: upgrades go-ldap to v3
* table: fixes #14484. Renders epoch string if date column
style
* changelog: adds note for #14483
* Fix for no metrics panels, now goes to viz tab and does
not show queries tab
* minor style fix
* minor change to table panel edit options
* minor tweaks to text panel
* Fixes and cleanup
* Show predefined time ranges as first in timepicker on
small screens
* code cleanup in add panel, and switched off grid css
transforms to fix z-index issuse
* minor tweaks to alert tab
* fixed name of alert tab
* removed unnessary test
* updated add panel a bit
* minor style fix
* updated snapshot
* fixes to unit picker
* updates on thresholds component
* remove check on axis.used in flot #13765
* Added custom scrollbar to select component
* removed a test that isn't neccessery any more
* replaced content in addpanelpanel with three buttons that
can create new panel, paste copied panel, and add a new
row, to paste panel one must copy one first, code is still
quite rough
* fixed cloudwatch issue
* select refactor fixes
* gauge working without thresholds
* changin colors
* explore using data source picker
* fixing issue with copy invite link
* getting closer with no thresholds
* renamed folder to select
* User picker using common select componnet
* wip: unifying select components
* fixing input unit test failure
* fixed issue with switching panels
* refactored panel-option-section into react component
* removed console log
* updated styles
* starting with threshold refactor
* wip: convert angular directives to react components
* wip: style change progress
* Update latest.json
* wip: styles are starting to come together
* wip: styles
* wip: testing new styles
* wip: style changes
* fixed ordering changing panel types, fixes issues with
loading panel options
* moving min/max to gauge options
* log error when resolvePath
* wip: minor style changes
* wip: changes
* break out metric picker and filter
* migration: renames logging ds to loki ds in data_source
table
* loki: updates the logo
* fixing tests
* mixing color when
* wip
* wip
* remove on metric type change
* things are working
* fix remove filter bug
* use same color for label as in explore dropdown
* cleanup query filter
* changelog: add notes about closing #8843 #11175
* fixed unit tests
* update failing tests
* remove redundant default value
* wip
* wip
* redone state
* display value map or range map
* add oauth_auto_login setting to defaults file
* use new option group in aggregation directive
* wip
* remove redundant default value
* Adding mixed query
* Check with lowercase
* wip metrics tab changes
* changelog: adds note about closing #13754
* wip: making things work again
* React-select refactorings
* wip: add option group component
* wip: add basic option header
* wip: react select css refactoring
* docs: fix broken link on explore page
* wip
* changing type and started on Gauge
* fix threshold test
* Adding label
* styling on dropdowns
* Using drop down instead
* Filter tags select box on text input #14437
* fixed id bug
* Using an id to identify mappings
* Change KeyboardNavigation from hoc to render prop
component
* Clean up hoc and extend component props automatically
* Let VizTypePicker use the keyboard navigation hoc
* Moved more metrics tab to react
* Wrap react select component in angular directive
* Don't show heading for first tab
* snapshots: Add support for deleting external snapshots
* docs: explore
* snapshots: Move external snapshot creation to backend
* snapshots: Add external_delete_url column
* Add keyboard navigation to datasource picker via a hoc.
* Use react's onKeyDown event on the input instead of event
listener on document
* Explore: Improved line parsing for logging
* fixed typings and remove
* updated publish script
* Unmount component when fading out to reset its state, such
as search..
* Variable rename. Did not make sense at all.
* Fix styling for vizPicker keyboard nav and change so only
arrow up/down is OK to use
* fixed styling
* Start adding keyboard navigation to VizPicker
* use links instead of bridge network
* fix time regions bugs
* fixed issue with colorpicker position above window, fixes
#14412
* fixed issue with singlestat and repeated scopedVars, was
only working for time series data sources, and only if
there was any series, now scoped vars is always set, fixes
#14367
* fix search tag issues, fixes #14391
* Clear query models when changing data source type, fixes
#14394
* fixed issue with grid responsive mode
* fixed max height issue not being respected by react select
dropdown
* removed side menu for column styles, added small header to
column styles with a border
* Use correct variable name in fail text
* Fix search field styles
* Enable search also after editing
* Explore: Split logging query into selector and search
* Fix logs panel meta wrap
* Explore: dont pass all rows to all rows, fixes profiler
* Explore: Logging dedup tooltips
* Explore: Hide scanning again after result was found
* Explore: Fix timepicker inputs for absolute dates
* Switch to global match for full browser support of escaped
custom vars
* Allow backslash escaping in custom variables
* Fixed issue with logs graph and stacking
* align yellow collor with graph in logs table
* minor style change
* Add the AWS/SES Cloudwatch metrics of BounceRate and
ComplaintRate. Pull request #14399
* logs style polish
* allow sidemenu sections without children still have a
hover menu/header
* explore logs options styling
* transparent toggle style and new button group style
* Toggle buttons
* render a value mapping row
* removed side menu from display options, kept overrides in
display options, moved thresholds and time regions to its
own section in visualization
* changelog: adds note about closing #11221
* removes unused code
* fixes merge error
* remove result format. might add this later
* filter out build in datasources. add unit test
* click on dashboard title moves you back to dashboard
instead of search
* graphInterval needs to update after query execution, fixes
#14364
* Explore: Parse initial dates
* Aligned styling of stats popover/box with rest of grafana
& minor css refactoring
* Remove Explore > 'New tab' from sidebar
* initialize empty variables array in constructor so that
datasources can use the array in explore
* Prometheus: Make result transformer more robust for empty
responses
* add table support flag in influx config
* add scoped vars to query options
* Rebase fixes
* Explore: Logging line parsing and field stats
* fixed unit tests
* made unknown color theme aware and sync with graph color,
some minor cleanup
* initial stuff
* Explore: improve error handling
* use render props instead of cloneElement
* sort of a hacky way to figure if the small variation
should be used for the label
* add basic button group component, using the the same label
style as is
* Restore PluginEditCtrl accidently removed
* explore logs styling
* wip: alternative level styling & hover effect
* wip: explore logs styling
* more detailed error message for loki
* If user login equals user email, only show the email once
#14341
* UserPicker and TeamPicker should use min-width instead of
fixed widths to avoid overflowing form buttons. #14341
* wip: explore logs styling
* restoring monospace & making sure width are correct when
hiding columns
* fixed logs to time series calculation issue, increased
bucket size, fixes #14248
* Always open panel links in new window if user asked for it
#14333
* Changing from PureComponent to Component to re-render on
link updates made in Angular #14333
* minor tweaks, now table renders faster and changes less on
second stage rendering
* explore logs css refactoring, step1
* explore logs styling poc, WIP
* Fix transparent option #14333
* Add prop key to panelPropsString to avoid a bug when
changing another value and the render doesnt trigger
* loki: adds proper error handling for config page
* renames Grafana Logging ds to Loki
* Pass some panel props down as strings to trigger render
#14333
* Trigger panel.render on title, description, links change
#14333
* Put issue number to test code
* Fix bug what updating user quota doesn't work
* Fix bug what updating org quota doesn't work
* public/app/plugins/*: Fix some misspell issues
* public/sass/*: Fix misspell issue
* public/app/features/*: Fix some misspell issues
* public/app/core/*: Fix some misspell issues
* README.md: Fix small typo
* fix snapshots
* Added isDefault switch on settings
* fix to switch component
* Rename BodyPortal to Portal and accept prop 'root' which
is where the portal should be placed
* Create a portal and use it with our popper component
(tooltip and popover) to avoid potential
overflow-/zindex-bugs
* add icon
* explore data source selector fix
* Update css to use the border-radius variable and add a new
variable for the popper's distance to its ref
* Update README.md
* fix for panel-initialized event not being called
* refactored and added tests for panel model remember
properties
* redact value for plugin proxy routes
* pkg/*: Fix misspell issues
* fix for panel embedding. Solo panel height was not
correctly set. Made panel--solo into panel-solo class. in
develop branch we have remove the need for the panel class
* added support for influxdb cumulative_sum function in tsdb
* Use buildTableConstraint instead of buildSchemaConstraint
to find the datatype of a column if using a table from a
different database schema
* Readme: We should write Node.js the same way in all places
in the readme
* Small tooltip css-adjustments and add css for position
'bottom-start' used by the panel header corner
* Explore: Display duplicate row count as number
* Adapt styles
* Explore: Logging query live preview of matches
* added max-widths to explore start pages boxes
* Alert tab fails when datasource method
targetContainsTemplate doesnt exist #14274
* improve comments
* fixed promql and loggging syntax so all punctuation chars
are treated the same, remove hover move
* remove all query empty related code. root cause of the
problem was to fix hasNonEmptyQuery
* Let the cached props from previous visualization be the
masters, unless specified in keepLatestProps const
* POC on how to save away settings from a viztype and
restore when switching back to it #14274
* remove redudant spread
* Set query empty condition in render function. Also clear
query transactions when no valid query is present
* Remove query empty from model
* fixed logging start page
* Use popover styles for stats popover
* Fine tune stats styles
* Tests for label stats calculation
* Explore: Logging label stats
* stop scanning when clear all button is clicked
* build: update latest when pushing docker.
* Use origin meta
* only display scan button if there is at least one existing
selector that returned an empty result
* minor refactoring
* Explore: return to grid layout for logs table
* Add VizPicker search #14274
* changelog: add notes about closing #11067
* fixed grabage in markup
* fix: align input backgrounds for code editors
* fixedUnit for Flow:l/min and mL/min
* feat: #11067 prevent removing last grafana admin
permissions
* another style fix for broken dark theme word highlight
* fix time regions using zero hours
* Misc styling fixes to explore: start page, slate code
editor colors, text highlight in auto completeter
suggestion
* Revert commit
* only make it possible to scan for older logs if there is
at least one non failing selector
* update package.json to next version
* Stick to .tsx? for babel file test
* changelog: add notes about closing #13815
* changelog: add notes about closing #14246
* arrow function
* changelog: add notes about closing #12653
* fix for add/remove labels
* Hid 'Forgot your password' link from login menu when reset
is disabled
* Prevent password reset when login form is disabled or
either LDAP or Auth Proxy is enabled
* fix for initial options
* minor css fixes
* update changelog
* update latest.json to latest stable version
* new stable docs version
* minor css fix
* redid props for gauge options
* dataproxy: Override incoming Authorization header
* changelog: add notes about closing #14228
* Explore: Show logging errors from backend
* change obj order when merging so that correct format is
being used
* Explore: Fix logging query parser for regex with
quantifiers
* Update README.md
* Fixed typo in function name
* Explore: Fix label and history suggestions
* tidy import
* let each sql datasource handle timeFrom and timeTo macros
* style changes for panel placeholder (move and resize)
effect
* never load fallback query field. remove commented code
* add an error alert component that will be displayed when
there was an error loading ds in explore
* fix: minor style changes, removed hover scale increase
* react-panel: Add nullcheck to prevent error on datasources
without meta options
* react-panel: Options button should always be enabled now
when Time Range-options are there
* react-panel: Move time range options to its own component
and render it under the options button instead
* created color enum
* make sure target obj is not destructured so that angular
copy of objected can be mutated
* Review feedback
* react-panel: Add test for Input with validation on blur
* react-panel: Input validation should be optional
* react-panel: Clean up input validation and increase code
readability
* react-panel: Time range options moved to 'Queries' tab
* react-panel: Remove mock response button for now
* react-panel: Remove comments and improve readability in
render()
* react-panel: Use correct type for children prop to avoid
the use of fragments <></>
* react-panel: Remove json-formatter-js since we will
continue with the 'patched' version
* react-panel: Move all query inspector logic into
QueryInspector component and start with the 'Mock
response'
* react-panel: Toggle Expand/Collapse json nodes in Query
Inspector
* react-panel: Add CopyToClipboard-component and separate
QueryInspector to its own component from QueriesTab
* react-panel: Trigger panel refresh when opening inspector.
Add loading-message
* react-panel: Replace JSONFormatter npm package with the
current monkey patched JsonExplorer
* react-panel: Clean up the JSONFormatter and make sure it
updates both on mount and when props update
* react-panel: Get real datasource query for query inspector
* react-panel: Create component for JSON formatting and use
it on query inspector
* changelog: add notes about closing #14167
* make getAll return array instead of object
* remove obsolete test
* Update README.md
* Add AWS/CodeBuild namespace for CloudWatch datasource
* Fixed styling issues with new checkbox style
* Fix other misspell issues
* docs/*: Fix misspell issues
* CHANGELOG.md: Fix misspell issues
* Explore: Logging render performance
* remove log
* min and max value
* update gauge on remove threshold
* user added thresholds state
* console logs and code layout
* pass data correctly to event handler
* revert Label change
* update color on gauge when changing
* remove explore check - make it possible to load all
datasources
* add table support flag for stackdriver
* add table support flag for prometheus
* add table support flag for postgres
* add table support flag for opentsdb
* add table support flag for mysql
* add table support flag for mssql
* add table support flag for logging
* add table support flag for graphite
* added google_tag_manager_id from defaults.ini
* removed extra whitespace
* Update export_import.md
* added new icons, fixed so different icons in different
themes, added animation to hover on icons, styled choose
visualization and datasource for both themes, made som
styling adjustments to whole panel editor
* sorting tests
* remove border
* color indicator
* add new flag in order to be able to indicate whether the
datasource has native support for tables
* prevent explore from crashing when table is not present in
response
* Explore: Logging label filtering
* Logging: fix query parsing for selectors with multiple
labels
* using percentage to not hide search when smaller screen
* build: explaining the linux build.
* check for null with toLocalString (#14208)
* Fix elastic ng-inject (build issue) (#14195)
* add current editor to panel targets
* Added stop scan button
* Explore: Scan for older logs
* color picker
* remove time srv initialization
* restructure imports
* get intervals from explore function
* unregister all query editor event listeners
* remove comments
* temp remove until stackdriver implements explore
* sort on value
* use default range from time picker
* Requested Backend changes, removed link in popover
description for the offset field
* Remove confusing <> from variable intro
* includes ranges correctly in the options object
* docker: Upgrades base packages in the images.
* small fixes
* logic for adding rows, styling
* chore: correct pause-all-alerts auth in docs
* Requested Backend changes, added details to popover
description for the offset field
* Explore: Fix JS error when switching between 2 prometheus
datasources
* color touches
* Add support for Offset in elasticsearch datasource,
date_histogram aggregation, fixes grafana #12653
* Fix tests to account for sortText
* build: always test publisher.
* build: packages linked to dl.grafana.com.
* Fix tests to account for loglevel long names
* Explore: Filter logs by log level
* styling
* created test for some functions
* update changelog
* mock interval data
* fix handle of elasticsearch 6.0+ version
* rename variable
* hide row specific buttons when query editor is rendered
from explore
* add support for explore events
* minor style fix
* minor fixes
* docs: various fixes of what's new in v5.4
* use plugin_loader directly instead of using the wrapper
* docs: fix old ldap url redirect
* fixed issue with babel plugin proposal class properties
that initiated properties to void 0. This breaks angularjs
preAssignBinding which applies bindings to this before
constructor is called. Fixed by using fork of babel
plugin.
* Explore: make query field suggestions more robust
* Fix abbreviations of Litre/min and milliLitre/min (#14114)
* Sort Prometheus range suggestions by length
* docs: what's new in v5.4
* Explore: swtiching to logging should keep prometheus
labels in case of error
* tweaks to gf-inline-form style PR #14154 change
* adding back button
* styling tweaks
* initial commit
* docs: signout_redirect_url description in auth overview
* minor style changes
* Sticky footer for all pages
* edit mode styling
* edit mode styling
* edit mode styling
* Added comments
* style tweaks
* render and sort
* return actual error if failing to update alert data
* Fix issue with deleting a query (empty string not
updating)
* Fix history rendering for DataQuery
* margin when listing multiple gf-form should be right
* styling progress
* Fix a typo
* panel edit ux experiments
* changelog: add notes about closing #14150
* temporary fix for starting grafana not running systemd
* cloudwatch: handle invalid time ranges
* cloudwatch: recover/handle panics when executing queries
* Combine query functions
* Renamed targets to queries
* added icons for panel-edit side menu
* updates time range options for alert queries
* format: remove </input> and align tabs
* updating state
* Explore: Introduce DataQuery interface for query handling
* Fix set utilities for explore section
* typos in docs/sources/alerting/rules.md
* typos in docs/sources/alerting/rules.md
* fixed failing graph tests
* gfdev: fixes unparseable for duration
* fixed issue with new legend not checking if
panel.legend.show
* gfdev: adds alert always in pending state
* docs: adds example timeline for alerting for
* build: docker build for ge.
* react-panel: Avoid duplicate keys
* added alert tab to new react panel editor
* update path to alerting for image
* started on thresholds
* react-panel: Add data source 'options'. Needs UX, WIP.
* update release publish script links
* fixes to view mode for panels, can now go back as before
* Add visibility toggle for explore graph series
* what's new in v5.4 placeholder
* fix label and default threshold
* react-panel: Add data source 'help'
* fix for issue with error view in production builds
* changelog: adds note for #13561
* update changelog
* stackdriver: remove not used variable
* fixed menu to go to panel view mode
* stackdriver: use angular dropdown so that we can restrict
user input
* stackdriver: make sure object type queries are also
checked for vtemplate variables
* minor style update
* changelog: adds note about closing #13577
* adds basic auth configuration to default.ini
* added header section to legacy tabs
* stackdriver: reset defaults.ini
* changelog: add notes about closing #14120
* changelog: add notes about closing #14129
* switch slider changes
* linters.
* build: correct filters for ge build artifacts.
* build: releaser supports releasing only some artifacts.
* Revert 'docs: building Grafana on arm.'
* Add doc for api 'GET /api/users/:id/teams'
* Re-organize packages and add basic auth test
* Revert 'Update google analytics code to submit full URL
not just path'
* Add Cloudwatch/CloudHSM Metrics and dimensionMaps
* remove react warning
* added chekbox and other tweaks
* refactor options, show labels and markers
* docs: building Grafana on arm.
* stackdriver: add query keyword to service, metric and
project since these were the only fields in the editor
that was missing it in the whole editor
* Explore: POC dedup logging rows
* stackdriver: add query keyword style to query fields
* stackdriver: fix failing test
* stackdriver: reimplementing service variable query type
* Revert 'typo fix'
* typo fix
* prefix and suffix
* decimals
* update snapshot
* stackdriver: fix failing tests
* changelog: add notes about closing #13352
* changelog: add notes about closing #13810
* changelog: add notes about closing #13605
* changelog: add notes about closing #13876
* changelog: add notes about closing #13946
* changelog: add notes about closing #13555
* changelog: add notes about closing #13425
* changelog: add notes about closing #13655
* stackdriver: update docs
* stackdriver: add support for template variables
* react-panel: Finish the data source search on query tab
and start moving switch-data-source-logic from angular
* linter.
* fixed issue switching back from mixed data source,
introduced by react panels changes
* build: minor refactor.
* build: fixes a bug where nightly rpm builds would be
handled as stable.
* some touch ups on unit
* go meta lint errors
* update changelog
* builds: introduces enum for relase type.
* fix group sync cta link
* picker and functionaliy
* fixed issue with panel size when going into edit mode
* stackdriver: join resource and metric labels. split them
in values and keys
* changelog: add notes about closing #13924
* build: table-driven tests for publisher.
* fix id returned from google is a string
* changelog: adds note about closing #7886 & #6202
* changelog: adds note about closing #11893
* Fix param
* Add GET /api/users/:id/teams for orgAdmin
* Tooltip should be able to take up space when used on an
absolute positioned element
* minor fixes
* panel-header: Move the corner information in the panel
header to its own component
* changelog: add notes about closing #12550
* fix selected home dashboard should show as selected even
though its not starred
* panel-header: Move the panel description/links/error
container outside of panel header to not interfere with
the react-grid stuff
* reload browser after preferences been updated
* panel-header: Unmount popper when not needed.
* fix snapshot tests
* panel-header: Updated snapshots for popper
* panel-header: Add fade in transition to tooltip
* Trying to reduce the amount of duplication with
preferences
* panel-header: Make it possible to style the reference
element and fix so panel description looks good
* filter out alpha plugins in api call, fixes #14030
* panel-header: Simplify condition
* panel-header: Avoid undefined classNames and use the real
panel description
* panel-header: Updates for the new react-popper api and
make it possible to hover the tooltip popper without it
closing
* panel-header: Bump @types/react, @types/react-dom, react,
react-dom, react-popper to latest versions
* panel-header: Display description in modal
* update changelog
* changelog: add notes about closing #11977
* changelog: add notes about closing #6367
* docs: team http api update
* [elasticsearch] Do not set a placeholder to index name, if
it's already specified.
* changelog: adds note about closing #14043
* fixed issue with save.
* fixed mutability issue in dashboard dropdowns
* Explore: Fix table pagination styles
* team preferences ui
* feat: team preferences
* Explore: Dont set datasource in state if navigated away
* fix switching from es raw document metric breaks query
editor
* alerting: reduce the length of range queries
* Mitigate XSS vulnerabilities in Singlestat panel
* Retain decimal precision when exporting CSV
* Added Id to BasicUserInfo returns
* Added google oauth account id
* switch style tweaks
* Explore: collapsible result panels
* removing test page
* format value
* default value
* created classes for new checkbox and variables
* Prometheus: fix rules expansion
* handle default value
* various fixes to angular loading
* Explore: POC for datasource query importers
* build: enabled darwin build.
* expand groups when searching
* build: darwin compatible build env.
* maxHeight and style overrides
* moved slider into label to make it clickable, styled
slider in dark and light theme, created variables for
slider
* fix: dont setViewMode when nothing has changed
* fix redirect issue, caused by timing of events between
angular location change and redux state changes
* fix datasource testing
* panel options now load even when changing type
* fixed issues when changing type, need to remove event
listeners and cleanup props
* build: refactoring.
* React edit mode for angular panels progress
* minor fixes
* fixed order of time range tab
* Update ReadMe.
* Update google analytics code to submit full URL not just
path
* devenv: elasticsearch datasources and dashboards
* fix pipeline aggregations on doc count
* changelog: add notes about closing #5930
* fixed alert tab order and fixed some console logging
issues
* Add tooltip
* some progress on groups and options
* changed time region color modes
* panel-header: Move the corner information in the panel
header to its own component
* changelog: add notes about closing #12550
* fix pending alert annotation tooltip icon
* alert rule have to be pending before alerting is for is
specified
* fix selected home dashboard should show as selected even
though its not starred
* build: internal metrics for packaging.
* panel-header: Move the panel description/links/error
container outside of panel header to not interfere with
the react-grid stuff
* alerting: improve annotations for pending state
* reload browser after preferences been updated
* panel-header: Unmount popper when not needed.
* fix snapshot tests
* panel-header: Updated snapshots for popper
* panel-header: Add fade in transition to tooltip
* Trying to reduce the amount of duplication with
preferences
* stackdriver: revert project test stuff
* stackdriver: revert test code
* panel-header: Make it possible to style the reference
element and fix so panel description looks good
* adds pending filter for alert list page
* adds pending state to alert list panel
* alertmanager: adds tests for should notify
* Extracted language provider variables for readibility
* devenv: graph time regions test dashboard
* fix time regions mutable bug
* set default color mode
* filter out alpha plugins in api call, fixes #14030
* alerting: support `for` on execution errors and notdata
* poc: handling panel edit mode in react even for angular
panels poc
* panel-header: Simplify condition
* wip: minor update
* minor fix
* css update to switch slider
* tests for supporting for with all alerting scenarios
* should not notify when going from unknown to pending
* Fix formatting and remove enabled toggle
* panel-header: Avoid undefined classNames and use the real
panel description
* wip: switch slider test
* panel-header: Updates for the new react-popper api and
make it possible to hover the tooltip popper without it
closing
* panel-header: Bump @types/react, @types/react-dom, react,
react-dom, react-popper to latest versions
* Add basic authentication support to metrics endpoint
* panel-header: Display description in modal
* minor panel options type fix
* docs: description about graph panel time regions feature
* update changelog
* changelog: add notes about closing #11977
* changelog: add notes about closing #6367
* docs: team http api update
* wip: adding general tab for react panel edit mode
* [elasticsearch] Do not set a placeholder to index name, if
it's already specified.
* devenv: graph time regions test dashboard
* create time regions solely based on utc time
* started on options and groups
* fix: added events to MetricsTabCtrl to closer mimic
MetricsPanelCtrl
* minor css change
* Moved query manipulations from metrics controller to
metrics tab so they are more easily shared between angular
and react panels
* fixed panel focus for react panels
* minor changes to react panels
* changed how size is calcualted and propagated and added
proper interval calc to DataPanel
* changelog: adds note about closing #14043
* first stuff
* pkg/cmd/grafana-server/server.go: Check
sendSystemdNotification return value.
* pkg/cmd/grafana-server/server.go: check
serviceGraph.Provide() errors
* pkg/cmd/grafana-server/main.go: Fix error value not
checked
* wip panel size handling
* fixed issue with save.
* fixed mutability issue in dashboard dropdowns
* adced clickoutside wrapper
* fixed singlestat guage ceneterd dot rendering issue
* refactoring back the interval calculation, needs to be
different for react panels
* fix case where timeshift and time override is used
* wip: refactoring interval and time override handling
* updates latest to 5.3.4
* changelod: add release date for 5.3.3 and 5.3.4
* devenv: graph time regions test dashboard
* graph: Time region support
* Explore: Fix table pagination styles
* devenv: update alerting with testdata dashboard
* stackdriver: use arrow functions
* stackdriver: use new naming convention for query editor
all over
* adds redis devenv block
* restore user profile preferences
* changelog: add notes about closing #13328 #13949
* updates macaron session package
* minor react panels refafactor
* removed console.log
* some cleanup of unused stuff and type fixes
* completed work on panel not found view
* Clarify wording of playlist protip
* team preferences ui
* feat: team preferences
* Explore: Dont set datasource in state if navigated away
* Explore: Don't suggest term items when text follows
* wip: panel plugin not found
* fixed scrollbar autohide prop
* wip: panel-header: On panel refresh, get new timeRange
from timeSrv, not the old one from the state
* wip: panel-header: Avoid null returning to get better code
readability. High five @ peterholmberg
* wip: panel-header: Remove the TimeData type
* wip: panel-header: Add proper typings to maxDataPoints and
interval + remove code in comment
* wip: panel-header: Move getResolution and
calculateInterval into utils-functions and use the same
code from react and angular
* wip: panel-header: Start implementing the
applyPanelTimeOverrides in the react panels by moving it
to a util, make it pure and call it from angular and
react.
* import changes
* updated text styling when switching views
* Add `gofmt -s` to CircleCI
* minor fixes based on code review
* Fix gofmt issues
* Add pic into actionCard message
* minor style fixes & polish
* minor update
* disable custom webkit scrollbar styles
* refactoring & cleaning up css
* Minor progress on edit mode
* improve dropdown pane connetion to tab toolbar
* Add megacheck to gometalinter CircleCI target
* pkg/tsdb/influxdb/influxdb.go: Fix surrounding loop is
unconditionally terminated.
* scripts/build/release_publisher/publisher_test.go: Fix
trivial megacheck warning.
* draw gauge
* data source picker demo state
* stackdriver: remove service query tyhpe
* stackdriver: correct aligner name
* fix in to not render multiple labels
* stackdriver: typescriptifying props
* stackdriver: remove redundant try catch
* Update stackdriver.md
* Adjust UI depth of query statistics
* stackdriver: rename query function
* stackdriver: rename query variable
* stackdriver: remove debug log
* stackdriver: add documentation for the template query
editor
* stackdriver: test saved variable
* stackdriver: fix failing tests
* stackdriver: remove services query type
* stackdriver: update tests
* stackdriver: add tests for render snapshop and default
query type
* stackdriver: remove lodash since object assign will do the
trick
* stackdriver: make sure we don't crash when selected
service doesnt have a value
* stackdriver: add simple render test
* stackdriver: rename params
* stackdriver: remove not used prop
* stackdriver: persist template variable definition
* stackdriver: add default value for query type
* stackdriver: pass query definition from react, making it
possible to use another definition than the query string
only
* stackdriver: make it possible to use alignment period
template variable
* stackdriver: make it possible to use aligner template
variable
* stackdriver: make it possible to use aggregation template
variable
* stackdriver: make it possible to use aggregation template
variable
* stackdriver: make it possible to use metric type template
variable
* stackdriver: set currentdatasource when editview is
enabled
* stackdriver: return correct value
* stackdriver: reset query value on datasource changed
* stackdriver: fix default value bug
* stackdriver: extend label width
* stackdriver: revert refactoring
* stackdriver: extract variables for pickers
* stackdriver: cleanup
* stackriver: rename interface
* stackriver: use type for state
* stackdriver: rename state vars
* stackdriver: extract common function
* stackdriver: streamline the way labels are refreshed when
a new value is picked in the dropdowns above
* stackdriver: handle default state
* stackdriver: refactor dropdown component
* stackdriver: replace components with basic stateless
select
* stackdriver: remove not used func. wrap query in exception
* stackdriver: reload all child dropdown and update selected
accordingly
* stackdriver: improve default state handling
* stackdriver: use standard naming convention for selects
* stackdriver: streamline label change
* stackdriver: refactor TemplateQueryComponent
* stackdriver: use enum for query type
* stackdriver: add aggregation query
* stackdriver: add alignment periods
* stackdriver: add aligner query
* stackdriver: add resource types query
* stackdriver: add support for resource label queries
* stackdriver: return friendly display name
* stackdriver: add metric labels query
* stackdriver: move response parsing to datasource file
* stackdriver: return values for services and metric types
* stackdriver: rename default component
* stackdriver: more renaming
* stackdriver: refactoring - rename react components and
file structure changes
* stackdriver: remove not used code
* stackdriver: add selector components for service and
metric type
* stackdriver: refactor stackdriver query ctrl
* stackdriver: make sure default template query editor state
is propagted to parent angular scope
* stackdriver: conditional template component rendering
* stackdriver: add react component for template query editor
* stackdriver: make it possible to load react plugin
components from template query page
* stackdriver: add basic directive for loading react plugin
components
* Preserve suffix text when applying function suggestion
* wip: progress on edit mode ux with tabs
* can render something
* don't drop the value when it equals to None
* changelog: adds note about closing #13993
* Remove Origin and Referer headers while proxying requests
* Refactored log stream merging, added types, tests,
comments
* docs: improve helper test for `For`
* alerting: adds docs about the for setting
* panel-edit-ux-tabs on top alternative
* Add new option to set where to open the message url
* added loading state
* Fixes #13993 - adds more options for Slack notifications
* fix switching from es raw document metric breaks query
editor
* add auth.proxy headers to sample.ini
* add auth.proxy headers to default.ini
* refactored how testing state was handled, using redux for
this felt way to require way to much code
* adds debounce duration for alert dashboards in ha_test
* fixed issue with reducer sharing url query instance with
angular router
* fixed exporter bug missing adding requires for datasources
only used via data source variable, fixes #13891
* minor text change in export modal
* build: removes unused.
* clear test box if success
* Fixed issues introduced by changing to PureComponent
* Added testing state in reducer
* further refactoring of #13984
* minor fix
* refactorings and some clean-up / removal of things not
used
* Update
docs/sources/permissions/dashboard_folder_permissions.md
* Fix typo in docs/sources/reference/scripting.md
* experimental option boxes
* ux: changed panel selection ux
* move enterprise down in menu
* wip: panel-header: Fix shareModal compatibility with react
and angular
* wip: panel-header: Remove custom menu items from panels
completely
* wip: panel-header: Reverted a lot of code to pause the
'custom menu options' for now
* wip: panel-header: More merge conflicts during cherry pick
* wip: panel-header: More merge conflicts during cherry pick
* Update docs/sources/permissions/datasource_permissions.md
* Update docs/sources/permissions/datasource_permissions.md
* Update
docs/sources/permissions/dashboard_folder_permissions.md
* Update docs/sources/http_api/datasource_permissions.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* Update docs/sources/enterprise/index.md
* minor change
* wip: panel-header: More merge conflicts
* Fix loglevel tests for Explore loggging
* wip: panel-header: Merge conflicts
* wip: panel-header: Fragment not needed anymore
* wip: panel-header: Add possibility to add custom actions
to the menu by passing them in as props
* wip: panel-header: Separate all panel actions to its own
file so we decouple them from react
* wip: panel-header: Start implementing the Toggle legend,
but its not taken all the way
* wip: panel-header: Change DashboardPanel to a
PureComponent to avoid unwanted rerenders
* wip: panel-header: Refactor so 'Share' use the same code
in angular+react
* wip: panel-header: Add 'Edit JSON' functionality + make
sure everyone using the json editor pass in the model
property instead of the scope property when triggering the
json modal
* wip: panel-header: Add 'Copy' functionality
* wip: panel-header: Add 'Duplicate'
* wip: Add 'Share' to the react panels
* wip: panel-header: Move code existing in both
angular+react to utility functions
* wip: panel-header: Remove panel
* Mobx is now Redux
* wip: Initial commit for PanelHeaderMenu
* changelog: add notes about closing #13903
* changelog: add notes about closing #13932
* unify log level colors between rows and graph
* Graph log entries by log level
* fix selecting datasource using enter key
* Adaptive bar widths for log graph
* changelog: add notes about closing #13970
* build: fixes
* build: publisher handles nightly builds.
* rename and mark functions as private
* drag handle css
* moved drag handle
* fixed options
* Time selection via graph
* minor code style change
* basic panel options working
* Adding Cloudwatch AWS/Connect metrics and dimensions
* wip: react panel options architecture
* export: provide more help regarding export format
* build: minor publisher fixes.
* extract store from configurestore
* added actions
* build: publishes grafana enterprise to grafana.com
* changelog: adds note about closing #13322
* build: publisher uses local time.
* build: publisher supports both local and remote.
* build: publisher can find artifacts from local sources.
* build: refactor releaser.
* build: prepares release tool for finding local releases.
* build: improved release publisher dry-run.
* build: use build workflow id instead of build number.
(#13965)
* alerting: delete alerts when parent folder is deleted
* refactor dashboard alert extractor
* for: use 0m as default for existing alerts and 5m for new
* panel options wip
* Exposing digest from angular component
* adds tests for extracting for property
* minor fix
* changelog: add notes about closing #13606
* devenv: table panel links
* renames `debouceduration` to `for`
* introduce state `unknown` for rules that have not been
evaluated yet
* fixes go meta lint issue
* wire up debounce setting in the ui
* adds db migration for debounce_duration
* introduces hard coded deboucing for alerting
* always execute the user teams query
* handle error before populating cache
* build: fixes gcp push path.
* alerting: adds tests for the median reducer
* add minimal permission
* typo fix for 'has'
* Gitlab -> GitLab
* changelog: adds note about closing #13945
* Add tests covering alternate syntax for aggregation
contexts
* Handle suggestions for alternate syntax aggregation
contexts
* fix terms agg order deprecation warning on es 6+
* fix failing tests
* removed file I added accidentally
* fixed to template PR issues, #13938
* alerting: increase default duration for queries
* Explore: Logging graph overview and view options
* Load hash based styles in error.html, too
* Add [hash] to filename of grafana.{light,dark}.css
* minor tweak to back to dashboard buttons
* Fix minor JSON typo in HTTP API docs
* remove replaced components
* reverting babel change
* remove this
* removed these unused components
* reverting script change
* updated snap
* tests
* minor doc tweaks
* updated enterprise page
* Added new backend setting for license file
* updating state and save
* make permission sub items in sidemenu cleaner
* changelog: add notes about closing #13925
* Explore: fix metric selector for additional rows
* fix for responsive rule for footer
* Updated login page logo & wordmark and responsive behavior
* added new workmarks
* fixed react whitespace warning on teams page
* renamed org files to match new naming guide
* moved profile pages to it's own feature folder
* moved new teams page
* reload page after preferences update
* Add delta window function to postgres query builder
* Increase Telegram captions length limit.
* docs: enhanced ldap
* Explore: async starts of language provider
* listen for changes in angular land and propagate that back
to react
* docs: fix datasource permissions keywords
* build: grafana enterprise docker image.
* added caching of signed in user DB calls
* added actions
* IE11 fix for legend tables below graph
* cleaned up render
* renders angular component
* updated api keys snapshot
* restored transition
* removed logging call
* add table column date format
* fixed memory leaks and minor refactoring
* build: gpc credentials added to deploy.
* changelog: add notes about closing #13762
* update changelog
* build: deploys to gcp.
* build: deploys to gcp. (#13911)
* datasource permission http api
* restructure administration/permissions page into a section
with sub pages
* Fix TimePicker test by enforcing UTC on date string
* updated view to use angular loader
* Explore: repair logging after code restructuring
* docs: schema -> database
* build: deployment ci container. (#13902)
* docs: mysql
* minor progress
* Make Explore plugin exports explicit
* add functionality to override service in registry
* moved state
* register datasource cache service with proper name
* revert application lifecycle event support
* changelog: adds note about closing #13876
* Add new build info metrics that contains more info
(#13876)
* JS tooling: run TS grunt tasks only when files changed
* revert file name change
* remove unused code
* log error on datasource access denied
* include teams on signed in user
* application lifecycle event support
* refactor datasource caching
* Fix cell coloring
* Fix bug with background color in table cell with link
* add dashnav responsive rule to hide tv button on smaller
screens
* Implement oauth_auto_login setting
* Explore: fix copy/paste on table cells
* rename type
* using label component
* Pluggable components from datasource plugins
* fixed type
* removed angular code
* test and some refactoring
* build: adds branch info to binary build
* now that css is loaded sync again I can remove some styles
from index html body css
* WIP babel 7
* Revert to sync loading of css, sometimes js loaded before
css which caused issues
* Update grafana_stats.json
* Makefile: dependency-driven target to build node_modules
* removes old invalid release guide
* added missing alpha state prop to graph2 panel
* minor update
* added switch form component
* updated graph tests dashboard
* fixed width of panel edit mode
* Fix query hint tests after refactor
* Fixing issue 13855
* Add tests to cover PlaceholdersBuffer and sum hint
* Add sum aggregation query suggestion
* fixes to angular panel edit mode
* Reduce re-renderings when changing view modes
* updated singlestat logo
* more ux progress
* Add tests to cover aggregation context cases
* Fix label suggestions for multi-line aggregation queries
* panel edit mode changes
* Update snapshots.
* Use jest.fn instead of string.
* Explore: error handling and time fixes
* ux experiments
* build: builds grafana docker for enterprise at release.
* Add code to flot that plots any datapoints which to not
have neighbors as 0.5 radius points - fixes
https://github.com/grafana/grafana/issues/13605
* adding default value and update actions
* build: ge build fix.
* build: grafana enterprise docker. (#13839)
* moved state to redux, renamed entities
* testing panel edit ux idea
* changelog: add notes about closing #13769
* add test
* cache region result
* use default region to call DescribeRegions
* fix: updated backend srv to use appEvents and removed
parts of alertsSrv
* simple select
* build: correctly adds enterprise to the filename. (#13831)
* docs: improve ES provisioning examples
* changelog: adds note about closing #13723
* stackdriver: don't set project name in query response
since default project is now loaded in its own query
* Optimize the Dingding match values format
* Add Dingding message type to support mass text
notification
* graph legend: fix table padding
* Moved prom language features to datasource language
provider
* Split text template into variable
* Add match values into Dingding notification message
* graph legend: fix phantomjs rendering when legend is on
the right
* fix for annotation promise clearing, bug introduced last
week when merging react panels step1
* fix panel solo size
* mysql: fix timeFilter macro should respect local time zone
* load preferences
* support template variable in stat field
* only look in current database in findMetricTable
* graph legend: fix table alignment
* fix dingding doc error
* fixed routes and page
* graph legend: minor refactor
* Added types to query rows
* update latest.json to latest stable version
* changelog: update
* cleaned up the flow
* changelog: add notes about closing #13280
* delete provisioning meta data when deleting folder
* Update the regex-matching in templateSrv to work with the
new variable-syntax and be more flexible to regex-changes
#13804
* changelog: add notes about closing #13600
* changelog: update
* Move the variable regex to constants to make sure we use
the same reg… (#13801)
* docs: fix tutorials index page. Fixes #13799
* graph panel: fix legend alignment
* Explore: fix graph resize on window resize
* changelog: adds note for #13691
* docs: fix tutorials index page. Fixes #13799
* Resource type filter (#13784)
* Fix race condition on add/remove query row
* moving things
* typing changes
* changelog: add notes about closing #13764
* pkg/tsdb/stackdriver/stackdriver.go: Fix regular
expression does not contain any meta characters.
* pkg/tsdb/graphite/graphite.go: Fix regular expression does
not contain any meta characters.
* pkg/login/ldap.go: Fix warning comparison to bscl constant
* Added margin and correct border radius
* Fix rebase, fix empty field still issuing query problem
* Changelog: Adds curl to docker image in 5.3.2
* fix: another fix for #13764 , #13793
* Submit query when enabling result viewer
* Get query hints per query transaction
* docker: adds curl back into the docker image for utility.
(#13794)
* Explore: query transactions
* connected to store, self remove logic
* fix: kiosk url fix, fixes #13764
* changelog: add notes about closing #13633
* changelog: add notes about closing #13666
* fix: Text box variables with empty values should not be
considered fa… (#13791)
* renaming things
* graph legend: review fixes
* add debug logging of folder/dashbord permission checks
* sync mysql query editor template with postgres
* add char as datatype for metric and group columns
* build: indentation mistake.
* build: fixes filename issues.
* fix injecting dependencies to graph legend directive
* changelog: adds note for #13669
* docs: update debian installation instructions
* stackdriver: some tweaks to the text on the config page
and in docs
* stackdriver: refactoring request builder
* stackdriver: remove not used struct
* stackdriver: remove not needed scope
* stackdriver: add provisioning example for gce
authentication
* stackdriver: add documentation for gce default account
authentication
* stackdriver: change name of authentication type
* stackdriver: improve config page info box documentation
* stackdriver: prevent backend query from being made when
there are not yet any defined targets
* stackdriver: fix failing tests
* stackdriver: improve error handling
* graph legend: fix legend when series are having the same
alias
* stackdriver: remove not used query file
* stackdriver: remove test datasource query. use
ensuredefaultproject instead
* stackdriver: remove debug comments
* stackdriver: improve error handling in the datasource
* stackdriver: fix typo
* stackdriver: add debug logging
* stackdriver: fix broken braces
* stackdriver: fix broken condition after rebase
* stackdriver: use constant instead of variable
* stackdriver: remove debug log
* stackdriver: fix failing test
* stackdriver: use gce variable
* stackdriver: add variable for gce authentication type
* stackdriver: get default project from backend. also ensure
default project could be retrieved when authentication
type is gce
* stackdriver: only load default project from backend if
it's not available on the target. this might happen when
using gce authentication and provisioning
* stackdriver: display error message if project name is not
present in jwt file
* stackdriver: only load project name if it's not already
stored in the ds info json
* stackdriver: add default value for authentication type
* stackdriver: wip - remove debug code
* stackdriver: improve ui for toggling authentication type
* stackdriver: only get default token from metadata server
when applying route
* stackdriver: only get default token from metadata server
when applying route
* stackdriver: make backend query a pure test datasource
function
* stackdriver: add status code
* stackdriver: wip - return metric descriptors in the format
of tablew
* stackdriver: wip - get metric descriptors in the backend
* stackdriver: wip - add logic for retrieving token from gce
metadata server in the auth provider
* stackdriver: wip - add very basic checkbox for gce auto
authentication
* stackdriver: break out project name resolving into its own
function in the stackdriver.go file
* stackdriver: wip - temp remove jwt token auth
* stackdriver: wip - always use gce default account for
stackdriver
* stackdriver: wip - add scope and remove debug code
* stackdriver: WIP - test retrieving project id from gce
metadata
* skip jwt token auth if privateKey is empty
* fetch token from GCE metadata server
* Revert 'for development'
* for development
* graph legend: fix quotes displaying
* graph legend: minor refactor
* Enterprise crosscompilation (#13783)
* component working
* graph legend: fix rendering after legend changes
* graph legend: refactor, fix another review issues
* fix: DataPanel isFirstLoad state fix
* Fix click-based selection of typeahead suggestion
* ux: remove duplicate placeholder attribute
* initial work to add shortcut to toggle legend - generic
* scripts/build/publish.go: Fix warning on err variable.
* pkg/services/alerting/reader.go: Fix should use for range
instead of for { select {} }.
* pkg/middleware/middleware.go: Fix empty branch warning.
* pkg/plugins/plugins.go: remove ineffective break
statement.
* fix order for mysql, remove postgres specific code
* using react component
* Explore: reuse table merge from table panel
* graph legend: refactor, move behaviour logic into
component
* stackdriver: add default project to provisioning
documentation
* adjust meta data queries for mysql
* fix references to postgres datatypes
* graph legend: review fixes
* changelog: add notes about closing #13667
* changelog: add notes about closing #13718
* fixed gofmt issue after go update
* fix cannot receive dingding alert bug
* fix: fixed variable srv tests
* stackdriver: only add unit to resonse obj if it has a
value
* make interpolateVariable arrow function
* fix: another set of fixes for refresh
* fixed issue with template refresh
* Fix tslint errors
* stackdriver: fix failing tests
* stackdriver: make sure unit is not returned to the panel
if mapping from stackdriver unit to grafana unit can't be
made
* Fix variable highlighting
* Fixed yarn.lock (previous merge took out integrity)
* changelog: add notes about closing #13710
* wip: enterprise docs
* allow unit override if cloudwatch response unit is none
* Revert 'don't overwrite unit if user set'
* don't overwrite unit if user set
* changelog: add notes about closing #13674
* fix LDAP Grafana admin logic
* graph legend: remove unused code
* graph legend: refactor
* docs: cleanup of how to build for docker.
* Review feedback, increased height
* changelog: add notes about closing #12342
* update changelog
* remove not used file
* simplify code
* Explore: fix render issues in split view
* A list of where to make changes when upgrading Go and
Node.js (#13693)
* tests
* Update PromQueryField tests to address fixed bug
* Fix typeahead behaviour for QueryField
* permissions: cleanup.
* hooked up actions
* Explore: Use react-table as table component
* created view
* docs: installing custom plugins in docker.
* Document oauth_auto_login setting
* changelog: add notes about closing #13692
* postgres: use arrow function declaration of
interpolateVariable
* Use closure for calling interpolateVariable
* changelog: add notes about closing #12308
* Add socket support for mysql data source
* changelog: adds note about closing #12330 and #6696
* remove addpermissions component
* cloudwatch: return a distinct list of regions
* docs: update cloudwatch iam policy description
* removes d in disableResolvedMessage
* removed snaps
* alerting: tests default value for disable resolve message
* re-add hard coded region list
* update doc due to client layout change
* clean up tests
* fix gofmt, add test, correct noted concerns with default
value
* fix gofmt, add test, correct noted concerns with default
value
* changelog: add notes about closing #13629
* add encrypt connstr param conditionally on the value
chosen via GUI.
* graph legend: add color picker (react)
* removing datasource permissions states from grafana
* update latest.json to latest stable version
* update changelog
* build: Upgraded nodejs to 8 on appveyor
* codestyle
* rename UI Option, align with control, update tests
* pausing for now
* Remove unwanted char
* Fix incorrect alt text on logo
* return default region list from backend
* don't merge hard coded region list
* add error message
* get regions from after datasource save
* show all CloudWatch regions
* get region list from ec2:DescribeRegions
* fix concurrent map writes
* update, don't remove 'Known Issues' docs section.
* update provisioning docs.
* fix new setting default value handling.
* rename new JSON data attrbute.
* changelog: add notes about closing #13464
* changelog: add notes about closing #13553
* update changelog
* doc(documentation) license
* doc(documenation)
* add channel option to disable the resolved alert (OK
Message) that is sent when condition returns to normal.
* Can render graph
* Add 'encrypt' setting to MSSQL data source.
* rendering settings
* build: makes sure publisher.sh is available when
deploying.
* Fix grammar in log message
* changelog: add notes about closing #13641 #13650
* Escape typeahead values in query_part
* Escape values in metric segment and sql part
* changelog: add notes about closing #13628
* update .bra.toml for using latest bra version
* progress on react time series infra
* wip: began first steps for a react graph component
* various fixes to to queries tab (in react mode)
* react panels query processing
* react panels: got data
* working on react data / query exectution
* changed DataPanel from HOC to use render props
* fixing unit tests
* Removed reference to plugin_api.md (SDK Readme) on the
development page as the file that it points to no longer
exists. This addresses an open issue on the grafana.org
repo
* Adding tests
* Adding time clockms and clocks
* pkg/cmd/grafana-server/main.go: remove os.Kill as it
cannot be trapped
* changed to plain errors further down the alerting
validation model so error did not get double wrapping in
ValidationError
* alerting: propagate alert validation issues to the user
instead of just 'invalid alert data' message
* updated gitignore
* fix for graph time formating for Last 24h ranges, fixes
#13650
* pkg/services/sqlstore/user_auth_test.go: comment unused
users slice
* fixed a typo
* fixed a typo
* fix: label values regex for single letter labels
* created component for http settings
* removes debug log.
* make sure to add all variable nodes to dag before linking
variables
* changelog: adds note for #13607
* updated jest to 23.10
* Adds backend hooks service so extensions can modify index
data
* fix route issue
* removed unused setting variable
* minor setting refactorings
* renamed extension point in the frontend
* updated circleci build-container version
* minor change to cloudwatch code formatting
* minor ux fix for new select
* fmt
* grafana/grafana#13340 complete oauth doc
* changed property name to UserWasDeleted and added an
assert for it
* Update check for invalid percentile statistics
* pkg/services/alerting/notifiers/telegram.go: check error
before close.
* pkg/tsdb/*: Fix do not pass a nil Context
* devenv: fix influxdb block
* docs: refer to v5.3 instead of v5.2
* removed unsused function
* docs: stackdriver fixes after review
* fix mutability bug, removed unused constructor
* stackdriver: check if array is empty to prevent filter
from crashing. This closes #13607
* Handle DescriptionPicker's initial state #13425
* stackdriver docs: metric query editor and annotations
* Update snapshots after merge
* Requests for ds via backend blocked for users without
permissions.
* Removes unused code.
* Remove CTA when CTA-action is clicked instead of a /new
route #13471
* Add fancy delete button for ApiKeys.
* Add form to both the CTA page and the regular list.
* Add onClick handler to CTA.
* Updated tests for new protip.
* Updated protip, not sure what to write there.
* Update tests for ApiKeys CTA screen.
* changelog: add notes about closing #13616
* Show CTA if there are no ApiKeys, otherwise show table.
* Extract ApiKeyCount from state.
* made it possible to have frontend code in symlinked
folders that can add routes
* Added Loading state on org pages
* fix phantomjs render of graph panel when legend as table
to the right
* changelog: add notes about closing #13172
* add test for es alert when group by has no limit
* poc: frontend extensions
* added the UserWasRemoved flag to make api aware of what
happened to return correct message to UI
* Remove user form org now completely removes the user from
the system if the user is orphaned
* remove tab
* bug fix
* Update time_series_query.go
* changelog: add notes about closing #11711
* add admin page to show enterprise license status
* docs: add version notes
* tests
* Css fix for selected option
* User without permission to a datasource won't see it.
* Updated test snapshot #13425
* Initialize Explore datasource correctly
* Refactors ds permissions to a filter.
* Remove the fixed widths and make it possible to pass it in
as a prop instead #13425
* User filtering now works properly at the backend #13425
* Removed old code #13425
* Rename css class 'gf-form-select2' to 'gf-form-select-box'
#13425
* Use new class names #13425
* Fixes for the tag filtering in the search #13425
* Start implementing the upgraded react-select in the tag
filter box #13425
* fix /api/org/users so that query and limit querystrings
works
* Bump grafana/build-container to 1.2.0
* Revert 'Lock down node version to see if we get rid of the
circleci build issue'
* Revert 'Try to remove circleci cache to see if that solves
the build issue'
* Try to remove circleci cache to see if that solves the
build issue
* Generate yarn.lock from older yarn
* Revert 'Add node version output for debugging'
* Add node version output for debugging
* Lock down node version to see if we get rid of the
circleci build issue
* Lock down webpack to 4.19.1 to avoid issue with
webpack-cli
(https://github.com/webpack/webpack/issues/8082)
* Bump react-select to 2.1.0 #13425
* Updated lockfile to get rid of build error #13425
* Add frontend filtering of users in user picker #13425
* Replace $white with a color working in both themes #13425
* Replace System.import() with import() to get rid of
warning
* Clean up css for react-select v2 #13425
* Upgrade Datasources-picker on Explore page #13425
* Enable trailing on the debounce in the TeamPicker (same as
in UserPicker) #13425
* Update typescript notifications #13425
* Update (js-) tests and snapshots for react-select 2 #13425
* Remove variables not used #13425
* wip: Remove code for old react-select component #13425
* wip: The pickers are stateful nowadays, no need to pass in
the current value #13425
* wip: Upgrade react-select #13425
* set v5.3 as root docs
* disable permissions
* whatsnew: adds image for Stackdriver
* fixing weird arrow in select
* update latest.json to 5.3.0
* changelog: set date for 5.3.0 release
* fixing permission rows
* changelog: add notes about closing #13575
* enable permissions for data source
* Use correct naming convention
* Fix typo
* Provide more information about what's included in the
Stackdriver plugin
* changelog: add notes about closing #13575
* cloudwatch: return early if execute query returns error
* fix tab switching
* add test for automatically unit set
* fix crach bug
* fix id validation
* refactoring after review comments
* changelog: adds note for #13559
* added setting top hide plugins in alpha state
* wip: fixed issues now things are starting to work as
before for angular panels
* pausing permissions list
* Block graph queries from being queued until annotation
datasource promises resolve
* Redone with DataSourcePermissions
* remove datasource permission admin for now
* reverted AddPermissions
* Explore: highlight typed text in suggestions
* Update provisioning.md (#13572)
* stackdriver: update docs, showing how to escape private
key and use yaml multiline strings
* modified AddPermissions component
* set unit for CloudWatch GetMetricStatistics result
* Remove duplicate labels in the datasource query
* render drag handle only in edit mode
* ux: minor update to look of stackdriver query help
* changelog: adds note for #13495
* add gopkg.in/square/go-jose.v2 to dependencies, update
github.com/hashicorp/yamux
* adding permissions component
* reverted back and using angular for settings and
dashboards
* stackdriver: improve filter docs for wildcards and regular
expressions
* stackdriver: always use regex full match for =~ and
!=~operator
* stackdriver: add tests from regex matching
* stackdriver: always use regex full match for =~ and
!=~operator
* stackdriver: test build filter string
* stackdriver: test that no interpolation is done when there
are no wildcards
* stackdriver: remove debug logging
* stackdriver: add more tests
* stackdriver: fix broken substring. also adds tests
* stackdriver: remove not necessary helper functions
* stackdriver: interpolate stackdriver filter wildcards when
asterix is used in filter
* stackdriver metric name fix. Fixes #13562
* Fixed nav model
* fix for influxdb annotation issue that caused text to be
shown twice, fixes #13553
* wip: restoring old angular panel tabs / edit mode
* ux: final fixes to new datasource page
* Fix text overflow on playlist search #13464
* docs: fix minor typos
* ux: more minor ds setting tweaks
* ux: more minor ds setting tweaks
* ux: tweaks to add datasource page and datasource settings
page
* Fixed typo in query editor placeholder text.
* Explore: do not show default suggestions after expressions
* Explore: trigger a query field render to fix highlighting
* Explore: compact state URLs
* fix gofmt tests output
* removed duplicate route
* Use size-me to resize explore Graph, added types
* algorithm to find new name if it exists
* ux: misc react migration fixes and info box style
improvement
* docs: new variable type text box that allows free text
input
* docs: annotations tag filter with template variable
support
* docs: whats new in 5.3 - a few tweaks
* mysql: note about connection max lifetime and wait_timeout
* Explore: reset typeahead on cursor move
* Explore: resize graph on window resize
* Fix rate function hint for series with nulls
* Extract query hints
* Prevent Explore from updating when typing query
* Avoid new metrics options being passed selector, made
PromField pure
* Perf on query field and typeahead
* Dont rebuild datasource options on each render
* contributing.md
* changelog: add notes about closing #13326
* react-2-angular: added generic angular directive loader
util that can be used from react
* search data source types
* mini fix
* css: minor fix to search
* bump master version to 5.4.0-pre1
* provisioning: adds more logging about failed to deletion
of provisioned dashboards
* various fixes and improvements
* changelog: set date for 5.3.0-beta3 release
* build: fix for invalid pathing for release publisher
* changlog: adds note about closing #13551 and #13507
* new grid layout add data source
* test: updated react snapshot
* ux: minor tweak to link
* stackdriver: adds missing nginject attribute
* docs: better wording and docs links.
* Fix issue with updating role permissions #13507
* fixed toggle buttons
* dataproxy should forward a trailing slash to proxy
* add datasource proxy test to verify trailing slashes are
forwarded
* centered dashboard icon in search with flexbox
* mssql: fix tests
* build: automatically publish releases to grafana.com.
* updated after pr feedback
* pkg/tsdb/postgres/postgres_test.go: pass
context.Background() instead of nil
* pkg/tsdb/mysql/mysql_test.go: pass context.Background()
instead of nil
* pkg/tsdb/mssql/mssql_test.go: pass context.Background()
instead of nil
* adjust mssql tests
* pkg/tsdb/elasticsearch/client/client_test.go: pass
context.Background() instead of nil
* added data source type type
* pkg/services/alerting/notifiers/telegram_test.go: pass
context.Background() instead of nil
* remove generic macros from macros_test and add integration
test for generic macros
* Revert 'Revert 'Org users to react''
* Revert 'Org users to react'
* add postgres test for global macros
* add test
* stackdriver heatmap support
* added slow queries scenario to test data source, added new
panel test dashboard with slow queries
* Fix 'appropriate'-typo
* Update configuration doc to include socket@server
* move timeFrom, timeTo, unixEpochFrom and unixEpochTo
macros to sql_engine
* wip: began work on support for testdata tables &
annotations support
* docs: connection limits for sql datasources
* ux: put connection limits under own section
* fiddling with validation
* changelog: adds note about closing #13492
* view and route
* wip: made sqlstore dialect accessable from outside
* better comment about state changes
* get or create alert notification should use transaction
* use notification state id instead of notifier id
* merges defaultShouldNotify and ShouldNotify
* move version conflict logging for mark as complete to
sqlstore package
* removed duplicate route
* improve local variable name
* avoid exporting notificationState and
notificationStateSlice
* avoid sending full notification state to pending/complete
* deleting obsolete things
* Make max open, max idle connections and connection max
life time configurable
* snap
* fix after merge from master
* rename GetNotificationStateQuery to
GetOrCreateNotificationStateQuery
* reminder: uses UpdatedAt to track state changes.
* snaps
* invitees
* changed from RFC to PureComponent
* devenv: add postgres ha test config example
* wip: going in circles
* typo in sample.ini
* pkg/tsdb/cloudwatch/credentials.go: Remove unnecessary
variable assignment
* pkg/cmd/grafana-server/main.go: '_ = <-ch' simplified to
'<-ch'
* pkg/tsdb/stackdriver/stackdriver_test.go: return
simplified
* Fix megacheck issue unused code.
* invites table
* Update ldap.md
* use alert state changes counter as secondary version
* wip: data source permissions hooks
* docs: stackdriver version notice.
* tests
* added default prop instead of specifying prop
* filter users in selector based on search
* Moved explore helpers to utils/explore
* Explore: jump to explore from panels with mixed
datasources
* functions and tests
* cleanup alert_notification_state when deleting alert rules
and channels
* don't notify if notification state pending
* remove unused code
* stackdriver: set default view parameter to FULL
* stackdriver: no tags for annotations (yet)
* stackdriver: add help section for annotations
* devenv: enable some debug logging for ha test setup
* alert -> ok with reminders enabled should send
* stackdriver: revert an accidental commit for text template
variable
* Added test for url state in Explore
* Make Explore a pure component
* first crude display
* stackdriver: remove metric.category alias pattern
* stackdriver: remove commented code
* stackdriver: unit test group by and aggregation dropdown
changes
* stackdriver: make it impossible to select no aggregation
when a group by is selected
* Explore: Store UI state in URL
* stackdriver: add relevant error message for when a user
tries to create a template variable
* stackdriver: make sure labels are loaded when service is
changed in dropdown
* stackdriver: change info logging to debug logging
* stackdriver: change pattern for annotation to metric.value
* stackdriver: add support for bscl values
* stackdriver: add support for int64 values
* stackdriver: use correct default value for alignment
period
* stackdriver: fix reducer names
* fix set sent_at on complete
* snaps
* noop services poc
* implemented general actionbar
* handle pending and completed state for alert notifications
* stackdriver: fix froamt annotation text for value
* stackdriver: make it possible to use point values of type
string
* No need to get alert notification state in ShouldNotify
* using constant
* added no datasources added
* stackdriver: broadcasting through $scope doesnt work
anymore since query_filter_ctrl is now a sibling directive
to query_aggregation_ctrl, so broadcasting is now done
using $rootScope
* wip: test get alert notification state
* wip: send and mark as complete
* components, test, removed old not used files
* wip: impl so that get alertstate also creates it if it
does not exist
* fix: preloader element issue
* Adding AWS Isolated Regions
* wip
* stackdriver: pattern formatting for annotations
* stackdriver: fix alignment period bug
* stackdriver: set first metric as selected if no metric
could be retrieved from the target
* stackdriver: wip annotation support
* Compile TS of the whole project to detect type errors
* stackdriver: update tests
* stackdriver: es6 style directive, avoid using scope
* deletez
* refactoring: slight changes to PR #13247
* revert rename
* stackdriver: fix typescript error
* stackdriver: remove not needed alignment option
* using constant
* stackdriver: extract out filter, metric type directive
* stackdriver: add unit tests to resolve unit function
* rename to pluginlistitem
* fixing types
* stackdriver: convert most common stackdriver units to
grafana units if possible
* sqlstore: add support for checking if error is constraint
validation error
* rewrote to use react.sfc
* explore: fixes to dark theme, fixes #13349
* Remove angular code related to API Keys and point the
route to the React component #13411
* Open modal with API key information after key is added
#13411
* Add tests for the reducers & selectors for API keys #13411
* Update test-snapshot, remove dead code #13411
* Add tests for ApiKeysPage #13411
* Add 'search box' and a 'add new' box to the new API Keys
page #13411
* Pick up the type from app/types
* Pick up the type from app/types
* Move User type out of UserPicker and into app/types
* wip: Reactify the api keys page #13411
* add support for mysql and postgres unique index error
codes
* implement sql queries for transactional alert reminders
* stackdriver: fix typescript errors
* stackdriver: pass interval from panel to backend
* stackdriver: remove debug logging
* stackdriver: update docs so that they align with alignment
period rules in stackdriver gui
* stackdriver: update alignment period rules according to
stackdriver
* stackdriver: set target to be raw query
* stackdriver: publish docs to v5.3 (not root)
* initial rename refactoring
* changelog: adds note about closing #12534
* devenv: grafana high availability (ha) test setup
* stackdriver: use more appropriate test data
* Add goconst to CircleCI
* fix: also set dashboard refresh to false
* simplified fix for 12030
* prevent refresh on fixed time window
* using more variables
* stackdriver: fix broken test
* stackdriver: workaround for the fact the jest definitions
does not include not
* stackdriver: docs update
* stackdriver: WIP - implement stackdriver style auto
alignment period. also return the used alignment period
and display it in the query editor
* stackdriver: distinct grafana auto from stackdriver auto
in alignment period
* stackdriver: use correct name for variable
* stackdriver: remove montly from alignment periods
* Added constant
* tests
* stackdriver: add alignemnt period
* stackdriver: make sure service and metric display name is
used instead of value when loading a saved query editor
* alerting: move all notification conditions to
defaultShouldNotify
* stackdriver: use correct event name
* stackdriver: fix broken tests
* stackdriver: update aggregation and alignment before
refreshing when changing metric
* stackdriver: use correct naming convention
* stackdriver: get value type and metric kind from metric
descriptor instead of from latest metric result
* filter NULL values for column value suggestions
* changed to first and last child
* imguploader: Add support for ECS credential provider for
S3
* stackdriver: adds on-change with debounce for alias by
field
* cli: fix init of bus
* Remove .dropdown-menu-open on body click fixes #13409
* stackdriver: improve aggregation logic
* stackdriver: fix failing test
* stackdriver: wip: split metric dropdown into two parts -
resource and metric
* first test
* stackdriver: remove console.log
* filter plugins and layout mode
* stackdriver: typescriptifying controller
* render list
* stackdriver: break out aggretation logic into its own
directive and controller. also adds tests for new dropdown
population logic
* Remove option r from ln command since its not working
everywhere
* fix: updated tests
* using variable
* Fix spelling of your and you're
* Changed setting to be an alerting setting
* created test for graph disclaimer
* Remove non-existing css prop
* fix: Legend to the right, as table, should follow the
width prop. Removing css conflicting with baron's width
calculation. #13312
* stackdriver: populate alignment and aggregation dropdowns
based on metric type and value type
* docs: postgres gif.
* limit number of time series show in explore graph
* docs: whats new for 5.3
* rendering: Added concurrent rendering limits
* stackdriver: fix test after parameter added to constructor
* stackdriver: skeleton for more query types on the backend
* stackdriver: better error handling for getLabels
* stackdriver: move getLabels from query_ctrl to datasource
* Run all sql data source queries for one panel concurrently
* removed border, cleaned up css and fixed class naming
* devenv: fix uid for bulk alert dashboards
* Explore: moved code to app/features/explore
* target gfdev-prometheus datasource
* stackdriver: fix bug when multiple projects connected to
service account
* devenv: adds script for creating many dashboards with
alerts
* stackdriver: refactoring - extract out filtersegments
component
* stackdriver: alias patterns WIP
* Fix goconst issues
* When stacking graphs, always include the y-offset so that
tooltips can render proper values for individual points
* provisioning: changed provisioning default update interval
from 3 to 10 seconds
* Update render.js
* Update render.js
* Fix https://github.com/grafana/grafana/issues/13387 metric
segment options displays after blur
* docs: improve oauth generic azure ad instructions
* invalidate access token cache after datasource is updated
* Fix datbase > database
* Fix changed want md5 hash
* Revert Fahrenheit to Farenheit
* Fix some typos found by codespell
* Fix misspell issues
* fix: use same User-Agent header as in other places in
grafana when making external requests
* docs: changed Json Web Token wording to be just JSON key
file
* added beta notice
* created switch button for org users that can toggle
between users and invites
* pkg/tracing/tracing.go: replace deprecated cfg.New
function
* stackdriver: remove WIP tests
* pkg/services/sqlstore/user.go: empty branch
* pkg/tsdb/elasticsearch/response_parser.go: simplify
redundant code
* pkg/tsdb/elasticsearch/client/search_request.go: simplify
loop with append.
* Explore: remove closing brace with opening brace
* Explore: show series title in tooltip of legend item
* Explore: dont rate-hint on rate queries
* Explore: Fix metric suggestions when first letters have
been typed
* Fix misspelled authentication in Auth overview doc
* fix reader linux test
* resolve symlink on each run
* stackdriver: add templating support for metric, filter and
group by
* wip: panel options idea2
* stackdriver: use group by fields to create default alias
* make sure we don't add the slash twice
* Update render.js
* devenv: fix docker blocks paths
* Updated phantomjs render script to take full height
screenshots
* devenv: re-add missing docker-compose files
* Explore: Fix label suggestions for recording rules
* Explore: Fix click to filter for recording rule
expressions
* Don't use unnest in queries for redshift compatibility
* pkg/tsdb/elasticsearch/client/client.go: use time.Since
instead of time.Now().Sub
* pkg/plugins/dashboards_updater.go: Simplify err check
* pkg/services/sqlstore/alert_notification.go: Simplify err
check
* remove the test that does not do anything
* add the trailing slash
* stackdriver: add custom User-Agent header
* stackdriver: remove hardcoding of test project name
* updated
* set maxworkers 2 for frontend tests
* removes codedov refs
* disable codecov
* add a test
* Fix setting test
* stackdriver: improve query look
* moves /tests to /pkg/plugins
* stackdriver: add alignment period to query controller
* stackdriver: making sure we dont pass too big
alignmentPeriods to the stackdriver api
* stackdriver: fix broken tests
* stackdriver: adds default value for alignment period
* stackdriver: use alignment period that is passed from
frontend. if set to auto, use value provided from the
panel. also added tests for alignment period
* stackdriver: use alignment that is passed from frontend in
the query
* stackdriver: adds advanced options collapse to query
editor with the possibility to select secondary
aggregation and alignment
* removes testdata from getting started
* stackdriver: fix init labels bug
* moves benchmark script to devenv
* moves docker/ to devenv/docker
* changelog: adds note about closing #9735
* docs: add version disclaimer for postgres query editor
* moves files from /tests to more appropriate folders
* docs: template variable support for annotations
* Update getting_started.md
* pkg/services/sqlstore: Fix sess.Id is deprecated: use ID
instead. (megacheck)
* pkg/services/sqlstore: Fix x.Sql is deprecated: use SQL
instead. (megacheck)
* fix: increased team picker limit to 50, closes #13294
* rename folder
* Add documentation for PostgreSQL query builder
* stackdriver: improve query editor to handle no data better
* stackdriver: fixes in query editor
* stackdriver: type rename
* display team member labels
* new column for team_member table
* fix hipchat color code used 'no data' notifications
* stackdriver: makes sure filter dropdown doesnt crash if
clicked before values are loaded
* fixes strange gofmt formatting
* stackdriver: adds null check to query
* gdev: added test dashboard for polystat panel
* Explore: Add multiline syntax highlighting to query field
* stackdriver: add support for filtering to backend
* Hotfix for Explore (empty page after running query)
* stackdriver: add filters to query editor
* ldap: made minor change to group search, and to docs
* stackdriver: fixes remove option in filter
* dsproxy: add mutex protection to the token caches
* metrics: starts some counters at zero
* tech: remove all mobx stuff
* stackdriver: wip - filters for query editor
* stackdriver: adds remove group by option
* stackdriver: improve segments for group bys in query
editor
* stackdriver: load time series meta data for group by
dropdown
* stackdriver: make sure distinct labels are returned. also
added test
* stackdriver: fix failing test
* stackdriver: test get metric types
* stackdriver: wip - group bys
* stackdriver: update logo
* stackdriver: ux for config page, docs updated
* upload: make the button text configurable
* stackdriver: add simple readme
* stackdriver: reverse points array to be in ascending order
* stackdriver: adds support for primary aggregations
* stackdriver: better error handling and show query metadata
* stackdriver: tests for parsing api response
* stackdriver: add first test for parsing frontend queries
* Stackdriver: Fix weird assignment
* Stackdriver: Use metric type from query controller state
* Stackdriver: Set target correctly
* Stackdriver: Break out parse response to its own func
* Stackdriver: Use ds_auth_provider in stackdriver. This
will make sure the token is renewed when it has exporired
* Stackdriver: Restructured ds proxy tests
* stackdriver: fix test
* Stackdriver: Add new file
* Stackdriver: Start breaking out apply route to its own
file
* Stackdriver: Parsed url params
* Stackdriver: Parse datapoints correctly
* Stackdriver: Add backed query using
* Stackdriver: Prettify json
* Stackdriver: Move data to target
* Stackdriver: Load example metric and start parsing
response
* Stackdriver: Exposing stackdriver backend api
* Stackdriver: Use new access token API
* Stackdriver: Temporary exporting token lookup
* Stackdriver: Loads project name and metrics descriptions
into the query controller
* Stackdriver: Corrected field title and removed debug
logging
* Stackdriver: Removed debug logging
* Stackdriver: Improved feedback for when a JWT is already
uploaded in the ds config page
* docs: first draft for stackdriver datasource
* dsproxy: implements support for plugin routes with jwt
file
* Stackdriver: Added test for getProjects
* Stackdriver: Refactored api call to google resource
manager
* Stackdriver: Add scope for google resource manager
* Stackdriver: Fixed error message from google resource
manager
* Removes comment
* Adds skeleton for loading projects from google resource
manager
* Adds unit tests to test datasource
* Implemented datasource test
* Fixed broken if statement
* Adds jwt token signing google auth
* Improved user experience
* Upload: Fixing link function in directive
* Adds poc code for retrieving google auth accesstoken
* Build new stackdriver frontend script
* Add stackdriver backend skeleton
* Adds stackdriver frontend skeleton
* Use datasource cache for backend tsdb/query endpoint
(#13266)
* added underline to links in table
* fix: add permission fixes
* test: added simple dashboard reducer test
* feat: dashboard permissions are working
* Fix gauge display accuracy for 'percent (0.0-1.0)'
* use pluginName consistently when upgrading plugins
* removes old unused examples (#13260)
* fix: added loading screen error scenario (#13256)
* changelog: add notes about closing #11555
* Interpolate $__interval in backend for alerting with sql
datasources (#13156)
* anonymous usage stats for authentication types
* disabling internal metrics disables /metric endpoint
* wip: dashboard permissions to redux
* renames PartialMatch to MatchAny
* fix: add folder permission fix
* fix: fixed tslint issue introduced in recent prometheus PR
merge
* Folder pages to redux (#13235)
* folder permissions in redux
* minor fix
* fix test
* add annotation option to treat series value as timestamp
* wip: first couple of things starting to work
* fix: added reducer test
* Adhoc-filtering for prometheus dashboards (#13212)
* docs: include active directory ldap example and
restructure
* First pass at a text based template var, getting feedback
from devs
* fix: url update loop fix (#13243)
* wip: working on reducer test
* fix: gofmt issues
* fix: added loading nav states
* redux: moved folders to it's own features folder
* fix theme parameter not working problem while prefer theme
set to light (#13232)
* fix: added type export to fix failing test
* fix: fixed typescript test error
* mobx -> redux: major progress on folder migration
* another circleci fix
* Another circleci fix
* changed gometalinter to use github master
* commented out metalinter as gopkg is having issues
* wip: folder settings page to redux progress
* Fix prometheus label filtering for comparison queries
(#13213)
* Upgrade react and enzyme (#13224)
* enable partial tag matches for annotations
* put folder name under dashboard name, tweaked aliginments
in search results
* support template variables with multiple values
* Teams page replace mobx (#13219)
* renames jest files to match new convention
* upgrade of typescript and tslint and jest (#13223)
* fix nil pointer dereference (#13221)
* removes protoc from makefile
* wip: folder to redux
* changelog: note about closing #11681
* Adding Centrify configuration for Oauth
* wip: progress on redux folder store
* wip: moving option tabs into viz tab
* fix: changing edit / view fullscreen modes now work
* actions for group sync
* initial render/refresh timing issues
* team settings
* wip: began folder to redux migration
* test for team member selector
* flattened team state, tests for TeamMembers
* refactor: moved stuff into new features dir
manage-dashboards
* move: moved styleguide to admin
* fix: fixed singlestat test broken due to file move
* moved folders from features into the main feature folder
they belong to
* Add jsonnet with grafonnet-lib to provisioning docs
* fix: Dashboard permissions now shows correctly, fixes
#13201
* redux: do not use redux logger middleware in production
builds
* Allow oauth email attribute name to be configurable
(#13006)
* Document required order for time series queries (#13204)
* refactor: changed AlertRuleItem pause action to callback
* Fix query builder queries for interval start
* team members, bug in fetching team
* renaming things in admin
* graph legend: use refactored version of scrollbar, #13175
* Teampages page
* refactoring: custom scrollbars PR updated, #13175
* scrollbar: use enzyme for tests instead of
react-test-renderer
* changelog: add notes about closing #13121
* fix code formatting
* Fix quoting to handle non-string values
* scrollbar refactor: replace HOC by component with children
* graph legend: scroll component refactor
* scrollbar refactor: replace HOC by component with children
* adds usage stats for alert notifiers (#13173)
* changelog: typo
* docs: what's new in v5.3 placeholder
* tests for withScrollBar() wrapper
* tests for withScrollBar() wrapper
* changelog: restructure and add 5.3.0-beta1 header
* changelog: add notes about closing #13157
* wrapper for react-custom-scrollbars component
* graph legend: use 'react-custom-scrollbars' for legend
scroll
* wrapper for react-custom-scrollbars component
* docs: sql datasources min time interval
* changelog: note about closing #10424
* docs: minor fixes
* docs: Updated auth docs
* docs: updated
* spelling errors
* make default values for alerting configurable
* Adding Action to view the graph by its public URL.
* changelog: order changes by group (ocd)
* changelog: add notes about closing #13030
* added radix rule and changed files to follow rule (#13153)
* set search query action and tests
* docs: default paths in the docker container.
* delete team
* added only-arrow-functions rule and changed files to
follow new rule (#13154)
* load teams and store in redux
* build: uses 1.1.0 of the build container.
* creating types, actions, reducer
* Only authenticate logins when password is set (#13147)
* refatoring: minor changes to PR #13149
* Add min time interval to mysql and mssql
* build: updated build-container with go1.11.
* added no-conditional-assignment rule and changed files to
follow new rule
* fix test failures for timeInterval
* document postgres min time interval
* Add min time interval to postgres datasource
* Changed functions to arrow functions for
only-arrow-functions rule. (#13131)
* mobx: removed unused SearchStore
* fix: Updated test
* redux: minor changes to redux thunk actions and use of
typings
* Reactify sidebar (#13091)
* Changed functions to arrow functions for
only-arrow-functions rule.
* removed unused mobx state
* changed functions to arrowfunctions for
only-arrow-functions rule (#13127)
* fix: fixed home dashboard redirect issue when behind
reverse proxy, fixes #12429 (#13135)
* tests
* Changed functions to arrow functions for
only-arrow-functions rule.
* improve remote image rendering (#13102)
* handle new variables created not yet added
* changelog: add notes about closing #10095
* graph legend: implement series toggling and sorting
* docs: postgres provisioning
* changelog: adds note about closing #13125
* fixed title prefix, fixes #13123 (#13128)
* Reopen log files after receiving a SIGHUP signal (#13112)
* Fixed a bug in the test and added test for filter alert
rules
* graph legend: react component refactor
* added Bitcoin as a currency option
* added new-parens rule (#13119)
* cli: avoid rely on response.ContentLength (#13120)
* some basic selector tests
* fixed testcase
* pausing alert
* docs: v5.2 upgrade notice, ref #13084
* changelog: add notes about closing #7330
* extend from purecomponent
* remove log
* actions and reducers for search filter
* added rule use-isnan and and updated file to follow new
rule (#13117)
* added no-namespace and no-reference rules (#13116)
* added no-angle-bracket-type-assertion rule and updatet
files to follow rule (#13115)
* Updated rules for variable name (#13106)
* update wording and punctuation (#13113)
* redux: improved state handling
* redux: progress
* wip: load alert rules via redux
* refactor: changed nav store to use nav index and selector
instead of initNav action
* moving things around
* Fix array display from url
* wip: solid progress on redux -> angular location bridge
update
* wip: moving things around
* wip: moveing things around
* wip: redux refactor
* pass timerange in meta data queries
* ignore information_schema tables
* added jsdoc-format rule and fixed files that didn't follow
new rule (#13107)
* set member-access and no-var-keyword to true, removed
public in two files (#13104)
* fix: for text flickering in animation on chrome on windows
* graph legend: minor refactor
* use quoting functions from MysqlQuery in datasource
* render query from query builder
* graph: make table markup corresponding to standards
* graph: legend as React component
* wip: redux
* redux: wip progress for using redux
* fixed so preloader is removed when app is loaded
* removed console.log
* separated fade-ins for logo and text, tweaked delays and
timing for fade-in animations
* docs: minor updates, more work to do
* ux: minor fixes to loading screen
* start implementing mysql query editor as a copy of
postgres query editor
* reset metric column when changing table
* fix timeFilter resetting when changing table
* when changing table, refresh panel once after columns have
been changed
* added pro-tip text, removed pro-tip link
* fixed styling for background and text, added intro
animation, added fade in to text
* fix timecolumn handling when table changes
* set default for timeGroup in query builder to $__interval
* when changing table reset columns
* fix metric column suggestions
* fix suggestions for metric column
* Return correct path for OpenBSD in cli's returnOsDefault
(#13089)
* updated changelog
* New TV Mode, dashboard toolbar update (layout change & new
cycle view mode button) (#13025)
* added this:any to functions and changed functions to
arrowfunctions
* feat: loading css async & inline svg
* Explore: keep query when changing datasources (#13042)
* changed var to let in 50 files (#13075)
* changed var to let in last files (#13087)
* tsconfig: started on setting noImplicitThis to true
* tsconfig: format file
* document postgres version and TimescaleDB option
* tslint: added 1 more rule, #12918
* tslint: added 2 more rules and removed unused component,
#12918
* tslint: added a new tslint rule
* added rule prefer const to tslint (#13071)
* dep ensure (#13074)
* hide Query Builder button for table panels
* check for correct quoting of multiple singlequotes
* changed var to const 2 (#13068)
* changed var to const (#13061)
* update latest.json to latest stable version
* docs: corrected docs description for setting
* remove min time interval from datasource config
* remove unneeded queryOptions
* changelog: add notes about 4.6.4 and 5.2.3 releases
* fix quoting
* strip quotes when auto adding alias
* handle quoting properly for table suggestion
* link to github instead
* recheck timecolumn when changing table
* update filter macro on time column change
* string formating fixes
* go fmt fixes
* Moved tooltip icon from input to label #12945 (#13059)
* added empty cta to playlist page + hid playlist table when
empty (#12841)
* changed from rotating to bouncing, maybe to much squash
and stretch
* Update provisioning.md
* make default mode for table panels raw editor
* improve description for timescaledb option
* Review feedback.
* use series matchers to get label name/value
* changelog: add notes about closing #12865
* fixed so validation of empty fields works again
* added a loading view with a spining grafana logo
* fix handling of variable interpolation for IN expresions
* tslint: tslint to const fixes part3 (#13036)
* tslint: more const fixes (#13035)
* tslint: changing vars -> const (#13034)
* tslint: autofix of let -> const (#13033)
* fix: minor fix to changing type
* upgrades to golang 1.11
* wip: angular panels now have similar edit mode and panel
type selection enabling quick changing between panel react
and angular panel types
* add min interval to postgres datasource
* wip: major change for refresh and render events flow
* fix: going from fullscreen fix
* wip: minor fixes
* copy and docs update for alert notification reminders
* change/add tests for alerting notification reminders
* wip: trying to align react & angular edit modes
* WIP Update tslint (#12922)
* changelog: add notes about closing #12952 #12965
* build: fixes rpm build when using defaults.
* docs: reminder notifications update
* changelog: add notes about closing #12486
* docs: changes
* created a section under administration for authentication,
moved ldap guide here, created pages for auth-proxy,
oauth, anonymous auth, ldap sync with grafana ee, and
overview, moved authentication guides from configuration
to, added linksin configuration page to guides
* fixed so animation starts as soon as one pushes the button
and animation stops if login failed
* added link to getting started to all, changed wording
* tests: fix missing tests (with .jest suffix)
* docs: alerting notification reminders
* update copy/ux for configuring alerting notification
reminders
* heatmap: fix tooltip bug in firefox
* fix tableSegment and timeColumnSegment after table
suggestion
* Update notifications.md
* sql: added code migration type
* changelog: add notes about closing #11890
* Explore: Apply tab completion suggestion on Enter (#12904)
* Show min-width option only for horizontal repeat (#12981)
* Fix bulk-dashboards path (#12978)
* add suggestions for reminder frequency and change copy
* don't write to notification journal when testing
notifier/rule
* remove unnecessary conversion (metalinter)
* fix after merge with master
* Refresh query variable when another variable is used in
regex field (#12961)
* Webpack tapable plugin deprecation (#12960)
* unify quoting
* dsproxy: interpolate route url
* prefill editor with first metric table
* only allow 1 filter macro in where clause
* fix timeColumnType assignment
* make suggested filter macro depend on type
* use unixEpochGroup macro for unix timestamp
* alerting: inline docs for the slack channel.
* Replacing variable interpolation in 'All value' value
* changelog: add notes about closing #12229
* cleaning up test data
* changelog: add notes about closing #12892
* docs: es versions supported
* devenv: update sql dashboards
* when value in variable changes, identify which variable(s)
to update
* removed inverse btn styling and added bgColor to generic
oauth and grafana.com login buttons, added styling so log
in button uses dark theme inverse btn styling both for
dark and light theme
* suggest operators depending on datatype
* Doc - fix title level
* Update doc about repeating panels
* Doc - fix broken link
* build: beta versions no longer tagged as latest.
* docs: cleanup.
* docs: docker and restarts.
* update persisted parts on param change
* persist datatype information
* Don't do value suggestions for numeric and timestamp
* created a class for loading buttons, added a button for
when login slow on login page
* rename postgres_query.jest.ts to .test.ts
* fix variable escaping
* autodetect timescaledb when version >= 9.6
* build: duplicate docker run-script removed.
* detect postgres version for saved datasources
* Set User-Agent header in all proxied datasource requests
* use pointer cursor for buttons in query editor
* docs: cloudwatch dimensions reference link.
* require postgres 9.4+ for ordered set aggregate functions
* add postgres version to datasource config
* only show first/last aggregate when timescaledb is enabled
* keep jsonData in PostgresDatasource
* docs: remove message property in response from get alerts
http api
* changelog: add notes about closing #5623
* build: cleanup
* should allow one default datasource per organisation using
provisioning
* build: fixes rpm verification.
* docs: add grafana version note for gitlab oauth
* docs: gitlab: add note about more restrictive API scope
* social: gitlab_oauth: set user ID in case email changes
* docs: document GitLab authentication backend
* social: add GitLab authentication backend
* build: verifies the rpm packages signatures.
* changelog: add notes about closing #12224
* added guide for logging in to grafana for the first and
how to add a datasource
* docs: update
* feat: add auto fit panels to shortcut modal, closes #12768
* changelog: add notes about closing #12680
* docs: update postgres provisioning
* Remove dependencies
* Rename test files
* changelog: add notes about closing #12598
* add version disclaimer for TimescaleDB
* document TimescaleDB datasource option
* Use variable in newPostgresMacroEngine
* Remove Karma scripts and docs
* changelog: add notes about closing #10705
* fix: ds_proxy test not initiating header
* Don't pass datasource to newPostgresMacroEngine
* Remove tests and logs
* Fix for Graphite function parameter quoting (#12907)
* don't render hidden columns in table panel (#12911)
* fix: added missing ini default keys, fixes #12800 (#12912)
* refactor timescaledb handling in MacroEngine
* change: Set User-Agent to Grafana/%Version%
Proxied-DS-Request %DS-Type% in all proxied ds requests
* Remove comment
* Cleanup
* All tests passing
* Class to function. Half tests passing
* Karma to Jest: graph (refactor) (#12860)
* tech: removed js related stuff now that 99% is typescript
(#12905)
* Add React container
* changelog: add notes about closing #12805
* fix redirect to panel when using an outdated dashboard
slug (#12901)
* Add commit to external stylesheet url (#12902)
* build: increase frontend tests timeout without no output
* fix: Alerting rendering timeout was 30 seconds, same as
alert rule eval timeout, this should be much lower so the
rendering timeout does not timeout the rule context, fixes
#12151 (#12903)
* changelog: add notes about closing #12476
* now hides team header when no teams + fix for list hidden
when only one team
* Rename to HeatmapRenderer
* Mock things
* Explore: Fix label filtering for rate queries
* add $__unixEpochGroup to mssql datasource
* add $__unixEpochGroup to mysql datasource
* Add $__unixEpochGroup macro to postgres datasource
* changed const members to filteredMembers to trigger get
filtered members, changed input value to team.search
(#12885)
* get timecolumn datatype on timecolumn change
* changelog: add notes about closing #12882
* Removes link to deprecated docker image build
* Add mocks
* fix datatype query
* Changelog update
* docker: makes it possible to set a specific plugin url.
* Add support for $__range_s (#12883)
* Refactor setting fillmode
* Update dashboard.md
* Fix typo
* Explore: label selector for logging
* Replace element
* Rewrite heatmap to class
* Explore: still show rate hint if query is complex
* Explore: Filter out existing labels in label suggestions
* Add note for #12843
* Fix initial state in split explore
* replaced with EmptyListCta
* Begin conversion
* changed messaging
* mention time_bucket in timescaledb tooltip
* keep legend scroll position when series are toggled
(#12845)
* replaced confirm delete modal with deleteButton component
in teams members list
* [wip]added empty list cta to team list, if statement
toggles view for when the list is empty or not
* Update NOTICE.md
* Fix padding for metrics chooser in explore
* fix rebase error
* revert passing ctrl to testDatasource
* change timescaledb to checkbox instead of select
* add timescaledb option to postgres datasource
* build: fixes png rendering in the docker based
docker-image build.
* remove duplicated /tmp entry in .dockerignore
* move run script, update README
* produce an image compatible with grafana-docker
* More efficient builds and some fixes to the Go binaries
* Simple Docker-based build option
* Add example OR search_filter to docs
* Explore: expand recording rules for queries
* Explore: Query hints for prometheus (#12833)
* Convert URL-like text to links in plugins readme
* skip target _self to remove full page reload
* use uid when linking to dashboards internally in a
dashboard
* add previous fill mode to query builder
* added more info about the teams
* removed mock-teams, now gets teams from backend
* changelog: add notes about closing #12756
* add api route for retrieving teams of signed in user
* devenv: update sql dashboards
* team list for profile page + mock teams
* changelog: add notes about closing #11270
* Fixing bug in url query reader and added test cases
* fix missing *
* rename last fillmode to previous
* change fillmode from last to previous
* return proper payload from api when updating datasource
* Review feedback
* changelog: update #12768
* Remove window
* Fix url param errors
* Explore: Metrics chooser for prometheus
* Add clear row button
* Add clear button to Explore
* Explore: show message if queries did not return data
* Fix closing parens completion for prometheus queries in
Explore (#12810)
* Update ROADMAP.md
* Update ROADMAP.md
* Update ROADMAP.md
* switched to lowercase
* replaced escape() call, renamed formatter to be more
expressive
* Smaller docker image (#12824)
* build: failing to push to docker hub fails the build.
* Reversed history direction for explore
* Explore: Add history to query fields
* unix socket docs
* Explore: facetting for label completion (#12786)
* docs: how to build a docker image.
* Remove Karma test
* All tests passing
* Add mock constructor
* Begin conversion
* Convert query control
* Convert datasource
* refactor: take submenu into account PR #12796
* refactor: renaming variables, refactoring PR #12796
* refactor: moving code around a bit, refactoring PR #12796
* Remove weird import
* Disable submenu when autopanels is enabled
* Extract to own method
* Use and add keybard shortcut
* Add temporary url parameter
* Replace floor with round
* Go with just single margin compensation
* Add margin and padding compensation
* Remove weird import
* Fit panels to screen height
* dont break default parameters for functions
* fix suggestion query
* renamed slate unit tests to .jest.ts
* Remove simple tests
* Support client certificates for LDAP servers
* Begin conversion
* Add click on explore table cell to add filter to query
(#12729)
* dont order for aggregate
* build: makes it easier to build a local docker container.
* add moving average to query builder
* adjust frontend test
* use $__timeGroupAlias macro
* specify grafana version for last fill mode
* add fillmode 'last' to sql datasource
* build: disables external docker build for master and
release.
* build: complete docker build for master and releases.
* build: removes unused args to docker build.
* build: imported latest changes from grafana-docker.
* build: attach built resources.
* build: builds docker image from local grafna tgz.
* build: new workflow for PR:s and branches.
* docker: inital copy of the grafana-docker files.
* changelog: add notes about closing #1823 #12801
* Add auto_assign_org_id to defaults.ini
* changelog: add notes about closing #12749
* changelog: add notes about closing #12766
* adjust test dashboards
* remove info logging
* added two new classes for color, fixed so link has value
color
* changelog: add notes about closing #12063
* Add new Redshift metrics and dimensions for Cloudwatch
datasource
* changelog: add notes about closing #12752
* changelog: update
* Improve iOS and Windows 10 experience (#12769)
* add series override option to hide tooltip (#12378)
* changelog: add notes about closing #12785
* removed table-panel-link class
* removed table-panel-link class and add a class white to
modify table-panel-cell-link class
* add warning when switching from raw sql mode
* add more prominent button for switching edit mode
* document $__timeGroupAlias
* add $__timeGroupAlias to mysql and mssql
* fix custom variable quoting in sql* query interpolations
* add compatibility code to handle pre 5.3 usage
* Change to arrow functions
* Add all tests to one file
* changelog: add notes about closing #12561
* Remove angularMocks
* All tests passing
* replaced style with class for links
* Add $__timeGroupAlias to postgres macros
* adjust test dashboards
* remove alias from postgres $__timeGroup macro
* changelog: add notes about closing #12762
* fix: team email tooltip was not showing
* fix: test data api route used old name for test data
datasource, fixes #12773
* removed a blank space in div
* fixed color for links in colored cells by adding a new
variable that sets color: white when cell or row has
background-color
* changelog: add notes about closing #12300
* Weird execution order for the tests...
* fixed test result
* added urlescape formatting option
* changelog: add notes about closing #12744
* changelog: add notes about closing #12727
* add aws_dx to cloudwatch datasource
* also fixed 'Watt per square metre'
* fixed that missing one
* add version note to metric prefix and fix typo
* devenv: update sql dashboards
* mssql: update tests
* fix usage of metric column types so that you don't need to
specify metric alias
* Begin conversion
* changelog: update
* changelog: add notes about closing #12747
* Add missing tls_skip_verify_insecure (#12748)
* rename special to windows
* add first and last support
* refactor function handling in query builder
* refactor column function handling
* consistent nameing fro group and select
* mssql: add logo
* add tests for metric column prefix to mssql
* add metric column prefix test for mysql
* document metric column prefix in query editor
* document metric column prefix for mysql and mssql
* Remove extra mock
* Karm to Jest
* correct volume unit
* Remove lo
* Test passing. Remove Karma
* adjust metric prefix code to sql engine refactor
* add testcase for metric column as prefix
* Use metric column as prefix
* Fix emit errors
* Fix test
* Add async/await
* refactor schema query generation
* removed unused class from the deletebutton pr
* frontend part with mock-team-list
* Update test for local time
* update devenv datasources and dashboards for sql
datasources
* Begin conversion
* use const for rowlimit in sql engine
* Cleanup
* Remove Karma file
* All tests passing
* All except one passing
* remove tableschema from query builder ui
* changelog: add notes about closing #12731
* elasticsearch: support reversed index patterns
* update devenv datasources and dashboards for sql
datasources
* mssql: use new sql engine
* mysql: use new sql engine
* postgres: use new sql engine
* refactor sql engine to make it hold all common code for
sql datasources
* Pass more tests
* Refactor Explore query field (#12643)
* Begin conversion
* All tests passing. Remove Karma test.
* Almost all tests passing
* Add tslib to TS compiler
* docs: using interval and range variables in prometheus
* Two passing tests
* Update Configuration.md
* Start conversion
* changelog: add notes about closing #12533
* changelog: add notes about closing #12668
* changelog: update
* changelog: add notes about closing #12668
* fix for typeahead background, increased lighten
* added position absolute and some flexbox so I could remov
changes in display and setTimeout, added tests and types,
did some renaming
* fix invalid reference
* minor fixes
* fix failing test due to time diff issues
* Remove comments
* remove unneeded comment
* Remove old influx stuff
* changelog: add notes about closing #12489
* changelog: add notes about closing #12551
* changelog: add notes about closing #12533
* Karma to Jest
* Begin conversion
* changelog: add notes about closing #12589
* changelog: add notes about closing #12636 #9827
* Remove influx qeury_ctrl jest, as it is already completed
* Test fail depending on test order
* Karma to Jest: begin influx query_ctrl
* Make beautiful
* Karma to Jest: completer
* Remove comments and Karm test
* Karma to Jest
* Pass more tests
* changelog: add notes about closing #12644
* fix code style
* docs: mentation that config changes requires restart.
* return 400 if user input error
* changing callback fn into arrow functions for correct
usage of this (#12673)
* Fix requested changes
* Add templating docs for
* Add docs about global variables in query template
variables
* Figuring out why it doesn't initialize
* Add support for interval in query variable
* Add jest file
* Change to arrow functions
* Add graph_ctrl jest
* changelog: add notes about closing #12691
* Update kbn.ts
* Add jest test file
* Id validation of CloudWatch GetMetricData
* Fix timezone issues in test
* fix window function query without group by
* changelog: adds note for #11487
* add order by to metadata queries
* set explicit order for rate and increase
* escaping ssl mode on postgres param
* fix pre gui queries shortcircuit
* Add unit test for InfluxDB datasource
* Support timeFilter in templating for InfluxDB
* Datasource for Grafana logging platform
* removed blue-dark variable with blue-light in light-theme,
blue variable now has same value as blue-dark had before,
should fix issue with any low contrast issues with blue in
light-theme, this made query-blue variable unnecessery
removed it, added variable for variable dropdown highlight
background
* removed import appEvents
* built a component for delete button in tables, instead of
using a modal to confirm it now does it in the row of the
table, created a sass file for the component, the
component uses css transitions for animation
* fix: postgres/mysql engine cache was not being used, fixes
#12636 (#12642)
* added: replaces added to grafana
* fix: datasource search was not working properly
* add groupby when adding first aggregate
* docs: minor docs fix
* Fix label suggestions in Explore query field
* pluginloader: expose flot gauge plugin
* alert: add missing test after refactor
* Handle query string in storage public_url (#9351) (#12555)
* HTTP API documentation +fix when updating a playlist
(#12612)
* Explore: calculate query interval based on available width
* Use url params for explore state
* Dont parse empty explore state from url
* Fix default browser th font-weight
* Adding eval_data to alerts query results
* ldap: Make it possible to define Grafana admins via ldap
setup, closes #2469
* nginx: update to docker block
* minor fix for legacy panels
* Remove string casting for template variables in prometheus
* ldap: docker block readme update
* Make prometheus value formatting more robust
* Update README.md
* Devenv testdata dashboards (#12615)
* fix test for query generation
* dont run queries if target has no table set
* add query to find metric table
* add popover for metric column
* rename PostgresQueryBuilder to PostgresMetaQuery
* dont expand variables in rawSql
* filter datatype for groupby suggestions
* fix rate special function when using group by
* remove unused import
* refactor adding sqlPart
* remove render code from sql_part
* fix bug in query generation with metricColumn
* refactor PostgresQuery
* refactor PostgresQueryCtrl
* refactor PostgresQueryCtrl and PostgresQuery
* refactor addGroupBy and removeGroupByPart
* use let for variable declaration
* Add templateSrv to PostgresQuery tests
* add tests for query generation
* Reverted $q to Promise migration in datasource_srv
* Allow settting of default org id to auto-assign to
(#12401)
* Remove unused SASS variables (#12603)
* fix: panel embedd scrolbar fix, fixes #12589 (#12595)
* fix tests for postgres datasource
* Set datasource in deep links to Explore
* send timerange with metricFindQuery
* Explore Datasource selector
* changed you to your (#12590)
* indent generated SQL
* Add comments
* Fix freezing browser when loading plugin
* handle counter overflow and resets in rate
* partition by metricColumn when using increase
* add rate and increase special functions
* wip: another baby step, another million to go
* skip backend request if extended statistics is invalid.
(#12495)
* Refactor team pages to react & design change (#12574)
* (prometheus) prevent error to use $__interval_ms in query
(#12533)
* fix: folder picker did not notify parent that the initial
folder had been changed, fixes #12543 (#12554)
* Add support for skipping variable value in URL, fixes
#12174 (#12541)
* Update mac.md
* Update windows.md
* Update rpm.md
* Update debian.md
* Don't build-all for PRs
* Refactor value column SQL generation
* Refactor metric column sql generation
* fix: requests/sec instead of requets (#12557)
* Add folder name to dashboard title (#12545)
* Fix css loading in plugins (#12573)
* Refactor group by query generation
* Refactor where clause generation
* refactor SQL generation for value columns
* Refactor time column sql generation
* Refactor render function on PostgresQuery
* prepare sql part for special functions
* set query gui as default handle old panels gracefully
* Added BurstBalance metric to list of AWS RDS metrics.
* dont throw exception for unknown types
* Prevent scroll on focus for iframe
* add alias when adding group by
* Add new sequential color scales
* add aggregates when adding group by
* add column alias when add aggregate function
* move go vet out of scripts and fixing warning (#12552)
* fix enter in sql_part_editor
* fix editing expression parts
* wip: you can now change panel type in edit mode
* rename inputBlur to switchToLink
* react panels: working on changing type
* Cleanup and remove some jest.fn()
* fix spelling
* add current value to dropdown if its not in resultset
* Revert 'show current value in dropdown when its not part
of list'
* Remove irrelevant tests and templateSrv stub
* show current value in dropdown when its not part of list
* redid redux poc, old branch was to old and caused to many
conflicts
* wip: redux poc
* fix diff and percent_diff (#12515)
* improve error message
* generate unique id when variable is multi
* support GetMetricData
* dep ensure
* update aws-sdk-go
* Update lodash/moment version (#12532)
* fix: minor css change
* wip: minopr progress on react panel edit infra
* Tabs to spaces in tslint (#12529)
* wip: minor progres on react panels edit mode
* add None to metric column suggestions
* handle pre query gui queries gracefully
* dont break on panels that dont have rawQuery set
* refactor transformToSegments
* devenv: updated devenv provision scripts
* wip: viz editor started
* ux: minor fix/tweak to inactive view mode, think logo
should be visible & fixes dashboard title alignment
* changelog: add notes about closing #12379
* Fix datasource sorting with template variables
* another baby step
* changelog: add notes about closing #12484
* changelog: add notes about closing #12506
* rename quoteLiteral to quoteIdentAsLiteral
* changelog: add notes about closing #12506
* fix links not updating after changing variables
* remove unused function removeSelect
* put updateParam back in
* fix where clause generation
* remove hardcoded $__timeFilter, make macros functional in
where clause
* remove dead code, make label more flexible
* fix constraint removal
* react-panels: minor progress on data flow
* dont autoquote, suggest quoted values if requried
* prometheus heatmap: fix unhandled error when some points
are missing
* fix caret for help button is ds http settings
* do not autoquote identifiers
* fix group by ui
* changelog: add notes about closing #11618 #11619
* fix where constraint handling
* remove dead code from sql_part fix where clause query
generation
* Add mock to test files
* Create new instance in beforeEach
* Remove comments
* Karma to Jest: Cloudwatch datasource
* Karma to Jest: MySQL datasource
* Karma to Jest: postgres datasource
* Basic cleanup
* Add mocks in test file
* Remove q and stub
* Add Jest stubs
* Remove async
* Remove logs and comments
* Start elastic ds test conversion
* run enterprise build only on master for now
* refix the settings indentation
* update stats admin doc
* fix json indentation
* include where constraints in query generation
* remove unnecessary conversions
* rearrange elements of query builder
* mv query_part to sql_part
* changelog: update
* changelog: add notes about closing #11818
* changelog: add notes about closing #12460
* changelog: add notes about closing #8186
* changelog: add notes about closing #12379
* changelog: add notes about closing #12362
* devenv: open ldap docker block now prepopulating data with
correct member groups
* ci: Only publish grafana enterprise packages tagged with
enterprise.
* Make table sorting stable when null values exist (#12362)
* Fix bar width issue in aligned prometheus queries (#12483)
* correct example (#12481)
* ldap: improved ldap test env with more structured users
and groups
* test: fixed usage of wrap in tests.
* ci: typo
* ci: publishes grafana enterprise to s3.
* refactoring: making api wrap public
* refactoring: enterprise build/hooks refactorings (#12478)
* Karma to Jest: datasource_srv (#12456)
* fix: #12461 introduced issues with route registration
ordering, adding plugin static routes before plugins
package had been initiated (#12474)
* omit extra template refresh (#12454)
* wip: minor progress on DataPanel
* Improve extensions build. (#12461)
* [mysql] fix $__timeGroup rounding (#12469)
* [mssql] fix $__timeGroup rounding (#12470)
* [postgres] fix timeGroup macro rounding (#12468)
* pkg/social/github: Allow changing of userinfo data
(#12471)
* notifications: dont return error if one notifer failed
* use sqlPart for ui parts
* avoid calling os.Exit outside main.go (#12459)
* update mysql/mssql query/annotation help sections
* docs: update folders api
* Changed documentation for MSSQL and MySQL to reflect macro
changes
* docs: update scripted dashboard for v5
* docs: update scripted dashboard for v5
* docs: update organisation http api
* docs: upd windows installation
* notifications: send notifications synchronous
* notifications: read without tran, write with tran
* registry: adds more comments
* registry: adds comments to interfaces
* changelog: update
* changelog: update
* changelog: add notes about closing #12438
* alerting: only log when screenshot been uploaded
* fixes typos
* Reverted yarn.lock to master
* Used PostgreSQL TSDB as a model the set up the
__timeFilter, __timeFrom, and __timeTo macros for
Microsoft SQL and MySQL
* changelog: add notes about closing #12444
* Revert 'auth proxy: use real ip when validating white
listed ip's'
* changelog: adds note for #11892
* changelog: add notes about closing #12430
* fix footer css issue
* Karma to Jest: 3 test files (#12414)
* fix: log close/flush was done too early, before server
shutdown log message was called, fixes #12438
* react panels wip
* Karma to Jest: value_select_dropdown (#12435)
* support passing api token in Basic auth password (#12416)
* Add disabled styles for checked checkbox (#12422)
* changelog: add notes about closing #11920
* changelog: add notes about closing #11920
* changelog: update
* docs: upd what's new in v5.2
* docs: update index with link to what's new in 5.2 instead
of 5.0
* wip: react panels editor mode, tabs working
* changelog: add notes about closing #12385
* react panels wip
* feat: panels v2, metrics-tab loading
* docs: upd what's new in v5.2
* docs: upd what's new in v5.2
* login: fix layout issues
* build: yarn should be included out of the box on circle ci
* notifier: handle known error first
* ensure that if the dasboardID is negative, it will not
bypass the checking of the right (#12398)
* changelog: add notes about closing #11968
* Webpack 4 (WIP) (#12098)
* Make pre/postfix coloring checkboxes inactive when gauge
is active
* removes unused return object
* handle 'dn' ldap attribute more gracefully (#12385)
* Update ROADMAP.md
* Fix typo
* Switched MySQL and MSSQL macros for timeFilter and related
to use BETWEEN and calculate UNIX time server side instead
of database side. Fixes #11618 #11619
* docs: update installation instructions
* routing: raise panic if duplicate routes are added
* routing: allows routes to be added to existing groups
* changelog: add notes about closing #11868
* enhance error message if phantomjs executable is not found
* fix: annnotation api & sql issue
* changelog: add notes about closing #12248
* set correct text in drop down when variable is present in
url using key/values
* Light improve of massive delete annotation api (#12390)
* Fix 12248
* Fixing wrong /public path, relative to the webpack.dev
script, that would avoid webpack from cleaning previous
builds. (#12351)
* changelog: add notes about closing #12383
* changelog: adds note about closing #12313
* Return a 404 when deleting a datasource through the API if
it doesn't exist and add a test for it to confirm #12313
* Set $rootScope in DatasourceSrv
* Add options to colorize prefix and postfix in singlestat
* devenv: adds dashboard with multiple rows
* changelog: adds note about closing #10971
* Pass configured/auth headers to a Datasource.
* Karma to Jest: history_ctrl. .gitingore: .vs/
* changelog: add notes about closing #12359
* build: fix signing of multiple rpm packages
* docs: what's new in v5.2 and docker installation updates
* tech: adds comments about route register code
* changelog: add notes about closing issue
* Karma to Jest: history_ctrl. Update version: ts-jest
* changelog: add notes about 5.2.0-beta2
* changelog: add notes about closing #12240
* changelog: add notes about closing #12256
* changelog: add notes about closing #11792
* changelog: add notes about closing #12315
* dashboard: fix drop down links
* wip: react panels, query editor loading from react
PanelEditor view
* fix regressions after save modal changes of not storing
time and variables per default
* wip: react panel minor progrss
* updated
* Karma to Jest: history_srv (#12341)
* react panels minor progress
* make sure to process panels in collapsed rows when
exporting dashboard
* changelog: add notes about closing #3132
* docs: update installation instructions
* react panel minor progress
* ldap: add note about config in Grafana
* ldap: add note to dockerfile
* changelog: add notes about closing #12343
* docs: Plugin review guidelines and datasource auth pages
* remove unused argument in default scenario of guardian
test
* fix: fixed permission issue with api key with viewer role
in dashboards with default permissions
* wip: react panel makeover mini progress
* Karma to Jest: time_srv (#12303)
* Karma to Jest: team_details_ctrl (#12321)
* Fix error in InfluxDB query
* expose functions to use sessions
* changelog: adds note about closing #11607
* test commit for checking github permissions
* changelog: add notes about closing #12278
* changelog: add notes about closing #11076
* snapshot: copy correct props when creating a snapshot
* added comment to reason the id tag
* set current org when adding/removing user to org
* changelog: add notes about closing #10707
* Include the vendor directory when copying source in to
Docker (#12305)
* changelog: adds note about closing #12199
* adds tests for journaling sql operations
* use epoch to compare timestamp
* adds inTransactionCtx that calls inTransactionWithRetryCtx
* merge create user handlers
* transactions: start sessions and transactions at the same
place
* adds info about eval/reminder interval
* tests for defaultShouldNotify
* cloudwatch: handle invalid time range
* notifications: make journaling ctx aware
* make sure to use real ip when validating white listed ip's
* Adding Cloudwatch AWS/AppSync metrics and dimensions
* notifications: gather actions in one transaction
* changelog: adds note about closing #12286
* sql: adds tests for InTransaction
* bus: noop should still execute fn
* removes unused code
* bus: Dispatch now passes empty ctx if handler require it
* bus: dont start transaction when creating session
* bus: dont mix ctx/classic handlers
* bus: DispatchCtx can now invoke any handler
* refactoring: renamed AddCtxHandler to AddHandlerCtx PR
#12203
* refactoring: transaction manager PR #12203
* fixes typo in code
* check if admin exists or create one in one transaction
* replace begin/end with wrapper function
* bus: support multiple dispatch in one transaction
* docs: adds info about grafana-dev container
* changelog: add notes about closing #12282
* Added Litre/min and milliLitre/min in Flow (#12282)
* remove papaparse dependency
* list name is deleteDatasources, not delete_datasources
* remove internal influx ifql datasource
* Document the endpoint for deleting an org
* tests: rewrite into table tests
* influxdb: adds mode func to backend
* Fix queryfield wrapper css
* Fix Queryfield metrics field missing
* batch DOM reads from query field typeahead
* hint support for typeahead
* Make suggestions an object
* Trigger typeahead on Ctrl-Space
* refactor Explore query field
* changelog: add notes about closing #11484
* changelog: add notes about closing #11233
* Remove import
* Fix PR feedback
* Removed papaparse from external plugin exports
* Karma to Jest: query_builder
* dsproxy: move http client variable back
* Karma to Jest: threshold_mapper
* Expose react and slate to external plugins
* Karma to Jest: threshold_manager
* Karma to Jest: query_def, index_pattern
* Remove import
* Karma to Jest: elastic_response
* changelog: notes about closing #12189
* #11607 corrected file cleanup test
* #11607 removed unnecessary conversion (from gometalinter)
* Improve test readability
* #11607 fixed formatting
* #11607 Cleanup time of temporary files is now configurable
* moved link icon in panel header
* Karma to Jest: playlist_edit_ctrl
* Karma to Jest: exporter
* Update graphite.md
* changelog: add notes about closing #10796
* added id tag to Panels for html bsckmarking on longer
Dashboards
* dashboard import to folder: minor fixes
* Docs: output location from build script
* Correct Provisioning documentation link
* dsproxy: allow multiple access tokens per datasource
* Mock core in jest-setup
* Docs: Update Build from Source
* Convert tests from Karma to Jest
* changelog: add notes about closing #11963
* save-modal save button (#12047)
* Karma to Jest: graph-tooltip
* removed QueryOptionsCtrl references
* update latest.json to 5.1.3
* use ng-if
* hot-fix ifql testdatasource()
* triggers grafana-docker master build
* changed som variables to values so it's the same for dark
and light theme, added special styling for login text,
link and input (#12196)
* mattn/go-sqlite3 v1.6.0 to v1.7.0
* changelog: add notes about closing #11074
* fixed so panel title doesn't wrap and (#12142)
* graph: fix legend decimals precision calculation
* Use Passive eventListener for 'wheel' (#12106)
* removes more unused code
* removes unused code
* nicer collapsed row behaviour (#12186)
* remove DashboardRowCtrl (#12187)
* add panel on enter
* autoFocus the search filter
* adds missing return statement
* Fix typo: eleasticsearch -> elasticsearch (#12184)
* Annotations support for ifql datasource
* dashboard: improve import UX for non-editor users
* Template variable support for ifql datasource
* Use cut to trim down the SHA1.
* show import menu in sidenav, dashboard search and manage
dashboards page
* Fix metrics panel test by adding config mock
* Respect explore settings in config ini
* Add .html to webpack.hot resolve extensions
* Version the tarball uploaded to s3 and tell the next step
about it.
* dashboard: import into current folder from manage folder
page
* dashboard: add Import button to manage page
* dashboard: import to folder
* Query helpers for IFQL datasource
* alerting: fixes broken table rename
* docs: docker secrets available in v5.2.0
* Remove round-robin urls in ifql DS
* IFQL range variable expansion
* alerting: renames journal table to
alert_notification_journal
* alerting: move queries from evalcontext to notifier base
* alerting: invert sendOnce to sendReminder
* changelog: add notes about closing #11657
* alerting: remove zero units from duration
* alerting: only check frequency when not send once
* always show server admin link in sidenav if grafana admin
* update google auth config docs
* changelog: add notes about closing #11525
* fix: fixed problem with expanding access mode help in ds
settings
* dep: use master branch for plugin model
* alerting: fixes invalid error handling
* fixed so default is all and general only show dashboards
* changelog: add notes about closing #11882
* added s to folderId in params
* renamed variable in tests
* added comment, variableChange -> variableValueChange
* added a test
* added if to check if new variable has been added
* Gravatar fallback does not respect 'AppSubUrl'-setting
(#12149)
* change admin password after first login
* changelog: adds note about closing #11958
* revert: reverted singlestat panel position change PR
#12004
* Revert 'provisioning: turn relative symlinked path into
absolut paths'
* provisioning: turn relative symlinked path into absolut
paths
* changelog: adds note about closing #11670
* elasticsearch: sort bucket keys to fix issue wth response
parser tests
* docs: what's new in v5.2
* made folder text smaller
* Implement code review changes
* Bug fix for repeated alerting even on OK state and add
notification_journal cleanup when alert resolves
* Fix tests
* Fix multiple bugs
* Revert changes post code review and move them to
notification page
* Feature for repeated alerting in grafana
* InfluxDB IFQL datasource
* changelog: add notes about closing #11167
* docs: docker secrets support. (#12141)
* alerting: show alerts for user with Viewer role
* datasource: added option no-direct-access to
ds-http-settings diretive, closes #12138
* provisioning: adds fallback if evalsymlink/abs fails
* tests: uses different paths depending on os
* renames intervalSeconds to updateIntervalSeconds
* changelog: add notes about closing #5893
* removed italic
* changelog: add notes about closing #11500, #8168, #6541
* Alert panel filters (#11712)
* docs: update alerting docs with alerting support for
elasticsearch
* added span with folder title that is shown for recently
and starred, created a new class for folder title
* provisioning: makes the interval for polling for changes
configurable
* provisioning: only update dashboard if hash of json
changed
* remove dead code
* elasticsearch: minor refactor
* changelog: update
* changelog: add notes about closing #10748, #8805
* save modal ux improvements (#11822)
* changelog: add notes about closing #11515
* provisioning: only provision if json file is newer then db
* Guard /explore by editor role on the backend
* make path absolute before following symlink
* provisioning: follow symlinked folders
* test: fixes broken test on windows
* changelog: add notes about closing #11771
* changelog: add notes about closing #11971
* Fix singlestat threshold tooltip (#12109)
* build: only runs db related tests on db.
* build: integration testing postegres on ci.
* build: mysql integration testing on ci.
* Fix karma tests that rely on MetricsPanelCtrl
* changelog: Second epochs are now correctly converted to
ms.
* Fix panel menu test
* Restrict Explore UI to Editor and Admin roles
* Fix CSS to hide grid controls in fullscreen/low-activity
views
* changelog: add notes about closing #11645
* Support InfluxDB count distinct aggregation (#11658)
* provisioning: enable relative path's
* changelog: note about closing #11858
* devenv: improve readme
* provisioning: place testfiles within testdata folder
* changelog: add notes about closing #11494
* Add new regions to handleGetRegions function (#12082)
* PR: minor change to PR #12004 before merge
* fix: refactoring PR #11996 and fixing issue #11551
16706hashkey in json editors
* devenv: script for setting up default datasources
* tech: updated react-grid-layout to latest official
release, closes #12100
* Fix cache busting for systemjs imports for plugins
* devenv: scripts for generating many unique dashboards
* docker: new block for elasticsearch6
* changelog: add notes about closing #12087
* sql: seconds epochs are now correctly converted to ms.
* add validation of uid when importing dashboards
* fix: add track by name in annotation list to avoid
$$hashKey in json
* changelog: adds note about closing #9703
* go fmt fixes
* configure proxy environments for Transport property
* Show create dashboard link if at least editor in one
folder
* graphite: avoid dtracing headers in direct mode
* Fix sourcemaps for webpack hot config
* return better error message when err is ErrSmtpNotEnabled
* elasticsearch: handle if alert query contains template
variable
* changelog: adds note about closing #9847
* Sparklines should scale to the data range (#12010)
* Split webpack dev config into dev and hot
* Upgrade webpack loaders (#12081)
* pin versions of xorm to resolve sql tests
* build: fixes broken path for bra run
* use sql builder for the get system stats sql query
* fix directly specified variable rendering
* remove unused function renderAdhocFilters
* send param in callback for get-param-options
* Fix #9847 Add a generic signout_redirect_url to enable
oauth logout
* make separator configurable
* fix error message
* Changed Prometheus interval-alignment to cover whole panel
range
* alerting: refactor tests
* add usage stats for datasource access mode
* Review feedback (heading, typos)
* add additional usage stats metrics
* add tests for sending usage stats
* Integrated dark theme for explore UI
* elasticsearch: adds some more/better debug logging to
client
* changelog: fix broken link to contributor
* changelog: adds note about closing #11788
* The old code for centering removed
* Backend image rendering as plugin (#11966)
* Fix typo in README.md
* build: updates publisher to support arm archs for deb and
rpm.
* Explore split view
* Fixed custom dates for react timepicker
* Explore: Design integration
* Explore: time selector
* Fix dashboard snapshot deletion (#12025)
* fix names of foreign arch packages
* elasticsearch: handle NaN values
* elasticsearch: metric and pipeline agg setting json
encoding fix
* elasticsearch: query interval override fix
* elasticsearch: default interval fix
* Document table row merge for multiple queries
* elasticsearch: pipeline aggregation fix for json encoding
* build: always build for all platforms.
* fix: remove deadcode to make gometalinter happy
* elasticsearch: refactor query handling and use new es
simple client
* elasticsearch: new simple client for communicating with
elasticsearch
* elasticsearch: refactor and cleanup
* build: removes deploy from nightly while testing it.
* update provisioning.md
* Fix ResponseParser for InfluxDB to return only string
values
* Conditionally select a field to return in ResponseParser
for InfluxDB
* build: clean up the workflow filters.
* Revert 'Conditionally select a field to return in
ResponseParser for InfluxDB'
* Revert 'Fix ResponseParser for InfluxDB to return only
string values'
* Revert 'move queryTimeout option to common setting'
* move queryTimeout option to common setting
* add query timeout option for Prometheus
* build: crosscompilation for nightlies and releases.
* set style for registered query components
* make param wrapper configurable
* fix metric column when using group by
* separate label in template from type
* use sql part component
* use sql part component
* add sql_part component
* Singlestat value: vertical alignment fix
* Added Swiss franc currency
* quote column name in buildValueQuery
* return values quotes for suggestions in where expression
* test: moves test files to testdata folder
* build: downloads and bundles phantomjs for darwin and
windows.
* build: publisher updated to support more architectures and
OSs.
* build: saves artifacts with the build
* build: crossplatform build with packages.
* build: script for tagging and pushing a release
* codespell: fixes
* fix: fixed some minor startup logging issues
* Sqlstore refactor (#11908)
* Adds constant description for units
* test: increase expire time to avoid tz issues in tests
* explore: fixes #11953
* migrated files to ts, removed unused functions from
lodash_extended
* docs: installation pages for 5.1.3
* changelog: add note for #11830
* legend: fixes Firefox/baron scroll bug
* wrote classes
* migrated jquery.flot.events to ts
* use canMakeEditable
* allow to add annotation for non editable dashboard
* scroll: temporary fix for double scrollbar issue
* backend plugins: log an error if parsing meta field failed
* backend plugins: expose meta field
* fixes following first code review
* add useful note to alerting api docs
* improve alerting api docs sample responses
* Prometheus step alignment: shift interval only on jitter
* Use babel and hot loader only in yarn start
* docs: removes notes about beeing introduced in 5.0
* lock caniuse-db version to resolve phantomjs rendering
issue
* Update dashboard_permissions.md
* move database-specific code into dialects (#11884)
* refactor: tracing service refactoring (#11907)
* fix typo in getLdapAttrN (#11898)
* docs: update installation instructions targeting v5.1.2
stable
* changelog: add notes about closing #11862, #11656
* Fix dependencies on Node v10
* Update dashboard.md
* changelog: add notes about closing #10338
* Phantom render.js is incorrectly retrieving number of
active panels (#11100)
* singlestat: render time of last point based on dashboard
timezone (#11425)
* Fix for #10078: symbol '&' is not escaped (#10137)
* Add alpha color channel support for graph bars (#10956)
* interpolate 'field' again in Elasticsearch terms queries
(#10026)
* Templating : return __empty__ value when all value return
nothing to prevent elasticsearch syntaxe error (#9701)
* http_server: All files in public/build have now a huge
max-age (#11536)
* fix: ldap unit test
* only error log when err is not nil
* rename alerting engine to service
* case-insensitive LDAP group comparison (#9926)
* changelog: add notes about closing #11813
* docs: updated changelog
* fix XSS vulnerabilities in dashboard links (#11813)
* PR: ux changes to #11528
* renames alerting engine to match other services
* allow analytics.js to be cached, enable anonymizeIP
setting (#11656)
* Revert 'Add baron scrollbar to a node managed by gafana
(#11850)'
* decrease length of auth_id column in user_auth table
* fixed svg background (#11848)
* Add baron scrollbar to a node managed by gafana (#11850)
* Fix CSS asset loading for yarn start (HMR) (#11855)
* fix: fixed gometalinter issues with Discord PR
* docs: update installation instructions targeting v5.1.1
stable
* fix root_url in docs & comments (#11819)
* changelog: 5.1.1 update
* fix: loading of css url (images/fonts)
* Support for local Docker builds
* Update ROADMAP.md
* support additional fields in authproxy (#11661)
* better handling for special chars in db config (#11662)
* Fix/improved csv output (#11740)
* Update ROADMAP.md
* Update ROADMAP.md
* Update ROADMAP.md
* Remove preceding `/` from public JS path (#11804)
* Add panel scrolling docs (#11826)
* escape pipe symbol same way as in templating docs
* changelog: add notes about closing #11616
* added left:unset to counter left:0 in recent react-select
release
* fixed text color in light theme
* changelog: add notes about closing #11800
* test if default variable interpolation is effective when
no specific format is specified
* changelog: notes about closing #11690
* changelog: add notes for ##11754, #11758, #11710
* scroll: remove firefox scrollbars
* Add missing items to Gopkg.lock
* pipe escape try #3
* use ascii code for pipe symbol to not mess up markdown
table
* try to fix table
* dont shadow format passed in as function parameter
* fix: removed manully added http server from inject graph
as it is now a self registered service
* fix: removed unused channel
* fix: comment spell fix
* fix: fixed race condition between http.Server
ListenAndServe & Shutdown, now service crash during
startup correctly closes http server every time
* refactoring: lots of refactoring around server shutdown
flows, making sure process is terminated when background
service has crashed
* refactor: provisioning service refactoring
* Metrics package now follows new service interface &
registration (#11787)
* Revert 'Opportunities to unindent code (unindent)'
* scroll: fix scrolling on mobile Chrome (#11710)
* changelog: add notes about closing #11625
* remove jest it.only to not skip important tests
* fixed so all buttons are styled not just small ones, fixes
#11616
* --amend
* fix: improved handling of http server shutdown
* add test for prometheus table column title
* Fix url encoding, expand template vars, fix TS hacks
* Explore: Add entry to panel menu to jump to Explore
* changelog: notes about closing #11498
* Initial Baby Step to refactoring settings from global vars
to instance (#11777)
* table: fix for padding
* graph histogram: fix invisible highest value bucket
* dashboard: show save as button if can edit and has edit
permission to folders
* new property for current user indicating if edit
permissions in folders
* increase length of auth_id column in user_auth table
* fix dropdown typeahead issue
* Use opportunities to unindent code (unindent)
* Outdent code after if block that ends with return (golint)
* Remove redundancy in variable declarations (golint)
* fix: minor fix to plugin service shut down flow
* appveyor: uppercase the C drive in go path
* docs: further documents changes to the docker image.
(#11763)
* disable ent build to avoid slowing down build speed
* Explore: add support for multiple queries
* Fixed settings default and explore path
* Refactoring PluginManager to be a self registering service
(#11755)
* fix: removed log calls used while troubleshooting
* refactor: refactoring notification service to use new
service registry hooks
* Enable Grafana extensions at build time. (#11752)
* revert renaming of unit key ppm
* fix to match table column name and order
* Import and typescript fixups
* Settings to enable Explore UI
* tech: removes unused code
* Explore WIP
* add deadcode linter to circleci
* pkg: fix deadcode issues
* build.go: fix deadcode issues
* docs: update current version to 5.1
* docs: update installation instructions targeting v5.1.0
stable
* changelog: update for v5.1.0
* fix so that google analytics script are cached
* prometheus: convert metric find query tests to jest
* prometheus: fix variable query to fallback correctly to
series query
* removed height 100% from panel-container to fix ie11 panel
edit mode
* replaced border hack carot with fontawesome carot fixes
#11677
* dev: Mac compatible prometheus block. (#11718)
* mssql: fix value columns conversion to float when using
timeseries query
* postgres: fix value columns conversion to float when using
timeseries query
* mysql: fix value columns conversion to float when using
timeseries query
* sql datasource: extract common logic for converting value
column to float
* added pointer to show more, reset values on new query
* docs: add known issues section for mssql documentation
* force GET for metadataRequests, w/ test
* Renamed helperRequest and removed positional args
* Move function calls w/ side-effects to componentDidMount
* changed test name and dashboardMock code
* fixed test
* add ineffassign to circleci gometalinter check
* pkg/components: fix ineffassign issues
* pkg/cmd: fix ineffassign issues
* pkg/log: fix ineffassign issues
* pkg/services: fix ineffassign issues
* removed import config
* fixed so user who can edit dashboard can edit row, fixes
#11466
* Fixes signing of packages.
* db: fix failing user auth tests for postgres
* changed rps to reqps
* bump version
* added button to show more preview values for variables,
button runs a function that increases options limit, fixes
#11508
* Added requests/sec(throughput)
* use inherited property from api when rendering permissions
* return inherited property for permissions
* pkg/tsdb: fix ineffassign isues
* fix circleci gometalinter test
* Sort results from GetDashboardTags
* Add silent option to backend requests
* docs: escape asterisk in Graphite docs
* docs: disable quoting option for MSSQL
* docs: fix example for graphite tag query
* docs: spelling
* docs: add missing backtick for mysql/postgres
* docs: fixes for table in variable docs
* build: fixes release deploy
* changelog: adds releaste date for 5.1.0-beta1
* graphite: convert ds test to jest
* build: removes gometalinter
* cli: adds os and arch headers
* slightly better example
* adjust timeFilter, timeFrom and timeTo macro examples
* docs: what's new improvements
* docs: what's new improvements
* docs: what's new
* docs: fix typos
* docs: what's new
* docs: whats new
* docs: more info prometheus heapmap to whats new
* docs: improve what's new in v5.1
* docs: what's new in v5.1 draft
* Add weback-dev-server with hot/hmr support
* build: only lint the pkg folder
* changelog: adds note about closing #11476
* dev: only build server with bra run
* add gometalinter to circleci
* comment unused struct fields
* remove unused variables detected by varcheck
* fix typo
* docs: describes variable formatting options
* docs: graphite template variables for tag queries
* docs: describes new variable formatting syntax
* changelog: notes about closing #10427
* move jest test file to specs
* make add panel panel scrollbar adjust when panel/dashboard
grid are resized
* style: code simplifications
* build: introduce -dev flag optimal for building in
development mode
* changed copied message and added forced render for width
change
* removed padding and moved carrot
* changelog: adds note about closing #11613 and #11602
* cleanup, make sure users are always synced with ldap
* Specify expected encoding for access/secret key
* make sure user's default org is kept up to date
* fix: sign in link should have target self to trigger full
page reload, fixes #11626
* codespell: exclude by words instead of files
* remove old comment
* org role sync tests
* refactor authproxy & ldap integration, address comments
* pass DN in ldap test
* tests for user auth module
* fix ldap test
* restructure GetUserByAuthInfo
* error handling
* use Result in GetAuthInfoQuery
* switch to passing ReqContext as a property
* cleanup
* switch to Result
* update auth proxy
* fixes
* fix tests
* shared library for managing external user accounts
* fix: Label font weight should be semi bold, fixes #11629
* docs: typos
* graphite: adds tests for tags and tag_values functions
* docs: update provisioning documentation
* changelog: notes about closing #10883
* changelog: adds note for #11553
* dev: only build server with bra run
* changelog: adds note for #11173
* added forceupdate to grid item so addpanel items rezie
instantly, renamed function to copyPanel, fixed panel
items height issue
* revert changes of add panel button to require save
permission
* changelog: fix typo
* changelog: notes about closing #11572
* Fix issues with metric reporting (#11518)
* changelog: notes about closing #10747
* fix: Row state is now ignored when looking for dashboard
changes (#11608)
* disable codecov comments
* add some more sort order asserts for permissions store
tests
* Revert 'build: remove code cov'
* Revert 'removes codecov from frontend tests'
* docs: update postgres macro functions documentation
* tsdb: update query and annotation editor help texts for
postgres
* changelog: notes about closing #11578
* calculate datetime for timeFrom and timeTo macro in go
* set default for sslmode to verify-full in postgres
datasource editor (#11615)
* add some more sort order asserts for permissions store
tests
* Use sort.Strings() (gosimple)
* Remove unused return value assignment (gosimple)
* Remove unnecessary fmt.Sprintf() calls (gosimple)
* Merge variable declaration with assignment (gosimple)
* Use fmt.Errorf() (gosimple)
* Simplify make() (gosimple)
* Use raw strings to avoid double escapes (gosimple)
* Simplify if expression (gosimple)
* Simplify comparison to bscl constant (gosimple)
* Simplify error returns (gosimple)
* Remove redundant break statements (gosimple)
* fix unconvert issues
* variable: fix binding bug after ts conversion
* add GetFromAsTimeUTC and GetToAsTimeUTC and use them in
timeFilter macro
* fix merge conflict
* remove changes to module.ts from this branch
* migrated dropdown-typeahead to ts (#11499)
* changelog: adds note for #11556
* changelog: adds note for #11133
* dashboard: better size and alignment of settings icons
* bra should use the proper build script
* moved version in help menu to top
* docs: elasticsearch and influxdb docs for group by time
interval option (#11609)
* changelog: improved docker image
* docs: new docker image in Grafana 5.1.0.
* added fix for test
* addeds test for sort order
* Show Grafana version and build in Help menu
* changlelog: notes about closing issues/pr's
* sqlds: fix text in comments for tests
* add codespell to circleci
* removes codecov from front-end tests
* wip: writing tests for permission sorting
* changelog: adds note about closing #11228
* remove postgresversion and convert unix timestamp in go
* Support deleting empty playlist
* Grafana-CLI: mention the plugins directory is not writable
on failure
* make timefilter macro aware of pg version
* add postgresVersion to postgres settings
* changelog: adds note for #11530
* Documentation spelling fix
* docs: fix codespell issues
* public: fix codespell issues
* conf: fix codespell issues
* blocks: fix codespell issues
* CHANGELOG.md: fix codespell issues
* scripts: fix codespell issues
* pkg: fix codespell issues
* provisioned dashboard validation should be made when
importing a dashboard
* provisioned dashboard validation should not be made from
provisioning service
* remove comment/unused variable
* docs: improves provisoning example for postgres
* docs: add mssql provisioning example
* docs: improves provisoning example for each datasource
* ordered user orgs alphabeticaly fixes #11556
* permissions sorting fixed + icon same size as avatrs
* docs: update mssql with azure sql database support
* changelog: adds note for #11569
* docs: update default annotation limit when querying api
* Mention the ?inactive parameter in the docs
* Add another URL param ?inactive? which works like ?kiosk?
but with title
* tsdb: remove unnecessary type casts in sql data sources
macro engines
* tsdb: sql data sources should handle time ranges before
epoch start correctly
* change annotation limit from 10 to 100
* remove mistakenly added styles
* fix right side legend rendering in phantomjs
* scrollbar: fix so no overflow for legend under graph
* build: remove code cov
* scrollbar: fixes continuation scrolling for iOS
* added styling to fontawesome icons so they have same size
as the other icons
* Improve wording
* Add minimal IAM policy example for CloudWatch data source
* PR comments
* docs: fix typo of default port for mssql
* minor scrollbar fixes
* scrollbar: remove unused div
* dashboard: show baron scrollbar in dashboard panel when
mouse is over
* fix so that page scrollbars can be scrolled by keyboard on
page load
* fix so that dash list panel are rendered correctly
* panel: add baron scroller to correct element
* Windows build updated to go1.10.
* scrollbar: use native scroll for page
* converted functions to arrow functions
* folders: fix permissions in folder picker component
* permission: fix user with org viewer save/move permissions
* alerting: handle invalid json format
* docker: change mysql container so that it uses utc
* mysql: use a datetime column with microsecond precision in
test
* tsdb: improved floating point support when converting sql
time column to epoch (ms)
* added @ngInject
* provisioning: dont override permissions
* provisioning: simplify db query
* mssql: fix precision for time columns in time series query
mode
* postgres: support running multiple postgres integration
tests
* postgres: fix precision for time columns in time series
query mode
* mysql: fix precision for time columns in time series query
mode
* mysql: mysql tests should use a db server with UTC
* provisioning: fixes broken tests
* tsdb: add support for more data types when converting sql
time column to epoch (ms)
* provisioning: check provisiong before saveCmd
* provisioning: fixes typo
* provisioning: adds error handling
* added @ngInject
* playlist: add missing nginject attribute
* Update annotations.md to contain correct annotations api
path
* removed console.log
* docs: update after #11531
* docs: improves provisoning example text
* fix test
* convert graphite epoch to ms
* skip mssql fix
* add mssql and mysql
* don't convert to uint64
* scrollbar: fix phantomjs rendering error
* prevent angular from evaluating {{hostname}} in tooltip
(#11514)
* using millis for annotations too
* data source: rename direct/proxy access mode in data
source settings
* Fix ResponseParser for InfluxDB to return only string
values
* Conditionally select a field to return in ResponseParser
for InfluxDB
* docs: fixes typo
* docs: updated debian distro in install docs to stretch,
closes #11527
* Revert files
* Fix after merge
* Make dashboard JSON editable
* guardian: when updating permissions should verify existing
permissions
* api: allow authenticated users to search current org users
and teams
* css: quick fix after IE11 changes
* scrollbar: fix add panel height bug
* scrollbar: styles cleanup
* migrating to ts
* fixed sidemenu icon issue created by earlier pr
* added icons for viewer and editor, fixed add permission
team avatar
* singlestat: Fix optimization in
setTableColumnToSensibleDefault
* influxdb: Check before assuming first column to be 'time'
* provisioning: fix tests for save provisioned dashboard
modal
* provisioning: ux fixes when saving provisioned dashboards
* graphite: use a query when testing data source
* migrated metric_segment to ts
* scrollbar: fix search scroller in mobile view
* scrollbar: fix graph legend height
* changelog: adds note for #11165
* migrated dash_class to ts
* migrated segment_srv to ts
* removed indent for manage dashboards
* scrollbar: fix potential memory leaks in event handlers
* skip migration if it is a big number
* Use curly brackets around hyperlink help text #11478
(#11479)
* scrollbar: fix dashboard width updating for different
modes
* scrollbar: remove perfect-scrollbar and add baron to
package list
* scrollbar: fix dashboard width bug
* scrollbar: fix 'legendScrollbar.destroy is not a function'
error
* Alerting: Fixing mobile notifications in Microsoft Teams
* created closeDropdown function, renamed appevent, added
second appevent for open timepicker
* permissions: return user and team avatar in folder
permissions api
* permission: generate team avatar url with default
* migrated playlist-routes to ts
* migrated last all.js to ts
* scrollbar: fix Firefox scroll position restore
* Notes for closing #7119
* changelog: adds note for #11128
* variables: adds test for variable sorting
* Add case-insensitive sort for variables.
* graphite: fixes #11434
* settings: fixes test
* changed from margin to padding
* fixes for avatar on adding permission and size for gicon
* scrollbar: fix side menu on mobile devices
* changed variable for tabbed close btn hover, and changed
text-strong variable for lighttheme, removed commented out
variable
* mssql: typos in help sections
* docs: spelling
* added if to onAppevent, renamed appevent, add appevent to
applyCustom and setRelativeFilter
* Webpack Grafana plugin template project to links (#11457)
* scrollbar: fix Firefox issue (white stripe on the right of
scrollbar)
* scrollbar: fix legend rendering issues
* Initially move to baron scrollbar
* rm panel.type constrain from threshold_mapper.ts (#11448)
* No need for node_modules/bin in npm run-script (#11449)
* changelog: adds note about closing #11555
* add article
* fix some typos
* docker: add users and groups to ldap block
* timepicker now closes without exiting edit/view mode,
close order: modal, timepicker, view
* migrated graph_tooltip to ts
* started migration to ts
* Fix #10555 #6888 Better escape for Prometheus variables
* bounnd the esc key to exit timepicker
* print to stderr since logger might not exist
* settings: return error instead of ignoring it
* docs: adds provisioning examples for all datasources
* Fixed typo in upgrading.md
* docs: rpm install page - update to centos 7
* docs: install pages for v5.0.4
* removed padding for icons and added margin
* changelog: another update for v5.0.4
* changelog: update for v5.0.4
* changelog: adds note about closing issues
* fixed graphpanel editmode and custom width for right side
legend for IE11
* alerting: bad default state for notifiers
* Clarified formatting multiple values doc
* Add Google Hangouts Chat notifier.
* dashboard: allow alerts to be saved for new/provisioned
dashboards
* add response_parser test
* add fallback for gravatar in org/admin view
* tech: migrates to none deprecated mail lib
* docs: not about email notifications and local img store
* alert: fixes broken link back to grafana
* docs: update table plugin documentation with value/range
to text mapping
* cleanup and add more test
* table panel: additional fixes for value to text mapping
* add value to text mapping
* provisioning: better description for provisioned save
modal
* dashboards: reject updates of provisioned dashboards
* notes about closing #9210
* fixed alignment in search + fixed issue ie popup
* changelog: adds note about closing #11102
* sidemenu fix for internet explorer 11, changed icon
width/height to pixels and added height to logo
* docs: prometheus ds, remove 'new in v4.3' note
* remove categories from queryPart
* fix a terms bug and add test
* remove unused import
* handle aggregate functions more generic
* Add new currency - Czech koruna
* docs: update heatmap and prometheus docs, #10009
* provisioning: improve UX when saving provisioned
dashboards
* styled login page for ie11
* - pipeline aggs support - add some test
* support non-nested menu entries
* provisioning: removes id from dashboard.json
* Handle Interval Date Format similar to the JS variant
https://github.com/grafana/grafana/pull/10343/commits/7e14e272fa37df5b4d412c16845d1e525711f726
* Use net.SplitHostPort to support IPv6
* add missing word to graphite docs
* set right series name
* Missed the 'p d' hint in the popup-menu
* Add hints for the 'pd' Duplicate Panel command from PR
#11264
* remove README changes
* finished CODING PHASE 1
* wip
* notes about closing #11306
* cleanup
* changelog: unix socket permissions
* Adjust permissions of unix socket
* docs: fix typos
* docs: update postgres, mysql and mssql documentation
* docs: update graph panel documentation
* docs: tweaks
* changelog: adds note about closing #5855
* remove dashboardId check... i can't figure out how the
tests work
* get circle to run tests again
* add dashboardId to test
* remove api tests
* fix operator
* remove constraint from sqlstore
* move dashboard error to API (not sql)
* legend: small refactoring
* changelog: adds note about closing #11278
* docs: spelling
* docs: add intro paragraph to provisioning page
* Cleanup CircleCI V2 Conversion
* Make golint happier
* dooh
* update the updated column!
* using circle as my tester
* using circle as my tester
* adding tests, but they arent running locally
* changelog: notes for #1271 and #2740
* graph: minor fixes to y-axes alignment feature
* added save icon to save buttons
* removed trash can icon from save buttons
* mysql: skip tests by default
* Return actual user ID in UserProfileDTO
* convert epoch to milliseconds
* adding updated column
* mssql: update query editor help
* mysql: fix precision for the time column in
table/annotation query mode
* postgres: fix precision for the time column in
table/annotation query mode
* mssql: fix precision for the time column in
table/annotation query mode
* mssql: remove UTC conversion in macro functions
* mssql: fix timeGroup macro so that it properly creates
correct groups
* small screen legend right also work like legend under in
render + set scrollbar to undefined in destroyScrollbar so
it doesnt become disabled when toggeling between right and
under
* dashboard version cleanup: more tests and refactor
* Make golint happier
* fixed so legend right works like legend under on small
screens
* adding created column
* Alerting: move getNewState to EvalContext
* minor refactor of dashboard version cleanup
* refactor: dashboard version cleanup
* limit number of rows deleted by dashboard version cleanup
* fix dashboard version cleanup on large datasets
* docs: add variable regex examples (#11327)
* graphite: adds more traces for alerting
* sql datasource: extract common logic for converting time
column to epoch time in ms
* docs: details about provisioning elastic
* update email default year and name
* dataproxy: adds dashboardid and panelid as tags
* Alerting: Add retry mechanism and its unitests
* docs: spelling
* snapshot: fix legend rendering bug
* session: update defaults for ConnMaxLifetime
* snapshots: removes errors for empty values in ViewStore
* Allocated to a separate alignment block. Replaced the
attribute of the second axis by the attribute of the axes.
* Expose option to disable snippets
* changed var to const, changed to string interpolation
* mssql: adds test for time should be ms in table mode
* Remove unused kibana images
* changed var to const
* changelog: adds note about closing #11114 & #11086
* mssql: convert tests to jest
* mssql: fix precision for time column in table mode
* converted file to ts
* changelog: notes about #10093 and #11298
* dashboard: fix phantomjs panel rendering in collapsed row
* Fixed unit test.
* Changed the way this feature was activated. And changed
tolltip.
* Added validation of input parameters.
* converted file to ts
* docs: update using mssql in grafana
* fix: only run gofmt on pkg directory omitting vendor
directory
* fix: dep ensure. now without gofmt on ventor directory
* mssql: add integration test to verify stored procedure
usage
* mssql: encrypt password in database
* mssql: remove dynamic construction of metric column and
other columns
* docker: pin microsoft/mssql-server-linux to 2017-CU4 tag
* docs: improve guide for high availability
* fix: only run gofmt on pkg directory omitting vendor
directory
* test
* mssql: cleanup and minor refactor
* mssql: allow host without port and fallback to default
port 1433
* docker: update test dashboard for mssql tests
* mssql: cleanup and minor changes
* Missed thanks in changelog
* Adds pagerduty api update to changelog.
* mssql: update readme
* mssql: update test dashboard
* docs: Using Microsoft SQL Server in Grafana
* mssql: remove logos for now
* docs: mssql documentation will go into another branch
targeting next minor version
* Updated roadmap for 5.1
* Minor format changes
* Changed Swedish and Icelandic currency
* fix failed tests for dashboard view state
* dashboard: fix rendering link to panel in collapsed row
* docs: update install docs for 5.0.3
* changelog: 5.0.3
* mssql: add alternative logo without text
* mssql: strip inkscape from logo
* mssql: minor improvements of query editor help
* mssql: skip rendering of mssql logos until we have a valid
logo
* docker: add test dashboard for mssql tests based on test
data generated by integration test
* mssql: additional integration tests
* mssql: support money, smallmoney and decimal data types
* mssql: update plugin.json, added description and name
MSSQL -> Microsft SQL Server
* added indent to dashboards inside folder in search
dropdown, and added indent to dashboard icon in search
item
* session: fork Macaron mysql session middleware
* database: expose SetConnMaxLifetime as config setting
* database: fixes after xorm update
* database: update xorm to v0.6.4 and xorm core to v0.5.7
* prometheus editor: variable autocomplete support (PR
#9988)
* made a keyboard shortcut to duplicate panel
* docs: update mssql documentation
* mssql: disable mssql integration tests per default
* mssql: timeGroup fill support added.
* mssql: add timeGroup integration test
* alertmanager: /Creating/Sending/
* mssql: adds fill to timeGroup macro.
* allow any database for influx proxy
* remove
* alertmanager: handle resolved alerts, nodata, and
execution errors
* add regex search of username and password in urls, which
are replaced by strings.Replace
* notitfiers: avoid ShouldNotify duplication
* fix merge error
* alertmanager: if there are no alerts to send, do nothing
* docker: change port for prom random data scrape target
* mssql datasource: wip
* docker: mssql and mssql tests blocks with common build
context
* fix lint problems
* fix lint problems
* fix lint problems
* read aggregate functions from database
* add buildAggregateQuery
* Update README.md
* docker: fake-data-gen:latest updates
* Resolved conflict
* docs: more details about slack notifier
* properly handle IN queries
* docs: updates latest release for docs
* changelog: improve description of closed issues
* renderer: avoid redirect render requests
* changelog: adds notes about 5.0.2
* dashboard: fix import dashboard with alert rule
* middleware: recover and retry on session start
* alerting: supports extracting alerts from collapsed panels
* join multivalue variables with ,
* revert special handling for IN
* put values for IN in parens
* dont quote where constraints
* docker: add test dashboard for mssql for visualizing data
generated by fake-data-gen
* add regex operators
* mssql datasource: support for timeGroup macro function
* Added Kilopascals(kPa) under pressure
* Added W/m2(energy) and l/h(flow)
* folders: should be possible to browse folder using only
uid
* remove unused setting
* dashboards: should be possible to browse dashboard using
only uid
* mssql datasource: additional data type tests
* docker: add mssql block
* Added icon for iOS web app
* changelog: add note about closing #8151
* alerting: adds back the link to grafana.
* Fix CI
* Modify Grafana Pagerduty notifier to use Pagerduty API V2
* graph: minor refactor of histogram mode PR #8613
* changelog: adds note about closing #11220
* style: dont expose func outside package
* teams: removes quota on route
* changelog: adds note about closing #11143
* changelog: adds note about closing #11107
* Second to HH:mm:ss formatter (#11105)
* changelog: adds note about closing #10009
* docs: fix an outdated link to Prometheus's doc
* Added concentration units and 'Normal cubic metre'
* Corrected work for graphs created before this feature.
* Replaced array values to variables yLeft and yRight for
easy reading code.
* Rename test file according module name.
* prometheus: fix bug introduced by #9859 (httpMethod is
undefined)
* prometheus: add tests for heatmap mode
* prometheus: datasource refactor
* Fix urls in plugin update_checker logs
* changelog: adds note about closing #10029
* docs: add team api link from http api reference page
* added test for sorting and filtering
* changelog: adds note about closing #9859
* Refactoring
* set default value of httpMethod
* support POST for query and query_range
* cleanup where segment handling
* remove limit
* handle variables in where constraints
* Adding Timeticks unit
* properly quote where constraint parts
* quote schema and table
* docs: minor fix for dashboard http api documentation
* build: cleanup
* build: removes custom work dir in deploy.
* build: upgrades build pipeline from CircleCI 1.0 -> 2.0
(#11162)
* github: test new issue tempalte
* dev: update dev prometheus2 to 2.2.0
* changelog: adds note about closing #10925
* docs: update latest to 5.0.1
* push 5.0.1 to package cloud
* changelog: adds release date for 5.0.1
* bump master build to 5.1.0-pre1
* move quota to dedicated service
* Fix indent
* docker: add prometheus/example-golang-random to
docker-compose blocks
* Fix the code to match the documentation.
* rename Context to ReqContext
* fix, set default highResolution setting
* changelog: note about closing #11145 and #11127
* docs: adds note about closing #10632
* removes commented code
* removes unused variables
* upgrade to go 1.10
* alerting: fixes validation error when saving alerts in
dash
* add csv templating format
* docs: note about closing #11046
* docs: adds note about #10942
* heatmap: add explanation of Time series buckets mode
* Add color to prefix and postfix in singlestat
* replaced if with classNames
* heatmap: able to set upper/lower bucket bound manually
* heatmap: refactor
* added media breakpoint to legend-right
* Documentation: path '~/go' to '$GOPATH'
* Update ROADMAP.md
* add panel to list now copy, started on jest
* docs: improves docs for alert rules
* heatmap: fix Y axis and tooltip decimals and units issues
* Append test to check not zero level.
* Add bs-tooltip to Y-Align element.
* move Context and session out of middleware
* only use jwt token if it contains an email address
* scrolling: faster wheelspeed
* docs: improves provisioning description
* changelog: adds note about closing #10975.
* changelog: adds note about closing #7107
* changelog: adds note about closing #11103
* changed background for mobile menu background on light
theme, increased font size in and added border-right in
menu
* heatmap: fix tooltip count and bucket bound format
* alerting: Limits telegram captions to 200 chars.
* changelog: note about closing #11097
* hide row actions for viewers
* fixes invalid link to profile pic when gravatar is
disabled
* changelog: adds note about closing #11016
* fix: restores white resize handle for panels, fixes #11103
* changelog: adds note about closing #11063
* fix typo in heatmap rendering.ts (#11101)
* docs: add v5.1 to versions
* docs: fill for mysql/postgres
* ignore iteration property when checking for unsaved
changes
* changelog: notes for #11055 and #9487
* use net/url to generate postgres connection url
* made drop-menu into link
* heatmap: sort series before converting to heatmap.
* use metricColumn in query builder
* set rawSQL when rendering query builder query
* fix group by column
* clean up aggregation functions
* fix variable interpolation
* rename field to column
* Fix Prometheus 2.0 stats (#11048)
* docs: removed beta notice in whats new article
* remove spaces around arguments of macros
* remove spaces around arguments before calling macro
expansion
* docs: update current version to 5.0
* docs: update install pages for v5.0.0
* update version to 5.0.1-pre1
* changelog update for 5.0.0 stable
* Add metrics that triggered alert to description
* build: updated version
* heatmap: hide unused Y axis controls for tsbuckets mode
* heatmap: format numeric tick labels in tsbuckets mode
* heatmap: add rendering tests for tsbuckets mode
* Fix Github OAuth not working with private Organizations
(#11028)
* login: hide sign up if configured so. Fixes #11041
* permissions: fix validation of permissions before update
* dashboard: add permission check for diff api route
* permissions: remove client validation and handle server
validation
* dashboards: change dashboard/folder permission error
messages
* dashboards: handle new guardian error responses and update
tests
* folders: handle new guardian error responses and add tests
* dashboards: don't allow override of permissions with a
lower precedence
* Alerting: Fix OK state doesn't show up in Microsoft Teams
(#11032)
* grammar fix, add dir, and remove redundant info
* heatmap: use series names as top or bottom bounds, depends
of datasource
* heatmap: refactor
* heatmap: add few tests for histogram converter
* fix: changed react-grid-layout to use grafana fork to a
commit before
https://github.com/STRML/react-grid-layout/commit/15503084fb7b0af826427c8c0706901e5745a39f,
this fixes all the panel movement bugs, fixes #10831
* heatmap: fix Y bucket size calculation for 'tsbuckets'
mode
* gave scroll-canvas-dashboard 100% height in kiosk-mode,
fixes #11010 (#11017)
* docs: update to install pages for beta5
* changelog: update for v5.0.0-beta5
* added admin icon and permission member
definitions(role,team,user)
* build: update to version 5.0.0-beta5
* [doc] Fix extra alerting options in
installation->configuration
* yarn: update lock file with tarball change
* build: use tarball instead of git commit for tether drop
* improve maintainability
* docs: fix type in datasource http api
* docs: adds accesskey and secret to securejsonfields
* support [[variable:type]] syntax
* offer template variables for tags
* feature for issue #9911
* Added radiation units
* docs: update shortcut docs
* dashboards: remove non-supported keyboard shortcuts for
delete/collapse row
* dashboards: fix keyboard shortcut for expand/collapse rows
* dashboards: fix keyboard shortcut for remove panel
* snapshots: fixes cleanup of old snapshots
* docs: minor folder http api changes
* Update ROADMAP.md
* Update ROADMAP.md
* heatmap: fix bucket labels shift
* heatmap tooltip: fix bucket bounds for 'tsbuckets' mode
* heatmap tooltip: fix count decimals
* heatmap: fix tooltip histogram for 'tsbuckets' mode
* heatmap: use buckets from histogram with 'tsbuckets' mode
* dashboards: created/updated and createdby/updatedby should
be set before save
* Add unit tests.
* Refactoring code
* Fix save as dashboard from folder to General folder
(#10988)
* changed name of copy tab to paste
* added no copies div
* prometheus: tests for heatmap format
* dashboards: cleanup
* folders: use folder api for retrieving folder
* dashboards: fix batch dashboard/folder delete response
* fix: elasticsearch terms size now allows custom values
again, fixes #10124
* added highlighter, fixed setState and changed back flex to
spacea around
* folders: fix create folder in folder picker
* added tabs and searchfilter to addpanel, fixes#10427
* snapshots: change to snapshot list query
* prometheus: initial heatmap support
* docs: update http api index
* docs: dashboard and folder permissions http api
* docs: folder http api
* permissions: use updated api endpoint for dashboard
permissions
* fix typos in api, acl to permissions
* folders: rename folder_acl in api to folder_permission
* dashboards: change api route for dashboard permissions
* folders: fix typo
* folders: extend folder service tests
* dev: docker-compose setup for prom2.
* folders: folder api tests
* fix: scrollbar position now to max right pos, fixes #10982
* Fixes for heatmap panel in Grafana 5 (#10973)
* docs: updated cloudwatch docs add dimension filter as a
option for dimension_values query.
* folders: folder permissions api tests
* dashboards: make fake dashboard guardian available to
other packages
* fix: added new known data source plugins, and minor
migration fix for v1 dashboards
* folders: folder permission api routes
* folders: fix api error mapping
* folders: basic integration tests for folders
* folders: use new folder service in folder api routes
* folders: new folder service for managing folders
* dashboards: created date should be set when creating a
folder/dashboard
* fix: fixes to signup flow, fixes #9816
* Refactoring code. Change Y-Zero to Y-Level.
* fix: fixed github oauth login with allowed orgs filter,
fixes #10964, reverts #10851
* fix: plugin dashboard did not get plugin id after import
* feat(ldap): Allow use of DN in user attribute filter
(#3132)
* added scroll to org list modal (#10960)
* added an if to check for null to sort null as 0 (#10961)
* fix: alert history list now shows on graphs with manually
added annotation events, fixes #10968
* provisioning: dont ignore sample yaml files
* docs: updated for changelog and docs with beta4
* Correct typo in DashboardInputMissingError
* build: updated build version to v5.0-beta4
* graph: added 0.5 point radius option
* Shouldn't be able to overwrite a dashboard if you don't
have permissions (#10900)
* influxdb: escape backslashes in tag values (for alerting)
* [elasticsearch] Allow nested fields for annotation source
(#10936)
* changed m3 and dm3 to fixedUnit, fixes #10920 (#10944)
* migrate panels in collapsed rows (#10948)
* Share zero between Y axis.
* Add hook processRange to flot plugin.
* login: migration fix.
* login: uses epochs for login throtting.
* fix: fixed redirect after save, fixes #10946
* fix: esc key now closes panel edit/view mode as usual,
fixes #10945
* docs: updated to beta3
* alerts: refactoring tests
* alerting: pausing alerts modifies updated.
* test: added integration test for #10941
* refactoring: alert rule query refactoring (#10941)
* updated version to v5-beta3
* db: reduce name column size in dashboard_provisoning
* teams: adds some validation to the API
* docs: status code changes for Team API
* docker: add test dashboards for mysql and postgres for
visualizing data generated by fake-data-gen
* cli: download latest dependency by default
* Revert 'removes dependencies install for plugins'
* migrate minSpan (#10924)
* Close modal with esc (#10929)
* repeat row: fix panels placement bug (#10932)
* docs: team API. Closes #10832
* Update sample.ini
* Update ldap.toml
* Update ldap.md
* Minor typo fix
* plugins: update meta data for all core plugins
* alert notifiers: better error messages.
* support cloudwatch high resolution query
* chore: adds comment for exported function
* updated download links
* docs: Updated changelog
* updated package.json version
* fix: more phantomjs fixes
* fix: refactoring #10922
* Fix phantomjs legend rendering issue, #10526
* mark redirect_to cookie as http only
* dashboard: whitelist allowed chars for uid
* updates readmes for mysql and postgres (#10913)
* Set default threshold axis to 'left' for panels created
before this feature.
* provisioning: adds setting to disable dashboard deletes
* tech: dont print error message on 500 page
* removes dependencies install for plugins
* tests: makes sure we all migrations are working
* provisioning: uses unix epoch timestamps. (#10907)
* improve error message for invalid/unknown datatypes
(#10834)
* add AWS/States Rekognition (#10890)
* Dashboard acl query fixes (#10909)
* wip: dashboard acl ux2, #10747
* permissions: refactoring of acl api and query
* bug: return correct err message
* initial fixes for dashboard permission acl list query,
fixes #10864
* provisioing: always skip sample.yaml files
* provisioning: handle nil configs
* sql: removes locale from test to mirror prod.
* adds tests that validate that updated is correct
* provisioning: code formating
* provisioning: adds logs about deprecated config format
* provisioning: support camelcase for dashboards configs
* provisioning: support camcelCase provisioning files
* API Integration Tests via jest (#10899)
* ux: refactoring #10884
* Invalid url in docs
* Duplicate typo fixed
* add 13-24 for min width (#10891)
* sass/base: import from current dir in _fonts.scss (#10894)
* fix: removed logging
* fix: sql search permissions filter fix
* provisioning: Warns the user when uid or title is re-used.
(#10892)
* Minor typo fix
* new dashboard is now hidden from viewer, fixes #10815
(#10854)
* fixed bg gradient, fixes #10869 (#10875)
* login: fix broken reset password form (#10881)
* moved div in code
* added buttons and text to empty dashboard list
* docs: spelling.
* docs: update dashboard permissions http api docs
* Cloudwatch dimension_values add dimension filter.
* dashboard: always make sure dashboard exist in dashboard
acl http api (#10856)
* Fix #10823 (#10851)
* provisioning: better variable naming
* ux: minor tweak to grid resize handle color
* teams: use orgId in all team and team member operations
(#10862)
* permissions: might have a solution for search
* Fixes for graphite tags editor (#10861)
* fix: clear items list before fetching permissions list
* provisioning: dont return error unless you want to cancel
all operations
* provisioning: createWalkFn doesnt have to be attached to
the filereader anymore
* provisioning: update sample config to use path
* provisioning: avoid caching and use updated field from db
* update README.md regarding running tests
* update README.md regarding running tests
* docs: minor docs update
* docs: updated docs landing page
* provisioning: delete dashboards before insert/update
* user picker should only include users from current org
(#10845)
* Correct code style.
* db test: allow use of env variable for database engine to
run tests for
* dashboard and folder search with permissions
* provisioning: fixed bug in saving dashboards.
* dashboard: fix delete of folder from folder settings tab.
* append test to thresholds on right axis
* Update logic for create/update dashboard, validation and
plugin dashboard links (#10809)
* added width class to add member choose (#10835)
* add where constraint handling
* add query_builder
* docs: adds uid to dashboard.json reference docs
* Fix #7107
* fix: initial fix for #10822
* fix: folder redirect after creation
* dashfolders: fixes #10820
* fix: fixed bug with redirect after new dashboard saved,
related to buggy angularjs location path/url and base
href, fixes #10817
* docs: describe uid for dashboard provisioning
* fix: removed old shortcut that does not exist, fixes
#10802
* build: fixed recovery test
* fix: css fix, found a better way to fix #10772
* fix: minor build fix
* fix: error handling now displays page correctly, fixes
#10777
* heatmap tooltip: minor refactor
* fix: changed dashboard title length to match slug length,
will fix mysql index size issue, fixes #10779
* docs: added graphite section
* docs: minor update
* graph panel: fix csv export (series as col) (#10769)
* org-switcher: should redirect to home page (#10782)
* embedded panel: hide side menu during init (#10788)
* docs: update http api for api index, dashboard, folder and
dashboard search
* scroll: css for #10722
* dashlist: scroll fix when no header
* docs: video fix
* Update changelog with deprecation notes of http api
* redirect 'permission denied' requests to '/' (#10773)
* docs: fix
* scroll: use wheelpropagation. Ref #10772
* docs: update dashboard model, persistent urls and api
changes in what's new in v5
* docs: fix download link
* docs: minor update
* docs: adds http api dashboard permissions
* docs: updated whats new
* docs: update dashboard model, new url structure and api
changes in what's new in v5
* build: updated publish script
* docs: update docs with download links
* build: increased version to beta1
* fix: fixed permission list caching issue, fixes #10750
* Stale permissions (#10768)
* adds unique index for org_id+folder_id+title on dashboards
(#10766)
* docs: fix links in HTTP API Reference page
* dashboards: render correct link for folder when searching
for dashboards (#10763)
* fix panel menu caret placement (#10759)
* permissions: fix link to folder from permissions list
* dashboard: fix loading of snapshot and scripted dashboard
(#10755)
* changes to new urlformat for home dashboard (#10738)
* fix: alert list links did not work, changed dashboardUri
to Url, this is breaking api change in alert api (#10756)
* docs: typos and wording.
* ux: hide sidemenu in kiosk mode, and while playlist is
playing, fixes #107402
* dashboard: fix redirect of legacy dashboard url's
* make metricColumn functional
* add metric column selector
* docs: add spaces to timeseries example
* fix: restored tags to search
* fix frontend validation for creating new folder and import
dashboard (#10737)
* #10724 Fix whitespace
* poc: merge sync
* #10724 Fix finding the x bucket
* docs: dashboard provisioning
* handle new error message
* removes uid when using 'save as'
* dashfolders: rename Root folder to General. Closes #10692
* Light theme icon color (#10730)
* folders: use new folder api in frontend
* folders: changes and updated tests after merging
permissions and new url structure
* folders: rename api files
* dashboards: revert logic of returning 404 in dashboard api
if it's a folder for now
* db: fix failing integration tests for mysql and postgresql
* docs: add examples for dashboard permissions
* Update search datasource by name API path
* fix for dashboard/folder url's when having a sub path in
root_url config
* ux: added max width to dashboard settings views
* add gofmt as precommit hook
* dashfolders: adds test for permission store
* dashfolders: adds permission modal to dashboard settings
* register handler for get dashboards by slug
* make it easier for dashboards to generate ur;
* changes dashboard url in alertlist
* alert: use new url format
* Improve logging in the phantomjs renderer (#10697)
* route params from angular to view store should be updated
on routeChangeSuccess
* repeat panel: process repeats when row is expanding
(#10712)
* folders: changes needed due to merge
* docs: removed section with session table sql, that is not
needed anymore
* ux: fix for responsive breakpoints and solo mode showing
sidemenu
* support multiple histogram series
* docs: moved whats new article to master
* ux: fixed issue with zoom on graph caused scroll, fixes
#10696
* dashboard: refactor logic for retrieving url for
folder/dashboard
* update text, fix a few typos
* dashboards: update dashboard/folder url if browser url is
not the same as from backend
* dashboards: when restoring a dashboard to an older
version, set current uid
* dashboards: fix updating folder so that correct url is
returned
* dashboards: remove slug property in dashboard search
responses
* folders: change the front end route for browsing folders
* dashboards: add validation to delete dashboard by slug
* dashboards: new route for deleting dashboards by uid
* plugins: return table with empty rows array insteaf of nil
* retry uid generation
* fix: use replace when redirecting to new url
* ux: Change input width of UserPicker and TeamPicker in
AddPermissions component #10676
* viewstore: fix test after merge
* tests: Add TeamPicker test and update
TeamPicker/UserPicker snapshots so they match the latest
classNames update #10676
* dashfolders: fix for folder picker
* ux: Add an optional className to the UserPicker and
TeamPicker #10676
* dashfolders: fixes #10671. Allow Editors default access to
Root.
* docs: added redirect from old provision page, #10691
* tests: Move tests from Permissions to AddPermissions
#10676
* tests: Update tests in PermissionsStore and rem out the
Permissions-tests for now #10676
* docs: added permissions page and updated folder docs
* dashfolders: text change
* dashfolders: special case for folders in root
* add groupby to querybuilder remove unused aggregations
* gofmt...
* spelling
* Verifies requirement of id in dashboards.
* ux: POC - Update 'Add permissions' design and add a fancy
animation #10676
* ensure dashboard title is unique in folder
* docs: Remove obsolete Ansible rule (#10689)
* docs: Fix outdated provisioning link (#10690)
* Renamed 'Period' to 'Min period' in CloudWatch query
editor (#10665)
* created cta-bg variable and changed bg color on light
theme (#10693)
* Repeat panels when row is expanding (#10679)
* dashboards: make scripted dashboards work using the old
legacy urls
* dashboards: redirect from old url used to load dashboard
to new url
* docs: updated whats new
* playlist: fixes #10254
* dashboards: add new default frontend route for rendering a
dashboard panel
* alerting: small refactoring
* dashfolders: POC - Use separate component for 'Add
permission' #10676
* removes uniqnes check on slug when saving dashboards
* Drops unique index orgid_slug from dashboards.
* plugins: return empty tables array insteaf of nil
* url: fix for bsclean querystring parameters
* moved icon (#10681)
* docs: updated whatsnew
* docs: progress on whats new article
* docs: updated version
* docs: fixed order of sidemenu
* test: fixes failing test in go1.10
* dashboards: fix links to recently viewed and starred
dashboards
* dashboards: use new *url* prop from dashboard search for
linking to dashboards
* dashboards: when saving dashboard redirect if url changes
* dashboards: add new default frontend route for loading a
dashboard
* dashboards: return url in response to save dashboard.
#7883
* dashboards: ensure that uid is returned from
getSaveModelClone
* alertlist: disable pause button when user does not have
permission
* dashboards: revert adding api for retrieving uid by slug
* util: remove retry logic in shortid_generator
* dashboards: add url property to dashboard meta and search
api responses
* dashboards: api for retrieving uid by slug. #7883
* dashboards: add support for retrieving a dashboard by uid
* dashboard: change unique index for uid to include org_id
* dashboards: return uid in response to creating/updating a
dashboard. #7883
* dashboards: extract short uid generator to util package.
#7883
* dashboard: fix failing test. #7883
* dashboard: generate and include uid in dashboard model.
#7883
* db: add migrations for creating a unique index for uid.
#7883
* db: add migrations for generating uid for existing
dashboards. #7883
* db: add new column uid to the dashboard table. #7883
* enhance render function
* add postgres_query.ts
* moved icon (#10681)
* dashfolders: remove inline styles
* fixed width of images and removed gifs and fixed text a
bit in search
* docs: fixed order of sidemenu
* test: fixes failing test in go1.10
* new gifs for search
* docs: adds more info about whats new in v5
* docs: updated versions.json
* alerting: add permission check in api for pausing alerts
* query builder changes
* dashfolders: adds comment for dashboard api tests
* more query builder components
* docs: added versions file
* dashfolders: adds comment for dashboard acl test
* api: extract api test code to common_test.go
* repeat panel: minor refactor
* WIP: folder api. #10630
* changed img for shortcuts
* replaced img in export_import and sharing
* Fix horizontal panel repeat. Fix #10672.
* dashfolders: Add min-width to align icons in permissions
list and some margin between icon and text #10275
* ui: Fix Firefox align issue in dropdowns #10527 (#10662)
* fix: InfluxDB Query Editor and selecting template variable
in where clause caused issue, fixes #10402, fixes #10663
* dashfolders: link to folder for inherited permissions
* test: Update Tooltip test to check for className support
* changed img-link for timerange imgs and some text
* fix: remove repeated rows when repeat was disabled.
(#10653)
* test: Update Popover test to check for className support
* dashfolders: Get rid of unused import #10275
* dashfolders: Use grafana's question mark instead of FA's
and use the react tooltip instead of angular's #10275
* dashfolders: Add className to Tooltip component
* fix: don't show manually hidden sidemenu after view mode
toggle (#10659)
* dashfolders: css class as parameter for Picker
* dashfolders: select with description for permissions
* fix: show sidebar after mouse wheel scrolling (#10657)
* fix: tweak of PR #10635
* ux: minor tweak of #10634
* plugins: only set error if errorstring is not empty
* Revert 'Fix typeahead to avoid generating new backend
request on each keypress. (#10596)'
* call render in query
* dashfolders: add help popover. Add folder title for
inherited permissions
* dashfolders: use react component for dashboard permissions
* added hash rate units for monitoring mining processes
* replaced input with gf-form-dropdown
* reverted media queries
* graphite: fix nested alerting queries (#10633)
* fix for sm
* added media break for md and sm
* dashfolders: add disabled Admin permission to list
* tech: upgrade to golang 1.9.3
* Locks down prometheus1 to v1.8.2 in live-test.
* fix typo in parameter. (#10613)
* dashfolders: autosave permissions on change (remove update
button)
* changelog: move all 4.7 changes into 5.0
* changed some img-links, updated text for annotated img,
more work on whats new in v5.0
* changelog: be more explicit about backwards compatibility
* WIP: Protect against brute force (frequent) login attempts
(#10031)
* dashfolders: fix tests for ViewStore after merge
* Fix typeahead to avoid generating new backend request on
each keypress. (#10596)
* fix vertical panel repeat (#10619)
* graph: fix series sorting issue (#10617)
* dashfolders: New snapshot since we changed from
defaultValue to value per latest React documentation
#10275
* refactor: Replace _.find with Array.prototype.find()
* dashfolders: Convert mobx observable to js objects and
remove the observer() since we want to use the component
outside the react/mobx world #10275
* dashfolders: Clean up more variables and move newType,
aclTypes and permissionOptions to the store #10275
* dashfolders: Remove variables not used and pass in the
real dashboardId #10275
* dashfolders: Remove those 2-line-components from
PageHeader to make it easier to read and make sure
components listening to the mobx state are wrapped with
observer() #10275
* dashfolders: Add support for breadcrumbs in NavStore
#10275
* dashfolders: Rename UserPicker folder => Picker. Inject
the permission-store in the FolderPermissions-container
instead of the Permissions component, add the
PermissionsStore to the RootStore and and the
error-message to the Permissions-store #10275
* dashfolders: Add Permissions information box #10275
* dashfolders: Fix page max width #10275
* dashfolders: Update jest tests with backendSrv #10275
* dashfolders: Add a Team Picker component and use it on the
dashboard permissions page #10275
* dashfolders: Working user picker on the dashboard
permissions page #10275
* dashfolders: Send down backendSrv to the react components
#10275
* dashfolders: Re-use the API of the angular user picker
instead, which is reusable #10275
* provisioning: delete dashboards from db when file is
missing
* dashfolders: Remove the PermissionsInner-strategy since we
have a container for this route now #10275
* dashfolders: Permissions are injected via MST so it needs
to be defined as optional #10275
* dashfolders: Add FolderPermissions container and make sure
isFolder is passed to PermissionsStore #10275
* dashfolders: Always get dashboardid and backendsrv from
props #10275
* dashfolders: Rem code to avoid tests to fail #10275
* wip: More on the permissions. Left are team picker and
user picker, tests and error messages #10275
* fix: mobx-react-devtools is a dev dependancy #10275
* dashfolder: wip: More wip on acl.html2permissions.tsx
#10275
* dashfolders: wip - Move Permissions into React #10275
* variables: lint fix
* variables: fix when datasource returns error
* fixes broken phantomjs rendering
* added varibale to table hover, lightend colors for table
light theme, fixes #10609 (#10611)
* added whats new v5, changed link in notifications, removed
row from getting started
* fixes minor typo
* provsioning: dont stop grafana due to missing
* Disable prefix and postfix font size when gauge mode is
enabled (#10573)
* docs: improve docs for image uploaders
* cfg: remove local as default image uploader
* docs: Add haproxy example for running behind reverse-proxy
* provisioning: enables title changes for dashboards
* Cloudwatch: add support for multi instances (#10570)
* ux: minor change, added import dashboard link to dashboard
search side view
* tech: adds/removes in vendor folder according to dep
0.4.0.
* docker: sync local time and timezone to mysql_tests block
* dashfolder: fix for sqlite test
* dashfolder: fix for mysql test
* mysql: pin the mysql dependency
* tech: ignore /public and /node_modules
* tech: ignore /data folder for dep
* docs: first draft of dashboard folders docs
* plugins: map error property on query result
* stats: send amount of stars as stats
* tech: avoid using deprecated functions
* style: minor code style changes
* dashboards: save provisioning meta data
* provisioing: add lookup table provisioned dashboards
* refactor: minor css class naming change of #10505
* refactor: minor refactoring of PR #10560
* cloudwatch: fix ebs_volume_ids by create a client-session
before call ec2:DescribeInstances. (#10566)
* docker: use mysql and postgres from latest fake-data-gen
* Update OpsGenie Notifier to support different api domains.
* 10583 panel resize icon fix (#10585)
* dashboards: Fix issue with first click when expanding
folder in search
* cfg: adds info about local img uploader to docs
* docs: adds info about local img uploader
* changelog: adds note about closing #6922
* changelog: note about closing #9664
* changelog: adds note about closing #9770
* start query builder ui
* Disable instead of hide mode options when line/points is
unchecked
* dashfolders: show folders use can save to in picker
* dashfolders: fix bug in save as modal
* Add lumens unit
* add docs for configuring OAuth with Auth0 and Azure AD
* install dep instead of govendor on setup
* remove unused code from vendor
* migrate from govendor to dep
* fix: cloudwatch corrected error handling so original error
is not thrown away
* go fmt
* support for decoding JWT id tokens
* ds: updated ds nav
* feat: ds edit fix
* feat: ds edit nav
* Generic Oauth Support for ADFS (#9242)
* Recommend a limit on database query
* Adjusted the border color on the buttons in dashboard nav,
fixed alert email text area width, fixed padding-top issue
on dashboard settings aside
* dashfolders: stop user locking themselves out of a folder
* dashfolders: add breadcrumbs to NavStore
* codestyle: extract code into methods
* mysql: convert numbers to text for annotation tooltip
* mysql: update to use ColumnTypes interface in new version
* mysql: update mysql driver to latest master
* gofmt my dear friend
* ux: updated react-layout-grid
* plugins: send secureJsonData unencrypted
* Make file_reader follow symlinks
* dashboards as cfg: property path replaces folder
* moves datasource plugin model to
grafana/grafana_plugin_model
* Update package.json
* fix: fixed build issue
* fix: multi valued query variables did not work correctly,
fixes #10539
* move graphite /functions parsing into gfunc.ts
* remove duplicate sass rules
* fix tests & some display issues
* fix: graphite func editor fixes, this component is messy
and ugly as hell
* fix: minor fixes
* fix: restored previous behavior of form_dropdown, this
fixes all my observerd bugs with the dropdown behavior
* fix: query editor needs to wait for function definitions
to load
* fix issue with metric find & functions being loaded
multiple times
* interpolate variables in tags & values during autocomplete
* fix typo
* update rst2html
* fix line length, run jscs & jshint in precommit
* function description formatting
* tooltips for function definitions
* support specifying tag_values('<tag>') as graphite
template query
* use typeahead value in graphite find requests
* send prefix when auto-completing tags
* add button to trigger evaluation of tag queries
* sync function categories with graphite-web
* work on tag dropdown behavior
* support for loading function definitions from graphite
* Update building_from_source.md
* Update README.md
* Update default_task.js
* Clearer naming for dashboard provisioning config.
* ux: dashboard nav and settings tweaks
* Tag filters in search (#10521)
* fix: save as enter key now works and folder selection also
works, fixes #10464
* use context over golang.org/x/net/context
* docs: small update to IIS proxy docs
* added a variable for grid color and if statment to switch
colors, fixes #10509 (#10517)
* dashboards as cfg: logs error when trying to import
dashboard with id
* code style fixes
* dashfolders: bugfix after rename
* dashfolders: bugfix after rename
* Adds Table in backend datasource contract.
* fix: share snapshot controller was missing ngInject
comment, fixes #10511
* Use URLEncoding instead of StdEncoding to be sure state
value will be corectly decoded (#10512)
* Optimize metrics and notifications docs
* Optimize cli and provisioning docs
* imguploader: Add support for new internal image store
(#6922)
* docs: Guide for IIS reverse proxy
* changelog: adds note about closing #9645
* telegram: Send notifications with an inline image
* telegram: Switch to using multipart form rather than JSON
as a body
* telegram: Fix a typo in variable name
* dashfolder: refactor breadcrumbs in PageHeader
* dashfolders: convert folder settings to React
* Adds Tables types to protobuf
* fix: alert list pause/start toggle was not working
properly
* fix template variable selector overlap by the panel
(#10493)
* Review tsdb protobuf contract
* dashboard: Close/hide 'Add Panel' before saving a
dashboard (#10482)
* supports windows compatible plugin binaries
* fix: removed unused param
* Fix variables values passing when both repeat rows and
panels is used (#10488)
* moved angular-mocks out of dependencies
* ux: minor change to alert list page
* ux: minor word change to alert list
* fix: updated snapshot test
* moves plugin proxy to plugin package
* Add eu-west-3 in cloudwatch datasource default's region
(#10477)
* fix: Make sure orig files are not added to git again
#10289
* improves name for plugin logger
* fix: Remove conflict file #10289
* text panel: fix $apply already in progress error (#10486)
* uses pluginmanagers log instead of global
* 10389 react tooltip components (#10473)
* test: Updated snapshot for UserPicker jest test #10289
* ux: When adding a new panel we should scroll to top until
we figure o… (#10417)
* removes commented code
* naming fixes and added test file
* makes datasource handshake more explicit
* backend plugins: improves logging
* dashfolders: show/hide create folder or dashboard buttons
* dashfolders: fix mergeconflict error
* dashfolders: prettify
* dashfolders: check permissions for new dashboard
* dashfolders: allow any signed in user to get list of teams
* fix gofmt warning
* dashfolders: permissions for saving annotations
* dashfolders: disable save button after save of acl
* dashfolders: on folder page, hide tabs if not has admin
permission
* dashfolders: remove role requirements on dashboard routes
* dashfolders: must have admin permission to save/see dash
acl
* dashfolders: prettify on tests file
* dashfolders: permissions tab in dashboard settings
* dashfolders: permissions tab for dashboard folders
* fix for unsaved changes popup on tab close/refresh
* fix: Clean up logging and remove unused css #10289
* fix: Rename directive user-pickerr (yes two r's) to
select-user-picker
* fix: Accidently added the conflict files (#10289)
* test: Add snapshot tests for UserPicker and
UserPickerOption (#10289)
* fix: Add interface for props to UserPickerOption (#10289)
* ux: POC on new select box for the user picker (#10289)
* dashboard: fix opening links in new tab (#10465)
* alert list: fix rendering timeout when share panel
(#10467)
* fix missing profile icon (#10469)
* More fixes for relative urls when running Grafana under a
different sub path (#10470)
* put this.props.search in the Highlighter
* moved state handling for search to store
* Delete CopyQuery.png
* Delete tgr288gear_line6.pdf
* fix: added back colors to rootScope, fixes #10462
* fixed the subUrl bugs from
https://community.grafana.com/t/suburl-not-work-at-some-links-and-buttons/4701
with folder/settings/teams etc.
* added /** @nginject */
* Fix typo in error message
* updated snapshot
* styling fix
* added highlight to search
* Updates go-stack to v1.7.0.
* docs: adds note about tlsSkipVerify to docs
* fixed regex issue
* made a view of filtered list
* updated jest file and snapshot
* Remove silly noise
* Update tests to match new reality, and rejig the
implementation a bit to truly work as desired
* Align queries to prometheus with the step to ensure 'rate'
type expressions get consistent results
* plugin: fix path for app plugins on windows
* added search function
* new styling and markup
* cleanup: removed unused typescript typings import
* new add alert notification channel icon
* mobx: poc in using each store as individual prop on the
react containers (#10414)
* fix: Change max size of panel JSON editor so button is
shown on smaller screens, #10346 (#10415)
* poc: began react panel experiments, step2
* poc: began react panel experiments, step2
* Add AWS/AmazonMQ namespace metrics to CloudWatch tsdb
(#10407)
* add docs for using oauth login with OneLogin (#10385)
* Update built_in_plugins.ts
* poc: began react panel experiments
* added empty list cta to notification channels, fixes 10393
(#10400)
* mobx: fixed issue with view store, and added missing
snapshot
* tech: enzyme container test working
* tech: enzyme container test working
* react: trying to get enzyme and mobx tests working
* tech: url and query mobx store so now react components and
containers can read and modify url path and query via mobx
store
* tech: alert list react migration progress
* fix info popover, #10302 (#10377)
* fix move dashboard variables, #10347 (#10375)
* dashfolders: relative links should work when root_path is
specified (#10363)
* fix mixed datasource add query button, #10316 (#10361)
* tech: react mobx progress
* Doc version and schemaVersion properties of dashboards
* tech: began reworking alerting list to mobx
* tech: progress on react pages
* prom: fixes broken test
* prom: make $__$interval the first suggested range vector
* fixes log typo
* imguploader: log if the configuration is invalid
* changelog: adds note about closing #8955
* renderer: avoid calling Handle twice
* migrated file to ts
* dashboards as cfg: moves dashcash into its own file
* dashboards as cfg: create dashboard folders if missing
* fixed error
* migrated files to ts
* tests: for skipping with hidden folders
* Implement Azure Blob external image uploader
* migrated datasource to ts
* tech: minor progress on mobx state tree & react
containers, working on unit testing
* Fix tooltip unit when legend isn't shown (#10348)
* refactor: minor refactoring of PR #10236
* don't save dashboard on make editable, #10236
* fix scripted dashboard loader, #10350 (#10351)
* new aws region cn-northwest-1 (#10353)
* Dashboard: View JSON improvements (#10327)
* refactor: tried to simplify and also minimize scope a bit
for #10323
* ignore trailing whitespace (#10344)
* (prometheus) show label name in paren after
by/without/on/ignoring/group_left/group_right
* dont spawn new subprocess while shutting down
* Fix small singlestat value display
* fix: fixed issue with optimized build, fixes #10333
* migrated file to ts (#10328)
* plugins: restart killed plugins
* query result should be a map
* prom: removes limitation of one query per tsdb call
* changelog: adds note about closing #10222
* pagerduty: fixes invalid default value
* fix: remove unused code
* dashboard: copy panel to clipboard
* pagerduty: adds test for reading auto resolve setting
* code formatting fix
* migrated files to ts + fixed specfile
* tech: cleaned up unused stuff
* ux: removed unused stuff form style guide
* prettier: ran on all files again, sorry. now settings are
defined in package.json
* tech: mobx tests
* Add avatar to team and team members page (#10305)
* Various dashboard folders improvements (#10309)
* mobx: progress on poc
* test for plugin path builder
* merge backend datasources and datasources
* use int64 for timestamps
* fixes invalid valud/timestamp order
* fix: unit test fixed
* prettier: change to single quoting
* ux: minor name change to search sections
* db: fix postgres regression when comparing bsclean
columns/values (#10303)
* dashboard: delete row improvements
* poc: mobx test
* fix missing comma in documentation output example
* fix broken link (#10291)
* minor fixes and formatting after review
* dashfolders: use validation service for folder creation
and dashboard import. #10197
* dashfolders: support creating new folder when moving
dashboards. #10197
* dashfolders: support creating new folder when saving a
dashboard. #10197
* dashfolders: support creating new folder in dashboard
settings. #10197
* dashfolders: support creating new folder from the folder
picker. #10197
* poc: mobx poc
* tech: ran prettier on all scss files
* tech: ran pretttier on all typescript files
* search: closes dash search when selecting current
dashboard (#10285)
* fix: Original dashboard link from snapshot should be an
a-tag, not a button (#10269) (#10283)
* dashboard: fixes #10262
* added new to new dahsboard and folder
* test: Update test with new component signature
* pushover: update default message
* delete unused icon files
* fix: The /logout route should always full page reload
(#10277)
* tech: added prettier to precommit
* ux: Add icon to selected option in PageHeader navigation
on small screens, update select boxes for Firefox so the
arrow to the right is aligned with the other select boxes
(#10190)
* ux: Fix color picker positioning when scrolled down to the
bottom of a page (#10258) (#10271)
* test: remove unused code
* alerting: make alert extractor backwards compatible
* alerting: move test json into files
* Use strings.TrimPrefix to make sure relative url doesn't
start with forward slash
* Update README.md
* fix: Navigation on small screens when Grafana is installed
in a sub directory (#10252) (#10261)
* cloudwatch: fixed optimized build issue, fixes #10174
* fix text panel rows limit (#10246)
* use ace editor in panel edit (#10245)
* docs: mysql example with macro
* docs: mysql macros update
* fix: reduced team name column length, fixes #10244
* ux: Add missing icon for login with grafana-com, fixes
#10238 (#10249)
* Kinesis Metric Capitalization
* merge backend-datasource and datasource type
* dashfolder: nginject fix
* teams: missing nginject attribute
* grid: disable resize and drag on non editable dashboards,
closes #10235
* logging: removed logging from panel loader
* menu: fixed create default url
* fix: dont show settings for viewers
* prometheus: change default resolution to 1/1
* fix: viewers can edit now works correctly
* fix: fixed minor ux and firefox issues, fixes #10228
* ux: minor fixes
* profile: use name or fallback for profile page
* fix: sidemenu profile main text is now username instead of
name
* build: update master version to 5.0.0-pre1
* dashfolder: change to migration text
* ux:s sidemenu icon rules
* teams: add team count when searching for team
* changed background color for infobox and new blues in
light theme, light theme now uses blue-dark in panel query
(#10211)
* ux: fixed navbar issue when sidemenu closes
* ux: minor position change for layout selector, fixes
#10217
* fix: view json from share modal now works, #10217
* ux: used new add data sources icon
* dashfolders: styling of selected filters
* dashfolders: styling of selected filters
* dashfolders: fix moving plugin dashboard to folder
* changelog: adds note about closing #9170
* dashfolders: fix folder selection dropdown in dashboard
settings
* fix for merge conflict
* add links for large cta
* resolve merge conflict
* dashfolders: bulk move/delete improvements
* snapshots: fixed snapshot issues, fixes #10214
* docs: include all notifiers type
* replaced old table with filter-table, removed edit button,
made whole rows to links
* playlist: fixed playlist buttons in dashboard header,
fixes #10213
* docs: update latest version to 4.6.3
* ux: minor changes to search input
* Magnifying glass on search fields #10188 (#10206)
* templating: made templateSrv globally accessable as ES6
module, DashboardRow can not interpolate row title
* fix: ignore row clones in schema migration
* proxyds: delete cookies except those listed in keepCookies
* dshttpsettings: Move whitelisted cookies to end of config
page
* proxyds: failing test for keepCookies
* dshttpsettings: add field for cookies that should be kept
* dashfolders: /dashboards should render index page with a
200 OK
* update version for packagecloud
* dashfolders: bulk move/delete improvements
* add release date for 4.6.3
* fix: after removed file
* dashfolder: fix after backendSrv change
* dashboard: fix test after merge conflict
* orgswitcher: update test
* Avoid ID validation before provisioning dashboards
* annotation icon fix
* udpate dark json icon
* dashboard settings icons
* replace icon on dashboard list (fa-th-large - looked
squished) with a smaller version of dashbord icon. This
may not be the best way to do the css, so it's a separate
commit
* new icons created and added to nav
* changelog: adds note about closing #7481
* fixes broken unit test
* alertmanager: endAt should only be used if we have the
correct value
* alertmanager: code style
* alerting: reduce log level for notifiers
* Alertmanager notifier: add 'metric' labels if no tags
* Alertmanager notifier: make it match the new notifier
interface
* support alertmanager
* Replace Read Only Editor role with ViewersCanEdit setting
(#10166)
* dashfolders: bulk move dashboards synchronously
* dashfolders: remove error message when moving to the same
folder. #10135
* teams: Fixes to edit team page
* ux: minor text change to #10177
* made template link look like input (#10198)
* minor tweaks
* execute process directly instead of creating sub shell
* Dashboard grid fixes (#10194)
* refactor: minor change to #10199
* fix broken 'd r' shortcut (refresh dashboard) (#10199)
* ux: updated login page
* fixes switching org when url contains orgId querystring
param
* build: fixed build issue
* ux: refactoring login page change
* navmodel: fix for signout link on pref page
* change protip to go to manage dashboards
* search: worked on search results
* added select-wrapper to where it was missing for unified
look
* changelog: adds note about closing #10151
* ux: wip - Login animation POC (#9879)
* changelog: adds note about closing #9318
* ux: Move 'Sign up' and 'Reset password' to its own pages -
and remove all inline styling (#9879)
* fixes broken alert eval when first condition is using OR
* ux: org user management changes
* removes unused property
* fixed edit team header, fixes #10172
* changed width to input fields (#10184)
* ux: added search box to ds list page, closes #10106
* ux: change members to users
* plugins: fixed plugin edit page and plugin page
* dashfolders: Minor css fixes for bulk edit
* dashfolders: Minor css fixes for bulk edit
* docs: SSL Mode config settings for Postgres
* dashfolder: settings page for folder
* removes verbose logging
* fix: FolderId and IsFolder when saving dashboard
* ux: fixed inactive view mode and removed animation
* removed unused declaration
* updated dashlink editor, now has list
* fix: Handle state when no password is entered on
registration page (#9879)
* adding support for sgl native time datatypes
* added missing cases for DATETIME datatype
* ux: move add member into its own page (#10167)
* Add a per-notifier ShouldNotify()
* minor fix for #10136
* Fix graph legend scroll (#10169)
* fix colorpicker colors order (width issue) (#10170)
* graphite: remove check so that query is sent even for
possible non leaf nodes
* fix: fixed build failure
* ux: Use the previously renamed classes (#9879)
* fix: fixed dashboard api tests
* fix: don't detect graphite version before it's saved
* updated new dashboard folder
* ux: style tweaks
* ux: Update ui of login buttons via third parties and add
link to sign up page (#9879)
* redesigning links editor
* ux: search look update
* tech: updated version for react-grid item
* build: fixed unit test failure
* Extracted row matching function and added comments
* allow overriding dashboards from api
* redesigning links editor
* graphite: minor fix for PR #10142 the query was being sent
for every segmen t you selected before you completed the
metric path
* build: fixed broken test
* refactor: minor change to panel json fix PR #10156
* Move panel JSON editor to modal dialog (#10156)
* ux: minor updates to dashboard settings
* ux: dashboard settings updated
* new dashboard and folder in search (#10152)
* avatar: avoid concurrent map writes
* redesign dashlinks
* fix: fixed issue with optimized build grid directive
missing ngInject comment, fixes #10161
* annotations: allows template variables to be used in tag
filter
* Add default message for Pushover notifications
* refactor: format files by gofmt
* ux: Adjust margins when external auth providers are
enabled (#9879)
* ux: dashboard settings progress
* ux: dashboard settings work progress
* dashfolders: new dashboard with folder selected
* ux: wip - Push pixels for new login, remove inline
styling, change so we use media queries using min-width
instead of max-width and make sure it looks ok across all
screen sizes (#9879)
* ux: dashboard settings work progress
* backend plugins: manage plugins lifecycle with context
* ux: dashboard settings progress
* ux: dashboard settings progress
* ux: dashboard settings progress
* backend plugins: dont swallow errors
* fix: fixed failing test
* backend plugins: cleanup protobuf files
* ux: dashboard settings progress
* backend plugins: add more datasource params
* Type-agnostic row merge in table transform for multiple
queries
* ux: dashboard settings progress
* ux: fixed navbar and sidemenu z-index issue and improved
responsive rules
* code style
* implement upstream changes
* fix: fixed build failure
* changelog: adds note about closing #10131
* Explicitly specify default region in CloudWatch datasource
(#9440)
* add encoding param
* wait for all sub routines to finish
* fix function re-ordering broken in #9436
* add missing value fill code to mysql datasource
* hyphenhyphen
* support metric trees of varying depth, never send '.select
metric' to graphite
* simplify function parameter addition
* ux: dashboard settings progress
* fix typo
* ux: minor changes
* implement missing value fill functionality for postgres
* allow optional 3rd argument to timeGroup to control
filling missing values
* ux: navbar progress
* improve handling of query references
* build: fix for tslint
* ux: form styles polish, improvement but can be better
* pass tsdbQuery to transformToTimeSeries and
transformToTable to get access to selected frontend
timerange
* demonstrate parseTarget issue
* fix: fixed panel size rerendering issues
* pass Query to MacroEngine Interpolate
* ux: work on dashboard settings views
* dashfolders: Do not allow loading a folder as a dashboard
* fix: Remove console.log
* dashfolders: Folder picker should set correct default
values. Fixes #10135
* refactor: user groups to teams, replace rest mentions
* refactor: user groups to teams, rename backend files
* refactor: user groups to teams, rename frontend files
* refactor: rename User Groups to Teams
* changelog: adds ntoe about closing #10111
* ux: forms style font size change
* ux: dashboard settings progress
* postgres: change $__timeGroup macro to include 'AS time'
column alias (#10119)
* new timepicker is working
* dashfolders: Create nav model for folder page client side
#10083
* ux: minor change to new folder page
* fix for search dropdown on small screen + icon overlapping
fix (#10091)
* ux: added react scrollbar component and added it to add
panel panel
* tech: updated ngreact and with custom PR applied
* refactoring: #10130
* Revert 'Don't animate panels on initial render (#10130)'
* Don't animate panels on initial render (#10130)
* refactoring: fixing bug when all values are null
* fixes broken test
* dashfolders: Hide search input area when showing CTA.
#10083
* ux: graph legend refactoring
* improve error handling for datasources as cfg
* improve sample datasource.yaml
* make gitignore more generic
* grid css transforms: minor refactor (#10128)
* dashboard grid: enable CSS transforms (#10125)
* fixes issue with datasource/dash as cfg and gitignore
* refactoring: changing how graph height and legend height
is calculated, using flex box seems to actually work,
#10079
* dashfolders: create folder page
* refactor: removed graph height from legend decimal calc
* dashfolders: css fix
* fixes failing tests
* dashfolders: New Dashboard Folder page
* fix: move components tests to specs folder
* Fix go fmt
* kill plugin processes when grafana shuts down
* fix: v5 sidemenu & link to shortcuts now works, fixes
#10087
* separate plugin impl and proto files
* correct comments
* add hclog wrapper for grafanas logger in plugins
* add go-plugin deps to vendor
* initial version of proto files
* changelog: breaking regardless what your running
* changelog: better styling
* removes last pieces of dashboard.json
* refactor: sidemenu toggle & hiding logic
* changelog: note about closing #5269 and #9654
* dashboards as cfg: update docs to use /provisioning
* dashboards as cfg: move dash/ds config files to
/provisioning/*
* dashboards as cfg: copy dash/ds files if missing
* dashboards as cfg: include cfg files in dist packages
* dashboards as cfg: avoid walking fs in parallel
* dashboards as cfg: type
* dashboards as cfg: disable loading dashboards from disk by
default
* dashboards as cfg: wire up dashboard repo
* dashboards as cfg: use gocache for caching
* dashboards as cfg: expose dashboard service as interface
* dashboards as cfg: move saving logic for dashboards into
its own service
* dashboards as cfg: revert minor changes
* dashboards as cfg: move dashboard saving into its own
service
* dashboards as cfg: minor tweaks
* dashboards as cfg: make dashboard none editable by default
* dashboards as cfg: more tests
* dashboards as cfg: code cleanup
* dashboards as cfg: read first cfg version
* removed row to center footer (#10115)
* ux: minor cleanup
* mysql: pass timerange for template variable queries
(#10071)
* dashboard: fix edge case with keyboard nav in dashboard
search. #10100
* Solves problem with Github authentication restriction by
organization membership when the organization's access
policy is set to 'Access restricted'. 'Access restricted'
policy should not stop user to authenticate.
* graph: fix legend height calculation
* postgres: pass timerange for template variable queries
(#10069)
* graph: move auto decimals calc to ticks.ts and use it for
legend values format.
* Resolves grafana/grafana:#9309
* dashboard: fix linting and formating - #10100
* dashboard: keyboard nav in dashboard search - closes
#10100
* graph: refactor (don't render twice)
* handle native postgres datetime types in annotation
queries (#9986)
* treat any text column in timeseries query as metric name
unless column (#9985)
* Fixing tabs for Grafana 5 - #10082 (#10103)
* other panels now hidden, fixes 10088 (#10102)
* fixed 404 for grafana5 + now responsive (#10101)
* dashboard: fix search results tests #10083
* dashboard: Show CTA for empty lists/folders #10083
* dashboard: Dashboard folder page wip #10083
* prom: enable min interval per panel
* Fix merge issue on multi-query table transforms
* graph: fix karma tests
* graph: render legend before graph
* added tooltip, fixes #10092 (#10097)
* graph: refactor
* graph: convert legend.js to typescript
* fixing a few fromattings
* adding mssql docs
* docs: link from cfg page to provisioning
* reduce app icon by 3px on home dashboard - wasn't lining
up properly with starred/recently viewed dasboard list
properly
* ux: minor style tweaks to cards and sidemenu icons for
white theme
* ux: tweaked light theme and made page container more fluid
* dashboard: dashboard search results component. closes
#10080
* docs: added utm_source for link from ds list page to docs
page
* updating the query editor's syntax highlighting mode to
sqlserver
* fixed grey colors in light-theme, added new variables,
played a bit with blue
* v5: removed permissions from dashboard cog dropdown,
closes #10068
* nav: updated nav item id for manage dashboards
* refactoring PR #10068
* dashboard: migrations for repeat rows (#10070)
* Backwards-compat for multi-query table transform
* graph: make legend scrollable
* removes unused properties
* Making the multi-query table transform the default table
transform
* ux: updated padding
* ux: Add CTA for empty lists
* move import menu item to the original place
* move DashboardImportCtrl tests to jest
* Move import dashboard from modal to the page
* refactor: minor refactoring of #10027
* new grays for light theme
* sidemenu: responsive sidemenu view for smallest breakpoint
* add _tests for mssql data source
* ux: tabs update
* Tests for multi-query table transform
* ux: updated modal header design
* ux: progress on time picker dropdown version
* fix templating undefined error (#10004)
* tweaks to add panel panels
* ux: updated dashboard nav
* MSSQL Data Source
* add server only build target 'build-srv'
* ux: dashboard setings progres
* add Cloud Alchemy Ansible role
* started on dashboard settings refactor
* ux: add new panel and dash nav improvements
* Added basic table transformer test
* typo :bscm:
* influxdb: pass tags to alerting from influxdb client
* ux: dashboard nav update
* ux: new dashnav design
* ignore /conf/**/custom.yaml files
* repeat row: refactor
* Fix dashboard menu overlapping (#10044)
* Add multiquery_table table transform
* typo :bscm:
* move systemd ready notification to server.go
* changelog: adds note about closing #10024
* page header now on 99% of pages
* navigation: more progress on new page header
* ux: new page-header design, most pages beside admin done
* fixed sass warnings
* ux: made plugins page work
* Use systemd notification where applicable
* progress on page header
* tweaked color on heatmap. still not there, but more
vibrant
* ux: new page header progress
* added bundled dashboards
* ux: progress on new page header
* dashboard: when changing route, scroll to top
* grafana-10039: fix query time range ends in the past
* ux: work on page header
* Revert 'prometheus nested query support'
* ux: updating header design for pages
* fix: when navigating, scroll to top
* repeat row: add more tests
* ux: new page header design
* tweak background size
* new test svg background, minor form tweaks
* ux: search filter box
* ux: changed body default font size to 13px
* test: fix failing postgres test
* Added border radius and tightened up the folder boxes.
Still needs to have the bottom margin expanded to 8px when
in opened state (this needs @torkelo)
* test: speedup mysql and postgres integration tests by
10-20x
* repeat row: expose scopedVars to row panels
* ux: search design update
* repeat row: handle collapsed rows
* notifier: Fixes path for uploaded image for Slack notifier
* formatting in build file
* dashboard: initial repeat row implementation
* prometheus nested query support
* fix render http[get] params error
* test: close file before deleting
* Restore Page Footer after migration to new scrollbar #9652
* export view json now templatized, fixes #10001
* dashfolders: Add a helper for creating a dashboard folder
* dashfolders: revert automatic creation of folders for
plugins
* styling changes for light theme
* grid: use single column layout for mobile devices (#9999)
* fix panel solo mode (#10002)
* dashlist: handle recent dashboards removed from backend
* dashfolders: don't create app folder on dashboard import
if already exists
* dashfolders: create app folder on dashboard import
* datasource: fix merge conflict - restore dashboards tab
* search fix and update buttons on dashboard list page
* fix: removed table background
* build: fixed lint issue
* fixed link i specs-file
* Improve dashboard grid layout migration WIP (#9943)
* test fix
* updated libs and fixed new typescript errors
* dashlist: Support for clear all filters
* migrated viewstatesrv to ts
* added yarn.lock file back
* ux: table design work
* panel: open panel menu by click on header
* ux: search progress
* worked on search
* migrated four files from js to ts
* migrated four files to ts, addd some code to config to
make it work (#9980)
* Update NOTICE.md
* Update LICENSE.md
* ux breadcrumb work
* ux: sass fixes and polish
* dashlist: Support for check/uncheck all
* Migrate gfunc to ts (#9973)
* migrated admin files to ts (#9975)
* migration of org files from js to ts (#9974)
* sass tweaks
* dashlist: When searching should reset checked state to
false
* More js to ts (#9966)
* dashlist: change scrollbar to new perfect scroll directive
* docs: Improve delete snapshot documentation
* ux: fixed sass issue
* sass refactoring and updating styles for list item
elements
* dashlist: style list to be same as dash search
* css tweaks and cleanup
* removing gemini scrollbar and replacing with perfect
scrollbar, muuuch better
* dashlist: starred filter search
* ux: tweaked panel color and dashboard background is same
as page background
* removed call to unused function in panel_ctrl
* scrollable panels works better with perfect-scrollbar
* Update latest.json
* Optimized number of lines fetching in log file
initialisation
* work on scrollable panels
* converted 3 .js files to .ts (#9958)
* docs: adds docs for pausing all alerts
* Removing file that got committed by accident
* scrollable panels: fix initial content size (#9960)
* Delete LICENSE.txt
* dashlist: adds tag filter select (GitHub style)
* [GCS] Support for gcs path
* dashlist: toggle folders
* dashboard: fix test for folderIds
* allows head requests for /api/health endpoint
* dashlist: fix tag filtering and some css
* fix: fixed issue with metric segment introduced in
graphite tags query editor PR
* progress on scrollable panels work
* mysql: add data source support for Azure MySql
* fixed unit tests
* fix: alert list panel now works correctly after adding
manual annotation on dashboard, fixes #9951
* Elasticsearch max_concurrent_shard_requests parameter for
es 5.6+
* prom: add prom2 dashboard as bundled dashboard
* show top 5 max scrape durations by job, and fix legend
format
* fix scrape duration, add rule eval iteration stats, and
reorg a bit
* fix data source var and remove node_exporter dependency
* First draft of a Prometheus 2.0 Stats dashboard
* prom: initial docker block for prometheus 2
* tweak tabs:
* color fix
* make grays cooler
* dashlist: started fixing js/css after design changes
* updated search
* more work on search
* minor update to dashboard search
* converted test-files to jest
* improved search srv
* converted influx-series to TS, converted test to jest
* dashboard search
* working on dashboard search
* Move the loading flag to PanelCtrl (#9929)
* graph: disable zoom in non-timeseries modes (#9914)
* changed padding to pixels, fixes #9916 (#9924)
* Use correct moments format for Showing last us time
instead of value test (#9923)
* Don't import JSON dashboards from hidden directories.
* new design for login
* fix: build & tests
* search: add expanded folders
* influxdb: another minor refactor of #9474
* refactor: refactoring InfluxDB query builder with policy
PR #9473
* refactor: refactoring InfluxDB query builder with policy
PR #9473
* docs: added versions_to_keep to config docs, #9671
* refactoring: minor refactor of clean up dashboard history
PR #9882
* fix: fix for avatar images when gzip is turned on, fixes
#5952
* elasticsearch: default version to 5.x
* Adding a user in a specified organisation uses the admin
API
* panels: add css tweaks for scrollable panels
* dashboard history clean up: avoid potential SQL injections
* search: refactor search sql into a builder class
* changelog: note about closing #9798
* removes invalid comment
* api: fix so that datasources functions returns Response
* changelog: note about closing #1789
* fix: Use Response as return type
* fix: return id from api when creating new
annotation/graphite annotation, fixes #9798
* datasources as cfg: adds docs for all jsondata and
secure_json fields
* graphite: minor changes
* text panel: make scrollable
* panels: general property which makes panel scrollable
* datasources as cfg: convert yaml map into json for
jsonData
* fix: fix cloudwatch metricFindQuery error that stopped it
working completely, fixes #9876
* dashlist: css adjustments for scrollbar
* dashlist: fix resizing after mode switching
* dashlist: add scrollbar
* dashlist: fix panel resizing
* docs: update metrics api path
* changelog: adds note about closing #1871
* fixes: #1871 Dropdown starred (#9490)
* dont loose subsecond precision when dealing with timestamp
or (#9851)
* graphite: progress on new query editor
* datasource as cfg: fixes typos
* docs: format cfg mgt tools as table
* docs: adds more info about provisioning
* datasource as cfg: update docs to include globbig
* datasource as cfg: show deletes first in example
* datasource as cfg: support globbing
* datasource as cfg: enable editable ds's
* datasource as cfg: add org_id to example config
* tweak docs
* datasource as cfg: adds readonly datasources
* datasource as cfg: refactor to use bus
* datasource as cfg: test for reading all properties
* datasource as cfg: adds provisioning docs
* datasource as cfg: rename feature to provisioning
* datasource as cfg: improve name for this feature
* datasource as cfg: refactor tests to use yaml files
* datasource as cfg: ignore datasource all ready exist for
inserts
* datasource as cfg: add support for securedata field
* datasource as cfg: setting for purging datasources not in
cfg
* datasources as cfg: tests for insert/updating datasources
* datasource as cfg: basic implementation
* More energy units (#9743)
* Add feet to the length menu (#9889)
* middleware: recovery handles panics in all handlers
* sql: small fix to error handling
* graphite: progress on new query editor
* changelog: make prom fixes more explicit
* dashboard history clean up: add tests
* tech: ignore debug.test file created by VS Code
* dashboard history: refactor after review
* changelog: adds note about closing #9777
* prom: add support for default step param (#9866)
* properly escape components of connection string (#9850)
* refactor: changed string slicing to strings.TrimPrefix,
#9862
* dashboard history: clean up dashboard version history
* build: fixed jshint error
* sync documentation, add remark about to_timestamp and
redshift (#9841)
* fix: Html escaping caused issue in InfluxDB query editor,
could not pick greater than or less then operators, fixes
#9871
* changelog: adds note about closing #8523
* teams: removes print statement
* Add Microsoft Teams notifier
* docs: update building from source doc with node-gyp
* heatmap: fix tooltip in 'Time series bucket' mode, #9332
(#9867)
* fix: Table panel now renders annotations correctly. Fixes
#9842 (#9868)
* build: fixes build and jest tests on Windows
* fix cloudwatch ec2_instance_attribute (#9718)
* graph: the stack & legend sort sync was not working
correctly, the z-index sorting that happened in after the
legend sort order was applied and messed with the order
even though the sort function returned zero for all
entries, combined the sort function to one sort function,
fixes #9789 (#9797)
* not ok option to alert list, fixes: #9754
* changelog: note about closing #9661
* return empty array for no datapoints
* fix query inspector for cloudwatch
* Add AWS/NetworkELB to cloudwatch definitions
* changelog: note about closing #9784
* test: adds tests for password encodiing
* use SHOW RETENTIONS to test influxdb connection (#9824)
* Use hex.EncodeToString to encode to hex
* Added missing documentation for auth.proxy (#9796)
* fix date test (#9811)
* docker: expose statsd endpoint for graphite block
* update lib/pq (#9788)
* Update the config key to database_log_queries so it is
more descriptive, as suggested in #9785.
* graph: don't change original series name in histogram
mode, #8886 (#9782)
* MySQL Performance when using GF_DATABASE_URL Set
MaxIdleConn and MaxOpenConn when using the GF_DATABASE_URL
configuration. Also added GF_DATABASE_DEBUG flag to print
SQL statements and SQL execution times. See #9784 for the
details.
* Update postgres.md
* colorpicker: fix color string change #9769 (#9780)
* refactor: alert list panel fixes and no alerts message,
rewrite of PR #9721
* feat: refactoring hide time picker PR #9756
* search: began writing test for new search
* changed class name for no-alerts
* chore(docs): update the search Query Example
* ux: search progress
* dashfolders: fix for dashlist nav
* reduce docker-compose header version
* ux: progress on new search
* ux: minor changes
* ignore docker-compose.yaml
* docs: update latest release to 4.6.1
* packages: update published package version
* option to hide Time picker, fixes #2013
* fix: panel view now wraps, no scrolling required, fixes
#9746
* changelog: set release date for 4.6.1
* changelog: adds note about closing #9707
* fix default alias
* add period alias
* plugins: fix for loading external plugins behind auth
proxy, fixes #9509
* testdata: added manual entry mode to test data
* new design for no alerts in alert-list, fixes #9721
* fix: fixed compiler error from #9676
* converted ng_model_on_blur.js to ts,
deletedkeyboard_manager.js (#9676)
* docs: update testdata enable explanantion
* MAINTAINER is deprecated, now using LABEL
* Update ROADMAP.md
* Adding energy, area, and acceleration units (#9336)
* tests: migrated tests for link_srv to jest, #9666
* Transitioning fig to docker-compose v3
* tests: migrated tests for link_srv to jest, #9666
* fix for dashboard tag link bug, fixes #9737 (#9739)
* github: dont require bug/fr in title
* changelog: adds note about closing #9713
* converted confirm_click.js to .ts (#9674)
* Update codecov.yml
* change default sslmode for postgres to verify-full (#9736)
* fix: color picker bug at series overrides page, #9715
(#9738)
* Update ROADMAP.md
* tech: switch to golang 1.9.2
* always quote template variables for mysql when multi-value
is allowed (#9712)
* always quote template variables for postgres when
multi-value or include (#9714)
* fix: dashboard links dropdown toggle did not update view,
fixes #9732
* docs: adds prom grafana dashboard
* graphite: tag is required for values autocomplete
* dashfolders: bulk edit tag filtering
* Correct help message of
api_dataproxy_request_all_milliseconds
* changelog: adds note about closing #9645
* changelog: adds note about closing #9698
* ace editor for text panel
* dashboards: bulk edit delete
* tech: add missing include
* dashboards: fix link to bulk edit
* sql: remove title from annotation help
* changelog: adds note about closing #9681
* fix: undefined is not an object evaluating this., #9538
* [Bug Fix] Opentsdb Alias issue (#9613)
* fix: graphite annotation tooltip included undefined, fixes
#9707
* Alertlist: Inform when no alerts in current time range
* save as should only delete threshold for panels with
alerts
* graphite: tags and values autocomplete based on @DanCech
PR to graphite-web
* changelog: note for #9596
* add __timeGroup macro for mysql (#9596)
* updated icons
* docs: fix link
* ux: testing 3px panel border radius
* more link fixes
* fixed link issues
* renamed file
* converted inspect_ctrl.js to ts (#9673)
* converted dashboard_loaders.js to .ts (#9672)
* declared any to info in declaration
* converted analytics.js to ts, minor code formatting fix to
timer.ts (#9663)
* docs: updated download links
* docs: update alerting with new data sources
* changelog: spelling
* plugins: added backward compatible path for rxjs
* ux: updated singlestat default colors
* prometheus: fixed unsaved changes warning when changing
time range due to step option on query model was changed
in datasource.query code, fixes #9675
* docs: updated changelog
* fix: firefox can now create region annotations, fixes
#9638
* changelog: adds note about closing #9639
* set release date for 4.6.0
* grid: work in progress on row repeats
* dashfolders: rough draft of bulk edit
* converted linkSrv.js to linkSrv.ts
* docs: update docker installation docs
* grid: minor changes
* converted outline.js to outline.ts (#9658)
* converted timer.js to timer.ts (#9656)
* datasource as cfg: typo
* Create codecov.yml
* datasource as cfg: explain why cmd.version can be higher
* #edit_grafana_organisation_apis_doc (#9651)
* add a phantomjs execution status to log if errors happens,
e.g. OOM killer kills it (#9644)
* grid: worked on row options modal and row removal
* dashboard: fix home dashboard getting started panel
* Fix typo in template help tab
* replace store.js with store.ts, test for store.ts (#9646)
* tests: added test for DashboardRow
* docs: update first page with data source guides
* docs: document annotations for postgres/mysql
* docs: update for template variables
* changelog: spelling
* Allow for multiple auto interval template variables
(#9216)
* changelog: adds note about closing #9645
* tech: remove rabbitmq event publisher
* changelog: note for #9030
* dont quote variables for mysql and postgres datasource
(#9611)
* asscoiate comment with name
* Update development.md
* ux: row collapse / expand starting to work
* changelog: adds note about closing #9640
* alerting: only editors can pause rules
* prom: adds pre built grafana dashboard
* changelog: adds note about closing #9636
* fix: another fix for playlist view state, #9639
* ux: updated icons
* shore: migrating config/settings.js to typescript
* fix: fixed playlist controls and view state, fixes #9639
* Fixed #9636
* shore: removed unused old system conf file
* Use d3 from node_modules (#9625)
* update log15 (#9622)
* docs: update whats-new-in
* changelog: small text change
* changelog: v4.6.0-beta3 released
* tech: annotations refactor, add tests for regions
processing (#9618)
* Move #9527 to 4.6.0-beta3
* build: disable jest on precommit hook -windows fix
* build: fix all npm run commands for Windows
* plugins: fixes path issue on Windows
* build: tryingt of fix windows build issue
* tests: removes commented tests
* graph: invert order when sorting by legend
* fix: escape series name in graph legend, added
aliasEscaped to time series model to reuse escape, fixes
#9615
* build: fixed gofmt issue and addd mock response feature
* prometheus: enable gzip for /metrics endpoint
* build: split circle test shell scripts
* datasources: change to optimisic concurrency
* build: reduced webpack log output and remove race flag
from go tests
* build: set max workers to 2 for jest
* build: log heap usage
* build: another build fix
* tests: migrated two more tests to jest
* build: fixed build failure
* build: reworking pre commit hook
* build: added precommit
* fix: fixed tslint validation error
* test: added first react snapshot test
* docs: another docs fix
* docs: fix docs redirect for older datasources index page,
fixes #9609
* [Tech]: Start migrating to Jest for tests (#9610)
* Fix typo in init.d script
* graphite: auto detect version
* graphite: improved version comparison
* graphite: split tags and functions into 2 rows when
seriesByTag used
* graphite: add tags to dropdown and switch to tag editor if
selected
* plugins: expose dashboard impression store
* ux: minor ux tweaks
* Sort series in the same order as legend in graph panel
(#9563)
* fix: fixed save to file button in export modal, fixes
#9586
* mysql: add usage stats for mysql
* run go fmt
* Add a setting to allow DB queries
* note for #9527
* modify $__timeGroup macro so it can be used in select
clause (#9527)
* Fix heatmap Y axis rendering (#9580)
* prometheus: add builtin template variable as range vectors
* Note for #5457
* fix: fixed prometheus step issue that caused browser
crash, fixes #9575
* changelog: adds note about closing #9551
* fix: getting started panel and mark adding data source as
done, fixes #9568
* pluginloader: esModule true for systemjs config
* Fixes for annotations API (#9577)
* ux: new fixes
* Grafana5 light (#9559)
* When Messasge field is set for an alert, map it to the
output field in a Sensu check result. If Message is empty,
send 'Grafana Metric Condition Met'
* ux: work on rows
* fix vector range
* allow ':' character for metric name
* build: added imports of rxjs utility functions
* grid: row work
* fix template variable expanding
* annotations: quote reserved fields (#9550)
* fix: fixed color pickers that were broken in minified
builds, fixes #9549
* ux: align alert and btn colors
* docs: doc updates
* remove duplicative prometheus function
* remove label match operator from keyword.operator
* remove label match operator from keyword.operator
* remove extra state push
* fix typo
* newgrid: row progress
* styleguide: fix link in index
* api: fix for dashboard version history
* textpanel: fixes #9491
* graphite: datasource refactor
* csv: fix import for saveAs shim
* grid: minor progress on new row concept
* ux: add panel progress
* alert_tab: clear test result when testing rules
* ux: worked on add panel function
* plugins: expose more util and flot dependencies
* (cloudwatch) fix cloudwatch query error over 24h (#9536)
* Add autofocus tag for username field on login.html (#9526)
* show error message when cloudwatch datasource can't add
* ux: minor button changes
* CloudWatch: Add ALB RequestCountPerTarget metric
* ux: color tweaks
* ux: testing out new icons
* set nightly version to v4.7.0-pre1
* changelog: adds release date for v4.6.0-beta1
* ux: minor fixes
* grid: fixed grid width issues
* grid: repeat refactoring and unit tests
* Missing dot in aws credentials path
* newgrid: added constants, changed grid to 24 cols, added
tests for panel repeats
* docs: doc updates
* grid: minor progress on panel repeats
* changed name back to use underscore instead of camelcase,
need to think more about this
* fixed dashboard sorting
* newgrid: worked panel duplicate
* fix: various fixes for new grid
* dashgrid: fix or skip tests for repeat rows
* dashboardgrid: disable dynamic_dashboard_srv for now
* ux: style tweaks
* newgrid: various fixes
* If retention policy is set for influxDB, preprend that to
the measurement name for exploration queries.
* newgrid: fixed migration code to new grid
* docker: updated our graphite docker container
* grid: edit/view now works
* dashboard: fixes for panels without rows
* webpack: changed devtools setting to stop exceptions
* fix: ignore upgrading dashboard grid when there are no
rows
* grid: fixed migration for rows without height
* ux: minor fix sidemenu
* newgrid: progress on fullscreen/edit view modes
* search: fix search to limit dashboards better
* grid: fixed geting started panel pos
* grid: progress on react grid
* grid: progress on new grid, resize & saving layouts works
* grid: minor progress
* tech: got angular component to load inside react grid
* grid: need to find a way to add angular component inside
react
* ux: initial react grid poc
* graphite-tags: refactor, improve performance - remove
unnecessary parseTarget() calls
* graphite-tags: add tests
* graphite-tags: refactor, use <gf-form-dropdown> instead of
<metric-segment>
* graphite-tags: initial tag editor
* Update kbn.js
* Update kbn.js
* fixes
* Use B/s instead Bps for Bytes per second
* fix merge issue
* develop: fixed more broken tests, couple still failing
* ux: alternative row design
* newgrid: fixes to default home dashboard
* ux: minor fixes
* ux: new grid progress
* grid: minor progres on new grid
* grid: minor progres on new grid
* ux: minor button changes
* ux: minor updates
* ux: changed cta button style
* minor fix
* ux: added scroll to two pages
* minor fix for page-h1
* grid work
* progress on rows as panelsW
* fixed unit tests
* minor user avatar stuff
* started on rows as panels in single grid
* minor user list cahnge
* users view update
* ux: color tweaks
* Moved around the columns a bit
* ux: dashboard stuff
* ux: minor changes
* ux: sidemenu animation duration
* ux: fixed sidenav issues
* ux: sidemenu toggling
* ux: sidenav fixes and dashboard search changes
* ux: switching orgs now works through modal
* ux: making org visibile in profile view
* ux: more nav work
* ux: nav fixes & polish
* ux: more nav work
* ux: more nav work
* ux: navigation work
* ux: sidenav fixes and dashboard search changes
* ux: more work on sidemenu
* Silly gradient added a placeholder. no more
experimentation to be done here until Trent has a pass at
it
* ux: scrollbar stuff
* Added drop shadown for sticky scrolling, moved colors into
dark and light variables
* Reduced size of breadcrumbs, additional form styling.
Colors still need to be adjusted
* Starting to play with new form styles
* ux: minor scroll fix
* ux: removed custom scrollbar look
* ux: reduced size of sidemenu icons a bit
* ux: testing fixed sidemenu and breadcrumbs
* ux: minor navbar update
* ux: new breadcrumb progress
* ux: wip
* ux: new page header look wip
* ux: testing roboto font
* ux: use flexbox for sidenav, put logo in sidenav
* moving panels betwen rows are starting to work
* grid: progress on row support
* grid: new grid fixes
* new-grid: fixed destory issues
* grid: remove panel works
* grid: updated gridstack to use grafana fork
* feat: new grid fixes
* minor fixes
* updated
* feat: new grid system progressW
* ux: minor panel menu fix
* ux: minor panel menu tweaks
* ux: tweaks to new panel menu
* updated
* dashfolders: inherited permissions for dashboards
* dashfolders: handle permission changes when saving/moving
dashboards
* added code from #8504, and #8021
* dashboard folder search fix
* dashfolders: fix user group picker + cleanup
* dashfolders: rename refactor
* dashfolders: validation for duplicates in acl modal
* minor update
* ux: style tweaks, trying out non italic headers
* ux: nav changes
* added sidemeu stuff
* dashfolders: use canadmin permission in settings menu
* dashfolders: tests for permission modal
* dashboard acl fixes
* acl fixes
* dashfolders: new admin permission needed to view/change
acl
* acl: more acl work
* dashfolders: filter search based on child dash permissions
* dashfolders: allows phantomjs rendering for alerting
* dashfolders: allow overflow-y for modals
* dashfolders: security for png rendering
* dashboard acl stuff
* dashboard acl work
* dashboard acl
* working on dashbord acl stuff
* WIP: first draft of permissionlist panel
* dashboard acl
* dashboard acl work
* WIP: fix js tests for acl
* WIP: fix folder-picker for dashlist
* dashboard acl work
* refactoring: dashboard folders
* dashboard acl modal
* WIP: adding roles - not finished
* refactoring: moving dashboards acl migrations to its own
folder
* WIP: fix acl route
* refactoring: renaming
* folders: changed api urls for dashboard acls
* refactoring more renaming
* refactoring renaming dashboard folder operations
* dashboard_folders refactoring
* refactoring dashboard folder security checks
* dashboard guardian refactoring starting to work
* dashboard folders acl work
* refactoring dashoard folder guardian
* WIP: refactor user group modal
* refactoring: Dashboard guardian
* WIP: remove unused test file
* WIP: refactor dash search and remove extra query
* WIP: move guardian logic for search into the sql query
* WIP: remove dashboard children on delete
* dashboard_folders: refactoring picker and folder selection
in dashboard settings & save as menu
* WIP: adds API check to stop folders being included in
folders
* use gf-form-dropdown in user picker
* WIP: add test for add user group permission
* WIP: can edit dashboard permission
* WIP: clean up after user and org user delete
* WIP: remove permissions when deleting global user
* dashboard_folders: updated
* WIP: delete dependent permissions on user group delete
* dashboard_folders: fixes to user picker & group picker
* dashboard_folders: fixes to user & group picker
* minor update
* WIP: permission checking for dash version api methods
* ux: gridstack poc
* Gridstack: testing
* WIP: check permissions for delete/post dashboard
* WIP: fixes after version history merge
* ux: nav experiments
* WIP: add permission check for GetDashboard
* ux: side nav experiments
* WIP: fix test after merge conflict
* WIP: fix go fmt error
* WIP: user + user-group pickers for permissions
* WIP: API - add dash permission
* WIP: user-picker directive
* WIP: Permission Type as string in permission query
* WIP: fixes after navbar changes
* WIP: dashlist in template for new folder
* WIP: refactor folder-picker for dashlist
* WIP: dashboard search by folder + toggle for list or tree
mode
* WIP: adds folder-picker to save as dialog
* WIP: use metric-segment for folder picker
* WIP: add dummy root folder to folder picker
* WIP: Create new dashboard button in dash search
* WIP: permissions moved to settings tab. Adds folder
dropdown to general settings tab
* WIP: add parentid to getdashboard query result
* WIP: dashboard search by type (folder or dash)
* WIP: fix after upstream sqlstore refactoring
* WIP: rollback
* WIP: delete permission in API
* WIP: user group additions
* WIP: remove browse mode for dashboard search
* WIP: get Dashboard Permissions
* WIP: add open/closed folders icons for dash search
* WIP: Can remove dashboard permission - sql
* WIP: limit GetAllowedDashboards sql query with a where in
* WIP: Add or update Dashboard ACL
* WIP: guardian service for search
* dashboard: sort search with dash folder first
* WIP: add some TS types
* WIP: edit user group page
* WIP: API methods for add/remove members to user group
* WIP: add update user group command
* WIP: add new group, needs to be redone
* WIP: add user group search
* WIP: add usergroup commands and queries
* WIP: rough prototype of dashboard folders
* ux: very early start to new sidemenu
* ux: very early start to new sidemenu
* ux: minor tweak to faintness of icons of panel menu caret
* ux: minor progress on panel title menu makover
* use the original options parameter
* use targets[0] as the options
* pass the options along with a _seriesQuery
* pass database parameter in the options
* allow setting the database
* ux: more work on panel menu
* ux: panel title ux improvements poc
* Sending image
* Discord integration
Changes in grafana-natel-discrete-panel:
- Add recompress source service
- Add set_version source service
- Enable changesgenerate for tar_scm source service
- Update to version 0.0.9:
* split commands
* put back the history
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev16:
* VNX: delete the LUN from VNX backend
- Update to version cinder-13.0.10.dev14:
* Fix cross-project incremental backups
- Update to version cinder-13.0.10.dev13:
* Rollback the quota\_usages table when failed to create a incremental backup
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev16:
* VNX: delete the LUN from VNX backend
- Update to version cinder-13.0.10.dev14:
* Fix cross-project incremental backups
- Update to version cinder-13.0.10.dev13:
* Rollback the quota\_usages table when failed to create a incremental backup
Changes in openstack-dashboard:
- Update to version horizon-14.1.1.dev7:
* Fix horizon-nodejs jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev16:
* Retries and timeout for IPA command
- Update to version ironic-11.1.5.dev14:
* Update number of VM on ironic-base
- Update to version ironic-11.1.5.dev12:
* Clean up nodes in DELETING on conductor restart
* Kill misbehaving \`ipmitool\` process
- Update to version ironic-11.1.5.dev9:
* Remove locks before RPC bus is started
- Update to version ironic-11.1.5.dev7:
* Pin ironic-tempest-plugin
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev16:
* Retries and timeout for IPA command
- Update to version ironic-11.1.5.dev14:
* Update number of VM on ironic-base
- Update to version ironic-11.1.5.dev12:
* Clean up nodes in DELETING on conductor restart
* Kill misbehaving \`ipmitool\` process
- Update to version ironic-11.1.5.dev9:
* Remove locks before RPC bus is started
- Update to version ironic-11.1.5.dev7:
* Pin ironic-tempest-plugin
Changes in openstack-ironic-python-agent:
- Update to version ironic-python-agent-3.3.4.dev5:
* Fix TypeError on agent lookup failure
* improve error messages during node lookup failures
- Update to version ironic-python-agent-3.3.4.dev1:
* Pin Ironic Tempest Plugin
3.3.3
Changes in openstack-manila:
- Update to version manila-7.4.2.dev54:
* Fix wrong capacity in pool\_stat for DellEMC manila drivers
- Update to version manila-7.4.2.dev53:
* Fix fallback share group snapshot implementation
- Update to version manila-7.4.2.dev52:
* [ci] Remove explicit compression of log files
* [NetApp] Fix default ipspace deletion issue
* [NetApp] Fix falsely report migration cancelation success
* Harden LVM driver deletion paths
* Update LVM volume extend
- Update to version manila-7.4.2.dev44:
* Get ports filtered by subnet id on share-server cleanup
- Update to version manila-7.4.2.dev42:
* [NetApp] Fix svm scoped account
* [devstack] Allow cephfs daemon port access
- Update to version manila-7.4.2.dev38:
* [extended-maintenance-branches-only] Replace LVM job
* Update NFS helper restart
* Enforce policy checks getting share-type by name
* CIFS extension failing because of volume in use
Changes in openstack-manila:
- Update to version manila-7.4.2.dev54:
* Fix wrong capacity in pool\_stat for DellEMC manila drivers
- Update to version manila-7.4.2.dev53:
* Fix fallback share group snapshot implementation
- Update to version manila-7.4.2.dev52:
* [ci] Remove explicit compression of log files
* [NetApp] Fix default ipspace deletion issue
* [NetApp] Fix falsely report migration cancelation success
* Harden LVM driver deletion paths
* Update LVM volume extend
- Add 0001-Rename-nfs-kernel-server-to-nfs-server.patch
- Update to version manila-7.4.2.dev44:
* Get ports filtered by subnet id on share-server cleanup
- Update to version manila-7.4.2.dev42:
* [NetApp] Fix svm scoped account
* [devstack] Allow cephfs daemon port access
- Update to version manila-7.4.2.dev38:
* [extended-maintenance-branches-only] Replace LVM job
* Update NFS helper restart
* Enforce policy checks getting share-type by name
* CIFS extension failing because of volume in use
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev95:
* Fix deletion of subnet\_id from pd\_subnets
- Update to version neutron-13.0.8.dev93:
* Not remove the running router when MQ is unreachable
- Update to version neutron-13.0.8.dev91:
* [OVS][FW] Remote SG IDs left behind when a SG is removed
- Update to version neutron-13.0.8.dev90:
* [Stable only] Drop \*-master jobs
* port\_forwarding: validate args before invoking db update
- Update to version neutron-13.0.8.dev86:
* Fix validation of IPv6 subnets with external RAs
* Don't check if any bridges were recrected when OVS was restarted
* [Security] fix allowed-address-pair 0.0.0.0/0 issue
* Fix Traceback when running neutron-ipset-cleanup tool
- Update to version neutron-13.0.8.dev79:
* Ensure drop flows on br-int at agent startup for DVR too
- Update to version neutron-13.0.8.dev78:
* [stable only] Configure logging in keepalived\_state\_change
* Don't add arp responder for non tunnel network port
* Add config option \`\`http\_retries\`\`
* Make \_ensure\_default\_security\_group method atomic
* Update the processing of assigned addresses when assigning addresses
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev95:
* Fix deletion of subnet\_id from pd\_subnets
- Remove
0001-Revert-Do-not-block-connection-between-br-int-and-br.patch
(fixed upstream)
- Update to version neutron-13.0.8.dev93:
* Not remove the running router when MQ is unreachable
- Update to version neutron-13.0.8.dev91:
* [OVS][FW] Remote SG IDs left behind when a SG is removed
- Update to version neutron-13.0.8.dev90:
* [Stable only] Drop \*-master jobs
* port\_forwarding: validate args before invoking db update
- Update to version neutron-13.0.8.dev86:
* Fix validation of IPv6 subnets with external RAs
* Don't check if any bridges were recrected when OVS was restarted
* [Security] fix allowed-address-pair 0.0.0.0/0 issue
* Fix Traceback when running neutron-ipset-cleanup tool
- Update to version neutron-13.0.8.dev79:
* Ensure drop flows on br-int at agent startup for DVR too
- Update to version neutron-13.0.8.dev78:
* [stable only] Configure logging in keepalived\_state\_change
* Don't add arp responder for non tunnel network port
* Add config option \`\`http\_retries\`\`
* Make \_ensure\_default\_security\_group method atomic
* Update the processing of assigned addresses when assigning addresses
Changes in openstack-neutron-infoblox:
- Switch to stable/rocky tarball
- Declare LICENSE file correctly
- Add Epoch neccessary due to last version update's jump to 11.0.1 (and subsequent return
to 2.0.3 by upstream)
- Update to 2.0.3~dev102
* Adding the router code back IT got removed in previous commit
* Modified to 14.0.0
* OpenDev Migration Patch
* Replace openstack.org git:// URLs with https://
* Release 13.0.0 Rocky
* upgrading infoblox client to 0.4.21
* Corrected master branch as per neutron master
* Fixed issue of stale entry for dhcp ip if ip allocation strategy is fixed address
* Bumped infoblox-client version to 0.4.19
* Added proper log message which reflects cause of failure
* Removed OS\_REGION\_NAME dependency from sync tools
Changes in openstack-nova:
- Update to version nova-18.3.1.dev54:
* compute: Allow snapshots to be created from PAUSED volume backed instances
- Update to version nova-18.3.1.dev52:
* FUP for in-place numa rebuild
* Disable NUMATopologyFilter on rebuild
* Block rebuild when NUMA topology changed
* Remove 'test\_cold\_migrate\_with\_physnet\_fails' test
- Update to version nova-18.3.1.dev44:
* objects: Update keypairs when saving an instance
- Update to version nova-18.3.1.dev43:
* zuul: remove legacy-tempest-dsvm-neutron-dvr-multinode-full
- Update to version nova-18.3.1.dev42:
* fix scsi disk unit number of the attaching volume when cdrom bus is scsi
* Check cherry-pick hashes in pep8 tox target
* Reject bsct request for unsupported images
Changes in openstack-nova:
- Update to version nova-18.3.1.dev54:
* compute: Allow snapshots to be created from PAUSED volume backed instances
- Add 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch
(bsc#1175484, CVE-2020-17376)
- Update to version nova-18.3.1.dev52:
* FUP for in-place numa rebuild
* Disable NUMATopologyFilter on rebuild
* Block rebuild when NUMA topology changed
* Remove 'test\_cold\_migrate\_with\_physnet\_fails' test
- Update to version nova-18.3.1.dev44:
* objects: Update keypairs when saving an instance
- Update to version nova-18.3.1.dev43:
* zuul: remove legacy-tempest-dsvm-neutron-dvr-multinode-full
- Update to version nova-18.3.1.dev42:
* fix scsi disk unit number of the attaching volume when cdrom bus is scsi
* Check cherry-pick hashes in pep8 tox target
* Reject bsct request for unsupported images
Changes on rubygem-crowbar-client:
- Update to 3.9.3
- Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954)
Changes in python-Flask-Cors:
- Add patches to fix a relative directory traversal issue
(bsc#1175986, CVE-2020-25032):
* 0001-Handle-request_headers-None.patch
* 0002-Fix-request-path-normalization.patch
Changes in storm:
- Fix duplicate BuildRequire on storm-kit
- update to 1.2.3 (SOC-9974, CVE-2019-0202, SOC-9998, CVE-2018-11779):
* 1.2.3
* [STORM-3233] - Upgrade zookeeper client to newest version (3.4.13)
* [STORM-3077] - Upgrade Disruptor version to 3.3.11
* [STORM-3083] - Upgrade HikariCP version to 2.4.7
* [STORM-3094] - Topology name needs to be validated at storm-client
* [STORM-3222] - Fix KafkaSpout internals to use LinkedList instead of ArrayList
* [STORM-3292] - Trident HiveState must flush writers when the batch commits
* [STORM-3013] - Deactivated topology restarts if data flows into Kafka
* [STORM-3028] - HdfsSpout does not handle empty files in case of ack enabled
* [STORM-3046] - Getting a NPE leading worker to die when starting a topology.
* [STORM-3047] - Ensure Trident emitter refreshPartitions is only called with partitions assigned to the emitter
* [STORM-3055] - never refresh connection
* [STORM-3068] - STORM_JAR_JVM_OPTS are not passed to storm-kafka-monitor properly
* [STORM-3082] - NamedTopicFilter can't handle topics that don't exist yet
* [STORM-3087] - FluxBuilder.canInvokeWithArgs is too permissive when the method parameter type is a primitive
* [STORM-3090] - The same offset value is used by the same partition number of different topics.
* [STORM-3097] - Remove storm-druid in 2.x and deprecate support for it in 1.x
* [STORM-3102] - Storm Kafka Client performance issues with Kafka Client v1.0.0
* [STORM-3109] - Wrong canonical path set to STORM_LOCAL_DIR in storm kill_workers
* [STORM-3110] - Supervisor does not kill all worker processes in secure mode in case of user mismatch
* [STORM-3121] - Fix flaky metrics tests in storm-core
* [STORM-3122] - FNFE due to race condition between 'async localizer' and 'update blob' timer thread
* [STORM-3123] - Storm Kafka Monitor does not work with Kafka over two-way SSL
* [STORM-3161] - Local mode should force setting min replication count to 1
* [STORM-3164] - Multilang storm.py uses traceback.format_exc incorrectly
* [STORM-3184] - Storm supervisor log showing keystore and truststore password in plaintext
* [STORM-3201] - kafka spout lag on UI needs some cleanup
* [STORM-3301] - The KafkaSpout can in some cases still replay tuples that were already committed
* [STORM-3381] - Upgrading to Zookeeper 3.4.14 added an LGPL dependency
* [STORM-3384] - storm set-log-level command throws wrong exception when the topology is not running
* [STORM-3086] - Update Flux documentation to demonstrate static factory methods (STORM-2796)
* [STORM-3089] - Document worker hooks on the hooks page
* [STORM-3199] - Metrics-ganglia depends on an LGPL library, so we shouldn't depend on it
* [STORM-3289] - Add note about KAFKA-7044 to storm-kafka-client compatibility docs
* [STORM-3330] - Migrate parts of storm-webapp, and reduce use of mocks for files
* 1.2.2
* [STORM-3026] - Upgrade ZK instance for security
* [STORM-3027] - Make Impersonation Optional
* [STORM-2896] - Support automatic migration of offsets from storm-kafka to storm-kafka-client KafkaSpout
* [STORM-2997] - Add logviewer ssl module in SECURITY.md
* [STORM-3006] - Distributed RPC documentation needs an update
* [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined
* [STORM-3022] - Decouple storm-hive UTs with Hive
* [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology
* [STORM-3069] - Allow users to specify maven local repository directory for storm submit tool
* [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field
* [STORM-2967] - Upgrade jackson to latest version 2.9.4
* [STORM-2968] - Exclude a few unwanted jars from storm-autocreds
* [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka
* [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks
* [STORM-2981] - Upgrade Curator to lastest patch version
* [STORM-2985] - Add jackson-annotations to dependency management
* [STORM-2988] - 'Error on initialization of server mk-worker' when using org.apache.storm.metrics2.reporters.JmxStormReporter on worker
* [STORM-2989] - LogCleaner should preserve current worker.log.metrics
* [STORM-2993] - Storm HDFS bolt throws ClosedChannelException when Time rotation policy is used
* [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets
* [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply()
* [STORM-3052] - Let blobs un archive
* [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE
* [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes
* [STORM-3060] - Configuration mapping between storm-kafka and storm-kafka-client
* [STORM-2952] - Deprecate storm-kafka in 1.x
* [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated
Changes in storm-kit:
- Add _constraints to prevent build from running out of disk space
- Updated kit for storm-1.2.3
Changes in venv-openstack-cinder:
- Ensure that python-swiftclient is pulled into the built venv
via an explicit BuildRequires directive. (SOC-10522)
Changes in venv-openstack-horizon:
- Ensure SOC 9 package obsoletes equivalent HOS 8 package (SOC-11184)
CriticalSUSE bug 1117080SUSE bug 1142617SUSE bug 1143163SUSE bug 1172450SUSE bug 1174583SUSE bug 1175484SUSE bug 1175986CVE-2018-11779 at SUSECVE-2018-11779 at NVDCVE-2018-17954 at SUSECVE-2018-17954 at NVDCVE-2018-18623 at SUSECVE-2018-18623 at NVDCVE-2018-18624 at SUSECVE-2018-18624 at NVDCVE-2018-18625 at SUSECVE-2018-18625 at NVDCVE-2019-0202 at SUSECVE-2019-0202 at NVDCVE-2020-11110 at SUSECVE-2020-11110 at NVDCVE-2020-17376 at SUSECVE-2020-17376 at NVDCVE-2020-25032 at SUSECVE-2020-25032 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tigervnc (Critical)SUSE OpenStack Cloud Crowbar 9
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate
authorities, allowing malicious owners of these certificates
to impersonate any server after a client had added an exception
(bsc#1176733)
CriticalSUSE bug 1176733CVE-2020-26117 at SUSECVE-2020-26117 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libproxy (Important)SUSE OpenStack Cloud Crowbar 9
This update for libproxy fixes the following issues:
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
ImportantSUSE bug 1176410SUSE bug 1177143CVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Recommended update for bind (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for bind fixes the following issues:
Bind was updated to version 9.11.22
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
This upgrade also fixes the following security issues:
* 5481. [security] 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM. (CVE-2020-8624 bsc#1175443)
* 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623 bsc#1175443)
* 5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622 bsc#1175443)
- Suppress warning message about missing file. (bsc#1092283, bsc#1127583, bsc#1094236, bsc#1173983)
Added */etc/bind.keys* to *NAMED_CONF_INCLUDE_FILES* in */etc/sysconfig/named*.
ModerateSUSE bug 1092283SUSE bug 1094236SUSE bug 1127583SUSE bug 1173983SUSE bug 1175443CVE-2020-8622 at SUSECVE-2020-8622 at NVDCVE-2020-8623 at SUSECVE-2020-8623 at NVDCVE-2020-8624 at SUSECVE-2020-8624 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-activesupport-4_2 (Critical)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-activesupport-4_2 fixes the following issues:
- CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186)
CriticalSUSE bug 1172186CVE-2020-8165 at SUSECVE-2020-8165 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for freetype2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for freetype2 fixes the following issues:
- CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).
ImportantSUSE bug 1177914CVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-pip (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-pip fixes the following issues:
- CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262)
ModerateSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libvirt (Important)SUSE OpenStack Cloud Crowbar 9
This update for libvirt fixes the following issues:
- CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955).
- CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155).
- libxl: Fixed lock manager lock ordering (bsc#1171701).
ImportantSUSE bug 1171701SUSE bug 1174955SUSE bug 1177155CVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.0 ESR
* Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756)
* CVE-2020-15969 Use-after-free in usersctp
* CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
* Fixed: Fixed legacy preferences not being properly applied when set via GPO
ImportantSUSE bug 1176756SUSE bug 1177872CVE-2020-15683 at SUSECVE-2020-15683 at NVDCVE-2020-15969 at SUSECVE-2020-15969 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for spice (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for spice fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for spice-gtk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for spice-gtk fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Important)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).
- CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).
- CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).
ImportantSUSE bug 1173902SUSE bug 1173994SUSE bug 1177613CVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sane-backends (Important)SUSE OpenStack Cloud Crowbar 9
This update for sane-backends fixes the following issues:
- sane-backends version upgrade to 1.0.31:
* sane-backends version upgrade to 1.0.30
fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862,
CVE-2020-12863, CVE-2020-12864, CVE-2020-12865,
CVE-2020-12866, CVE-2020-12867 (bsc#1172524)
* sane-backends version upgrade to 1.0.31
to further improve hardware enablement for scanner devices
(jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)
* The new escl backend cannot be provided for SLE12 because
it requires more additional software (avahi-client, libcurl,
and libpoppler-glib-devel) where in particular for libcurl
the one that is in SLE12 (via libcurl-devel-7.37.0) is likely
too old because with that building the escl backend fails with
'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH'
undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH'
ImportantSUSE bug 1172524CVE-2017-6318 at SUSECVE-2017-6318 at NVDCVE-2020-12861 at SUSECVE-2020-12861 at NVDCVE-2020-12862 at SUSECVE-2020-12862 at NVDCVE-2020-12863 at SUSECVE-2020-12863 at NVDCVE-2020-12864 at SUSECVE-2020-12864 at NVDCVE-2020-12865 at SUSECVE-2020-12865 at NVDCVE-2020-12866 at SUSECVE-2020-12866 at NVDCVE-2020-12867 at SUSECVE-2020-12867 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache-commons-httpclient (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache-commons-httpclient fixes the following issues:
- http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262]
- org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a 'CN=' string in a field in the distinguished name (DN)
of a certificate. [bsc#1178171, CVE-2014-3577]
ImportantSUSE bug 1178171SUSE bug 945190CVE-2014-3577 at SUSECVE-2014-3577 at NVDCVE-2015-5262 at SUSECVE-2015-5262 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
- Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)',
introduced in October 2020 CPU.
- Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU,
bsc#1174157, and October 2020 CPU, bsc#1177943)
* New features
+ JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
+ PR3796: Allow the number of curves supported to be specified
* Security fixes
+ JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue)
+ JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString()
+ JDK-8230613: Better ASCII conversions
+ JDK-8231800: Better listing of arrays
+ JDK-8232014: Expand DTD support
+ JDK-8233255: Better Swing Buttons
+ JDK-8233624: Enhance JNI linkage
+ JDK-8234032: Improve basic calendar services
+ JDK-8234042: Better factory production of certificates
+ JDK-8234418: Better parsing with CertificateFactory
+ JDK-8234836: Improve serialization handling
+ JDK-8236191: Enhance OID processing
+ JDK-8236196: Improve string pooling
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
+ JDK-8237592, CVE-2020-14577: Enhance certificate verification
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8238002, CVE-2020-14581: Better matrix operations
+ JDK-8238804: Enhance key handling process
+ JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
+ JDK-8238843: Enhanced font handing
+ JDK-8238920, CVE-2020-14583: Better Buffer support
+ JDK-8238925: Enhance WAV file playback
+ JDK-8240119, CVE-2020-14593: Less Affine Transformations
+ JDK-8240124: Better VM Interning
+ JDK-8240482: Improved WAV file playback
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8241379: Update JCEKS support
+ JDK-8241522: Manifest improved jar headers redux
+ JDK-8242136, CVE-2020-14621: Better XML namespace handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 8 u262 build 01
+ JDK-4949105: Access Bridge lacks html tags parsing
+ JDK-8003209: JFR events for network utilization
+ JDK-8030680: 292 cleanup from default method code assessment
+ JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java
and some tests failed on windows intermittently
+ JDK-8041626: Shutdown tracing event
+ JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
+ JDK-8149338: JVM Crash caused by Marlin renderer not handling
NaN coordinates
+ JDK-8151582: (ch) test java/nio/channels/
/AsyncCloseAndInterrupt.java failing due to 'Connection
succeeded'
+ JDK-8165675: Trace event for thread park has incorrect unit
for timeout
+ JDK-8176182: 4 security tests are not run
+ JDK-8178910: Problemlist sample tests
+ JDK-8183925: Decouple crash protection from watcher thread
+ JDK-8191393: Random crashes during cfree+0x1c
+ JDK-8195817: JFR.stop should require name of recording
+ JDK-8195818: JFR.start should increase autogenerated name by
one
+ JDK-8195819: Remove recording=x from jcmd JFR.check output
+ JDK-8199712: Flight Recorder
+ JDK-8202578: Revisit location for class unload events
+ JDK-8202835: jfr/event/os/TestSystemProcess.java fails on
missing events
+ JDK-8203287: Zero fails to build after JDK-8199712 (Flight
Recorder)
+ JDK-8203346: JFR: Inconsistent signature of
jfr_add_string_constant
+ JDK-8203664: JFR start failure after AppCDS archive created
with JFR StartFlightRecording
+ JDK-8203921: JFR thread sampling is missing fixes from
JDK-8194552
+ JDK-8203929: Limit amount of data for JFR.dump
+ JDK-8205516: JFR tool
+ JDK-8207392: [PPC64] Implement JFR profiling
+ JDK-8207829: FlightRecorderMXBeanImpl is leaking the first
classloader which calls it
+ JDK-8209960: -Xlog:jfr* doesn't work with the JFR
+ JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
+ JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD
1.0.7
+ JDK-8211239: Build fails without JFR: empty JFR events
signatures mismatch
+ JDK-8212232: Wrong metadata for the configuration of the
cutoff for old object sample events
+ JDK-8213015: Inconsistent settings between JFR.configure and
-XX:FlightRecorderOptions
+ JDK-8213421: Line number information for execution samples
always 0
+ JDK-8213617: JFR should record the PID of the recorded process
+ JDK-8213734: SAXParser.parse(File, ..) does not close
resources when Exception occurs.
+ JDK-8213914: [TESTBUG] Several JFR VM events are not covered
by tests
+ JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by
test
+ JDK-8213966: The ZGC JFR events should be marked as
experimental
+ JDK-8214542: JFR: Old Object Sample event slow on a deep heap
in debug builds
+ JDK-8214750: Unnecessary <p> tags in jfr classes
+ JDK-8214896: JFR Tool left files behind
+ JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java
fails with UnsatisfiedLinkError
+ JDK-8214925: JFR tool fails to execute
+ JDK-8215175: Inconsistencies in JFR event metadata
+ JDK-8215237: jdk.jfr.Recording javadoc does not compile
+ JDK-8215284: Reduce noise induced by periodic task
getFileSize()
+ JDK-8215355: Object monitor deadlock with no threads holding
the monitor (using jemalloc 5.1)
+ JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
+ JDK-8215771: The jfr tool should pretty print reference chains
+ JDK-8216064: -XX:StartFlightRecording:settings= doesn't work
properly
+ JDK-8216486: Possibility of integer overflow in
JfrThreadSampler::run()
+ JDK-8216528: test/jdk/java/rmi/transport/
/runtimeThreadInheritanceLeak/
/RuntimeThreadInheritanceLeak.java failing with Xcomp
+ JDK-8216559: [JFR] Native libraries not correctly parsed from
/proc/self/maps
+ JDK-8216578: Remove unused/obsolete method in JFR code
+ JDK-8216995: Clean up JFR command line processing
+ JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some
systems due to process surviving SIGINT
+ JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR
TestShutdownEvent
+ JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
+ JDK-8223147: JFR Backport
+ JDK-8223689: Add JFR Thread Sampling Support
+ JDK-8223690: Add JFR BiasedLock Event Support
+ JDK-8223691: Add JFR G1 Region Type Change Event Support
+ JDK-8223692: Add JFR G1 Heap Summary Event Support
+ JDK-8224172: assert(jfr_is_event_enabled(id)) failed:
invariant
+ JDK-8224475: JTextPane does not show images in HTML rendering
+ JDK-8226253: JAWS reports wrong number of radio buttons when
buttons are hidden.
+ JDK-8226779: [TESTBUG] Test JFR API from Java agent
+ JDK-8226892: ActionListeners on JRadioButtons don't get
notified when selection is changed with arrow keys
+ JDK-8227011: Starting a JFR recording in response to JVMTI
VMInit and / or Java agent premain corrupts memory
+ JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id()
& (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0))
failed: invariant'
+ JDK-8229366: JFR backport allows unchecked writing to memory
+ JDK-8229401: Fix JFR code cache test failures
+ JDK-8229708: JFR backport code does not initialize
+ JDK-8229873: 8229401 broke jdk8u-jfr-incubator
+ JDK-8230448: [test] JFRSecurityTestSuite.java is failing on
Windows
+ JDK-8230707: JFR related tests are failing
+ JDK-8230782: Robot.createScreenCapture() fails if
'awt.robot.gtk' is set to false
+ JDK-8230856: Java_java_net_NetworkInterface_getByName0 on
unix misses ReleaseStringUTFChars in early return
+ JDK-8230947: TestLookForUntestedEvents.java is failing after
JDK-8230707
+ JDK-8231995: two jtreg tests failed after 8229366 is fixed
+ JDK-8233623: Add classpath exception to copyright in
EventHandlerProxyCreator.java file
+ JDK-8236002: CSR for JFR backport suggests not leaving out
the package-info
+ JDK-8236008: Some backup files were accidentally left in the
hotspot tree
+ JDK-8236074: Missed package-info
+ JDK-8236174: Should update javadoc since tags
+ JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
+ JDK-8238452: Keytool generates wrong expiration date if
validity is set to 2050/01/01
+ JDK-8238555: Allow Initialization of SunPKCS11 with NSS when
there are external FIPS modules in the NSSDB
+ JDK-8238589: Necessary code cleanup in JFR for JDK8u
+ JDK-8238590: Enable JFR by default during compilation in 8u
+ JDK-8239055: Wrong implementation of VMState.hasListener
+ JDK-8239476: JDK-8238589 broke windows build by moving
OrderedPair
+ JDK-8239479: minimal1 and zero builds are failing
+ JDK-8239867: correct over use of INCLUDE_JFR macro
+ JDK-8240375: Disable JFR by default for July 2020 release
+ JDK-8241444: Metaspace::_class_vsm not initialized if
compressed class pointers are disabled
+ JDK-8241902: AIX Build broken after integration of
JDK-8223147 (JFR Backport)
+ JDK-8242788: Non-PCH build is broken after JDK-8191393
* Import of OpenJDK 8 u262 build 02
+ JDK-8130737: AffineTransformOp can't handle child raster with
non-zero x-offset
+ JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation
in java/awt/image/Raster/TestChildRasterOp.java
+ JDK-8230926: [macosx] Two apostrophes are entered instead of
one with 'U.S. International - PC' layout
+ JDK-8240576: JVM crashes after transformation in C2
IdealLoopTree::merge_many_backedges
+ JDK-8242883: Incomplete backport of JDK-8078268: backport
test part
* Import of OpenJDK 8 u262 build 03
+ JDK-8037866: Replace the Fun class in tests with lambdas
+ JDK-8146612: C2: Precedence edges specification violated
+ JDK-8150986: serviceability/sa/jmap-hprof/
/JMapHProfLargeHeapTest.java failing because expects HPROF
JAVA PROFILE 1.0.1 file format
+ JDK-8229888: (zipfs) Updating an existing zip file does not
preserve original permissions
+ JDK-8230597: Update GIFlib library to the 5.2.1
+ JDK-8230769: BufImg_SetupICM add
ReleasePrimitiveArrayCritical call in early return
+ JDK-8233880, PR3798: Support compilers with multi-digit major
version numbers
+ JDK-8239852: java/util/concurrent tests fail with
-XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:
verification should have failed
+ JDK-8241638: launcher time metrics always report 1 on Linux
when _JAVA_LAUNCHER_DEBUG set
+ JDK-8243059: Build fails when --with-vendor-name contains a
comma
+ JDK-8243474: [TESTBUG] removed three tests of 0 bytes
+ JDK-8244461: [JDK 8u] Build fails with glibc 2.32
+ JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion()
returns wrong result
* Import of OpenJDK 8 u262 build 04
+ JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't
throw NPE if timeout is less than, or equal to zero when unit
== null
+ JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
+ JDK-8171934:
ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification()
does not recognize OpenJDK's HotSpot VM
+ JDK-8196969: JTreg Failure:
serviceability/sa/ClhsdbJstack.java causes NPE
+ JDK-8243539: Copyright info (Year) should be updated for fix
of 8241638
+ JDK-8244777: ClassLoaderStats VM Op uses constant hash value
* Import of OpenJDK 8 u262 build 05
+ JDK-7147060: com/sun/org/apache/xml/internal/security/
/transforms/ClassLoaderTest.java doesn't run in agentvm mode
+ JDK-8178374: Problematic ByteBuffer handling in
CipherSpi.bufferCrypt method
+ JDK-8181841: A TSA server returns timestamp with precision
higher than milliseconds
+ JDK-8227269: Slow class loading when running with JDWP
+ JDK-8229899: Make java.io.File.isInvalid() less racy
+ JDK-8236996: Incorrect Roboto font rendering on Windows with
subpixel antialiasing
+ JDK-8241750: x86_32 build failure after JDK-8227269
+ JDK-8244407: JVM crashes after transformation in C2
IdealLoopTree::split_fall_in
+ JDK-8244843: JapanEraNameCompatTest fails
* Import of OpenJDK 8 u262 build 06
+ JDK-8246223: Windows build fails after JDK-8227269
* Import of OpenJDK 8 u262 build 07
+ JDK-8233197: Invert JvmtiExport::post_vm_initialized() and
Jfr:on_vm_start() start-up order for correct option parsing
+ JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
+ JDK-8245167: Top package in method profiling shows null in JMC
+ JDK-8246703: [TESTBUG] Add test for JDK-8233197
* Import of OpenJDK 8 u262 build 08
+ JDK-8220293: Deadlock in JFR string pool
+ JDK-8225068: Remove DocuSign root certificate that is
expiring in May 2020
+ JDK-8225069: Remove Comodo root certificate that is expiring
in May 2020
* Import of OpenJDK 8 u262 build 09
+ JDK-8248399: Build installs jfr binary when JFR is disabled
* Import of OpenJDK 8 u262 build 10
+ JDK-8248715: New JavaTimeSupplementary localisation for 'in'
installed in wrong package
* Import of OpenJDK 8 u265 build 01
+ JDK-8249677: Regression in 8u after JDK-8237117: Better
ForkJoinPool behavior
+ JDK-8250546: Expect changed behaviour reported in JDK-8249846
* Import of OpenJDK 8 u272 build 01
+ JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
test/compiler/7177917/Test7177917.java
+ JDK-8035493: JVMTI PopFrame capability must instruct
compilers not to prune locals
+ JDK-8036088: Replace strtok() with its safe equivalent
strtok_s() in DefaultProxySelector.c
+ JDK-8039082: [TEST_BUG] Test java/awt/dnd/
/BadSerializationTest/BadSerializationTest.java fails
+ JDK-8075774: Small readability and performance improvements
for zipfs
+ JDK-8132206: move ScanTest.java into OpenJDK
+ JDK-8132376: Add @requires os.family to the client tests with
access to internal OS-specific API
+ JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
+ JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/
/appletviewer/IOExceptionIfEncodedURLTest/
/IOExceptionIfEncodedURLTest.sh
+ JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/
/MTGraphicsAccessTest.java hangs on Win. 8
+ JDK-8151788: NullPointerException from ntlm.Client.type3
+ JDK-8151834: Test SmallPrimeExponentP.java times out
intermittently
+ JDK-8153430: jdk regression test MletParserLocaleTest,
ParserInfiniteLoopTest reduce default timeout
+ JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary
public
+ JDK-8156169: Some sound tests rarely hangs because of
incorrect synchronization
+ JDK-8165936: Potential Heap buffer overflow when seaching
timezone info files
+ JDK-8166148: Fix for JDK-8165936 broke solaris builds
+ JDK-8167300: Scheduling failures during gcm should be fatal
+ JDK-8167615: Opensource unit/regression tests for JavaSound
+ JDK-8172012: [TEST_BUG] delays needed in
javax/swing/JTree/4633594/bug4633594.java
+ JDK-8177628: Opensource unit/regression tests for ImageIO
+ JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
+ JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/
/AppletContextTest/BadPluginConfigurationTest.sh
+ JDK-8193137: Nashorn crashes when given an empty script file
+ JDK-8194298: Add support for per Socket configuration of TCP
keepalive
+ JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java
throws error
+ JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java
fails
+ JDK-8210147: adjust some WSAGetLastError usages in windows
network coding
+ JDK-8211714: Need to update vm_version.cpp to recognise
VS2017 minor versions
+ JDK-8214862: assert(proj != __null) at compile.cpp:3251
+ JDK-8217606: LdapContext#reconnect always opens a new
connection
+ JDK-8217647: JFR: recordings on 32-bit systems unreadable
+ JDK-8226697: Several tests which need the @key headful
keyword are missing it.
+ JDK-8229378: jdwp library loader in linker_md.c quietly
truncates on buffer overflow
+ JDK-8230303: JDB hangs when running monitor command
+ JDK-8230711: ConnectionGraph::unique_java_object(Node* N)
return NULL if n is not in the CG
+ JDK-8234617: C1: Incorrect result of field load due to
missing narrowing conversion
+ JDK-8235243: handle VS2017 15.9 and VS2019 in
abstract_vm_version
+ JDK-8235325: build failure on Linux after 8235243
+ JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
+ JDK-8237951: CTW: C2 compilation fails with 'malformed
control flow'
+ JDK-8238225: Issues reported after replacing symlink at
Contents/MacOS/libjli.dylib with binary
+ JDK-8239385: KerberosTicket client name refers wrongly to
sAMAccountName in AD
+ JDK-8239819: XToolkit: Misread of screen information memory
+ JDK-8240295: hs_err elapsed time in seconds is not accurate
enough
+ JDK-8241888: Mirror jdk.security.allowNonCaAnchor system
property with a security one
+ JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads
to JVM crash
+ JDK-8243489: Thread CPU Load event may contain wrong data for
CPU time under certain conditions
+ JDK-8244818: Java2D Queue Flusher crash while moving
application window to external monitor
+ JDK-8246310: Clean commented-out code about ModuleEntry
and PackageEntry in JFR
+ JDK-8246384: Enable JFR by default on supported architectures
for October 2020 release
+ JDK-8248643: Remove extra leading space in JDK-8240295 8u
backport
+ JDK-8249610: Make
sun.security.krb5.Config.getBooleanObject(String... keys)
method public
* Import of OpenJDK 8 u272 build 02
+ JDK-8023697: failed class resolution reports different class
name in detail message for the first and subsequent times
+ JDK-8025886: replace [[ and == bash extensions in regtest
+ JDK-8046274: Removing dependency on jakarta-regexp
+ JDK-8048933: -XX:+TraceExceptions output should include the
message
+ JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/
/fileaccess/FontFile.java fails
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8154313: Generated javadoc scattered all over the place
+ JDK-8163251: Hard coded loop limit prevents reading of smart
card data greater than 8k
+ JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java
fails with compiler.whitebox.SimpleTestCaseHelper(int) must be
compiled
+ JDK-8183349: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
+ JDK-8191678: [TESTBUG] Add keyword headful in java/awt
FocusTransitionTest test.
+ JDK-8201633: Problems with AES-GCM native acceleration
+ JDK-8211049: Second parameter of 'initialize' method is not
used
+ JDK-8219566: JFR did not collect call stacks when
MaxJavaStackTraceDepth is set to zero
+ JDK-8220165: Encryption using GCM results in
RuntimeException- input length out of bound
+ JDK-8220555: JFR tool shows potentially misleading message
when it cannot access a file
+ JDK-8224217: RecordingInfo should use textual representation
of path
+ JDK-8231779: crash
HeapWord*ParallelScavengeHeap::failed_mem_allocate
+ JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c
'multiple definition' link errors with GCC10
+ JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/
/SctpNet.c 'multiple definition' link errors with GCC10
+ JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple
definition' link errors with GCC10
+ JDK-8242556: Cannot load RSASSA-PSS public key with non-null
params from byte array
+ JDK-8250755: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java
* Import of OpenJDK 8 u272 build 03
+ JDK-6574989: TEST_BUG:
javax/sound/sampled/Clip/bug5070081.java fails sometimes
+ JDK-8148754: C2 loop unrolling fails due to unexpected graph
shape
+ JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests
fail with error : revokeall.exe: Permission denied
+ JDK-8203357: Container Metrics
+ JDK-8209113: Use WeakReference for lastFontStrike for created
Fonts
+ JDK-8216283: Allow shorter method sampling interval than 10 ms
+ JDK-8221569: JFR tool produces incorrect output when both
--categories and --events are specified
+ JDK-8233097: Fontmetrics for large Fonts has zero width
+ JDK-8248851: CMS: Missing memory fences between free chunk
check and klass read
+ JDK-8250875: Incorrect parameter type for update_number in
JDK_Version::jdk_update
* Import of OpenJDK 8 u272 build 04
+ JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
IllegalArgumentException for flags of type double
+ JDK-8177334: Update xmldsig implementation to Apache
Santuario 2.1.1
+ JDK-8217878: ENVELOPING XML signature no longer works in JDK
11
+ JDK-8218629: XML Digital Signature throws NAMESPACE_ERR
exception on OpenJDK 11, works 8/9/10
+ JDK-8243138: Enhance BaseLdapServer to support starttls
extended request
* Import of OpenJDK 8 u272 build 05
+ JDK-8026236: Add PrimeTest for BigInteger
+ JDK-8057003: Large reference arrays cause extremely long
synchronization times
+ JDK-8060721: Test runtime/SharedArchiveFile/
/LimitSharedSizes.java fails in jdk 9 fcs new
platforms/compiler
+ JDK-8152077: (cal) Calendar.roll does not always roll the
hours during daylight savings
+ JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
+ JDK-8211163: UNIX version of Java_java_io_Console_echo does
not return a clean boolean
+ JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in
docker container only works with debug JVMs
+ JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
+ JDK-8236645: JDK 8u231 introduces a regression with
incompatible handling of XML messages
+ JDK-8240676: Meet not symmetric failure when running lucene
on jdk8
+ JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA
program
+ JDK-8249158: THREAD_START and THREAD_END event posted in
primordial phase
+ JDK-8250627: Use -XX:+/-UseContainerSupport for
enabling/disabling Java container metrics
+ JDK-8251546: 8u backport of JDK-8194298 breaks AIX and
Solaris builds
+ JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
AgeTableTracer::is_tenuring_distribution_event_enabled
* Import of OpenJDK 8 u272 build 06
+ JDK-8064319: Need to enable -XX:+TraceExceptions in release
builds
+ JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11
v2.40 support
+ JDK-8160768: Add capability to custom resolve host/domain
names within the default JNDI LDAP provider
+ JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions()
not working
+ JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface
license
+ JDK-8184762: ZapStackSegments should use optimized memset
+ JDK-8193234: When using -Xcheck:jni an internally allocated
buffer can leak
+ JDK-8219919: RuntimeStub name lost with
PrintFrameConverterAssembly
+ JDK-8220313: [TESTBUG] Update base image for Docker testing
to OL 7.6
+ JDK-8222079: Don't use memset to initialize fields decode_env
constructor in disassembler.cpp
+ JDK-8225695: 32-bit build failures after JDK-8080462 (Update
SunPKCS11 provider with PKCS11 v2.40 support)
+ JDK-8226575: OperatingSystemMXBean should be made container
aware
+ JDK-8226809: Circular reference in printed stack trace is not
correctly indented & ambiguous
+ JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
+ JDK-8233621: Mismatch in jsse.enableMFLNExtension property
name
+ JDK-8238898, PR3801: Missing hash characters for header on
license file
+ JDK-8243320: Add SSL root certificates to Oracle Root CA
program
+ JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest
release 1.8.26
+ JDK-8245467: Remove 8u TLSv1.2 implementation files
+ JDK-8245469: Remove DTLS protocol implementation
+ JDK-8245470: Fix JDK8 compatibility issues
+ JDK-8245471: Revert JDK-8148188
+ JDK-8245472: Backport JDK-8038893 to JDK8
+ JDK-8245473: OCSP stapling support
+ JDK-8245474: Add TLS_KRB5 cipher suites support according to
RFC-2712
+ JDK-8245476: Disable TLSv1.3 protocol in the ClientHello
message by default
+ JDK-8245477: Adjust TLS tests location
+ JDK-8245653: Remove 8u TLS tests
+ JDK-8245681: Add TLSv1.3 regression test from 11.0.7
+ JDK-8251117: Cannot check P11Key size in P11Cipher and
P11AEADCipher
+ JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is
set to either true or false
+ JDK-8251341: Minimal Java specification change
+ JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
* Import of OpenJDK 8 u272 build 07
+ JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
* Import of OpenJDK 8 u272 build 08
+ JDK-8062947: Fix exception message to correctly represent
LDAP connection failure
+ JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed
due to timeout on DeadServerNoTimeoutTest is incorrect
+ JDK-8252573: 8u: Windows build failed after 8222079 backport
* Import of OpenJDK 8 u272 build 09
+ JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java :
Compilation failed
* Import of OpenJDK 8 u272 build 10
+ JDK-8254673: Call to JvmtiExport::post_vm_start() was removed
by the fix for JDK-8249158
+ JDK-8254937: Revert JDK-8148854 for 8u272
* Backports
+ JDK-8038723, PR3806: Openup some PrinterJob tests
+ JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when
JTable contains certain string
+ JDK-8058779, PR3805: Faster implementation of
String.replace(CharSequence, CharSequence)
+ JDK-8130125, PR3806: [TEST_BUG] add @modules to the several
client tests unaffected by the automated bulk update
+ JDK-8144015, PR3806: [PIT] failures of text layout font tests
+ JDK-8144023, PR3806: [PIT] failure of text measurements in
javax/swing/text/html/parser/Parser/6836089/bug6836089.java
+ JDK-8144240, PR3806: [macosx][PIT] AIOOB in
closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8145542, PR3806: The case failed automatically and thrown
java.lang.ArrayIndexOutOfBoundsException exception
+ JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
displaying Devanagari text in JEditorPane
+ JDK-8152358, PR3800: code and comment cleanups found during
the hunt for 8077392
+ JDK-8152545, PR3804: Use preprocessor instead of compiling a
program to generate native nio constants
+ JDK-8152680, PR3806: Regression in
GlyphVector.getGlyphCharIndex behaviour
+ JDK-8158924, PR3806: Incorrect i18n text document layout
+ JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for
javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8166068, PR3806: test/java/awt/font/GlyphVector/
/GetGlyphCharIndexTest.java does not compile
+ JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/
/GlyphPainter2/6427244/bug6427244.java - compilation failed
+ JDK-8191512, PR3806: T2K font rasterizer code removal
+ JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from
JDK sources
+ JDK-8236512, PR3801: PKCS11 Connection closed after
Cipher.doFinal and NoPadding
+ JDK-8254177, PR3809: (tz) Upgrade time-zone data to
tzdata2020b
* Bug fixes
+ PR3798: Fix format-overflow error on GCC 10, caused by
passing NULL to a '%s' directive
+ PR3795: ECDSAUtils for XML digital signatures should support
the same curve set as the rest of the JDK
+ PR3799: Adapt elliptic curve patches to JDK-8245468: Add
TLSv1.3 implementation classes from 11.0.7
+ PR3808: IcedTea does not install the JFR *.jfc files
+ PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has
fixed its use with Shenandoah
+ PR3811: Don't attempt to install JFR files when JFR is
disabled
* Shenandoah
+ [backport] 8221435: Shenandoah should not mark through weak
roots
+ [backport] 8221629: Shenandoah: Cleanup class unloading logic
+ [backport] 8222992: Shenandoah: Pre-evacuate all roots
+ [backport] 8223215: Shenandoah: Support verifying subset of
roots
+ [backport] 8223774: Shenandoah: Refactor
ShenandoahRootProcessor and family
+ [backport] 8224210: Shenandoah: Refactor
ShenandoahRootScanner to support scanning CSet codecache roots
+ [backport] 8224508: Shenandoah: Need to update thread roots
in final mark for piggyback ref update cycle
+ [backport] 8224579: ResourceMark not declared in
shenandoahRootProcessor.inline.hpp with
--disable-precompiled-headers
+ [backport] 8224679: Shenandoah: Make
ShenandoahParallelCodeCacheIterator noncopyable
+ [backport] 8224751: Shenandoah: Shenandoah Verifier should
select proper roots according to current GC cycle
+ [backport] 8225014: Separate ShenandoahRootScanner method for
object_iterate
+ [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't
work for Shenandoah
+ [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to
ensure roots to-space invariant
+ [backport] 8225590: Shenandoah: Refactor
ShenandoahClassLoaderDataRoots API
+ [backport] 8226413: Shenandoah: Separate root scanner for
SH::object_iterate()
+ [backport] 8230853: Shenandoah: replace leftover
assert(is_in(...)) with rich asserts
+ [backport] 8231198: Shenandoah: heap walking should visit all
roots most of the time
+ [backport] 8231244: Shenandoah: all-roots heap walking misses
some weak roots
+ [backport] 8237632: Shenandoah: accept NULL fwdptr to
cooperate with JVMTI and JFR
+ [backport] 8239786: Shenandoah: print per-cycle statistics
+ [backport] 8239926: Shenandoah: Shenandoah needs to mark
nmethod's metadata
+ [backport] 8240671: Shenandoah: refactor
ShenandoahPhaseTimings
+ [backport] 8240749: Shenandoah: refactor ShenandoahUtils
+ [backport] 8240750: Shenandoah: remove leftover files and
mentions of ShenandoahAllocTracker
+ [backport] 8240868: Shenandoah: remove CM-with-UR
piggybacking cycles
+ [backport] 8240872: Shenandoah: Avoid updating new regions
from start of evacuation
+ [backport] 8240873: Shenandoah: Short-cut arraycopy barriers
+ [backport] 8240915: Shenandoah: Remove unused fields in init
mark tasks
+ [backport] 8240948: Shenandoah: cleanup not-forwarded-objects
paths after JDK-8240868
+ [backport] 8241007: Shenandoah: remove
ShenandoahCriticalControlThreadPriority support
+ [backport] 8241062: Shenandoah: rich asserts trigger 'empty
statement' inspection
+ [backport] 8241081: Shenandoah: Do not modify
update-watermark concurrently
+ [backport] 8241093: Shenandoah: editorial changes in flag
descriptions
+ [backport] 8241139: Shenandoah: distribute mark-compact work
exactly to minimize fragmentation
+ [backport] 8241142: Shenandoah: should not use parallel
reference processing with single GC thread
+ [backport] 8241351: Shenandoah: fragmentation metrics overhaul
+ [backport] 8241435: Shenandoah: avoid disabling pacing with
'aggressive'
+ [backport] 8241520: Shenandoah: simplify region sequence
numbers handling
+ [backport] 8241534: Shenandoah: region status should include
update watermark
+ [backport] 8241574: Shenandoah: remove
ShenandoahAssertToSpaceClosure
+ [backport] 8241583: Shenandoah: turn heap lock asserts into
macros
+ [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not
derive from ContiguousSpace
+ [backport] 8241673: Shenandoah: refactor anti-false-sharing
padding
+ [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
shenandoahSupport.cpp:2858 with
java/util/Collections/FindSubList.java
+ [backport] 8241692: Shenandoah: remove
ShenandoahHeapRegion::_reserved
+ [backport] 8241700: Shenandoah: Fold
ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier
+ [backport] 8241740: Shenandoah: remove
ShenandoahHeapRegion::_heap
+ [backport] 8241743: Shenandoah: refactor and inline
ShenandoahHeap::heap()
+ [backport] 8241748: Shenandoah: inline MarkingContext TAMS
methods
+ [backport] 8241838: Shenandoah: no need to trash cset during
final mark
+ [backport] 8241841: Shenandoah: ditch one of allocation type
counters in ShenandoahHeapRegion
+ [backport] 8241842: Shenandoah: inline
ShenandoahHeapRegion::region_number
+ [backport] 8241844: Shenandoah: rename
ShenandoahHeapRegion::region_number
+ [backport] 8241845: Shenandoah: align ShenandoahHeapRegions
to cache lines
+ [backport] 8241926: Shenandoah: only print heap changes for
operations that directly affect it
+ [backport] 8241983: Shenandoah: simplify FreeSet logging
+ [backport] 8241985: Shenandoah: simplify collectable garbage
logging
+ [backport] 8242040: Shenandoah: print allocation failure type
+ [backport] 8242041: Shenandoah: adaptive heuristics should
account evac reserve in free target
+ [backport] 8242042: Shenandoah: tune down
ShenandoahGarbageThreshold
+ [backport] 8242054: Shenandoah: New incremental-update mode
+ [backport] 8242075: Shenandoah: rename
ShenandoahHeapRegionSize flag
+ [backport] 8242082: Shenandoah: Purge Traversal mode
+ [backport] 8242083: Shenandoah: split 'Prepare Evacuation'
tracking into cset/freeset counters
+ [backport] 8242089: Shenandoah: per-worker stats should be
summed up, not averaged
+ [backport] 8242101: Shenandoah: coalesce and parallelise heap
region walks during the pauses
+ [backport] 8242114: Shenandoah: remove
ShenandoahHeapRegion::reset_alloc_metadata_to_shared
+ [backport] 8242130: Shenandoah: Simplify arraycopy-barrier
dispatching
+ [backport] 8242211: Shenandoah: remove
ShenandoahHeuristics::RegionData::_seqnum_last_alloc
+ [backport] 8242212: Shenandoah: initialize
ShenandoahHeuristics::_region_data eagerly
+ [backport] 8242213: Shenandoah: remove
ShenandoahHeuristics::_bytes_in_cset
+ [backport] 8242217: Shenandoah: Enable GC mode to be
diagnostic/experimental and have a name
+ [backport] 8242227: Shenandoah: transit regions to cset state
when adding to collection set
+ [backport] 8242228: Shenandoah: remove unused
ShenandoahCollectionSet methods
+ [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion
liveness-related methods
+ [backport] 8242267: Shenandoah: regions space needs to be
aligned by os::vm_allocation_granularity()
+ [backport] 8242271: Shenandoah: add test to verify GC mode
unlock
+ [backport] 8242273: Shenandoah: accept either SATB or IU
barriers, but not both
+ [backport] 8242301: Shenandoah: Inline LRB runtime call
+ [backport] 8242316: Shenandoah: Turn NULL-check into assert
in SATB slow-path entry
+ [backport] 8242353: Shenandoah: micro-optimize region
liveness handling
+ [backport] 8242365: Shenandoah: use uint16_t instead of
jushort for liveness cache
+ [backport] 8242375: Shenandoah: Remove
ShenandoahHeuristic::record_gc_start/end methods
+ [backport] 8242641: Shenandoah: clear live data and update
TAMS optimistically
+ [backport] 8243238: Shenandoah: explicit GC request should
wait for a complete GC cycle
+ [backport] 8243301: Shenandoah: ditch
ShenandoahAllowMixedAllocs
+ [backport] 8243307: Shenandoah: remove
ShCollectionSet::live_data
+ [backport] 8243395: Shenandoah: demote guarantee in
ShenandoahPhaseTimings::record_workers_end
+ [backport] 8243463: Shenandoah: ditch total_pause counters
+ [backport] 8243464: Shenandoah: print statistic counters in
time order
+ [backport] 8243465: Shenandoah: ditch unused pause_other,
conc_other counters
+ [backport] 8243487: Shenandoah: make _num_phases illegal
phase type
+ [backport] 8243494: Shenandoah: set counters once per cycle
+ [backport] 8243573: Shenandoah: rename GCParPhases and
related code
+ [backport] 8243848: Shenandoah: Windows build fails after
JDK-8239786
+ [backport] 8244180: Shenandoah: carry Phase to
ShWorkerTimingsTracker explicitly
+ [backport] 8244200: Shenandoah: build breakages after
JDK-8241743
+ [backport] 8244226: Shenandoah: per-cycle statistics contain
worker data from previous cycles
+ [backport] 8244326: Shenandoah: global statistics should not
accept bogus samples
+ [backport] 8244509: Shenandoah: refactor
ShenandoahBarrierC2Support::test_* methods
+ [backport] 8244551: Shenandoah: Fix racy update of
update_watermark
+ [backport] 8244667: Shenandoah: SBC2Support::test_gc_state
takes loop for wrong control
+ [backport] 8244730: Shenandoah: gc/shenandoah/options/
/TestHeuristicsUnlock.java should only verify the heuristics
+ [backport] 8244732: Shenandoah: move heuristics code to
gc/shenandoah/heuristics
+ [backport] 8244737: Shenandoah: move mode code to
gc/shenandoah/mode
+ [backport] 8244739: Shenandoah: break superclass dependency
on ShenandoahNormalMode
+ [backport] 8244740: Shenandoah: rename ShenandoahNormalMode
to ShenandoahSATBMode
+ [backport] 8245461: Shenandoah: refine mode name()-s
+ [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings
constructor arguments
+ [backport] 8245464: Shenandoah: allocate collection set
bitmap at lower addresses
+ [backport] 8245465: Shenandoah: test_in_cset can use more
efficient encoding
+ [backport] 8245726: Shenandoah: lift/cleanup
ShenandoahHeuristics names and properties
+ [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch
+ [backport] 8245757: Shenandoah: AlwaysPreTouch should not
disable heap resizing or uncommits
+ [backport] 8245773: Shenandoah: Windows assertion failure
after JDK-8245464
+ [backport] 8245812: Shenandoah: compute root phase parallelism
+ [backport] 8245814: Shenandoah: reconsider format specifiers
for stats
+ [backport] 8245825: Shenandoah: Remove diagnostic flag
ShenandoahConcurrentScanCodeRoots
+ [backport] 8246162: Shenandoah: full GC does not mark code
roots when class unloading is off
+ [backport] 8247310: Shenandoah: pacer should not affect
interrupt status
+ [backport] 8247358: Shenandoah: reconsider free budget slice
for marking
+ [backport] 8247367: Shenandoah: pacer should wait on lock
instead of exponential backoff
+ [backport] 8247474: Shenandoah: Windows build warning after
JDK-8247310
+ [backport] 8247560: Shenandoah: heap iteration holds root
locks all the time
+ [backport] 8247593: Shenandoah: should not block pacing
reporters
+ [backport] 8247751: Shenandoah: options tests should run with
smaller heaps
+ [backport] 8247754: Shenandoah: mxbeans tests can be shorter
+ [backport] 8247757: Shenandoah: split heavy tests by
heuristics to improve parallelism
+ [backport] 8247860: Shenandoah: add update watermark line in
rich assert failure message
+ [backport] 8248041: Shenandoah: pre-Full GC root updates may
miss some roots
+ [backport] 8248652: Shenandoah: SATB buffer handling may
assume no forwarded objects
+ [backport] 8249560: Shenandoah: Fix racy GC request handling
+ [backport] 8249649: Shenandoah: provide per-cycle pacing stats
+ [backport] 8249801: Shenandoah: Clear soft-refs on requested
GC cycle
+ [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests
should account for corner cases
+ Fix slowdebug build after JDK-8230853 backport
+ JDK-8252096: Shenandoah: adjust SerialPageShiftCount for
x86_32 and JFR
+ JDK-8252366: Shenandoah: revert/cleanup changes in
graphKit.cpp
+ Shenandoah: add JFR roots to root processor after JFR
integration
+ Shenandoah: add root statistics for string dedup table/queues
+ Shenandoah: enable low-frequency STW class unloading
+ Shenandoah: fix build failures after JDK-8244737 backport
+ Shenandoah: Fix build failure with +JFR -PCH
+ Shenandoah: fix forceful pacer claim
+ Shenandoah: fix formats in
ShenandoahStringSymbolTableUnlinkTask
+ Shenandoah: fix runtime linking failure due to non-compiled
shenandoahBarrierSetC1
+ Shenandoah: hook statistics printing to PrintGCDetails, not
PrintGC
+ Shenandoah: JNI weak roots are always cleared before Full GC
mark
+ Shenandoah: missing SystemDictionary roots in
ShenandoahHeapIterationRootScanner
+ Shenandoah: move barrier sets to their proper locations
+ Shenandoah: move parallelCleaning.* to shenandoah/
+ Shenandoah: pacer should use proper Atomics for intptr_t
+ Shenandoah: properly deallocates class loader metadata
+ Shenandoah: specialize String Table scans for better pause
performance
+ Shenandoah: Zero build fails after recent Atomic cleanup in
Pacer
* AArch64 port
+ JDK-8161072, PR3797: AArch64: jtreg
compiler/uncommontrap/TestDeoptOOM failure
+ JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java
generates guarantee failure in C1
+ JDK-8183925, PR3797: [AArch64] Decouple crash protection from
watcher thread
+ JDK-8199712, PR3797: [AArch64] Flight Recorder
+ JDK-8203481, PR3797: Incorrect constraint for unextended_sp
in frame:safe_for_sender
+ JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall
fails with SIGILL on aarch64
+ JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command
+ JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java
fails on AArch64
+ JDK-8216989, PR3797:
CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier()
does not check for zero length on AARCH64
+ JDK-8217368, PR3797: AArch64: C2 recursive stack locking
optimisation not triggered
+ JDK-8221658, PR3797: aarch64: add necessary predicate for
ubfx patterns
+ JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a
BufferBlob
+ JDK-8246482, PR3797: Build failures with +JFR -PCH
+ JDK-8247979, PR3797: aarch64: missing side effect of killing
flags for clearArray_reg_reg
+ JDK-8248219, PR3797: aarch64: missing memory barrier in
fast_storefield and fast_accessfield
- Ignore whitespaces after the header or footer in PEM X.509 cert
(bsc#1171352)
ImportantSUSE bug 1171352SUSE bug 1174157SUSE bug 1177943CVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDCVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gcc10 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for gcc10 fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
ModerateSUSE bug 1172798SUSE bug 1172846SUSE bug 1173972SUSE bug 1174753SUSE bug 1174817SUSE bug 1175168CVE-2020-13844 at SUSECVE-2020-13844 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode updated to 20201027 prerelease
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
# New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
# Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173594CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943)
* Security fixes
+ JDK-8233624: Enhance JNI linkage
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8240124: Better VM Interning
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 7 u281 build 1
+ JDK-8145096: Undefined behaviour in HotSpot
+ JDK-8215265: C2: range check elimination may allow illegal
out of bound access
* Backports
+ JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool)
ImportantSUSE bug 1177943CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openldap2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
ImportantSUSE bug 1178387CVE-2020-25692 at SUSECVE-2020-25692 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.1 ESR
* Fixed: Security fix
MFSA 2020-49 (bsc#1178588)
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted
for
ImportantSUSE bug 1178588CVE-2020-26950 at SUSECVE-2020-26950 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update changes the internal packaging for postgresql, and so contains
all currently maintained postgresql versions across our SUSE Linux Enterprise 12
products.
* postgresql12 is shipped new in version 12.3 (bsc#1171924).
The server and client packages only on SUSE Linux Enterprise Server 12 SP5,
the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/12/release-12-3.html
* postgresql10 is updated to 10.13 (bsc#1171924).
On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/10/release-10-13.html
* postgresql96 is updated to 9.6.18 (bsc#1171924):
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/9.6/release-9-6-18.html
On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only.
* postgresql 9.4 is updated to 9.4.26:
+ https://www.postgresql.org/about/news/2011/
+ https://www.postgresql.org/docs/9.4/release-9-4-26.html
+ https://www.postgresql.org/about/news/1994/
+ https://www.postgresql.org/docs/9.4/release-9-4-25.html
ModerateSUSE bug 1171924cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for raptor (Important)SUSE OpenStack Cloud Crowbar 9
This update for raptor fixes the following issues:
- Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926).
- Update raptor to version 2.0.15
* Made several fixes to Turtle / N-Triples family of parsers and serializers
* Added utility functions for re-entrant sorting of objects and sequences.
* Made other fixes and improvements including fixing reported issues:
0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584.
ImportantSUSE bug 1178593CVE-2017-18926 at SUSECVE-2017-18926 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for kernel-firmware (Important)SUSE OpenStack Cloud Crowbar 9
This update for kernel-firmware fixes the following issue:
- CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671).
ImportantSUSE bug 1178671CVE-2020-12321 at SUSECVE-2020-12321 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for krb5 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for krb5 fixes the following security issue:
- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
ModerateSUSE bug 1178512CVE-2020-28196 at SUSECVE-2020-28196 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).
Non-security issue fixed:
- Adjusted help for --max_iters, default is 5 (bsc#1177950).
ImportantSUSE bug 1177950SUSE bug 1178591CVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql10 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql10 fixes the following issues:
Upgrade to version 10.15:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/10/release-10-15.html
Update to 10.14:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/10/release-10-14.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb and mariadb-connector-c fixes the following issues:
- Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the
following security vulnerabilities:
CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180
- Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]
ModerateSUSE bug 1172399SUSE bug 1175596SUSE bug 1177472SUSE bug 1178428CVE-2020-14765 at SUSECVE-2020-14765 at NVDCVE-2020-14776 at SUSECVE-2020-14776 at NVDCVE-2020-14789 at SUSECVE-2020-14789 at NVDCVE-2020-14812 at SUSECVE-2020-14812 at NVDCVE-2020-15180 at SUSECVE-2020-15180 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)
- Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
- CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)
- Release notes:
- Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).
- Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).
- Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173592SUSE bug 1173594SUSE bug 1178971CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bluez (Important)SUSE OpenStack Cloud Crowbar 9
This update for bluez fixes the following issues:
- CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751).
ImportantSUSE bug 1166751CVE-2020-0556 at SUSECVE-2020-0556 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes.
The following security bugs were fixed:
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
- CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
- CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).
- CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).
- CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011).
- CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206).
- CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
- CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
- CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
- CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
- CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
- CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
- CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).
The following non-security bugs were fixed:
- btrfs: remove root usage from can_overcommit (bsc#1131277).
- hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816).
- hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306).
- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.
- livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability.
- NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
- NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).
- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).
- scsi: qla2xxx: Do not consume srb greedily (bsc#1173233).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).
ImportantSUSE bug 1051510SUSE bug 1058115SUSE bug 1065600SUSE bug 1131277SUSE bug 1160947SUSE bug 1163524SUSE bug 1166965SUSE bug 1168468SUSE bug 1170139SUSE bug 1170232SUSE bug 1170415SUSE bug 1171417SUSE bug 1171675SUSE bug 1172073SUSE bug 1172366SUSE bug 1173115SUSE bug 1173233SUSE bug 1175228SUSE bug 1175306SUSE bug 1175721SUSE bug 1175882SUSE bug 1176011SUSE bug 1176235SUSE bug 1176278SUSE bug 1176381SUSE bug 1176423SUSE bug 1176482SUSE bug 1176485SUSE bug 1176698SUSE bug 1176721SUSE bug 1176722SUSE bug 1176723SUSE bug 1176725SUSE bug 1176732SUSE bug 1176869SUSE bug 1176907SUSE bug 1176922SUSE bug 1176935SUSE bug 1176950SUSE bug 1176990SUSE bug 1177027SUSE bug 1177086SUSE bug 1177121SUSE bug 1177206SUSE bug 1177340SUSE bug 1177410SUSE bug 1177411SUSE bug 1177470SUSE bug 1177511SUSE bug 1177724SUSE bug 1177725SUSE bug 1177766SUSE bug 1177816SUSE bug 1178123SUSE bug 1178330SUSE bug 1178393SUSE bug 1178669SUSE bug 1178765SUSE bug 1178782SUSE bug 1178838CVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0430 at SUSECVE-2020-0430 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14381 at SUSECVE-2020-14381 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
ImportantSUSE bug 1178824CVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2020-16012 at SUSECVE-2020-16012 at NVDCVE-2020-26951 at SUSECVE-2020-26951 at NVDCVE-2020-26953 at SUSECVE-2020-26953 at NVDCVE-2020-26956 at SUSECVE-2020-26956 at NVDCVE-2020-26958 at SUSECVE-2020-26958 at NVDCVE-2020-26959 at SUSECVE-2020-26959 at NVDCVE-2020-26960 at SUSECVE-2020-26960 at NVDCVE-2020-26961 at SUSECVE-2020-26961 at NVDCVE-2020-26965 at SUSECVE-2020-26965 at NVDCVE-2020-26966 at SUSECVE-2020-26966 at NVDCVE-2020-26968 at SUSECVE-2020-26968 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for LibVNCServer (Important)SUSE OpenStack Cloud Crowbar 9
This update for LibVNCServer fixes the following issues:
- CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
ImportantSUSE bug 1178682CVE-2020-25708 at SUSECVE-2020-25708 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596).
- CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908).
ImportantSUSE bug 1174908SUSE bug 1177596CVE-2020-14360 at SUSECVE-2020-14360 at NVDCVE-2020-25712 at SUSECVE-2020-25712 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-setuptools (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-setuptools fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gdm (Important)SUSE OpenStack Cloud Crowbar 9
This update for gdm fixes the following issues:
- CVE-2020-16125: Fixed a privilege escalation (bsc#1178150).
ImportantSUSE bug 1178150CVE-2020-16125 at SUSECVE-2020-16125 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-cryptography (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-cryptography fixes the following issues:
- CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).
ModerateSUSE bug 1178168CVE-2020-25659 at SUSECVE-2020-25659 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql12 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql12 fixes the following issues:
Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
The previous postgresql12 update already addressed:
Update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mutt (Important)SUSE OpenStack Cloud Crowbar 9
This update for mutt fixes the following issues:
- Find and display the content of messages properly. (bsc#1179461)
- CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113)
ImportantSUSE bug 1179035SUSE bug 1179113SUSE bug 1179461CVE-2020-28896 at SUSECVE-2020-28896 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414SUSE bug 1178591SUSE bug 1178963CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Important)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssh (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssh fixes the following issues:
- CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513).
- Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684).
- Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566).
ModerateSUSE bug 1148566SUSE bug 1161684SUSE bug 1173513CVE-2020-14145 at SUSECVE-2020-14145 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark (Important)SUSE OpenStack Cloud Crowbar 9
This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark fixes the following issues:
Security changes included on this update:
grafana:
- CVE-2020-24303: Fixed an XXS with series overides. (bsc#1178243)
influxdb:
- CVE-2019-20933: Fixed an authentication bypass. (bsc#1178988)
python-Jinja2:
- CVE-2019-10906,CVE-2019-8341,CVE-2016-10745: 'SandboxedEnvironment' securely handles 'str.format_map' in order
to prevent code execution through untrusted format strings. (bsc#1132323, bsc#1125815, bsc#1132174)
python-pysaml2:
- CVE-2020-5390: Fixed an issue where there was no check that the signature in a SAML document is enveloped. (bsc#1160851)
python-urllib3:
- CVE-2020-26137: Fixed a CRLF injection via HTTP request method. (bsc#1177120)
Non-security changes included in this update:
Changes in ardana-cassandra:
- Update to version 9.0+git.1600802664.7e480a2:
* Remove freezer related backup/restore code (SOC-7751)
Changes in ardana-mq:
- Update to version 9.0+git.1605174486.a78ddce:
* Re-enable mirroring of fanout and reply queues (bsc#1177611)
Changes in ardana-osconfig:
- Update to version 9.0+git.1601621747.a87e5a0:
* HOS8 check needs to be a shell rather than command (SOC-11184)
Changes in ardana-tempest:
- Update to version 9.0+git.1603378983.fc0bca9:
* Enable VPNaaS testing (SOC-8764)
- Update to version 9.0+git.1599855218.875b2f3:
* unblacklist some revert tests (SOC-9178)
Changes in crowbar-core:
- Update to version 6.0+git.1606314264.bf9ada813:
* ntp: Do not use rate-limiting (bsc#1179161)
- Update to version 6.0+git.1600414599.150832ca2:
* Ignore CVE-2020-15169 (SOC-11391)
Changes in crowbar-openstack:
- Update to version 6.0+git.1604573541.bb18c172d:
* rabbitmq: Fix crm running check (SOC-11240)
- Update to version 6.0+git.1604491402.b4dbba849:
* Remove aspiers from CODEOWNERS
* Remove cmurphy from CODEOWNERS
Changes in grafana:
- Fix bsc#1178243 CVE-2020-24303 by adding
25401-Fix-XSS-vulnerability-with-series-overrides.patch
Changes in influxdb:
- Add CVE-2019-20933.patch (bsc#1178988, CVE-2019-20933) to
fix authentication bypass
- Declare license files correctly
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev20:
* PowerMax Driver - Legacy volumes fail to live migrate
- Update to version cinder-13.0.10.dev19:
* RBD: Cleanup temporary file during exception
- Update to version cinder-13.0.10.dev17:
* Remove experimental job legacy-tempest-dsvm-zeromq-multibackend
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev20:
* PowerMax Driver - Legacy volumes fail to live migrate
- Update to version cinder-13.0.10.dev19:
* RBD: Cleanup temporary file during exception
- Update to version cinder-13.0.10.dev17:
* Remove experimental job legacy-tempest-dsvm-zeromq-multibackend
Changes in openstack-heat:
- Update to version openstack-heat-11.0.4.dev4:
* Check external resources after creation
- Update to version openstack-heat-11.0.4.dev2:
* Don't store signal\_url for ec2 signaling of deployments
* Allow scale-down of ASG as part of update
11.0.3
Changes in openstack-heat:
- Update to version openstack-heat-11.0.4.dev4:
* Check external resources after creation
- Update to version openstack-heat-11.0.4.dev2:
* Don't store signal\_url for ec2 signaling of deployments
* Allow scale-down of ASG as part of update
11.0.3
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-12.0.1.dev2:
* Add support for victoria
- Update to version group-based-policy-automation-12.0.1.dev1:
* Add network\_id field for L2 Policy Heat Extensions
12.0.0
* Add support for ussuri
* Fix master/train gate
* Add support for train
10.0.0
* Upgrade for stable/stein branch
9.0.0
* Updated with 'stable/rocky' branch
* Replace openstack.org URLs with 'git+https://'
* OpenDev Migration Patch
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1605509190.64f020b:
* Fix software config on rdo
* optimize size and time using --no-cache-dir
* add template for servers using Octavia
- Update to version 0.0.0+git.1604032742.c5733ee:
* Move heat-templates-check job to zuul v3
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-12.0.1.dev3:
* Remove mox3 from requirements
- Update to version group-based-policy-ui-12.0.1.dev2:
* Fix python namespacing
* Add stable victoria
12.0.0
* Add support for ussuri
* Fix master/train gate
* Add support for train
10.0.0
* Upgrade for stable/stein branch
9.0.0
* Upgrading for stable/rocky branch
* Added Python3 support
* OpenDev Migration Patch
Changes in openstack-ironic-python-agent:
- Update to version ironic-python-agent-3.3.4.dev6:
* Fix: make Intel CNA hardware manager none generic
Changes in openstack-manila:
- Update to version manila-7.4.2.dev57:
* fix reno file location and indention
- Update to version manila-7.4.2.dev56:
* [Glusterfs] Fix delete share, Couldn't find the 'gluster\_used\_vols'
- Update to version manila-7.4.2.dev55:
* [Glusterfs] Fix delete share, mount point not disconnected
Changes in openstack-manila:
- Update to version manila-7.4.2.dev57:
* fix reno file location and indention
- Update to version manila-7.4.2.dev56:
* [Glusterfs] Fix delete share, Couldn't find the 'gluster\_used\_vols'
- Update to version manila-7.4.2.dev55:
* [Glusterfs] Fix delete share, mount point not disconnected
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev135:
* Rehome api tests for propagate\_uplink\_status
- Update to version neutron-13.0.8.dev134:
* Revert '[Security] fix allowed-address-pair 0.0.0.0/0 issue'
- Update to version neutron-13.0.8.dev132:
* Drop invalid rootwrap filters
* ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled
* Add update\_id for ResourceUpdate
- Update to version neutron-13.0.8.dev126:
* 'ping'/'ping6' command support in rootwrap filters
- Update to version neutron-13.0.8.dev124:
* Import 'oslo\_config.cfg' before 'eventlet'
* [OvS] Handle re\_added multi ports
- Update to version neutron-13.0.8.dev120:
* Local mac direct flow for non-openflow firewall
* Replace ctype.CDLL by ctypes.PyDLL in linux.ip\_lib
- Update to version neutron-13.0.8.dev116:
* Support gateway which is not in subnet CIDR in ha\_router
* Ensure fip ip rules deleted when fip removed
- Update to version neutron-13.0.8.dev112:
* windows: fix terminating processes
* [stable/rocky] Drop rally job
* Don't raise FileNotFoundError during disabling keepalived
* Load the glibc library only once for Pyroute2
- Update to version neutron-13.0.8.dev106:
* Do not fail deleting namespace if it does not exist
- Update to version neutron-13.0.8.dev104:
* Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs
- Update to version neutron-13.0.8.dev103:
* Use dict .get() to avoid a KeyError in the segment plugin
- Update to version neutron-13.0.8.dev101:
* Pass context in l3 flavor notifications
* Handle properly existing LLA address during l3 agent restart
- Update to version neutron-13.0.8.dev97:
* Add 'keepalived\_use\_no\_track' config option
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev135:
* Rehome api tests for propagate\_uplink\_status
- Update to version neutron-13.0.8.dev134:
* Revert '[Security] fix allowed-address-pair 0.0.0.0/0 issue'
- Update to version neutron-13.0.8.dev132:
* Drop invalid rootwrap filters
* ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled
* Add update\_id for ResourceUpdate
- Update to version neutron-13.0.8.dev126:
* 'ping'/'ping6' command support in rootwrap filters
- Update to version neutron-13.0.8.dev124:
* Import 'oslo\_config.cfg' before 'eventlet'
* [OvS] Handle re\_added multi ports
- Update to version neutron-13.0.8.dev120:
* Local mac direct flow for non-openflow firewall
* Replace ctype.CDLL by ctypes.PyDLL in linux.ip\_lib
- Update to version neutron-13.0.8.dev116:
* Support gateway which is not in subnet CIDR in ha\_router
* Ensure fip ip rules deleted when fip removed
- Update to version neutron-13.0.8.dev112:
* windows: fix terminating processes
* [stable/rocky] Drop rally job
* Don't raise FileNotFoundError during disabling keepalived
* Load the glibc library only once for Pyroute2
- Update to version neutron-13.0.8.dev106:
* Do not fail deleting namespace if it does not exist
- Update to version neutron-13.0.8.dev104:
* Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs
- Update to version neutron-13.0.8.dev103:
* Use dict .get() to avoid a KeyError in the segment plugin
- Update to version neutron-13.0.8.dev101:
* Pass context in l3 flavor notifications
* Handle properly existing LLA address during l3 agent restart
- Update to version neutron-13.0.8.dev97:
* Add 'keepalived\_use\_no\_track' config option
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev5:
* Fix ICMP type and ICMP code fields for named and numbered ICMP Protocol
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev4:
* Fix erroneous comma (,) in the LOG.exception call
2014.2rc1
- Update to version group-based-policy-12.0.1.dev3:
* Fix top of tree in gate
* Endpoint level qos changes
12.0.0
* Add support for ussuri
* Update subnets for SVI port corresponding to bound port
* Fix the intermittent QOS UT failure
* Fixed the QOS UT failure
* Use train branch instead of stein
* Add support for train
* Prepare for removal of CommonDbMixin
* Make AIM dsvm job voting
* Add support for upstream Stein release
* Fix python2/3 compatibility
* Fix DNS Domain Name in endpoint file
* When a subnet added to a bound SVI port, ensure it is added to SVI port
* Add support for qos
* Fix DNS issue in endpoint file
* [AIM] Add pre-existing BD to network extension
* Remove get\_current\_session
* Remove get\_current\_session method
* [AIM] Add EPG contract masters to network extension
* Revert 'Remove get\_current\_session method'
* Remove get\_current\_session method
* Support Dual Stack on SVI nets along with BGP
9.0.0
* Add support for upstream Rocky release
* Cleanup Queens (part 2)
* Fix missing DB migration
* Make aim functional gate job voting
* Added Python3 support
* [AIM] Sanitize the AIM tenant description field
* Fix field sizes for VM names
* Bind baremetal VNIC trunk ports
* Fix missing trunk\_details for a trunk without subports
* [AIM] Insert remote\_group\_id to SG rules properly
* Revert '[AIM] Convert remote\_ips for SG rules properly'
* Cleanup Queens
* [AIM] Convert remote\_ips for SG rules properly
* Clean up baremetal port handling
* [AIM] Clean up the mock and stop the looping thread in the UT env
* Don't stop this looping thread when an exception is thrown
* [AIM] Fix router\_id allocation for SVI
* Support non SVI static VLAN type segments with OpFlex agent
* Baremetal VNIC Trunk support
* [AIM] Don't queue notifications (4 of 4)
* [AIM] Don't queue registry callbacks (3 of 4)
* [AIM] Enable Neutron transaction guards (2 of 4)
* Don't call GBP or Neutron APIs from GBP PD precommit methods
* [AIM] Retry L3 Plugin Operations
* [AIM] Fix most common random UT failures
* [AIM] Fixed external subnet ANY\_CIDRs for l3out EPGs for SVI
* Revert 'Nested domain parameters support for openShift networks'
* Fix for unbinding baremetal VNIC ports
* Nested domain parameters support for openShift networks
* Fix tox coverage job
* Add suport for baremetal vnic\_type
2014.2.rc1
Changes in openstack-neutron-vpnaas:
- Remove remove-tempest-entry-point.patch thus enabling the
tempest_vpnaas plugin for tempest testing. (SCRD-8681)
- Package the neutron-vpnaas/tests/ directory contents in a new RPM
RPM package, python-neutron-vpnaas-tempest-plugin, that depend on
python-neutron-vpnaas, which provides the main neutron-vpnaas
code base. Additionally this new package can now safely depend on
the python-neutron-tempest-plugin package, providing the required
neutron_tempest_plugin module, without causing tempest packages
to be installed when python-neutron-vpnaas installed. (SOC-8764)
NOTE: This implicitly enables the neutron_tempest_plugin.
- Corrected LBaaS references to VPNaaS.
Changes in openstack-nova:
- Update to version nova-18.3.1.dev77:
* Follow up for cherry-pick check for merge patch
- Update to version nova-18.3.1.dev76:
* post live migration: don't call Neutron needlessly
- Update to version nova-18.3.1.dev74:
* libvirt: Do not reference VIR\_ERR\_DEVICE\_MISSING when libvirt is smaller than v4.1.0
- Update to version nova-18.3.1.dev72:
* libvirt: Handle VIR\_ERR\_DEVICE\_MISSING when detaching devices
- Update to version nova-18.3.1.dev70:
* compute: Don't delete the original attachment during pre LM rollback
* Add regression tests for bug #1889108
* compute: refactor volume bdm rollback error handling
- Update to version nova-18.3.1.dev64:
* compute: Use source\_bdms to reset attachment\_ids during LM rollback
* Robustify attachment tracking in CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev60:
* Improve CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev58:
* Removed the host FQDN from the exception message
- Update to version nova-18.3.1.dev56:
* libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live migration
Changes in openstack-nova:
- Update to version nova-18.3.1.dev77:
* Follow up for cherry-pick check for merge patch
- Update to version nova-18.3.1.dev76:
* post live migration: don't call Neutron needlessly
- Update to version nova-18.3.1.dev74:
* libvirt: Do not reference VIR\_ERR\_DEVICE\_MISSING when libvirt is smaller than v4.1.0
- Update to version nova-18.3.1.dev72:
* libvirt: Handle VIR\_ERR\_DEVICE\_MISSING when detaching devices
- Update to version nova-18.3.1.dev70:
* compute: Don't delete the original attachment during pre LM rollback
* Add regression tests for bug #1889108
* compute: refactor volume bdm rollback error handling
- Update to version nova-18.3.1.dev64:
* compute: Use source\_bdms to reset attachment\_ids during LM rollback
* Robustify attachment tracking in CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev60:
* Improve CinderFixtureNewAttachFlow
- Update to version nova-18.3.1.dev58:
* Removed the host FQDN from the exception message
- Rebased patches:
+ 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch dropped (merged upstream)
- Update to version nova-18.3.1.dev56:
* libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live migration
Changes in python-Jinja2:
- Trim bias from descriptions. Make sure % is escaped.
- update to version 2.10.1 (bsc#1132323, CVE-2019-10906, bsc#1125815, CVE-2019-8341):
* 'SandboxedEnvironment' securely handles 'str.format_map' in order
to prevent code execution through untrusted format strings. The
sandbox already handled 'str.format'.
- Activate test suite
- Add minimum build dependency to match runtime dependency
- Fix fdupes call
- Remove superfluous devel dependency for noarch package
- Update to 2.9.5 (bsc#1132174, CVE-2016-10745)
Changes in python-pysaml2:
- Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch
(CVE-2020-5390, bsc#1160851)
Changes in python-pytest:
- update to 3.7.4
- drop 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix possible infinite recursion when writing .pyc files
* Cache plugin now obeys the -q flag when --last-failed and
--failed-first flags are used.
* Fix bad console output when using console_output_style=classic
* Fixtures during teardown can again use capsys and capfd to inspect
output captured during tests.
* Fix bugs where unicode arguments could not be passed to testdir.runpytest
on Python 2.
* Fix double collection of tests within packages when the filename starts
with a capital letter
* Fix collection error when specifying test functions directly in the command
line using test.py::test syntax together with --doctest-modules
* Fix stdout/stderr not getting captured when real-time cli logging is active.
* Fix bug where --show-capture=no option would still show logs printed during
fixture teardown.
* Fix issue where teardown of fixtures of consecutive sub-packages were
executed once, at the end of the outer package.
- update to 3.7.2
- add 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix filterwarnings not being registered as a builtin mark.
* Fix test collection from packages mixed with normal directories.
* Fix infinite recursion during collection if a pytest_ignore_collect
hook returns False instead of None.
* Fix bug where decorated fixtures would lose functionality
* Fix bug where importing modules or other objects with prefix pytest_ prefix
would raise a PluginValidationError.
* Fix AttributeError during teardown of TestCase subclasses which raise
an exception during __init__.
* Fix traceback reporting for exceptions with __cause__ cycles.
Changes in python-pytest:
- update to 3.7.4
- drop 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix possible infinite recursion when writing .pyc files
* Cache plugin now obeys the -q flag when --last-failed and
--failed-first flags are used.
* Fix bad console output when using console_output_style=classic
* Fixtures during teardown can again use capsys and capfd to inspect
output captured during tests.
* Fix bugs where unicode arguments could not be passed to testdir.runpytest
on Python 2.
* Fix double collection of tests within packages when the filename starts
with a capital letter
* Fix collection error when specifying test functions directly in the command
line using test.py::test syntax together with --doctest-modules
* Fix stdout/stderr not getting captured when real-time cli logging is active.
* Fix bug where --show-capture=no option would still show logs printed during
fixture teardown.
* Fix issue where teardown of fixtures of consecutive sub-packages were
executed once, at the end of the outer package.
- update to 3.7.2
- add 0001-Use-unittest.mock-if-is-only-aviable.patch
* Fix filterwarnings not being registered as a builtin mark.
* Fix test collection from packages mixed with normal directories.
* Fix infinite recursion during collection if a pytest_ignore_collect
hook returns False instead of None.
* Fix bug where decorated fixtures would lose functionality
* Fix bug where importing modules or other objects with prefix pytest_ prefix
would raise a PluginValidationError.
* Fix AttributeError during teardown of TestCase subclasses which raise
an exception during __init__.
* Fix traceback reporting for exceptions with __cause__ cycles.
Changes in python-urllib3:
- Update urllib3-fix-test-urls.patch. Adjust to match upstream solution.
- Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for
CVE-2019-9740.
- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
method. (bsc#1177120, CVE-2020-26137)
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20200917:
* Change wording to correctly refer to future SES versions
* Update adoc/limitations.adoc
* Add SES version limitation, remove deprecated note about Octavia for Crowbar
- Update to version 9.20200917:
* Announce Upgrade is now available (SOC-9781)
Changes in spark:
- Add _constraints to prevent build from running out of disk space
ImportantSUSE bug 1125815SUSE bug 1132174SUSE bug 1132323SUSE bug 1160851SUSE bug 1177120SUSE bug 1177611SUSE bug 1178243SUSE bug 1178988CVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-20933 at SUSECVE-2019-20933 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-24303 at SUSECVE-2020-24303 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2020-5390 at SUSECVE-2020-5390 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Critical)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2020-55 (bsc#1180039)
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
CriticalSUSE bug 1180039CVE-2020-16042 at SUSECVE-2020-16042 at NVDCVE-2020-26971 at SUSECVE-2020-26971 at NVDCVE-2020-26973 at SUSECVE-2020-26973 at NVDCVE-2020-26974 at SUSECVE-2020-26974 at NVDCVE-2020-26978 at SUSECVE-2020-26978 at NVDCVE-2020-35111 at SUSECVE-2020-35111 at NVDCVE-2020-35112 at SUSECVE-2020-35112 at NVDCVE-2020-35113 at SUSECVE-2020-35113 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115).
- CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322).
- CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325).
- CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324).
- CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348).
- CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358).
- CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359).
- CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477).
- Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782).
- Multiple other bugs (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1176782SUSE bug 1179477SUSE bug 1179496SUSE bug 1179498SUSE bug 1179501SUSE bug 1179502SUSE bug 1179506SUSE bug 1179514SUSE bug 1179516CVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for clamav (Important)SUSE OpenStack Cloud Crowbar 9
This update for clamav fixes the following issues:
clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.
* clamd can now reload the signature database without blocking
scanning. This multi-threaded database reload improvement was made
possible thanks to a community effort.
- Non-blocking database reloads are now the default behavior. Some
systems that are more constrained on RAM may need to disable
non-blocking reloads as it will temporarily consume two times as
much memory. We added a new clamd config option
ConcurrentDatabaseReload, which may be set to no.
* Fix clamav-milter.service (requires clamd.service to run)
* bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
* Partial sync with SLE15.
Update to version 0.102.4
Accumulated security fixes:
* CVE-2020-3350: Fix a vulnerability wherein a malicious user could
replace a scan target's directory with a symlink to another path
to trick clamscan, clamdscan, or clamonacc into removing or moving
a different file (eg. a critical system file). The issue would
affect users that use the --move or --remove options for clamscan,
clamdscan, and clamonacc. (bsc#1174255)
* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
module in ClamAV 0.102.3 that could cause a Denial-of-Service
(DoS) condition. Improper bounds checking results in an
out-of-bounds read which could cause a crash. The previous fix for
this CVE in 0.102.3 was incomplete. This fix correctly resolves
the issue.
* CVE-2020-3481: Fix a vulnerability in the EGG archive module in
ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)
condition. Improper error handling may result in a crash due to a
NULL pointer dereference. This vulnerability is mitigated for
those using the official ClamAV signature databases because the
file type signatures in daily.cvd will not enable the EGG archive
parser in versions affected by the vulnerability. (bsc#1174250)
* CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
condition. Improper size checking of a buffer used to initialize AES
decryption routines results in an out-of-bounds read which may cause
a crash. (bsc#1171981)
* CVE-2020-3123: A denial-of-service (DoS) condition may occur when
using the optional credit card data-loss-prevention (DLP) feature.
Improper bounds checking of an unsigned variable resulted in an
out-of-bounds read, which causes a crash.
* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may
occur when scanning a specially crafted email file as a result
of excessively long scan times. The issue is resolved by
implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. (bsc#1157763).
* CVE-2019-12900: An out of bounds write in the NSIS bzip2
(bsc#1149458)
* CVE-2019-12625: Introduce a configurable time limit to mitigate
zip bomb vulnerability completely. Default is 2 minutes,
configurable useing the clamscan --max-scantime and for clamd
using the MaxScanTime config option (bsc#1144504)
Update to version 0.101.3:
* ZIP bomb causes extreme CPU spikes (bsc#1144504)
Update to version 0.101.2 (bsc#1118459):
* Support for RAR v5 archive extraction.
* Incompatible changes to the arguments of cl_scandesc,
cl_scandesc_callback, and cl_scanmap_callback.
* Scanning options have been converted from a single flag
bit-field into a structure of multiple categorized flag
bit-fields.
* The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by
2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and
CL_SCAN_HEURISTIC_ENCRYPTED_DOC
* Incompatible clamd.conf and command line interface changes.
* Heuristic Alerts' (aka 'Algorithmic Detection') options have
been changed to make the names more consistent. The original
options are deprecated in 0.101, and will be removed in a
future feature release.
* For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html ImportantSUSE bug 1118459SUSE bug 1119353SUSE bug 1144504SUSE bug 1149458SUSE bug 1157763SUSE bug 1171981SUSE bug 1174250SUSE bug 1174255CVE-2019-12900 at SUSECVE-2019-12900 at NVDCVE-2019-15961 at SUSECVE-2019-15961 at NVDCVE-2020-3123 at SUSECVE-2020-3123 at NVDCVE-2020-3327 at SUSECVE-2020-3327 at NVDCVE-2020-3341 at SUSECVE-2020-3341 at NVDCVE-2020-3350 at SUSECVE-2020-3350 at NVDCVE-2020-3481 at SUSECVE-2020-3481 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cyrus-sasl (Important)SUSE OpenStack Cloud Crowbar 9
This update for cyrus-sasl fixes the following issues:
- CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635).
ImportantSUSE bug 1159635CVE-2019-19906 at SUSECVE-2019-19906 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dnsmasq (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for dnsmasq fixes the following issues:
Security issue fixed:
- CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers
to cause denial of service via DHCP response creation (bsc#1154849)
Other issue addressed:
- Removed cache size limit (bsc#1138743).
ModerateSUSE bug 1138743SUSE bug 1154849CVE-2019-14834 at SUSECVE-2019-14834 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for nodejs6 (Important)SUSE OpenStack Cloud Crowbar 9
This update for nodejs6 fixes the following issues:
Security issues fixed:
- CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104).
- CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102).
- CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103).
ImportantSUSE bug 1163102SUSE bug 1163103SUSE bug 1163104CVE-2019-15604 at SUSECVE-2019-15604 at NVDCVE-2019-15605 at SUSECVE-2019-15605 at NVDCVE-2019-15606 at SUSECVE-2019-15606 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
MariaDB was updated to version 10.2.31 GA (bsc#1162388).
Security issues fixed:
- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
- CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895).
- Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878).
- Fixed a permissions issue in /var/lib/mysql (bsc#1077717).
ModerateSUSE bug 1077717SUSE bug 1160878SUSE bug 1160883SUSE bug 1160895SUSE bug 1160912SUSE bug 1162388CVE-2019-18901 at SUSECVE-2019-18901 at NVDCVE-2020-2574 at SUSECVE-2020-2574 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon (Important)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon fixes the following issues:
Security issues fixed:
- CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
- CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to block a large amount of threads (bsc#1158675).
Non-security issues fixed:
Changes in ardana-ansible:
- Update to version 9.0+git.1581611758.f694f7d:
* Don't run deprecated-vhost-removal on localhost (SOC-11098)
- Update to version 9.0+git.1580906085.40eb430:
* simplify glance image upload (SOC-11089)
- Update to version 9.0+git.1580220034.3236aa5:
* Ensure rabbitmq-server started after packages updated (SOC-11070)
- Update to version 9.0+git.1576060554.bdd84e6:
* Fix grep for image details on service-guest-image (SOC-11012)
Changes in ardana-cinder:
- Update to version 9.0+git.1579256229.c8b4b38:
* Add option to flatten snapshots when using SES (SOC-11054)
- Update to version 9.0+git.1574694613.04a8b74:
* Ensure nfs-client installed for NetApp support (SOC-9005)
- Update to version 9.0+git.1574359983.c198cc9:
* Add option for nfs_share configuration (SOC-9005)
Changes in ardana-cobbler:
- Update to version 9.0+git.1574950066.a3c4be4:
* Set root device on SLES autoyast templates (SOC-7365)
- Update to version 9.0+git.1573845154.3545efd:
* Change install_recommended to true (SOC-9005)
Changes in ardana-db:
- Update to version 9.0+git.1578936438.b9a9b95:
* Switch to using override file in my.cnf.d (SOC-11043)
- Update to version 9.0+git.1578595169.57c5911:
* account for pre-update nodes (SOC-11037)
Changes in ardana-horizon:
- Update to version 9.0+git.1575562864.8ed5e10:
* Generate policy for Octavia dashboard (SOC-10883)
- Update to version 9.0+git.1575562860.2ce2851:
* Fix policy configuration generation (SOC-10883)
Changes in ardana-input-model:
- Update to version 9.0+git.1580403439.d425462:
* Enable port security extension neutron (SOC-11027)
- Update to version 9.0+git.1574953363.60cf58f:
* octavia: use lbaasv2-proxy service plugin (SOC-10987)
Changes in ardana-monasca:
- Update to version 9.0+git.1579273481.4b8c46f:
* Leverage schema conversion script for upgrade (SOC-10277)
- Update to version 9.0+git.1575919721.5c42222:
* align Monasca DB schema with upstream prior to upgrade (SOC-10277)
Changes in ardana-mq:
- Update to version 9.0+git.1581024903.8e74867:
* Ensure HA queue sync wait fails (SOC-11083)
- Update to version 9.0+git.1580934283.230ff8b:
* Fix HA policy setting comments (SOC-10317, SOC-11082)
- Update to version 9.0+git.1580746285.da922ce:
* Set HA policy accordingly (SOC-10317, SOC-11082)
- Update to version 9.0+git.1575405552.d84f662:
* Change the HA policy mirror (SOC-10317)
Changes in ardana-nova:
- Update to version 9.0+git.1580304673.6c668eb:
* Set notification_format to unversioned in nova.conf (bsc#1161721)
- Update to version 9.0+git.1575481165.9d3826f:
* Remove duplicate entries for alias configuration for GPU (SOC-10837)
- Update to version 9.0+git.1573764498.ed4098d:
* Pass through gpu device info. (SOC-10837)
Changes in ardana-octavia:
- Update to version 9.0+git.1576074489.62de7e2:
* Add load-balancer roles (SOC-8743)
- Update to version 9.0+git.1575366951.e0216b4:
* Add policy.json to match the neutron lbaasv2 policy (SOC-10987)
- Update to version 9.0+git.1574358661.c976583:
* Change event_streamer_driver to noop (bsc#1154235)
Changes in ardana-osconfig:
- Update to version 9.0+git.1580235830.0dca223:
* Start OVS services before wicked service at boot (SOC-11067)
- Update to version 9.0+git.1579790275.8afb314:
* Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)
Changes in ardana-tempest:
- Update to version 9.0+git.1578932816.e299c08:
* Revert to using cirros image for heat tests (SOC-7028)
- Update to version 9.0+git.1578413400.0614192:
* Create network resources needed by some heat tests (SOC-7028)
- Update to version 9.0+git.1576611974.d17e4df:
* Enable octavia tempest plugin test cases (SOC-8743)
- Update to version 9.0+git.1574955714.5bae846:
* Update lbaas tempest filter for octavia (SOC-10987)
Changes in ardana-tls:
- Update to version 9.0+git.1575296665.3fdfe45:
* Make sure VNC CA file contain our internal CAs (SOC-10968)
- Update to version 9.0+git.1574280348.a306396:
* default the certificate validity to 5 years for the VNC cert (SOC-10973)
Changes in crowbar-core:
- Update to version 6.0+git.1582892022.cbd70e833:
* upgrade: Run DHCP evacuation (SOC-11046)
- Update to version 6.0+git.1582200015.08264d8f9:
* Fix deployment queue display (SOC-10741)
- Update to version 6.0+git.1580144807.7d068caf0:
* network: start OVS before wickedd (SOC-11067)
- Update to version 6.0+git.1578997967.4591670f0:
* dns: add checks to designate migration (SOC-11047)
- Update to version 6.0+git.1578935422.01edb0a9b:
* Do not log an error for a case that is correct (trivial)
- Update to version 6.0+git.1578563578.68beda299:
* Upgrade neutron agent together with nova-compute package (SOC-11031)
- Update to version 6.0+git.1578402096.90d9332d9:
* apache2: Restart after enabling SSL flag (SOC-11029)
* crowbar: add crowbar-pacemaker dependency (SOC-10986)
- Update to version 6.0+git.1576756414.ca49a781d:
* bind9: Add legacy public.foo DNS entries (SOC-11006)
- Update to version 6.0+git.1576662075.88de27567:
* upgrade: Make a check for SLES product version (SOC-3089)
- Update to version 6.0+git.1576493114.5e9534f13:
* upgrade: Stop if nova-compute upgrade fails (SOC-10378)
* upgrade: Fix typo in log message (typo)
- Update to version 6.0+git.1576149781.1ac02ef0d:
* upgrade: add missing exit to Monasca DB dump (trivial)
- Update to version 6.0+git.1576072790.23b58b4a2:
* upgrade: Fix systemd unit listing (trivial)
* Make sure the crowbar migrations are OK (SOC-6849)
- Update to version 6.0+git.1575980638.3cad5a333:
* Ignore CVE-2019-16770 (SOC-10999)
* upgrade: Make cluster health check at the start of services step (SOC-6849)
* upgrade: Remove DRBD specific code from the continuation parts (SOC-10985)
- Update to version 6.0+git.1575628097.5a7475686:
* upgrade: Do not stop and reload nova services in normal mode (SOC-10995)
- Update to version 6.0+git.1574763248.ad958e68c:
* Disable installation repository (bsc#1152007)
* Disable automatic repo services (bsc#1152007)
- Update to version 6.0+git.1574431193.3f5c69937:
* [upgrade] Wait for keystone to be ready after start (bsc#1157206)
- Update to version 6.0+git.1574363439.bc4d86c9b:
* upgrade: Make sure cinder-volume is really stopped (bsc#1156305)
- Update to version 6.0+git.1574270808.e4344109b:
* upgrade: Ignore Cloud repository during repocheck (bsc#1152007)
- Update to version 6.0+git.1574102328.13f0b12bf:
* Ignore CVE-2019-13117 in CI builds (bsc#1157028)
Changes in crowbar-ha:
- Update to version 6.0+git.1574286261.6fd1a34:
* Drop g-haproxy removal code (bsc#1156914)
Changes in crowbar-openstack:
- Update to version 6.0+git.1580922461.67fb3c087:
* Designate: make sure dns-server is active on a non-admin node (SOC-10636)
* Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082)
- Update to version 6.0+git.1580480133.d27bf75d0:
* ec2-api: run keystone_register on cluster founder only (SOC-11079)
- Update to version 6.0+git.1580308069.558c6dd8a:
* rabbitmq: sync startup definitions.json with recipe (SOC-11077)
- Update to version 6.0+git.1579097055.cf15ef22e:
* tempest: enable multiattach for NetApp + LVM (SCPM-97)
* tempest: tempest run filters as templates (SOC-11052)
- Update to version 6.0+git.1578491103.ca03b990c:
* Install openstack client for neutron recipes (SOC-11039)
- Update to version 6.0+git.1576859278.871ed9151:
* octavia: Add topology setting (SOC-10876)
- Update to version 6.0+git.1576769055.cae3ecf9a:
* octavia: Add anti-affinity settings (SOC-11026)
* designate: Fix the migrations of ssl values (SOC-11030)
* octavia: Also delete unused amphora images (SOC-11024)
* octavia: Delete old amphora images (SOC-11024)
* octavia: Install amphora image always (SOC-11024)
- Update to version 6.0+git.1576688912.0cfb42201:
* Do not read data from barclamp that has not been saved (SOC-11028)
* octavia: Add ssh key to health manager (SOC-11025)
- Update to version 6.0+git.1576513513.8456a08f8:
* designate: Mark as user managed (SOC-10233)
- Update to version 6.0+git.1576331976.c068cbe15:
* octavia: Update configuration parameters (SOC-10904)
- Update to version 6.0+git.1576245850.2d50399b5:
* tempest: Update default image on schema (SOC-11023)
- Update to version 6.0+git.1576145909.ec2c5f746:
* octavia: enable octavia tempest plugin test cases (SOC-8743)
- Update to version 6.0+git.1576091112.c802654e0:
* keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
* horizon: add Octavia horizon dashboard (SOC-10833)
- Update to version 6.0+git.1575917420.9a9d1b024:
* Add Crowbar UI options for mgmt net (SOC-10904)
* octavia: configure barbican auth (SOC-10989)
* octavia: fix deprecated config options (SOC-10990)
- Update to version 6.0+git.1574850023.d4c2337fc:
* tempest: create lbaas-octavia filter (SOC-10965)
* octavia: switch to noop event streamer (SOC-10868)
* tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin (SOC-10907)
- Update to version 6.0+git.1574685608.1c9818d53:
* horizon: fix keystone node lookup (SOC-10978)
- Update to version 6.0+git.1574428771.9bd63ba0d:
* designate: declare all mdns servers as master on pool config (SOC-10952)
- Update to version 6.0+git.1574334452.15e0db044:
* designate: add support for SSL (SOC-10877)
* horizon: install lbaas horizon dashboard (SOC-10883)
- Update to version 6.0+git.1574270038.651a48486:
* octavia: add SSL section to the UI (SOC-10906)
- Update to version 6.0+git.1574094012.3c62b569f:
* octavia: Add memcached_servers for token caching (SOC-10905)
Changes in crowbar-ui:
- Update to version 1.3.0+git.1575896697.a01a3a08:
* upgrade: Added missing error title
* travis: Stop testing against nodejs4
Changes in keepalived:
- update to 2.0.19
- new BR pkgconfig(libnftnl) to fix nftables support
- add nftables to the BR
- added patch
* linux-4.15.patch
- add buildrequires for file-devel
- used in the checker to verify scripts
- enable json stats and config dump support
new BR: pkgconfig(json-c)
- enable http regexp support: new BR pcre2-devel
- disable dbus instance creation support as it is marked as
dangerous
- Add BFD build option to keepalived.spec rpm file
Issue #1114 identified that the keepalived.spec file was not being
generated to build BFD support even if keepalived had been
configured to support it.
- full changelog
https://keepalived.org/changelog.html
Changes in openstack-barbican:
- Update to version barbican-7.0.1.dev24:
* Fix the barbicanclient installation not from source
- Update to version barbican-7.0.1.dev23:
* Don't use branch matching
* Make broken fedora\_latest job n-v
Changes in openstack-barbican:
- Update to version barbican-7.0.1.dev24:
* Fix the barbicanclient installation not from source
- Update to version barbican-7.0.1.dev23:
* Don't use branch matching
* Make broken fedora\_latest job n-v
Changes in openstack-ceilometer:
- Update to version ceilometer-11.0.2.dev21:
* Tell reno to ignore the kilo branch
* Run Grenade job under Python 2 for compatibility
- Update to version ceilometer-11.0.2.dev19:
* [stable-only] Cap msgpack
- Update to version ceilometer-11.0.2.dev18:
* Add note for loadbalancer resource type support
- Update to version ceilometer-11.0.2.dev17:
* Fix samples with dots in sample name
- Update to version ceilometer-11.0.2.dev15:
* Add loadbalancer resource type
Changes in openstack-ceilometer:
- Update to version ceilometer-11.0.2.dev21:
* Tell reno to ignore the kilo branch
* Run Grenade job under Python 2 for compatibility
- Update to version ceilometer-11.0.2.dev19:
* [stable-only] Cap msgpack
- Update to version ceilometer-11.0.2.dev18:
* Add note for loadbalancer resource type support
- Update to version ceilometer-11.0.2.dev17:
* Fix samples with dots in sample name
- Update to version ceilometer-11.0.2.dev15:
* Add loadbalancer resource type
Changes in openstack-cinder:
- Update to version cinder-13.0.9.dev11:
* Cinder backup export broken
- Update to version cinder-13.0.9.dev10:
* Support Incremental Backup Completion In RBD
- Update to version cinder-13.0.9.dev8:
* Fix: Create new cache entry when xtremio reaches snap limit
* Tell reno to ignore the kilo branch
- Update to version cinder-13.0.9.dev5:
* Make volume soft delete more thorough
- Update to version cinder-13.0.9.dev4:
* Cap sphinx for py2 to match global reqs
13.0.8
- Update to version cinder-13.0.8.dev12:
* Add 'volume\_attachment' to volume expected attributes
* Fix service\_uuid migration for volumes with no host
- Update to version cinder-13.0.8.dev9:
* Increase cpu limit for image conversion
Changes in openstack-cinder:
- Update to version cinder-13.0.9.dev11:
* Cinder backup export broken
- Update to version cinder-13.0.9.dev10:
* Support Incremental Backup Completion In RBD
- Update to version cinder-13.0.9.dev8:
* Fix: Create new cache entry when xtremio reaches snap limit
* Tell reno to ignore the kilo branch
- Update to version cinder-13.0.9.dev5:
* Make volume soft delete more thorough
- Update to version cinder-13.0.9.dev4:
* Cap sphinx for py2 to match global reqs
13.0.8
- Update to version cinder-13.0.8.dev12:
* Add 'volume\_attachment' to volume expected attributes
* Fix service\_uuid migration for volumes with no host
- Update to version cinder-13.0.8.dev9:
* Increase cpu limit for image conversion
Changes in openstack-dashboard:
- Update to version horizon-14.1.1.dev1:
14.1.0
* Ensure python versions
- Update to version horizon-14.0.5.dev9:
* Fix typo in publicize\_image policy name
- Update to version horizon-14.0.5.dev8:
* Fix 'prev' link pagination for instances with identical timestamps
- Update to version horizon-14.0.5.dev7:
* Fix deleting port from port details page
* Fix tenant floating\_ip\_allocation call in neutron rest api
- Update to version horizon-14.0.5.dev3:
* Add 'prev' link to instance page list pagination
- horizon: Obsolete python-django_openstack_auth (SOC-10228)
port of https://review.opendev.org/#/c/685224
- Update to version horizon-14.0.5.dev2:
* Call Glance list with certain image ids
Changes in openstack-dashboard-theme-SUSE:
- Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)
Changes in openstack-designate:
- Update to version designate-7.0.1.dev23:
* Use Tempest 'all' tox env
Changes in openstack-designate:
- Update to version designate-7.0.1.dev23:
* Use Tempest 'all' tox env
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev31:
* Update Fedora image ref for test jobs
- Update to version openstack-heat-11.0.3.dev29:
* Docs: use extrefs to link to other projects' docs
- Update to version openstack-heat-11.0.3.dev28:
* Use stable constraint for Tempest pinned stable branches
- Update to version openstack-heat-11.0.3.dev27:
* Correct BRANCH\_OVERRIDE for stable/rocky
* Correct availability\_zone to be non-mandatory in heat
- Update to version openstack-heat-11.0.3.dev24:
* Fix the wrong time unit for OS::Octavia::HealthMonitor
Changes in openstack-heat:
- Update to version openstack-heat-11.0.3.dev31:
* Update Fedora image ref for test jobs
- Update to version openstack-heat-11.0.3.dev29:
* Docs: use extrefs to link to other projects' docs
- Update to version openstack-heat-11.0.3.dev28:
* Use stable constraint for Tempest pinned stable branches
- Update to version openstack-heat-11.0.3.dev27:
* Correct BRANCH\_OVERRIDE for stable/rocky
* Correct availability\_zone to be non-mandatory in heat
- Update to version openstack-heat-11.0.3.dev24:
* Fix the wrong time unit for OS::Octavia::HealthMonitor
Changes in openstack-horizon-plugin-designate-ui:
- Update to version designate-dashboard-7.0.1.dev8:
* Fix list zones updated at same time
Changes in openstack-horizon-plugin-ironic-ui:
- Update to version ironic-ui-3.3.1.dev14:
* Fix horizon dependency
* OpenDev Migration Patch
Changes in openstack-horizon-plugin-neutron-lbaas-ui:
- Update to version neutron-lbaas-dashboard-5.0.1.dev8:
* Fix auth url for Barbican client
- Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883)
The .pyc file needs to be removed when the package is uninstalled,
otherwise the panel will remain enabled in the dashboard and cause
errors.
Changes in openstack-ironic:
- Update to version ironic-11.1.4.dev22:
* Change MTU logic to allow for lower MTUs automatically
* Do not ignore 'fields' query parameter when building next url
* Ensure pagination marker is always set
- Update to version ironic-11.1.4.dev17:
* grub configuration should use user kernel and ramdisk
- Update to version ironic-11.1.4.dev16:
* Change log level based on node status
Changes in openstack-ironic:
- Remove rootwrap.d/ironic-lib.filters. This file is included in
python-ironic-lib >= 2.14.2.
- Update to version ironic-11.1.4.dev22:
* Change MTU logic to allow for lower MTUs automatically
* Do not ignore 'fields' query parameter when building next url
* Ensure pagination marker is always set
- Update to version ironic-11.1.4.dev17:
* grub configuration should use user kernel and ramdisk
- Update to version ironic-11.1.4.dev16:
* Change log level based on node status
Changes in openstack-ironic-python-agent:
- Update to version ironic-python-agent-3.3.3.dev6:
* Fix tox.ini to correctly test lower-constraints
Changes in openstack-keystone:
- Update to version keystone-14.1.1.dev36:
* Tell reno to ignore the kilo branch
- Update to version keystone-14.1.1.dev35:
* Always have username in CADF initiator
- Update to version keystone-14.1.1.dev33:
* Fix role\_assignments role.id filter
* Ensure bootstrap handles multiple roles with the same name
- Update to version keystone-14.1.1.dev29:
* Add the missing packages when install keystone
Changes in openstack-keystone:
- Update to version keystone-14.1.1.dev36:
* Tell reno to ignore the kilo branch
- Update to version keystone-14.1.1.dev35:
* Always have username in CADF initiator
- Update to version keystone-14.1.1.dev33:
* Fix role\_assignments role.id filter
* Ensure bootstrap handles multiple roles with the same name
- Update to version keystone-14.1.1.dev29:
* Add the missing packages when install keystone
Changes in openstack-magnum:
- Update to version magnum-7.2.1.dev1:
* Remove buildimage jobs
7.2.0
- Update to version magnum-7.1.1.dev38:
* k8s\_fedora: Move rp\_filter=1 for calico up
* k8s\_fedora\_atomic: Add PodSecurityPolicy
* k8s: Clear cni configuration
* fix: Deploy enable\_service last (rocky only)
- Update to version magnum-7.1.1.dev34:
* k8s\_fedora: Label master nodes with kubectl
* k8s: stop introspecting instance name
* Fix proportional autoscaler image
* Using Fedora Atomic 29 as default image
Changes in openstack-magnum:
- Update to version magnum-7.2.1.dev1:
* Remove buildimage jobs
7.2.0
- Update to version magnum-7.1.1.dev38:
* k8s\_fedora: Move rp\_filter=1 for calico up
* k8s\_fedora\_atomic: Add PodSecurityPolicy
* k8s: Clear cni configuration
* fix: Deploy enable\_service last (rocky only)
- Update to version magnum-7.1.1.dev34:
* k8s\_fedora: Label master nodes with kubectl
* k8s: stop introspecting instance name
* Fix proportional autoscaler image
* Using Fedora Atomic 29 as default image
Changes in openstack-monasca-agent:
- update to version 2.8.1~dev13
- add X.509 certificate check plugin
- update to version 2.8.1~dev12
- Update hacking version to 1.1.x
- OpenDev Migration Patch
Changes in openstack-neutron:
- Update to version neutron-13.0.7.dev48:
* Do not initialize snat-ns twice
* Fix bug: AttributeError arises while sorting with standard attributes
- Update to version neutron-13.0.7.dev44:
* ovs agent: signal to plugin if tunnel refresh needed
* Mock check if ipv6 is enabled in L3 agent unit tests
* Fix resource schemas and releated \`get\_sorts\` test cases
* Remove sleep command when retrieving OVS dp
- Update to version neutron-13.0.7.dev36:
* Remove Floating IP DNS record upon associated port deletion
* Trigger router update only when gateway port IP changed
* Re-use existing ProcessLauncher from wsgi in RPC workers
- Update to version neutron-13.0.7.dev30:
* Check SG members instead of ports to skip flow update
* Ensure driver error preventing trunk port deletion is logged
* [L3] Switch order of processing added and removed router ports
- Update to version neutron-13.0.7.dev24:
* dhcp-agent: equalize port create\_low/update/delete priority
* Catch OVSFWTagNotFound in update\_port\_filter
* [OVS] Handle added/removed ports in the same polling iteration
* DVR: Ignore DHCP port during DVR host query
* Improve 'OVSFirewallDriver.process\_trusted\_ports'
* List SG rules which belongs to tenant's SG
* Fix py3 compatibility
- Update to version neutron-13.0.7.dev10:
* Define orm relationships after db classes
* Add retries to update trunk port
- Update to version neutron-13.0.7.dev6:
* Allow to kill keepalived state change monitor process
- Update to version neutron-13.0.7.dev4:
* Always set ovs bridge name in vif:binding-details
- Update to version neutron-13.0.7.dev2:
* don't clear skb mark when ovs is hw-offload enabled
- Update to version neutron-13.0.7.dev1:
* Use constraints for docs tox target and cap hacking
13.0.6
- Update to version neutron-13.0.6.dev21:
* Set DB retry for quota\_enforcement pecan\_wsgi hook
- Update to version neutron-13.0.6.dev20:
* [OVS FW] Clean port rules if port not found in ovsdb
* Add more condition to check sg member exist
- Update to version neutron-13.0.6.dev17:
* Fix race condition when getting cmdline
- Update to version neutron-13.0.6.dev15:
* Run revision bump operations en masse
- Update to version neutron-13.0.6.dev13:
* Add extra unit test for get\_cmdline\_from\_pid function
- Update to version neutron-13.0.6.dev11:
* Switch to use cast method in dhcp\_ready\_on\_ports method
- Update to version neutron-13.0.6.dev10:
* Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron:
- Update to version neutron-13.0.7.dev48:
* Do not initialize snat-ns twice
* Fix bug: AttributeError arises while sorting with standard attributes
- Update to version neutron-13.0.7.dev44:
* ovs agent: signal to plugin if tunnel refresh needed
* Mock check if ipv6 is enabled in L3 agent unit tests
* Fix resource schemas and releated \`get\_sorts\` test cases
* Remove sleep command when retrieving OVS dp
- Update to version neutron-13.0.7.dev36:
* Remove Floating IP DNS record upon associated port deletion
* Trigger router update only when gateway port IP changed
* Re-use existing ProcessLauncher from wsgi in RPC workers
- Update to version neutron-13.0.7.dev30:
* Check SG members instead of ports to skip flow update
* Ensure driver error preventing trunk port deletion is logged
* [L3] Switch order of processing added and removed router ports
- Update to version neutron-13.0.7.dev24:
* dhcp-agent: equalize port create\_low/update/delete priority
* Catch OVSFWTagNotFound in update\_port\_filter
* [OVS] Handle added/removed ports in the same polling iteration
* DVR: Ignore DHCP port during DVR host query
* Improve 'OVSFirewallDriver.process\_trusted\_ports'
* List SG rules which belongs to tenant's SG
* Fix py3 compatibility
- Update neutron-ha-tool to latest version:
* Add DHCP agent evacuation (SOC-11046)
- Update to version neutron-13.0.7.dev10:
* Define orm relationships after db classes
* Add retries to update trunk port
- Update to version neutron-13.0.7.dev6:
* Allow to kill keepalived state change monitor process
- Update to version neutron-13.0.7.dev4:
* Always set ovs bridge name in vif:binding-details
- Update to version neutron-13.0.7.dev2:
* don't clear skb mark when ovs is hw-offload enabled
- Update to version neutron-13.0.7.dev1:
* Use constraints for docs tox target and cap hacking
13.0.6
- Update to version neutron-13.0.6.dev21:
* Set DB retry for quota\_enforcement pecan\_wsgi hook
- Update to version neutron-13.0.6.dev20:
* [OVS FW] Clean port rules if port not found in ovsdb
* Add more condition to check sg member exist
- Update to version neutron-13.0.6.dev17:
* Fix racondition when getting cmdline
- Update to version neutron-13.0.6.dev15:
* Run revision bump operations en masse
- neutron: Remove stop action from ovs-cleanup (bsc#1157482)
backport of https://review.opendev.org/#/c/695867/
- Update to version neutron-13.0.6.dev13:
* Add extra unit test for get\_cmdline\_from\_pid function
- Update to version neutron-13.0.6.dev11:
* Switch to use cast method in dhcp\_ready\_on\_ports method
- Update to version neutron-13.0.6.dev10:
* Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron-fwaas:
- Update to version neutron-fwaas-13.0.3.dev4:
* Fix sorting of filter rules in legacy\_conntrack module
- Update to version neutron-fwaas-13.0.3.dev3:
* Fix list\_entries for netlink\_lib when running on py3
Changes in openstack-neutron-fwaas:
- Update to version neutron-fwaas-13.0.3.dev4:
* Fix sorting of filter rules in legacy\_conntrack module
- Update to version neutron-fwaas-13.0.3.dev3:
* Fix list\_entries for netlink\_lib when running on py3
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-5.0.1.dev491:
* Refactor static path code
- Update to version group-based-policy-5.0.1.dev490:
* Support named ip protocols for SecurityGroupRules
- Update to version group-based-policy-5.0.1.dev488:
* Enable SVI networks with hosts running opflex agent
- Update to version group-based-policy-5.0.1.dev486:
* Allow both FIP and SNAT on a single port
- Update to version group-based-policy-5.0.1.dev485:
* Fix active-active AAP RPC query
- Update to version group-based-policy-5.0.1.dev484:
* [AIM] Add extra provided/consumed contracts to network extension
* Active active AAP feature
- Update to version group-based-policy-5.0.1.dev481:
* Support cache option for legacy GBP driver
- Update to version group-based-policy-5.0.1.dev480:
* Fix host ID length in VM names table
- Update to version group-based-policy-5.0.1.dev479:
* Update\_proj\_descr in apic when project description is updated in os
- Update to version group-based-policy-5.0.1.dev477:
* Fix ambiguity in mapping to domain in port pair workflow
Changes in openstack-neutron-vpnaas:
- Update to version neutron-vpnaas-13.0.2.dev6:
* Add iptables command filter for functional test
- Update to version neutron-vpnaas-13.0.2.dev5:
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
Changes in openstack-neutron-vpnaas:
- Update to version neutron-vpnaas-13.0.2.dev6:
* Add iptables command filter for functional test
- Update to version neutron-vpnaas-13.0.2.dev5:
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
Changes in openstack-nova:
- Update to version nova-18.2.4.dev63:
* Mask the token used to allow access to consoles
- Update to version nova-18.2.4.dev61:
* Use stable constraint for Tempest pinned stable branches
- Update to version nova-18.2.4.dev60:
* tox: Stop build \*all\* docs in 'docs'
- Update to version nova-18.2.4.dev59:
* Block deleting compute services with in-progress migrations
* Cache security group driver
* Join migration\_context and flavor in Migration.instance
- Update to version nova-18.2.4.dev53:
* Improve metadata server performance with large security groups
- Update to version nova-18.2.4.dev51:
* Add functional recreate revert resize test for bug 1852610
* Add functional recreate test for bug 1852610
- Update to version nova-18.2.4.dev47:
* Zuul v3: use devstack-plugin-nfs-tempest-full
- Update to version nova-18.2.4.dev46:
* Add BFV wrinkle to TestNovaManagePlacemenalAllocations
* Add --instance option to heal\_allocations
* Add --dry-run option to heal\_allocations CLI
- Update to version nova-18.2.4.dev40:
* Add functional recreate test for bug 1829479 and bug 1817833
- Update to version nova-18.2.4.dev38:
* Do not update root\_device\_name during guest config
* compute: Use long\_rpc\_timeout in reserve\_block\_device\_name
- Update to version nova-18.2.4.dev35:
* compute: Take an instance.uuid lock when rebooting
- Update to version nova-18.2.4.dev33:
* Replace time.sleep(10) with service forced\_down in tests
- Update to version nova-18.2.4.dev31:
* Nova compute: add in log exception to help debug failures
- Update to version nova-18.2.4.dev29:
* Fix false ERROR message at compute restart
- Update to version nova-18.2.4.dev27:
* Fix listing deleted servers with a marker
- Update to version nova-18.2.4.dev25:
* Add functional regression test for bug 1849409
- Update to version nova-18.2.4.dev23:
* Don't delete compute node, when deleting service other than nova-compute
Changes in openstack-nova:
- Update to version nova-18.2.4.dev63:
* Mask the token used to allow access to consoles
- Update to version nova-18.2.4.dev61:
* Use stable constraint for Tempest pinned stable branches
- Update to version nova-18.2.4.dev60:
* tox: Stop build \*all\* docs in 'docs'
- Update to version nova-18.2.4.dev59:
* Block deleting compute services with in-progress migrations
* Cache security group driver
* Join migration\_context and flavor in Migration.instance
- Update to version nova-18.2.4.dev53:
* Improve metadata server performance with large security groups
- Update to version nova-18.2.4.dev51:
* Add functional recreate revert resize test for bug 1852610
* Add functional recreate test for bug 1852610
- Update to version nova-18.2.4.dev47:
* Zuul v3: use devstack-plugin-nfs-tempest-full
- Update to version nova-18.2.4.dev46:
* Add BFV wrinkle to TestNovaManagePlacementHealAllocations
* Add --instance option to heal\_allocations
* Add --dry-run option to heal\_allocations CLI
- Update to version nova-18.2.4.dev40:
* Add functional recreate test for bug 1829479 and bug 1817833
- Update to version nova-18.2.4.dev38:
* Do not update root\_device\_name during guest config
* compute: Use long\_rpc\_timeout in reserve\_block\_device\_name
- Update to version nova-18.2.4.dev35:
* compute: Take an instance.uuid lock when rebooting
- Update to version nova-18.2.4.dev33:
* Replace time.sleep(10) with service forced\_down in tests
- Update to version nova-18.2.4.dev31:
* Nova compute: add in log exception to help debug failures
- Update to version nova-18.2.4.dev29:
* Fix false ERROR message at compute restart
- Update to version nova-18.2.4.dev27:
* Fix listing deleted servers with a marker
- Update to version nova-18.2.4.dev25:
* Add functional regression test for bug 1849409
- Update to version nova-18.2.4.dev23:
* Don't delete compute node, when deleting service other than nova-compute
Changes in openstack-octavia:
- Update to version octavia-3.2.2.dev8:
* Fix uncaught DB exception when trying to get a spare amphora
- Update to version octavia-3.2.2.dev7:
* Fix house keeping graceful shutdown
- Update to version octavia-3.2.2.dev5:
* Fix pep8 failures on stable/rocky branch
- Update to version octavia-3.2.2.dev4:
* Use stable upper-constraints.txt in Amphora builds
- Update to version octavia-3.2.2.dev3:
* Add listener and pool protocol validation
- Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2
3.2.1
- Update to version octavia-3.2.1.dev10:
* Accept oslopolicy-policy-generator path arguments
- Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch
https://review.opendev.org/#/c/698433
- Update to version octavia-3.2.1.dev9:
* Fix controller worker graceful shutdown
- Update to version octavia-3.2.1.dev7:
* Fix a potential race condition with certs-ramfs
- Update to version octavia-3.2.1.dev5:
* Fix issues with unavailable secrets
Changes in openstack-octavia-amphora-image:
- Updated updateBuildRequires.pl script for SP4 build
- Update image to 0.1.2 to include latest changes
- Add keepalived service
Changes in openstack-sahara:
- Update to version sahara-9.0.2.dev15:
* Run sahara-scenario using Python 3
Changes in openstack-sahara:
- Update to version sahara-9.0.2.dev15:
* Run sahara-scenario using Python 3
Changes in openstack-swift:
- Update to version swift-2.19.2.dev48:
2.19.2 (rocky stable backports)
* Sharding improvements
* The container-replicator now only attempts to fetch shard ranges if
the remote indicates that it has shard ranges. Further, it does so
with a timeout to prevent the process from hanging in certain cases.
* The container-replicator now correctly enqueues container-reconciler
work for sharded containers.
* S3 API improvements
* Fixed an issue where v4 signatures would not be validated against
the body of the request, allowing a replay attack if request headers
were captured by a malicious third party. Note that unsigned payloads
still function normally.
* CompleteMultipartUpload requests with a Content-MD5 now work.
* Fixed v1 listings that end with a non-ASCII object name.
* Multipart object segments are now actually deleted when the
multipart object is deleted via the S3 API.
* Fixed an issue that caused Delete Multiple Objects requests with
large bodies to 400. This was previously fixed in 2.20.0.
* Fixed an issue where non-ASCII Keystone EC2 credentials would not get
mapped to the correct account. This was previously fixed in 2.20.0.
Changes in openstack-swift:
- Update to version swift-2.19.2.dev48:
2.19.2 (rocky stable backports)
* Sharding improvements
* The container-replicator now only attempts to fetch shard ranges if
the remote indicates that it has shard ranges. Further, it does so
with a timeout to prevent the process from hanging in certain cases.
* The container-replicator now correctly enqueues container-reconciler
work for sharded containers.
* S3 API improvements
* Fixed an issue where v4 signatures would not be validated against
the body of the request, allowing a replay attack if request headers
were captured by a malicious third party. Note that unsigned payloads
still function normally.
* CompleteMultipartUpload requests with a Content-MD5 now work.
* Fixed v1 listings that end with a non-ASCII object name.
* Multipart object segments are now actually deleted when the
multipart object is deleted via the S3 API.
* Fixed an issue that caused Delete Multiple Objects requests with
large bodies to 400. This was previously fixed in 2.20.0.
* Fixed an issue where non-ASCII Keystone EC2 credentials would not get
mapped to the correct account. This was previously fixed in 0.0.
Changes in python-amqp:
- Added pyOpenSSL build dependency
- Update to 2.4.2:
- Added support for the Cygwin platform
- Correct offset incrementation when parsing bitmaps.
- Consequent bitmaps are now parsed correctly.
- Removed patches that are already included in 2.4.2
- 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch
- Better call of py.test
- Add versions to dependencies
- Remove python-sasl from build dependencies
- Update to version 2.4.1
* To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
* Fix crash in basic_publish when broker does not support connection.blocked
capability.
* read_frame() is now Python 3 compatible for large payloads.
* Support float read_timeout/write_timeout.
* Always treat SSLError timeouts as socket timeouts.
* Treat EWOULDBLOCK as timeout.
- from 2.4.0
* Fix inconsistent frame_handler return value.
The function returned by frame_handler is meant to return True
once the complete message is received and the callback is called,
False otherwise.
This fixes the return value for messages with a body split across
multiple frames, and heartbeat frames.
* Don't default content_encoding to utf-8 for bytes.
This is not an acceptable default as the content may not be
valid utf-8, and even if it is, the producer likely does not
expect the message to be decoded by the consumer.
* Fix encoding of messages with multibyte characters.
Body length was previously calculated using string length,
which may be less than the length of the encoded body when
it contains multibyte sequences. This caused the body of
the frame to be truncated.
* Respect content_encoding when encoding messages.
Previously the content_encoding was ignored and messages
were always encoded as utf-8. This caused messages to be
incorrectly decoded if content_encoding is properly respected
when decoding.
* Fix AMQP protocol header for AMQP 0-9-1.
Previously it was set to a different value for unknown reasons.
* Add support for Python 3.7.
Change direct SSLSocket instantiation with wrap_socket.
* Add support for field type 'x' (byte array).
* If there is an exception raised on Connection.connect or
Connection.close, ensure that the underlying transport socket
is closed. Adjust exception message on connection errors as well.
* TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD platforms.
* Handle negative acknowledgments.
* Added integration tests.
* Fix basic_consume() with no consumer_tag provided.
* Improved empty AMQPError string representation.
* Drain events before publish.
This is needed to capture out of memory messages for clients that only
publish. Otherwise on_blocked is never called.
* Don't revive channel when connection is closing.
When connection is closing don't raise error when Channel.Close
method is received.
Changes in python-ironic-lib:
- update to version 2.14.2
- Replace openstack.org git:// URLs with https://
- OpenDev Migration Patch
- Include partiton name and flags from parted output
Changes in python-keystoneauth1:
- switch to tracking stable/rocky tarball
- disable renderspec
- update to version 3.10.1.dev10
* Make tests pass in 2020
* OpenDev Migration Patch
* Revert 'Change log hashing to SHA256'
* import zuul job settings from project-config
* Change log hashing to SHA256
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
* Update .gitreview ftable/rocky
Changes in python-keystoneclient:
- switch to tracking stable/rocky tarball
- disable renderspec
- update to version 3.17.0.dev5
* Make tests pass in 2020
* OpenDev Migration Patch
* import zuul job settings from project-config
* Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
* Update .gitreview for stable/rocky
Changes in python-keystonemiddleware:
- Use version_unconverted for documentation build
- Update to version keystonemiddleware-5.2.2.dev3:
* Make tests pass in 2022
* Make sure audit middleware use own context
Changes in python-ovs:
- add 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch (bsc#1158581)
Changes in supportutils-plugin-suse-openstack-cloud:
- Update to version 9.0.1574431436.987b47d:
* Add services from SOC/HOS8
* Fix handling of ardana 'config' dir and conf files in /opt/stack/service
* Fix more failures of censoring passwords
* Include configs and logs for neutron HA
Changes in rubygem-crowbar-client:
- Update to 3.9.1
- Fix repocheck table output (SOC-10718)
- Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)
Changes in rubygem-puma:
- Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770)
This patch fixes a DoS vulnerability a malicious client could use to
block a large amount of threads.
Changes in venv-openstack-horizon:
- replace neutron-lbaas dashboard with octavia dashboard (SOC-10883)
ImportantSUSE bug 1117080SUSE bug 1152007SUSE bug 1154235SUSE bug 1156305SUSE bug 1156914SUSE bug 1157028SUSE bug 1157206SUSE bug 1157482SUSE bug 1158581SUSE bug 1158675SUSE bug 1161351SUSE bug 1161721CVE-2018-17954 at SUSECVE-2018-17954 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-16770 at SUSECVE-2019-16770 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openstack-manila (Important)SUSE OpenStack Cloud Crowbar 9
This update for openstack-manila fixes the following issues:
- CVE-2020-9543: Fixed an issue where other project users to view, update,
delete, or share resources that do not belong to them, due to a
context-free lookup of a UUID (bsc#1165643)
ImportantSUSE bug 1165643CVE-2020-9543 at SUSECVE-2020-9543 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libzypp (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
ModerateSUSE bug 1158763CVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionview-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionview-4_2 fixes the following issues:
- CVE-2020-5267: Fixed an XSS vulnerability in ActionView (bsc#1167240).
ModerateSUSE bug 1167240CVE-2020-5267 at SUSECVE-2020-5267 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for fwupdate (Important)SUSE OpenStack Cloud Crowbar 9
This update for fwupdate fixes the following issues:
- Add SBAT section to EFI images (bsc#1182057)
ImportantSUSE bug 1182057cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for spamassassin (Important)SUSE OpenStack Cloud Crowbar 9
This update for spamassassin fixes the following issues:
- spamassassin was updated to version 3.4.5
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
ImportantSUSE bug 1159133SUSE bug 1184221CVE-2019-12420 at SUSECVE-2019-12420 at NVDCVE-2020-1946 at SUSECVE-2020-1946 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionpack-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionpack-4_2 fixes the following issues:
- CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack (bsc#1159548)
ModerateSUSE bug 1159548CVE-2019-16782 at SUSECVE-2019-16782 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glibc (Important)SUSE OpenStack Cloud Crowbar 9
This update for glibc fixes the following issues:
- CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386)
- CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694)
- CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721)
- Check vector support in memmove ifunc-selector (bsc#1184034)
ImportantSUSE bug 1178386SUSE bug 1179694SUSE bug 1179721SUSE bug 1184034CVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128)
ImportantSUSE bug 1180128CVE-2021-3472 at SUSECVE-2021-3472 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for clamav (Important)SUSE OpenStack Cloud Crowbar 9
This update for clamav fixes the following issues:
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533)
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)
- Fix errors when scanning files > 4G (bsc#1181256)
- Update clamav.keyring
- Update to 0.103.2
ImportantSUSE bug 1181256SUSE bug 1184532SUSE bug 1184533SUSE bug 1184534CVE-2021-1252 at SUSECVE-2021-1252 at NVDCVE-2021-1404 at SUSECVE-2021-1404 at NVDCVE-2021-1405 at SUSECVE-2021-1405 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for qemu (Important)SUSE OpenStack Cloud Crowbar 9
This update for qemu fixes the following issues:
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
ImportantSUSE bug 1112499SUSE bug 1119115SUSE bug 1172383SUSE bug 1172384SUSE bug 1172385SUSE bug 1172386SUSE bug 1172478SUSE bug 1173612SUSE bug 1174386SUSE bug 1174641SUSE bug 1175441SUSE bug 1176673SUSE bug 1176682SUSE bug 1176684SUSE bug 1178174SUSE bug 1178934SUSE bug 1179466SUSE bug 1179467SUSE bug 1179468SUSE bug 1180523SUSE bug 1181108SUSE bug 1181639SUSE bug 1181933SUSE bug 1182137SUSE bug 1182425SUSE bug 1182577SUSE bug 1182968CVE-2020-11947 at SUSECVE-2020-11947 at NVDCVE-2020-12829 at SUSECVE-2020-12829 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13765 at SUSECVE-2020-13765 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15469 at SUSECVE-2020-15469 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-25084 at SUSECVE-2020-25084 at NVDCVE-2020-25624 at SUSECVE-2020-25624 at NVDCVE-2020-25625 at SUSECVE-2020-25625 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27617 at SUSECVE-2020-27617 at NVDCVE-2020-28916 at SUSECVE-2020-28916 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29443 at SUSECVE-2020-29443 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431)
- CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846)
ImportantSUSE bug 1178591SUSE bug 1182431SUSE bug 1182846CVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-27379 at SUSECVE-2021-27379 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sudo (Important)SUSE OpenStack Cloud Crowbar 9
This update for sudo fixes the following issues:
- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)
ImportantSUSE bug 1183936CVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.10.0 ESR (bsc#1184960)
* CVE-2021-23994: Out of bound write due to lazy initialization
* CVE-2021-23995: Use-after-free in Responsive Design Mode
* CVE-2021-23998: Secure Lock icon could have been spoofed
* CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
* CVE-2021-23999: Blob URLs may have been granted additional privileges
* CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
* CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
* CVE-2021-29946: Port blocking could be bypassed
ImportantSUSE bug 1184960CVE-2021-23961 at SUSECVE-2021-23961 at NVDCVE-2021-23994 at SUSECVE-2021-23994 at NVDCVE-2021-23995 at SUSECVE-2021-23995 at NVDCVE-2021-23998 at SUSECVE-2021-23998 at NVDCVE-2021-23999 at SUSECVE-2021-23999 at NVDCVE-2021-24002 at SUSECVE-2021-24002 at NVDCVE-2021-29945 at SUSECVE-2021-29945 at NVDCVE-2021-29946 at SUSECVE-2021-29946 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libnettle (Important)SUSE OpenStack Cloud Crowbar 9
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835).
ImportantSUSE bug 1183835SUSE bug 1184401CVE-2021-20305 at SUSECVE-2021-20305 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gdm (Important)SUSE OpenStack Cloud Crowbar 9
This update for gdm fixes the following issues:
- Avoid the signal SIGTRAP when gdm exits (bsc#1184456).
ImportantSUSE bug 1184456cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for permissions (Important)SUSE OpenStack Cloud Crowbar 9
This update for permissions fixes the following issues:
- Update to version 20170707:
* make btmp root:utmp (bsc#1050467, bsc#1182899)
ImportantSUSE bug 1050467SUSE bug 1182899cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_0-openjdk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters
* Import of OpenJDK 7 u291 build 1
+ JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
+ JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
+ JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
ModerateSUSE bug 1181239cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cups (Important)SUSE OpenStack Cloud Crowbar 9
This update for cups fixes the following issues:
- CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)
ImportantSUSE bug 1184161CVE-2021-25317 at SUSECVE-2021-25317 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bind (Important)SUSE OpenStack Cloud Crowbar 9
This update for bind fixes the following issues:
- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495).
ImportantSUSE bug 1181495SUSE bug 1185345CVE-2021-25214 at SUSECVE-2021-25214 at NVDCVE-2021-25215 at SUSECVE-2021-25215 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Important)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).
ImportantSUSE bug 1178469SUSE bug 1179156SUSE bug 1184677CVE-2021-20254 at SUSECVE-2021-20254 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for avahi (Important)SUSE OpenStack Cloud Crowbar 9
This update for avahi fixes the following issues:
- CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521).
ImportantSUSE bug 1184521CVE-2021-3468 at SUSECVE-2021-3468 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).
- CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).
- CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).
- CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
- CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).
- CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).
- CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
- CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
- CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
- CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
- CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).
- CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).
- CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).
- CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
- CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
- CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198).
- CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).
- CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).
- CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).
- CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
- CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).
- CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).
- CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
- CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
- CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).
- CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
- CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).
- CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).
The following non-security bugs were fixed:
- Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194).
- dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
- ext4: check journal inode extents more carefully (bsc#1173485).
- ext4: do not allow overlapping system zones (bsc#1173485).
- ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
- handle also the opposite type of race condition
- hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032).
- hv_netvsc: remove ndo_poll_controller (bsc#1185248).
- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
- ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: enhance resetting status check during module exit (bsc#1065729).
- ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
ImportantSUSE bug 1040855SUSE bug 1044767SUSE bug 1047233SUSE bug 1065729SUSE bug 1094840SUSE bug 1152457SUSE bug 1171078SUSE bug 1173485SUSE bug 1175873SUSE bug 1176700SUSE bug 1176720SUSE bug 1176855SUSE bug 1177411SUSE bug 1177753SUSE bug 1178181SUSE bug 1179454SUSE bug 1181032SUSE bug 1181960SUSE bug 1182194SUSE bug 1182672SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1183022SUSE bug 1183063SUSE bug 1183069SUSE bug 1183509SUSE bug 1183593SUSE bug 1183646SUSE bug 1183686SUSE bug 1183696SUSE bug 1183738SUSE bug 1183775SUSE bug 1184120SUSE bug 1184167SUSE bug 1184168SUSE bug 1184170SUSE bug 1184192SUSE bug 1184193SUSE bug 1184194SUSE bug 1184196SUSE bug 1184198SUSE bug 1184208SUSE bug 1184211SUSE bug 1184388SUSE bug 1184391SUSE bug 1184393SUSE bug 1184397SUSE bug 1184509SUSE bug 1184511SUSE bug 1184512SUSE bug 1184514SUSE bug 1184583SUSE bug 1184650SUSE bug 1184942SUSE bug 1185113SUSE bug 1185244SUSE bug 1185248CVE-2020-0433 at SUSECVE-2020-0433 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2021-20219 at SUSECVE-2021-20219 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
Security issues fixed:
- CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009)
Other fixes:
- Make sure to close the 'import_failed.map' file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block
ImportantCVE-2020-27619 at SUSECVE-2020-27619 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for djvulibre (Important)SUSE OpenStack Cloud Crowbar 9
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
- CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
- CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
ImportantSUSE bug 1185900SUSE bug 1185904SUSE bug 1185905CVE-2019-18804 at SUSECVE-2019-18804 at NVDCVE-2021-32491 at SUSECVE-2021-32491 at NVDCVE-2021-32492 at SUSECVE-2021-32492 at NVDCVE-2021-32493 at SUSECVE-2021-32493 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for graphviz (Critical)SUSE OpenStack Cloud Crowbar 9
This update for graphviz fixes the following issues:
- CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833).
CriticalSUSE bug 1185833CVE-2020-18032 at SUSECVE-2020-18032 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104)
- Make sure xencommons is in a format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
- A recent systemd update caused a regression in xenstored.service
systemd now fails to track units that use systemd-notify (bsc#1183790)
- Added a delay between the call to systemd-notify and the final exit
of the wrapper script (bsc#1185021, bsc#1185196)
ImportantSUSE bug 1183790SUSE bug 1185021SUSE bug 1185104SUSE bug 1185196SUSE bug 1185682CVE-2021-28689 at SUSECVE-2021-28689 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionpack-4_2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionpack-4_2 fixes the following issues:
- CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715).
ImportantSUSE bug 1185715CVE-2021-22885 at SUSECVE-2021-22885 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libxml2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libxml2 fixes the following issues:
Security issues fixed:
CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
ImportantSUSE bug 1185408SUSE bug 1185409SUSE bug 1185410SUSE bug 1185698CVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dnsmasq (Important)SUSE OpenStack Cloud Crowbar 9
This update for dnsmasq fixes the following issues:
- bsc#1177077: Fixed DNSpooq vulnerabilities
- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:
Fixed multiple Cache Poisoning attacks.
- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:
Fixed multiple potential Heap-based overflows when DNSSEC is
enabled.
- Retry query to other servers on receipt of SERVFAIL rcode
(bsc#1176076)
ImportantSUSE bug 1176076SUSE bug 1177077CVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for flac (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for flac fixes the following issues:
- CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099).
ModerateSUSE bug 1180099CVE-2020-0499 at SUSECVE-2020-0499 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-httplib2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-httplib2 contains the following fixes:
Security fixes included in this update:
- CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053).
- CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998).
Non security fixes included in this update:
- Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)
- update to 0.19.0:
* auth: parse headers using pyparsing instead of regexp
* auth: WSSE token needs to be string not bytes
- update to 0.18.1: (bsc#1171998, CVE-2020-11078)
* explicit build-backend workaround for pip build isolation bug
* IMPORTANT security vulnerability CWE-93 CRLF injection
Force %xx quote of space, CR, LF characters in uri.
* Ship test suite in source dist
- update to 0.17.3:
* bugfixes
- Update to 0.17.1
* python3: no_proxy was not checked with https
* feature: Http().redirect_codes set, works after follow(_all)_redirects check
This allows one line workaround for old gcloud library that uses 308
response without redirect semantics.
* IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects
* proxy: username/password as str compatible with pysocks
* python2: regression in connect() error handling
* add support for password protected certificate files
* feature: Http.close() to clean persistent connections and sensitive data
- Update to 0.14.0:
* Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError
- version update to 0.13.1
0.13.1
* Python3: Use no_proxy
https://github.com/httplib2/httplib2/pull/140
0.13.0
* Allow setting TLS max/min versions
https://github.com/httplib2/httplib2/pull/138
0.12.3
* No changes to library. Distribute py3 wheels.
0.12.1
* Catch socket timeouts and clear dead connection
https://github.com/httplib2/httplib2/issues/18
https://github.com/httplib2/httplib2/pull/111
* Officially support Python 3.7 (package metadata)
https://github.com/httplib2/httplib2/issues/123
0.12.0
* Drop support for Python 3.3
* ca_certs from environment HTTPLIB2_CA_CERTS or certifi
https://github.com/httplib2/httplib2/pull/117
* PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required
https://github.com/httplib2/httplib2/pull/115
* Revert http:443->https workaround
https://github.com/httplib2/httplib2/issues/112
* eliminate connection pool read race
https://github.com/httplib2/httplib2/pull/110
* cache: stronger safename
https://github.com/httplib2/httplib2/pull/101
0.11.3
* No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis.
0.11.2
* proxy: py3 NameError basestring
https://github.com/httplib2/httplib2/pull/100
0.11.1
* Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info
https://github.com/httplib2/httplib2/pull/97
0.11.0
* Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5
https://github.com/httplib2/httplib2/pull/91
* python3 proxy support
https://github.com/httplib2/httplib2/pull/90
* If no_proxy environment value ends with comma then proxy is not used
https://github.com/httplib2/httplib2/issues/11
* fix UnicodeDecodeError using socks5 proxy
https://github.com/httplib2/httplib2/pull/64
* Respect NO_PROXY env var in proxy_info_from_url
https://github.com/httplib2/httplib2/pull/58
* NO_PROXY=bar was matching foobar (suffix without dot delimiter)
New behavior matches curl/wget:
- no_proxy=foo.bar will only skip proxy for exact hostname match
- no_proxy=.wild.card will skip proxy for any.subdomains.wild.card
https://github.com/httplib2/httplib2/issues/94
* Bugfix for Content-Encoding: deflate
https://stackoverflow.com/a/22311297
- deleted patches
- httplib2 started to use certifi and this is already bent to
use system certificate bundle.
ModerateSUSE bug 1171998SUSE bug 1182053CVE-2020-11078 at SUSECVE-2020-11078 at NVDCVE-2021-21240 at SUSECVE-2021-21240 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for curl (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for curl fixes the following issues:
- CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114)
- CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933)
- CVE-2020-8286: Inferior OCSP verification (bsc#1179593)
- CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399)
- CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398)
- CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109)
- Fix: SFTP uploads result in empty uploaded files (bsc#1177976)
ModerateSUSE bug 1175109SUSE bug 1177976SUSE bug 1179398SUSE bug 1179399SUSE bug 1179593SUSE bug 1183933SUSE bug 1186114CVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dovecot22 (Important)SUSE OpenStack Cloud Crowbar 9
This update for dovecot22 fixes the following issues:
- CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405).
ImportantSUSE bug 1180405CVE-2020-24386 at SUSECVE-2020-24386 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for djvulibre (Important)SUSE OpenStack Cloud Crowbar 9
This update for djvulibre fixes the following issues:
- CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253)
ImportantSUSE bug 1186253CVE-2021-3500 at SUSECVE-2021-3500 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dhcp (Important)SUSE OpenStack Cloud Crowbar 9
This update for dhcp fixes the following issues:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382)
ImportantSUSE bug 1186382CVE-2021-25217 at SUSECVE-2021-25217 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libwebp (Critical)SUSE OpenStack Cloud Crowbar 9
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
CriticalSUSE bug 1185652SUSE bug 1185654SUSE bug 1185673SUSE bug 1185674SUSE bug 1185685SUSE bug 1185686SUSE bug 1185690SUSE bug 1185691SUSE bug 1186247CVE-2018-25009 at SUSECVE-2018-25009 at NVDCVE-2018-25010 at SUSECVE-2018-25010 at NVDCVE-2018-25011 at SUSECVE-2018-25011 at NVDCVE-2018-25012 at SUSECVE-2018-25012 at NVDCVE-2018-25013 at SUSECVE-2018-25013 at NVDCVE-2020-36329 at SUSECVE-2020-36329 at NVDCVE-2020-36330 at SUSECVE-2020-36330 at NVDCVE-2020-36331 at SUSECVE-2020-36331 at NVDCVE-2020-36332 at SUSECVE-2020-36332 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for polkit (Important)SUSE OpenStack Cloud Crowbar 9
This update for polkit fixes the following issues:
- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).
ImportantSUSE bug 1186497CVE-2021-3560 at SUSECVE-2021-3560 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gstreamer-plugins-bad (Important)SUSE OpenStack Cloud Crowbar 9
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255).
ImportantSUSE bug 1181255CVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.11.0 ESR (bsc#1186696)
* CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29967: Memory safety bugs fixed in Firefox
ImportantSUSE bug 1185633SUSE bug 1186696CVE-2021-29951 at SUSECVE-2021-29951 at NVDCVE-2021-29964 at SUSECVE-2021-29964 at NVDCVE-2021-29967 at SUSECVE-2021-29967 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
- net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081).
- net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
- net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- net: Do not set transport offset to invalid value (bsc#1176081).
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
ImportantSUSE bug 1176081SUSE bug 1180846SUSE bug 1183947SUSE bug 1184611SUSE bug 1184675SUSE bug 1185642SUSE bug 1185677SUSE bug 1185680SUSE bug 1185724SUSE bug 1185859SUSE bug 1185860SUSE bug 1185862SUSE bug 1185863SUSE bug 1185898SUSE bug 1185899SUSE bug 1185901SUSE bug 1185938SUSE bug 1185950SUSE bug 1185987SUSE bug 1186060SUSE bug 1186061SUSE bug 1186062SUSE bug 1186111SUSE bug 1186285SUSE bug 1186390SUSE bug 1186484SUSE bug 1186498CVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2021-23133 at SUSECVE-2021-23133 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libX11 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libX11 fixes the following issues:
- Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643)
ImportantSUSE bug 1186643CVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781
CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class Libraries:
- Z/OS specific C function send_file is changing the file pointer position
* Security:
- Add the new oracle signer certificate
- Certificate parsing error
- JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider
- Remove check for websphere signed jars
- sessionid.hashcode generates too many collisions
- The Java 8 IBM certpath provider does not honor the user
specified system property for CLR connect timeout
ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2-mod_auth_openidc (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291).
ImportantSUSE bug 1186291CVE-2021-20718 at SUSECVE-2021-20718 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for spice (Important)SUSE OpenStack Cloud Crowbar 9
This update for spice fixes the following issues:
- CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686)
ImportantSUSE bug 1181686CVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Important)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
ImportantSUSE bug 1179833SUSE bug 1179836SUSE bug 1179837SUSE bug 1179839CVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Pillow (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Pillow fixes the following issues:
- CVE-2020-35655: Fixed a buffer over-read when decoding crafted SGI RLE image files (bsc#1180832).
- CVE-2021-25293: Fixed an out-of-bounds read in SGIRleDecode.c (bsc#1183102).
- CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c (bsc#1183105).
- CVE-2021-25292: Fixed a backtracking regex in PDF parser could be used as a DOS attack (bsc#1183101).
- CVE-2021-27921,CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image (bsc#1183110,bsc#1183108,bsc#1183107)
- CVE-2020-35653: Fixed buffer over-read in PcxDecode when decoding a crafted PCX file (bsc#1180834).
- CVE-2021-25287: Fixed out-of-bounds read in J2kDecode in j2ku_graya_la (bsc#1185805).
- CVE-2021-25288: Fixed out-of-bounds read in J2kDecode in j2ku_gray_i (bsc#1185803).
- CVE-2021-28675: Fixed DoS in PsdImagePlugin (bsc#1185804).
- CVE-2021-28678: Fixed improper check in BlpImagePlugin (bsc#1185784).
- CVE-2021-28677: Fixed DoS in the open phase via a malicious EPS file (bsc#1185785).
- CVE-2021-28676: Fixed infinite loop in FliDecode.c (bsc#1185786).
ImportantSUSE bug 1180832SUSE bug 1180834SUSE bug 1183101SUSE bug 1183102SUSE bug 1183105SUSE bug 1183107SUSE bug 1183108SUSE bug 1183110SUSE bug 1185784SUSE bug 1185785SUSE bug 1185786SUSE bug 1185803SUSE bug 1185804SUSE bug 1185805CVE-2020-35653 at SUSECVE-2020-35653 at NVDCVE-2020-35655 at SUSECVE-2020-35655 at NVDCVE-2021-25287 at SUSECVE-2021-25287 at NVDCVE-2021-25288 at SUSECVE-2021-25288 at NVDCVE-2021-25290 at SUSECVE-2021-25290 at NVDCVE-2021-25292 at SUSECVE-2021-25292 at NVDCVE-2021-25293 at SUSECVE-2021-25293 at NVDCVE-2021-27921 at SUSECVE-2021-27921 at NVDCVE-2021-27922 at SUSECVE-2021-27922 at NVDCVE-2021-27923 at SUSECVE-2021-27923 at NVDCVE-2021-28675 at SUSECVE-2021-28675 at NVDCVE-2021-28676 at SUSECVE-2021-28676 at NVDCVE-2021-28677 at SUSECVE-2021-28677 at NVDCVE-2021-28678 at SUSECVE-2021-28678 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for caribou (Important)SUSE OpenStack Cloud Crowbar 9
This update for caribou fixes the following issues:
Security issue fixed:
- CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617).
ImportantSUSE bug 1186617CVE-2021-3567 at SUSECVE-2021-3567 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for qemu (Important)SUSE OpenStack Cloud Crowbar 9
This update for qemu fixes the following issues:
- Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382)
- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380)
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,
CVE-2021-3419, bsc#1182975)
ImportantSUSE bug 1149813SUSE bug 1163019SUSE bug 1172380SUSE bug 1172382SUSE bug 1175534SUSE bug 1178683SUSE bug 1178935SUSE bug 1179477SUSE bug 1179484SUSE bug 1182846SUSE bug 1182975CVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-13754 at SUSECVE-2020-13754 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for freeradius-server (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for freeradius-server fixes the following issues:
- Do not log passwords in logfiles (bsc#1184016)
ModerateSUSE bug 1184016cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone contains the following fixes:
Security fixes included in this update:
cassandra:
- CVE-2020-17516: Fixed an issue where encryption between nodes was not enforced
correctly for certain internode_encryption settings (bsc#1181689)
grafana:
- CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple cross
site scripting vulnerabilities in the dashboard. (bsc#1172450)
- CVE-2021-27358: Fixed a denial of service via remote API call. (bsc#1183803)
- CVE-2019-15043: Fixed a denial of service by an unauthenticated user
in the snapshot HTTP API (bsc#1148383)
- CVE-2020-13379: Fixed an information leak to unauthenticated users. (bsc#1172409)
- CVE-2020-12052: Fixed a cross site scripting vulnerability with the annotation
popup (bsc#1170657)
- CVE-2018-19039: Fixed an issue where a privileged user could
exfiltrate files (bsc#1115960)
- CVE-2020-11110: Fixed a stored cross site scripting vulnerability. (bsc#1174583)
- CVE-2020-24303: Fixed a cross site scripting vulnerability in a query alias for
ElasticSearch datasources (bsc#1178243)
kibana:
- CVE-2017-11499: Fixed a vulnerability in nodejs, related to the HashTable
implementation, which could cause a denial of service. (bsc#1044849)
- CVE-2017-11481: Fixed a cross site scripting vulnerability via via URL fields.
(bsc#1044849)
- CVE-2020-10743: Fixed a clickjacking issue because X-Frame-Option was not used
by default. (bsc#1171909)
python-Django:
- CVE-2021-23336: Fixed a web cache poisoning via django.utils.http.limited_parse_qsl().
(bsc#1182433)
- CVE-2021-28658: Fixed a directory traversal via uploaded files. (bsc#1184148)
- CVE-2021-31542: Fixed a directory traversal via uploaded files with suitably crafted
file names. (bsc#1185623)
- CVE-2021-33203: Fixed potential path-traversal via admindocs' TemplateDetailView.
(bsc#1186608)
- CVE-2021-33571: Tighten validator checks to not allow leading zeros in IPv4 addresses,
which potentially leads to further attacks. (bsc#1186611)
python-py:
- CVE-2020-29651: Fixed a denial of service via regular expressions. (bsc#1179805)
python-pysaml2:
- CVE-2021-21238: Fixed improper verification of cryptographic signatures for signed
SAML documents. (bsc#1181277)
- CVE-2021-21239: Fixed improper verification of cryptographic signatures when using
CryptoBackendXmlSec1(). (bsc#1181278)
rubygem-activerecord-session_store:
- CVE-2019-25025: Fixed a timing attacks targeting the session id which could allow
an attack to hijack sessions. (bsc#1183174)
Non-security changes included in this update:
Changes in ardana-neutron:
- Update to version 9.0+git.1615223676.777f0b3:
* Allow users to stop monitoring rootwrap daemon (bsc#1182317)
Changes in ardana-swift:
- Update to version 9.0+git.1618235096.90974ed:
* Run swiftlm-scan in the UTC timezone (bsc#1181690)
Changes in cassandra:
- update to 3.11.10 (bsc#1181689, CVE-2020-17516)
* Fix digest computation for queries with fetched but non queried columns (CASSANDRA-15962)
* Reduce amount of allocations during batch statement execution (CASSANDRA-16201)
* Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393)
* Fix DecimalDeserializer#toString OOM (CASSANDRA-14925)
* Rate limit validation compactions using compaction_throughput_mb_per_sec (CASSANDRA-16161)
* SASI's `max_compaction_flush_memory_in_mb` settings over 100GB revert to default of 1GB (CASSANDRA-16071)
* Prevent unbounded number of pending flushing tasks (CASSANDRA-16261)
* Improve empty hint file handling during startup (CASSANDRA-16162)
* Allow empty string in collections with COPY FROM in cqlsh (CASSANDRA-16372)
* Fix skipping on pre-3.0 created compact storage sstables due to missing primary key liveness (CASSANDRA-16226)
* Extend the exclusion of replica filtering protection to other indices instead of just SASI (CASSANDRA-16311)
* Synchronize transaction logs for JBOD (CASSANDRA-16225)
* Fix the counting of cells per partition (CASSANDRA-16259)
* Fix serial read/non-applying CAS linearizability (CASSANDRA-12126)
* Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294)
* Improved check of num_tokens against the length of initial_token (CASSANDRA-14477)
* Fix a race condition on ColumnFamilyStore and TableMetrics (CASSANDRA-16228)
* Remove the SEPExecutor blocking behavior (CASSANDRA-16186)
* Fix invalid cell value skipping when reading from disk (CASSANDRA-16223)
* Prevent invoking enable/disable gossip when not in NORMAL (CASSANDRA-16146)
* Wait for schema agreement when bootstrapping (CASSANDRA-15158)
* Fix the histogram merge of the table metrics (CASSANDRA-16259)
* Synchronize Keyspace instance store/clear (CASSANDRA-16210)
* Fix ColumnFilter to avoid querying cells of unselected complex columns (CASSANDRA-15977)
* Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
* Don't attempt value skipping with mixed version cluster (CASSANDRA-15833)
* Avoid failing compactions with very large partitions (CASSANDRA-15164)
* Make sure LCS handles duplicate sstable added/removed notifications correctly (CASSANDRA-14103)
* Fix OOM when terminating repair session (CASSANDRA-15902)
* Avoid marking shutting down nodes as up after receiving gossip shutdown message (CASSANDRA-16094)
* Check SSTables for latest version before dropping compact storage (CASSANDRA-16063)
* Handle unexpected columns due to schema races (CASSANDRA-15899)
* Add flag to ignore unreplicated keyspaces during repair (CASSANDRA-15160)
* Package tools/bin scripts as executable (CASSANDRA-16151)
* Fixed a NullPointerException when calling nodetool enablethrift (CASSANDRA-16127)
* Correctly interpret SASI's `max_compaction_flush_memory_in_mb` setting in megabytes not bytes (CASSANDRA-16071)
* Fix short read protection for GROUP BY queries (CASSANDRA-15459)
* Frozen RawTuple is not annotated with frozen in the toString method (CASSANDRA-15857)
Merged from 3.0:
* Use IF NOT EXISTS for index and UDT create statements in snapshot schema files (CASSANDRA-13935)
* Fix gossip shutdown order (CASSANDRA-15816)
* Remove broken 'defrag-on-read' optimization (CASSANDRA-15432)
* Check for endpoint collision with hibernating nodes (CASSANDRA-14599)
* Operational improvements and hardening for replica filtering protection (CASSANDRA-15907)
* stop_paranoid disk failure policy is ignored on CorruptSSTableException after node is up (CASSANDRA-15191)
* Forbid altering UDTs used in partition keys (CASSANDRA-15933)
* Fix empty/null json string representation (CASSANDRA-15896)
* 3.x fails to start if commit log has range tombstones from a column which is also deleted (CASSANDRA-15970)
* Handle difference in timestamp precision between java8 and java11 in LogFIle.java (CASSANDRA-16050)
Merged from 2.2:
* Fix CQL parsing of collections when the column type is reversed (CASSANDRA-15814)
* Only allow strings to be passed to JMX authentication (CASSANDRA-16077)
* Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905)
* Upgrade Jackson to 2.9.10 (CASSANDRA-15867)
* Fix CQL formatting of read command restrictions for slow query log (CASSANDRA-15503)
* Allow sstableloader to use SSL on the native port (CASSANDRA-14904)
* Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948)
* Avoid hinted handoff per-host throttle being arounded to 0 in large cluster (CASSANDRA-15859)
* Avoid emitting empty range tombstones from RangeTombstoneList (CASSANDRA-15924)
* Avoid thread starvation, and improve compare-and-swap performance, in the slab allocators (CASSANDRA-15922)
* Add token to tombstone warning and error messages (CASSANDRA-15890)
* Fixed range read concurrency factor computation and capped as 10 times tpc cores (CASSANDRA-15752)
* Catch exception on bootstrap resume and init native transport (CASSANDRA-15863)
* Fix replica-side filtering returning stale data with CL > ONE (CASSANDRA-8272, CASSANDRA-8273)
* Fix duplicated row on 2.x upgrades when multi-rows range tombstones interact with collection ones (CASSANDRA-15805)
* Rely on snapshotted session infos on StreamResultFuture.maybeComplete to avoid race conditions (CASSANDRA-15667)
* EmptyType doesn't override writeValue so could attempt to write bytes when expected not to (CASSANDRA-15790)
* Fix index queries on partition key columns when some partitions contains only static data (CASSANDRA-13666)
* Avoid creating duplicate rows during major upgrades (CASSANDRA-15789)
* liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if IndexSummaryRedistribution gets interrupted (CASSANDRA-15674)
* Fix Debian init start/stop (CASSANDRA-15770)
* Fix infinite loop on index query paging in tables with clustering (CASSANDRA-14242)
* Fix chunk index overflow due to large sstable with small chunk length (CASSANDRA-15595)
* Allow selecting static column only when querying static index (CASSANDRA-14242)
* cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623)
* Don't skip sstables in slice queries based only on local min/max/deletion timestamp (CASSANDRA-15690)
* Memtable memory allocations may deadlock (CASSANDRA-15367)
* Run evictFromMembership in GossipStage (CASSANDRA-15592)
* Fix nomenclature of allow and deny lists (CASSANDRA-15862)
* Remove generated files from source artifact (CASSANDRA-15849)
* Remove duplicated tools binaries from tarballs (CASSANDRA-15768)
* Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501)
* Disable JMX rebinding (CASSANDRA-15653)
* Fix writing of snapshot manifest when the table has table-backed secondary indexes (CASSANDRA-10968)
* Fix parse error in cqlsh COPY FROM and formatting for map of blobs (CASSANDRA-15679)
* Fix Commit log replays when static column clustering keys are collections (CASSANDRA-14365)
* Fix Red Hat init script on newer systemd versions (CASSANDRA-15273)
* Allow EXTRA_CLASSPATH to work on tar/source installations (CASSANDRA-15567)
* Fix bad UDT sstable metadata serialization headers written by C* 3.0 on upgrade and in sstablescrub (CASSANDRA-15035)
* Fix nodetool compactionstats showing extra pending task for TWCS - patch implemented (CASSANDRA-15409)
* Fix SELECT JSON formatting for the 'duration' type (CASSANDRA-15075)
* Fix LegacyLayout to have same behavior as 2.x when handling unknown column names (CASSANDRA-15081)
* Update nodetool help stop output (CASSANDRA-15401)
* Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
* Include updates to static column in mutation size calculations (CASSANDRA-15293)
* Fix point-in-time recoevery ignoring timestamp of updates to static columns (CASSANDRA-15292)
* GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
* Fix sstabledump's position key value when partitions have multiple rows (CASSANDRA-14721)
* Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364)
* Bump generations and document changes to system_distributed and system_traces in 3.0, 3.11
(CASSANDRA-15441)
* Fix system_traces creation timestamp; optimise system keyspace upgrades (CASSANDRA-15398)
* Fix various data directory prefix matching issues (CASSANDRA-13974)
* Minimize clustering values in metadata collector (CASSANDRA-15400)
* Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
* validate value sizes in LegacyLayout (CASSANDRA-15373)
* Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by default (CASSANDRA-15385)
* Make sure index summary redistribution does not start when compactions are paused (CASSANDRA-15265)
* Ensure legacy rows have primary key livenessinfo when they contain illegal cells (CASSANDRA-15365)
* Fix race condition when setting bootstrap flags (CASSANDRA-14878)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
* In-JVM DTest: Set correct internode message version for upgrade test (CASSANDRA-15371)
* In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SASI non-literal string comparisons (range operators) (CASSANDRA-15169)
* Make sure user defined compaction transactions are always closed (CASSANDRA-15123)
* Fix cassandra-env.sh to use $CASSANDRA_CONF to find cassandra-jaas.config (CASSANDRA-14305)
* Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
* Add flag to disable SASI indexes, and warnings on creation (CASSANDRA-14866)
* Add ability to cap max negotiable protocol version (CASSANDRA-15193)
* Gossip tokens on startup if available (CASSANDRA-15335)
* Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340)
* Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289)
* Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172)
* Fix NPE when using allocate_tokens_for_keyspace on new DC/rack (CASSANDRA-14952)
* Filter sstables earlier when running cleanup (CASSANDRA-15100)
* Use mean row count instead of mean column count for index selectivity calculation (CASSANDRA-15259)
* Avoid updating unchanged gossip states (CASSANDRA-15097)
* Prevent recreation of previously dropped columns with a different kind (CASSANDRA-14948)
* Prevent client requests from blocking on executor task queue (CASSANDRA-15013)
* Toughen up column drop/recreate type validations (CASSANDRA-15204)
* LegacyLayout should handle paging states that cross a collection column (CASSANDRA-15201)
* Prevent RuntimeException when username or password is empty/null (CASSANDRA-15198)
* Multiget thrift query returns null records after digest mismatch (CASSANDRA-14812)
* Skipping illegal legacy cells can break reverse iteration of indexed partitions (CASSANDRA-15178)
* Handle paging states serialized with a different version than the session's (CASSANDRA-15176)
* Throw IOE instead of asserting on unsupporter peer versions (CASSANDRA-15066)
* Update token metadata when handling MOVING/REMOVING_TOKEN events (CASSANDRA-15120)
* Add ability to customize cassandra log directory using $CASSANDRA_LOG_DIR (CASSANDRA-15090)
* Skip cells with illegal column names when reading legacy sstables (CASSANDRA-15086)
* Fix assorted gossip races and add related runtime checks (CASSANDRA-15059)
* Fix mixed mode partition range scans with limit (CASSANDRA-15072)
* cassandra-stress works with frozen collections: list and set (CASSANDRA-14907)
* Fix handling FS errors on writing and reading flat files - LogTransaction and hints (CASSANDRA-15053)
* Avoid double closing the iterator to avoid overcounting the number of requests (CASSANDRA-15058)
* Improve `nodetool status -r` speed (CASSANDRA-14847)
* Improve merkle tree size and time on heap (CASSANDRA-14096)
* Add missing commands to nodetool_completion (CASSANDRA-14916)
* Anti-compaction temporarily corrupts sstable state for readers (CASSANDRA-15004)
* Catch non-IOException in FileUtils.close to make sure that all resources are closed (CASSANDRA-15225)
* Handle exceptions during authentication/authorization (CASSANDRA-15041)
* Support cross version messaging in in-jvm upgrade dtests (CASSANDRA-15078)
* Fix index summary redistribution cancellation (CASSANDRA-15045)
* Fixing invalid CQL in security documentation (CASSANDRA-15020)
* Allow instance class loaders to be garbage collected for inJVM dtest (CASSANDRA-15170)
* Add support for network topology and query tracing for inJVM dtest (CASSANDRA-15319)
* Correct sstable sorting for garbagecollect and levelled compaction (CASSANDRA-14870)
* Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser
* Add a script to make running the cqlsh tests in cassandra repo easier (CASSANDRA-14951)
* If SizeEstimatesRecorder misses a 'onDropTable' notification, the size_estimates table will never be cleared for that table. (CASSANDRA-14905)
* Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters (CASSANDRA-14958)
* Streaming needs to synchronise access to LifecycleTransaction (CASSANDRA-14554)
* Fix cassandra-stress write hang with default options (CASSANDRA-14616)
* Differentiate between slices and RTs when decoding legacy bounds (CASSANDRA-14919)
* Netty epoll IOExceptions caused by unclean client disconnects being logged at INFO (CASSANDRA-14909)
* Unfiltered.isEmpty conflicts with Row extends AbstractCollection.isEmpty (CASSANDRA-14588)
* RangeTombstoneList doesn't properly clean up mergeable or superseded rts in some cases (CASSANDRA-14894)
* Fix handling of collection tombstones for dropped columns from legacy sstables (CASSANDRA-14912)
* Throw exception if Columns serialized subset encode more columns than possible (CASSANDRA-14591)
* Drop/add column name with different Kind can result in corruption (CASSANDRA-14843)
* Fix missing rows when reading 2.1 SSTables with static columns in 3.0 (CASSANDRA-14873)
* Move TWCS message 'No compaction necessary for bucket size' to Trace level (CASSANDRA-14884)
* Sstable min/max metadata can cause data loss (CASSANDRA-14861)
* Dropped columns can cause reverse sstable iteration to return prematurely (CASSANDRA-14838)
* Legacy sstables with multi block range tombstones create invalid bound sequences (CASSANDRA-14823)
* Expand range tombstone validation checks to multiple interim request stages (CASSANDRA-14824)
* Reverse order reads can return incomplete results (CASSANDRA-14803)
* Avoid calling iter.next() in a loop when notifying indexers about range tombstones (CASSANDRA-14794)
* Fix purging semi-expired RT boundaries in reversed iterators (CASSANDRA-14672)
* DESC order reads can fail to return the last Unfiltered in the partition (CASSANDRA-14766)
* Fix corrupted collection deletions for dropped columns in 3.0 <-> 2.{1,2} messages (CASSANDRA-14568)
* Fix corrupted static collection deletions in 3.0 <-> 2.{1,2} messages (CASSANDRA-14568)
* Handle failures in parallelAllSSTableOperation (cleanup/upgradesstables/etc) (CASSANDRA-14657)
* Improve TokenMetaData cache populating performance avoid long locking (CASSANDRA-14660)
* Backport: Flush netty client messages immediately (not by default) (CASSANDRA-13651)
* Fix static column order for SELECT * wildcard queries (CASSANDRA-14638)
* sstableloader should use discovered broadcast address to connect intra-cluster (CASSANDRA-14522)
* Fix reading columns with non-UTF names from schema (CASSANDRA-14468)
* Don't enable client transports when bootstrap is pending (CASSANDRA-14525)
* MigrationManager attempts to pull schema from different major version nodes (CASSANDRA-14928)
* Fix incorrect cqlsh results when selecting same columns multiple times (CASSANDRA-13262)
* Returns null instead of NaN or Infinity in JSON strings (CASSANDRA-14377)
* Paged Range Slice queries with DISTINCT can drop rows from results (CASSANDRA-14956)
Changes in crowbar-openstack:
- Update to version 6.0+git.1616146717.a89ae0f4e:
* monasca: restart Kibana on update (bsc#1044849)
Changes in grafana
- Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358)
* Prevent unauthenticated remote attackers from causing a DoS through the
snapshots API.
Changes in kibana:
- Ensure /etc/sysconfig/kibana is present
- Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14, ESA-2017-16)
* [4.6] ignore forked code for babel transpile build phase (#13483)
* Allow more than match queries in custom filters (#8614) (#10857)
* [state] don't make extra $location.replace() calls (#9954)
* [optimizer] move to querystring-browser package for up-to-date api
* [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
* server: refactor log_interceptor to be more DRY (#9617)
* server: downgrade ECANCELED logs to debug (#9616)
* server: do not treat logged warnings as errors (#8746) (#9610)
* [server/logger] downgrade EPIPE errors to debug level (#9023)
* Add basepath when redirecting from a trailling slash (#9035)
* [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
* [server/shortUrl] validate urls before shortening them
- Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
* This fixes an XSS vulnerability in URL fields
- Remove %dir declaration from /opt/kibana/optimize to ensure
no files owned by root end up in there
- Exclude /opt/kibana/optimize from %fdupes
- Restart service on upgrade
- Do not copy LICENSE.txt and README.txt to /opt/kibana
- Fix rpmlint warnings/errors
- Switch to explicit patch application
- Fix source URL
- Fix logic for systemd/systemv detection
- Add 0001-Configurable-custom-response-headers-for-server.patch
(bsc#1171909, CVE-2020-10743)
- Added kibana.yml symlink (bsc#1048688, FATE#323204)
Changes in openstack-dashboard:
- Update to version horizon-14.1.1.dev11:
* Consume tempest-horizon from PyPI release
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev17:
* Remove lower-constraints job
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev17:
* Remove lower-constraints job
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev164:
* Schedule networks to new segments if needed
- Update to version neutron-13.0.8.dev162:
* Fix invalid JSON generated by quota details
- Update to version neutron-13.0.8.dev160:
* Fix deletion of rfp interfaces when router is re-enabled
- Update to version neutron-13.0.8.dev159:
* [OVS FW] Allow egress ICMPv6 only for know addresses
* [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID
- Update to version neutron-13.0.8.dev155:
* Fix removal of dvr-src mac flows when non-gateway port on router is deleted
- Update to version neutron-13.0.8.dev153:
* Add some wait time between stopping and starting again ovsdb monitor
* Workaround for TCP checksum issue with ovs-dpdk and veth pair
- Update to version neutron-13.0.8.dev149:
* Fix wrong packet\_type set for IPv6 GRE tunnels in OVS
- Update to version neutron-13.0.8.dev148:
* Fix losses of ovs flows when ovs is restarted
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev164:
* Schedule networks to new segments if needed
- Update to version neutron-13.0.8.dev162:
* Fix invalid JSON generated by quota details
- Update to version neutron-13.0.8.dev160:
* Fix deletion of rfp interfaces when router is re-enabled
- Update to version neutron-13.0.8.dev159:
* [OVS FW] Allow egress ICMPv6 only for know addresses
* [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID
- Update to version neutron-13.0.8.dev155:
* Fix removal of dvr-src mac flows when non-gateway port on router is deleted
- Update to version neutron-13.0.8.dev153:
* Add some wait time between stopping and starting again ovsdb monitor
* Workaround for TCP checksum issue with ovs-dpdk and veth pair
- Update to version neutron-13.0.8.dev149:
* Fix wrong packet\_type set for IPv6 GRE tunnels in OVS
- Update to version neutron-13.0.8.dev148:
* Fix losses of ovs flows when ovs is restarted
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev29:
* gbp-validate: Tenant and resource level scoping
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev27:
* Import data\_utils from the new location
- Update to version group-based-policy-12.0.1.dev26:
* Add SNAT port's Mac Address to the host\_snat\_ips dictionary
- Update to version group-based-policy-12.0.1.dev25:
* Add support for victoria
2014.2.rc1
- Update to version group-based-policy-12.0.1.dev24:
* Fix deletion of SVI networks
- Update to version group-based-policy-12.0.1.dev23:
* Allow per-port qos configuration on dhcp port
2014.2rc1
- Update to version group-based-policy-12.0.1.dev22:
* Add connectivity parameter to driver
* [AIM] Fix ERSPAN extension
2014.2.rc1
- Update to version group-based-policy-12.0.1.dev19:
* Fix exception with cleanup
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev18:
* Add workaround to get\_subnets
Changes in openstack-nova:
- Update to version nova-18.3.1.dev82:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
* Change default num\_retries for glance to 3
Changes in openstack-nova:
- Update to version nova-18.3.1.dev82:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
* Change default num\_retries for glance to 3
Changes in python-Django1:
- Add CVE-2021-33203.patch (bsc#1186608, CVE-2021-33203)
* Fixed potential path-traversal via admindocs' TemplateDetailView.
- Add CVE-2021-33571.patch (bsc#1186611, CVE-2021-33571)
* Prevented leading zeros in IPv4 addresses.
- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
* Fixed CVE-2021-31542 -- Tightened path and file name sanitation in file
uploads.
- Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
* Fixed potential directory-traversal via uploaded files
- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
* Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Changes in python-py:
- Add CVE-2020-29651.patch ((bsc#1179805, CVE-2020-29651)
* svnwc: fix regular expression vulnerable to DoS in blame
functionality
Changes in python-pysaml2:
- Fix patches (SOC-11453)
* 0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch
- rename saml2.xml to saml2.samlxml to avoid overriding
the xml module in the system module path
- add missing __init__.py files
- add missing saml2/data package to setup.py
* 0007-Make-previous-commits-python2-compatible.patch so as not to
- Adjust to saml2.xml to saml2.samlxml changes
- Fix a few more syntax errors and Python2-isms.
- Fix CVE-2021-21238, bsc#1181277 with
0002-Strengthen-XSW-tests.patch ,
0003-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
0004-Add-xsd-schemas.patch ,
0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch .
This adds a dependency on python-xmlschema, which depends on
python-elementpath, thus both need to be added for this to work.
The used python-xmlschema needs to support the sandbox argument
which was added in 1.2.0 and refined in 1.2.1, but that version
doesn't support python2, so a patched version that does both is
needed.
Add 0007-Make-previous-commits-python2-compatible.patch to
not add a dependency on reportlib_resources and make other
changes python2 compatible.
. Fix CVE-2021-21239, bsc#1181278 with
0006-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch
Changes in python-xmlschema:
- Add 3 patches to backport sandbox argument, which is needed by a security fix
in python-pysaml2 and one patch to make backport python2 compatible.
- Upstream url changed
- Add rpmlintrc to make it work on Leap 42.3
- Update to 1.0.18:
* Fix for *ModelVisitor.iter_unordered_content()*
* Fixed default converter, AbderaConverter and JsonMLConverter for xs:anyType decode
* Fixed validation tests with all converters
* Added UnorderedConverter to validation tests
- Update to 1.0.17:
* Enhancement of validation-only speed (~15%)
* Added *is_valid()* and *iter_errors()* to module API
- Update to 1.0.16:
* Improved XMLResource class for working with compressed files
* Fix for validation with XSD wildcards and 'lax' process content
* Fix ambiguous items validation for xs:choice and xs:sequence models
- Handle UnicodeDecodeErrors during build process
- Update to 1.0.15:
* Improved XPath 2.0 bindings
* Added logging for schema initialization and building (handled with argument loglevel)
* Update encoding of collapsed contents with a new model based reordering method
* Removed XLink namespace from meta-schema (loaded from a fallback location like XHTML)
* Fixed half of failed W3C instance tests (remain 255 over 15344 tests)
- Initial commit, needed by pytest 5.1.2
Changes in python-elementpath:
- Update to 1.3.1:
* Improved schema proxy
* Improved XSD type matching using paths
* Cached parent path for XPathContext (only Python 3)
* Improve typed selection with TypedAttribute and TypedElement named-tuples
* Add iter_results to XPathContext
* Remove XMLSchemaProxy from package
* Fix descendant shortcut operator '//'
* Fix text() function
* Fix typed select of '(name)' token
* Fix 24-hour time for DateTime
- Skip test_hashing to fix 32bit builds
- Initial commit needed by python-xmlschema
Changes in rubygem-activerecord-session_store:
- added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174)
* This requires CVE-2019-16782.patch to be included in
rubygem-actionpack-4_2 to work correctly.
Changes in venv-openstack-keystone
- Add python-xmlschema and python-elementpath for new python-pysaml2 version.
ModerateSUSE bug 1044849SUSE bug 1048688SUSE bug 1115960SUSE bug 1148383SUSE bug 1170657SUSE bug 1171909SUSE bug 1172409SUSE bug 1172450SUSE bug 1174583SUSE bug 1178243SUSE bug 1179805SUSE bug 1181277SUSE bug 1181278SUSE bug 1181689SUSE bug 1181690SUSE bug 1182317SUSE bug 1182433SUSE bug 1183174SUSE bug 1183803SUSE bug 1184148SUSE bug 1185623SUSE bug 1186608SUSE bug 1186611CVE-2017-11481 at SUSECVE-2017-11481 at NVDCVE-2017-11499 at SUSECVE-2017-11499 at NVDCVE-2018-18623 at SUSECVE-2018-18623 at NVDCVE-2018-18624 at SUSECVE-2018-18624 at NVDCVE-2018-18625 at SUSECVE-2018-18625 at NVDCVE-2018-19039 at SUSECVE-2018-19039 at NVDCVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2019-25025 at SUSECVE-2019-25025 at NVDCVE-2020-10743 at SUSECVE-2020-10743 at NVDCVE-2020-11110 at SUSECVE-2020-11110 at NVDCVE-2020-12052 at SUSECVE-2020-12052 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDCVE-2020-17516 at SUSECVE-2020-17516 at NVDCVE-2020-24303 at SUSECVE-2020-24303 at NVDCVE-2020-29651 at SUSECVE-2020-29651 at NVDCVE-2021-21238 at SUSECVE-2021-21238 at NVDCVE-2021-21239 at SUSECVE-2021-21239 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-27358 at SUSECVE-2021-27358 at NVDCVE-2021-28658 at SUSECVE-2021-28658 at NVDCVE-2021-31542 at SUSECVE-2021-31542 at NVDCVE-2021-33203 at SUSECVE-2021-33203 at NVDCVE-2021-33571 at SUSECVE-2021-33571 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u292 (icedtea 3.19.0).
- CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).
ModerateSUSE bug 1185055CVE-2021-2163 at SUSECVE-2021-2163 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ImageMagick (Important)SUSE OpenStack Cloud Crowbar 9
This update for ImageMagick fixes the following issues:
- CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103).
- CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).
- CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).
- CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).
- CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).
- CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).
- CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
- CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260).
- CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).
- CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).
- CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).
- CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).
- CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).
- CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
- CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).
- CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).
- CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).
- CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).
- CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).
- CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).
- CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).
- CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).
- CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).
- CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
- CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).
- CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).
- CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).
- CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).
- CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).
- CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).
- CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).
- CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).
ImportantSUSE bug 1179103SUSE bug 1179202SUSE bug 1179208SUSE bug 1179212SUSE bug 1179223SUSE bug 1179240SUSE bug 1179244SUSE bug 1179260SUSE bug 1179268SUSE bug 1179269SUSE bug 1179278SUSE bug 1179281SUSE bug 1179285SUSE bug 1179311SUSE bug 1179312SUSE bug 1179313SUSE bug 1179315SUSE bug 1179317SUSE bug 1179321SUSE bug 1179322SUSE bug 1179327SUSE bug 1179333SUSE bug 1179336SUSE bug 1179338SUSE bug 1179339SUSE bug 1179343SUSE bug 1179345SUSE bug 1179346SUSE bug 1179347SUSE bug 1179361SUSE bug 1179362SUSE bug 1179397CVE-2020-19667 at SUSECVE-2020-19667 at NVDCVE-2020-25664 at SUSECVE-2020-25664 at NVDCVE-2020-25665 at SUSECVE-2020-25665 at NVDCVE-2020-25666 at SUSECVE-2020-25666 at NVDCVE-2020-25674 at SUSECVE-2020-25674 at NVDCVE-2020-25675 at SUSECVE-2020-25675 at NVDCVE-2020-25676 at SUSECVE-2020-25676 at NVDCVE-2020-27750 at SUSECVE-2020-27750 at NVDCVE-2020-27751 at SUSECVE-2020-27751 at NVDCVE-2020-27752 at SUSECVE-2020-27752 at NVDCVE-2020-27753 at SUSECVE-2020-27753 at NVDCVE-2020-27754 at SUSECVE-2020-27754 at NVDCVE-2020-27755 at SUSECVE-2020-27755 at NVDCVE-2020-27757 at SUSECVE-2020-27757 at NVDCVE-2020-27759 at SUSECVE-2020-27759 at NVDCVE-2020-27760 at SUSECVE-2020-27760 at NVDCVE-2020-27761 at SUSECVE-2020-27761 at NVDCVE-2020-27762 at SUSECVE-2020-27762 at NVDCVE-2020-27763 at SUSECVE-2020-27763 at NVDCVE-2020-27764 at SUSECVE-2020-27764 at NVDCVE-2020-27765 at SUSECVE-2020-27765 at NVDCVE-2020-27766 at SUSECVE-2020-27766 at NVDCVE-2020-27767 at SUSECVE-2020-27767 at NVDCVE-2020-27768 at SUSECVE-2020-27768 at NVDCVE-2020-27769 at SUSECVE-2020-27769 at NVDCVE-2020-27770 at SUSECVE-2020-27770 at NVDCVE-2020-27771 at SUSECVE-2020-27771 at NVDCVE-2020-27772 at SUSECVE-2020-27772 at NVDCVE-2020-27773 at SUSECVE-2020-27773 at NVDCVE-2020-27774 at SUSECVE-2020-27774 at NVDCVE-2020-27775 at SUSECVE-2020-27775 at NVDCVE-2020-27776 at SUSECVE-2020-27776 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.1:
+ Improve handling of Media Capture devices.
+ Improve WebAudio playback.
+ Improve video orientation handling.
+ Improve seeking support for MSE playback.
+ Improve flush support in EME decryptors.
+ Fix HTTP status codes for requests done through a custom URI handler.
+ Fix the Bubblewrap sandbox in certain 32-bit systems.
+ Fix inconsistencies between the WebKitWebView.is-muted property
state and values returned by
webkit_web_view_is_playing_audio().
+ Fix the build with ENABLE_VIDEO=OFF.
+ Fix wrong timestamps for long-lived cookies.
+ Fix UI process crash when failing to load favicons.
+ Fix several crashes and rendering issues.
- Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871,
CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983,
CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951.
ImportantSUSE bug 1177087SUSE bug 1179122SUSE bug 1179451SUSE bug 1182286SUSE bug 1184155SUSE bug 1184262CVE-2020-13543 at SUSECVE-2020-13543 at NVDCVE-2020-13558 at SUSECVE-2020-13558 at NVDCVE-2020-13584 at SUSECVE-2020-13584 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9983 at SUSECVE-2020-9983 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1789 at SUSECVE-2021-1789 at NVDCVE-2021-1799 at SUSECVE-2021-1799 at NVDCVE-2021-1801 at SUSECVE-2021-1801 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1870 at SUSECVE-2021-1870 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
ImportantSUSE bug 1186922SUSE bug 1186923SUSE bug 1186924SUSE bug 1187017SUSE bug 1187174CVE-2020-35452 at SUSECVE-2020-35452 at NVDCVE-2021-26690 at SUSECVE-2021-26690 at NVDCVE-2021-26691 at SUSECVE-2021-26691 at NVDCVE-2021-30641 at SUSECVE-2021-30641 at NVDCVE-2021-31618 at SUSECVE-2021-31618 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xterm (Important)SUSE OpenStack Cloud Crowbar 9
This update for xterm fixes the following issues:
- CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091)
ImportantSUSE bug 1182091CVE-2021-27135 at SUSECVE-2021-27135 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-nokogiri (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-nokogiri fixes the following issues:
- CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578).
- CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507).
ImportantSUSE bug 1146578SUSE bug 1180507CVE-2019-5477 at SUSECVE-2019-5477 at NVDCVE-2020-26247 at SUSECVE-2020-26247 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libnettle (Important)SUSE OpenStack Cloud Crowbar 9
This update for libnettle fixes the following issues:
- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).
ImportantSUSE bug 1187060CVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ovmf (Important)SUSE OpenStack Cloud Crowbar 9
This update for ovmf fixes the following issues:
- Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
ImportantSUSE bug 1186151cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libgcrypt (Important)SUSE OpenStack Cloud Crowbar 9
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
ImportantSUSE bug 1187212CVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openexr (Important)SUSE OpenStack Cloud Crowbar 9
This update for openexr fixes the following issues:
- Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer
- Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
- Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
ImportantSUSE bug 1184354SUSE bug 1187310SUSE bug 1187395CVE-2021-3479 at SUSECVE-2021-3479 at NVDCVE-2021-3598 at SUSECVE-2021-3598 at NVDCVE-2021-3605 at SUSECVE-2021-3605 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql, postgresql12, postgresql13 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql, postgresql12, postgresql13 fixes the following issues:
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
Changes in postgresql:
- Bump postgresql major version to 13.
Changes in postgresql12:
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix a DST problem in the test suite.
Changes in postgresql13:
- Add postgresql-icu68.patch: fix build with ICU 68
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
- Fix a DST problem in the test suite.
ImportantSUSE bug 1178666SUSE bug 1178667SUSE bug 1178668SUSE bug 1178961SUSE bug 1179765CVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for arpwatch (Important)SUSE OpenStack Cloud Crowbar 9
This update for arpwatch fixes the following issues:
- CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).
ImportantSUSE bug 1186240CVE-2021-25321 at SUSECVE-2021-25321 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libsolv (Important)SUSE OpenStack Cloud Crowbar 9
This update for libsolv fixes the following issues:
Security issues fixed:
- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)
Other issues fixed:
- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
ImportantSUSE bug 1161510SUSE bug 1186229CVE-2019-20387 at SUSECVE-2019-20387 at NVDCVE-2021-3200 at SUSECVE-2021-3200 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Recommended update for the Azure and AWS SDKs (Important)SUSE OpenStack Cloud Crowbar 9
This update for the SLE Public Cloud module provides the following fixes:
Azure SDK update:
This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit).
(bsc#1176784, jsc#ECO-3105)
AWS SDK update:
This update for the AWS SDK updates python-boto3 to version 1.17.9 and aws-cli to 1.19.9.
(bsc#1182421, jsc#ECO-3352)
Security fix for python-urllib3:
- Improve performance of sub-authority splitting in URL. (bsc#1187045, CVE-2021-33503)
ImportantSUSE bug 1125671SUSE bug 1154393SUSE bug 1175289SUSE bug 1176784SUSE bug 1176785SUSE bug 1182421SUSE bug 1187045CVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-rsa (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-rsa fixes the following issues:
- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)
ImportantSUSE bug 1172389CVE-2020-13757 at SUSECVE-2020-13757 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sudo (Important)SUSE OpenStack Cloud Crowbar 9
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges
[bsc#1181090,CVE-2021-3156]
- It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
- A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685,
CVE-2021-23240]
- It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
ImportantSUSE bug 1180684SUSE bug 1180685SUSE bug 1180687SUSE bug 1181090CVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-pip (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-pip fixes the following issues:
- CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819).
ModerateSUSE bug 1186819CVE-2021-3572 at SUSECVE-2021-3572 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-29 (bsc#1188275)
* CVE-2021-29970: Use-after-free in accessibility features of a document
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
ImportantSUSE bug 1188275CVE-2021-29970 at SUSECVE-2021-29970 at NVDCVE-2021-29976 at SUSECVE-2021-29976 at NVDCVE-2021-30547 at SUSECVE-2021-30547 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414)
* CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements
* CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been
* CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC
* CVE-2021-23964: Fixed Memory safety bugs
ImportantSUSE bug 1181414CVE-2020-26976 at SUSECVE-2020-26976 at NVDCVE-2021-23953 at SUSECVE-2021-23953 at NVDCVE-2021-23954 at SUSECVE-2021-23954 at NVDCVE-2021-23960 at SUSECVE-2021-23960 at NVDCVE-2021-23964 at SUSECVE-2021-23964 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116).
- CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062).
- CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215).
- CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554).
- CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601).
- CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595).
- CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463).
- CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452).
- CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463).
- CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861).
- CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484).
The following non-security bugs were fixed:
- block: do not use blocking queue entered for recursive bio (bsc#1104967).
- s390/stack: fix possible register corruption with stack switch helper (git-fixes).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
ImportantSUSE bug 1104967SUSE bug 1174978SUSE bug 1179610SUSE bug 1185701SUSE bug 1185861SUSE bug 1186463SUSE bug 1186484SUSE bug 1187038SUSE bug 1187050SUSE bug 1187215SUSE bug 1187452SUSE bug 1187554SUSE bug 1187595SUSE bug 1187601SUSE bug 1187934SUSE bug 1188062SUSE bug 1188116CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for systemd (Important)SUSE OpenStack Cloud Crowbar 9
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063)
Other fixes:
- mount-util: shorten the loop a bit (#7545)
- mount-util: do not use the official MAX_HANDLE_SZ (#7523)
- mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
- mount-util: fix bad indenting
- mount-util: EOVERFLOW might have other causes than buffer size issues
- mount-util: fix error propagation in fd_fdinfo_mnt_id()
- mount-util: drop exponential buffer growing in name_to_handle_at_loop()
- udev: port udev_has_devtmpfs() to use path_get_mnt_id()
- mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
- mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
- mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
- basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- sysusers: use the usual comment style
- test/TEST-21-SYSUSERS: add tests for new functionality
- sysusers: allow admin/runtime overrides to command-line config
- basic/strv: add function to insert items at position
- sysusers: allow the shell to be specified
- sysusers: move various user credential validity checks to src/basic/
- man: reformat table in sysusers.d(5)
- sysusers: take configuration as positional arguments
- sysusers: emit a bit more info at debug level when locking fails
- sysusers: allow force reusing existing user/group IDs (#8037)
- sysusers: ensure GID in uid:gid syntax exists
- sysusers: make ADD_GROUP always create a group
- test: add TEST-21-SYSUSERS test
- sysuser: use OrderedHashmap
- sysusers: allow uid:gid in sysusers.conf files
- sysusers: fix memleak (#4430)
- These commits implement the option '--replace' for systemd-sysusers
so %sysusers_create_package can be introduced in SLE and packages
can rely on this rpm macro without wondering whether the macro is
available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- systemctl: add --value option
- execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
- rlimit-util: introduce setrlimit_closest_all()
- system-conf: drop reference to ShutdownWatchdogUsec=
- core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
- Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
- write_net_rules: set execute bits (bsc#1178561)
- udev: rework network device renaming
- Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available''
ImportantSUSE bug 1178561SUSE bug 1184761SUSE bug 1184967SUSE bug 1185046SUSE bug 1185331SUSE bug 1185807SUSE bug 1188063CVE-2021-33910 at SUSECVE-2021-33910 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for curl (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
ModerateSUSE bug 1188217SUSE bug 1188218SUSE bug 1188219SUSE bug 1188220CVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for linuxptp (Important)SUSE OpenStack Cloud Crowbar 9
This update for linuxptp fixes the following issues:
- CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)
ImportantSUSE bug 1187646CVE-2021-3570 at SUSECVE-2021-3570 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for qemu (Important)SUSE OpenStack Cloud Crowbar 9
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)
- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)
- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)
- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)
- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)
ImportantSUSE bug 1187364SUSE bug 1187365SUSE bug 1187366SUSE bug 1187367SUSE bug 1187529CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDCVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dbus-1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for dbus-1 fixes the following issues:
- CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105)
- CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505)
ImportantSUSE bug 1172505SUSE bug 1187105CVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.32.3:
- CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697)
- CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697)
- CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697)
- CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697)
- CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697)
- CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697)
- CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
ImportantSUSE bug 1188697CVE-2021-21775 at SUSECVE-2021-21775 at NVDCVE-2021-21779 at SUSECVE-2021-21779 at NVDCVE-2021-30663 at SUSECVE-2021-30663 at NVDCVE-2021-30665 at SUSECVE-2021-30665 at NVDCVE-2021-30689 at SUSECVE-2021-30689 at NVDCVE-2021-30720 at SUSECVE-2021-30720 at NVDCVE-2021-30734 at SUSECVE-2021-30734 at NVDCVE-2021-30744 at SUSECVE-2021-30744 at NVDCVE-2021-30749 at SUSECVE-2021-30749 at NVDCVE-2021-30758 at SUSECVE-2021-30758 at NVDCVE-2021-30795 at SUSECVE-2021-30795 at NVDCVE-2021-30797 at SUSECVE-2021-30797 at NVDCVE-2021-30799 at SUSECVE-2021-30799 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libsndfile (Critical)SUSE OpenStack Cloud Crowbar 9
This update for libsndfile fixes the following issues:
- CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167)
- CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993)
- CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540)
- CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954)
CriticalSUSE bug 1100167SUSE bug 1116993SUSE bug 1117954SUSE bug 1188540CVE-2018-13139 at SUSECVE-2018-13139 at NVDCVE-2018-19432 at SUSECVE-2018-19432 at NVDCVE-2018-19758 at SUSECVE-2018-19758 at NVDCVE-2021-3246 at SUSECVE-2021-3246 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for djvulibre (Important)SUSE OpenStack Cloud Crowbar 9
This update for djvulibre fixes the following issues:
- CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869)
ImportantSUSE bug 1187869CVE-2021-3630 at SUSECVE-2021-3630 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Pillow (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Pillow fixes the following issues:
- CVE-2021-34552: Fixed a buffer overflow in Convert.c (bsc#1188574)
ImportantSUSE bug 1188574CVE-2021-34552 at SUSECVE-2021-34552 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Important)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
- Update to 10.2.39 (bsc#1182739)
- CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870)
- CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872)
- CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868)
- CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770)
ImportantSUSE bug 1182739SUSE bug 1183770SUSE bug 1185868SUSE bug 1185870SUSE bug 1185872SUSE bug 1188300CVE-2021-2154 at SUSECVE-2021-2154 at NVDCVE-2021-2166 at SUSECVE-2021-2166 at NVDCVE-2021-2180 at SUSECVE-2021-2180 at NVDCVE-2021-27928 at SUSECVE-2021-27928 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cpio (Important)SUSE OpenStack Cloud Crowbar 9
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
ImportantSUSE bug 1189206CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libcares2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libcares2 fixes the following issues:
- CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881).
ImportantSUSE bug 1188881CVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891):
- CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
- CVE-2021-29988: Memory corruption as a result of incorrect style treatment
- CVE-2021-29984: Incorrect instruction reordering during JIT optimization
- CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
- CVE-2021-29985: Use-after-free media channels
- CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
ImportantSUSE bug 1188891CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for fetchmail (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for fetchmail fixes the following issues:
- CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875)
- Change PASSWORDLEN from 64 to 256 [bsc#1188034]
- Set the hostname for SNI when using TLS [bsc#1182807]
- Allow --syslog option in daemon mode. (bsc#1033081)
- Set the hostname for SNI when using TLS. (bsc#1182807)
- Change PASSWORDLEN from 64 to 256 (bsc#1188034)
ModerateSUSE bug 1033081SUSE bug 1182807SUSE bug 1188034SUSE bug 1188875CVE-2021-36386 at SUSECVE-2021-36386 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Recommended update for cpio (Critical)SUSE OpenStack Cloud Crowbar 9
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
CriticalSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u302 (icedtea 3.20.0)
- CVE-2021-2341: Improve file transfers. (bsc#1188564)
- CVE-2021-2369: Better jar file validation. (bsc#1188565)
- CVE-2021-2388: Enhance compiler validation. (bsc#1188566)
- CVE-2021-2161: Less ambiguous processing. (bsc#1185056)
ImportantSUSE bug 1185056SUSE bug 1188564SUSE bug 1188565SUSE bug 1188566CVE-2021-2161 at SUSECVE-2021-2161 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2388 at SUSECVE-2021-2388 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cpio (Important)SUSE OpenStack Cloud Crowbar 9
This update for cpio fixes the following issues:
- A patch previously applied to remedy CVE-2021-38185 introduced a regression
that had the potential to cause a segmentation fault in cpio. [bsc#1189465]
ImportantSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-PyYAML (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-PyYAML fixes the following issues:
- Update to 5.3.1.
- CVE-2020-14343: A vulnerability was discovered in the PyYAML library,
where it was susceptible to arbitrary code execution when it processes
untrusted YAML files through the full_load method or with the FullLoader
loader. Applications that use the library to process untrusted input
may be vulnerable to this flaw. This flaw allows an attacker to
execute arbitrary code on the system by abusing the python/object/new
constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
ImportantSUSE bug 1174514CVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code could
lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189520SUSE bug 1189521CVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for unrar (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
- CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
ModerateSUSE bug 1046882SUSE bug 1054038SUSE bug 1187974CVE-2012-6706 at SUSECVE-2012-6706 at NVDCVE-2017-12938 at SUSECVE-2017-12938 at NVDCVE-2017-12940 at SUSECVE-2017-12940 at NVDCVE-2017-12941 at SUSECVE-2017-12941 at NVDCVE-2017-12942 at SUSECVE-2017-12942 at NVDCVE-2017-20006 at SUSECVE-2017-20006 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for aspell (Important)SUSE OpenStack Cloud Crowbar 9
This update for aspell fixes the following issues:
- CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576).
ImportantSUSE bug 1188576CVE-2019-25051 at SUSECVE-2019-25051 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mysql-connector-java (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mysql-connector-java fixes the following issues:
- CVE-2020-2875: Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors. (bsc#1173600)
- CVE-2020-2934: Fixed a vulnerability which could cause a partial denial of service of MySQL Connectors. (bsc#1173600)
- CVE-2020-2933: Fixed a vulnerability which could allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. (bsc#1173600)
ModerateSUSE bug 1173600CVE-2020-2875 at SUSECVE-2020-2875 at NVDCVE-2020-2933 at SUSECVE-2020-2933 at NVDCVE-2020-2934 at SUSECVE-2020-2934 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openexr (Important)SUSE OpenStack Cloud Crowbar 9
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
ImportantSUSE bug 1188457SUSE bug 1188458SUSE bug 1188459SUSE bug 1188460SUSE bug 1188461SUSE bug 1188462CVE-2021-20298 at SUSECVE-2021-20298 at NVDCVE-2021-20299 at SUSECVE-2021-20299 at NVDCVE-2021-20300 at SUSECVE-2021-20300 at NVDCVE-2021-20302 at SUSECVE-2021-20302 at NVDCVE-2021-20303 at SUSECVE-2021-20303 at NVDCVE-2021-20304 at SUSECVE-2021-20304 at NVDCVE-2021-3476 at SUSECVE-2021-3476 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-puma (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-puma fixes the following issues:
- CVE-2021-29509: Incomplete fix for CVE-2019-16770 allows Denial of Service (bsc#1188527)
ImportantSUSE bug 1188527CVE-2021-29509 at SUSECVE-2021-29509 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libesmtp (Important)SUSE OpenStack Cloud Crowbar 9
This update for libesmtp fixes the following issues:
- CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).
ImportantSUSE bug 1160462SUSE bug 1189097CVE-2019-19977 at SUSECVE-2019-19977 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-addressable (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-addressable fixes the following issues:
- CVE-2021-32740: Fixed denial of service via maliciously crafted templates (bsc#1188207).
ImportantSUSE bug 1188207CVE-2021-32740 at SUSECVE-2021-32740 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for file (Important)SUSE OpenStack Cloud Crowbar 9
This update for file fixes the following issues:
- CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661).
ImportantSUSE bug 1154661CVE-2019-18218 at SUSECVE-2019-18218 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).
- CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376).
- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
- CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380).
- CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429)
- CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434)
- CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433)
- CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654)
- CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369).
- CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378).
- CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376).
- CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254).
- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
ImportantSUSE bug 1181254SUSE bug 1182654SUSE bug 1186429SUSE bug 1186433SUSE bug 1186434SUSE bug 1187369SUSE bug 1187376SUSE bug 1187378SUSE bug 1189373SUSE bug 1189376SUSE bug 1189378SUSE bug 1189380SUSE bug 1189882CVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-3308 at SUSECVE-2021-3308 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openvswitch (Important)SUSE OpenStack Cloud Crowbar 9
This update for openvswitch fixes the following issues:
- openvswitch was updated to 2.8.10
- CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345)
A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of
the openvswitch.rpm file in order to obtain a list of all changes.
ImportantSUSE bug 1117483SUSE bug 1181345CVE-2020-27827 at SUSECVE-2020-27827 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Low)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Low)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
Update to version 10.2.40 [bsc#1189320]:
- fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389
ModerateSUSE bug 1182255SUSE bug 1189320CVE-2021-2372 at SUSECVE-2021-2372 at NVDCVE-2021-2389 at SUSECVE-2021-2389 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issue:
- CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602).
ModerateSUSE bug 1179602CVE-2020-17527 at SUSECVE-2020-17527 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Recommended update for mozilla-nspr, mozilla-nss (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ModerateSUSE bug 1029961SUSE bug 1174697SUSE bug 1176206SUSE bug 1176934SUSE bug 1179382SUSE bug 1188891CVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for transfig (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for transfig fixes the following issues:
Update to version 3.2.8, including fixes for
- CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).
- CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325).
- CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346).
- CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345).
- CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343).
- CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293).
- CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).
- CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).
ModerateSUSE bug 1136882SUSE bug 1159130SUSE bug 1159293SUSE bug 1161698SUSE bug 1186329SUSE bug 1189325SUSE bug 1189343SUSE bug 1189345SUSE bug 1189346CVE-2019-19555 at SUSECVE-2019-19555 at NVDCVE-2019-19746 at SUSECVE-2019-19746 at NVDCVE-2019-19797 at SUSECVE-2019-19797 at NVDCVE-2020-21680 at SUSECVE-2020-21680 at NVDCVE-2020-21681 at SUSECVE-2020-21681 at NVDCVE-2020-21682 at SUSECVE-2020-21682 at NVDCVE-2020-21683 at SUSECVE-2020-21683 at NVDCVE-2021-3561 at SUSECVE-2021-3561 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gtk-vnc (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for gtk-vnc fixes the following issues:
- CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268).
- CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266).
- Fix crash when opening connection from a GSocketAddress (bsc#1046782).
- Fix possible crash on connection failure (bsc#1188292).
ModerateSUSE bug 1024266SUSE bug 1024268SUSE bug 1046782SUSE bug 1188292CVE-2017-5884 at SUSECVE-2017-5884 at NVDCVE-2017-5885 at SUSECVE-2017-5885 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ghostscript (Critical)SUSE OpenStack Cloud Crowbar 9
This update for ghostscript fixes the following issues:
- CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)
CriticalSUSE bug 1190381CVE-2021-3781 at SUSECVE-2021-3781 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779
CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class libraries:
- SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time
that the set timeout
- Z/OS specific C function send_file is changing the file pointer
position
* Java Virtual Machine:
- Crash on iterate java stack
- Java process hang on SIGTERM
* JIT Compiler:
- JMS performance regression from JDK8 SR5 FP40 TO FP41
* Class Libraries:
- z15 high utilization following Z/VM and Linux migration from
z14 To z15
* Java Virtual Machine:
- Assertion failed when trying to write a class file
- Assertion failure at modronapi.cpp
- Improve the performance of defining and finding classes
* JIT Compiler:
- An assert in ppcbinaryencoding.cpp may trigger when running
with traps disabled on power
- AOT field offset off by n bytes
- Segmentation fault in jit module on ibm z platform ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sqlite3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for sqlite3 fixes the following issues:
sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).
The following CVEs have been fixed in upstream releases up to
this point, but were not mentioned in the change log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2020-13434 bsc#1172115: integer overflow in
sqlite3_str_vappendf
* CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow
* CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed
to one of its shadow tables
* CVE-2020-13632 bsc#1172240: NULL pointer dereference via
crafted matchinfo() query
* CVE-2020-13435: Malicious SQL statements could have crashed the
process that is running SQLite (bsc#1172091)
ImportantSUSE bug 1157818SUSE bug 1158812SUSE bug 1158958SUSE bug 1158959SUSE bug 1158960SUSE bug 1159491SUSE bug 1159715SUSE bug 1159847SUSE bug 1159850SUSE bug 1160309SUSE bug 1160438SUSE bug 1160439SUSE bug 1164719SUSE bug 1172091SUSE bug 1172115SUSE bug 1172234SUSE bug 1172236SUSE bug 1172240SUSE bug 1173641SUSE bug 928700SUSE bug 928701CVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2016-6153 at SUSECVE-2016-6153 at NVDCVE-2017-10989 at SUSECVE-2017-10989 at NVDCVE-2017-2518 at SUSECVE-2017-2518 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-8457 at SUSECVE-2019-8457 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Pillow (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Pillow fixes the following issues:
- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).
ImportantSUSE bug 1190229CVE-2021-23437 at SUSECVE-2021-23437 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-urllib3 fixes the following security issue:
- CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120)
Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking.
ModerateSUSE bug 1177120CVE-2020-26137 at SUSECVE-2020-26137 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-activerecord-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-activerecord-4_2 fixes the following issues:
- CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type (bsc#1182169).
ModerateSUSE bug 1182169CVE-2021-22880 at SUSECVE-2021-22880 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glibc (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489)
ModerateSUSE bug 1186489CVE-2021-33574 at SUSECVE-2021-33574 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
ImportantSUSE bug 1188697SUSE bug 1190701CVE-2021-21806 at SUSECVE-2021-21806 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
ImportantSUSE bug 1190666SUSE bug 1190669SUSE bug 1190703CVE-2021-34798 at SUSECVE-2021-34798 at NVDCVE-2021-39275 at SUSECVE-2021-39275 at NVDCVE-2021-40438 at SUSECVE-2021-40438 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for curl (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
ModerateSUSE bug 1190373SUSE bug 1190374CVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-urllib3 fixes the following issues:
- CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211).
ModerateSUSE bug 1177211CVE-2020-26116 at SUSECVE-2020-26116 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-45 (bsc#1191332)
* CVE-2021-38496: Use-after-free in MessageTask
* CVE-2021-38497: Validation message could have been overlaid on another origin
* CVE-2021-38498: Use-after-free of nsLanguageAtomService object
* CVE-2021-32810: Fixed Data race in crossbeam-deque
* CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
* CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
- Fixed crash in FIPS mode (bsc#1190710)
ImportantSUSE bug 1190710SUSE bug 1191332CVE-2021-32810 at SUSECVE-2021-32810 at NVDCVE-2021-38496 at SUSECVE-2021-38496 at NVDCVE-2021-38497 at SUSECVE-2021-38497 at NVDCVE-2021-38498 at SUSECVE-2021-38498 at NVDCVE-2021-38500 at SUSECVE-2021-38500 at NVDCVE-2021-38501 at SUSECVE-2021-38501 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)SUSE OpenStack Cloud Crowbar 9
This update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags contains the following fixes:
Changes in mysql-connector-java:
- Restrict license to GPL-2.0-only
- Fix README adjustments
- Depend on log4j rather than log4j-mini and adjust log4j dependencies to
account for the lack of log4j12 Provides in some code streams.
- Add missing Group tag
- Update to 8.0.25 (SOC-11543)
Changes in 8.0.25
* No functional changes: version alignment with MySQL Server 8.0.25.
Changes in 8.0.24
* Bug#102188 (32526663), AccessControlException with AuthenticationLdapSaslClientPlugin.
* Bug#22508715, SETSESSIONMAXROWS() CALL ON CLOSED CONNECTION RESULTS IN NPE.
* Bug#102131 (32338451), UPDATABLERESULTSET NPE WHEN USING DERIVED QUERIES OR VIEWS.
* Bug#101596 (32151143), GET THE 'HOST' PROPERTY ERROR AFTER CALLING TRANSFORMPROPERTIES() METHOD.
* Bug#20391832, SETOBJECT() FOR TYPES.TIME RESULTS IN EXCEPTION WHEN VALUE HAS FRACTIONAL PART.
* Bug#97730 (31699993), xdev api: ConcurrentModificationException at Session.close.
* Bug#99708 (31510398), mysql-connector-java 8.0.20 ASSERTION FAILED: Unknown message type: 57 s.close.
* Bug#32122553, EXTRA BYTE IN COM_STMT_EXECUTE.
* Bug#101558 (32141210), NULLPOINTEREXCEPTION WHEN EXECUTING INVALID QUERY WITH USEUSAGEADVISOR ENABLED.
* Bug#102076 (32329915), CONTRIBUTION: MYSQL JDBC DRIVER RESULTSET.GETLONG() THROWS NUMBEROUTOFRANGE.
* Bug#31747910, BUG 30474158 FIX IMPROVES JDBC COMPLIANCE BUT CHANGES DEFAULT RESULTSETTYPE HANDLING.
* Bug#102321 (32405590), CALLING RESULTSETMETADATA.GETCOLUMNCLASSNAME RETURNS WRONG VALUE FOR DATETIME.
* WL#14453, Pluggable authentication: new default behavior & user-less authentications.
* WL#14392, Improve timeout error messages [classic].
* WL#14202, XProtocol: Support connection close notification.
Changes in 8.0.23
* Bug#21789378, FORCED TO SET SERVER TIMEZONE IN CONNECT STRING.
* Bug#95644 (30573281), JDBC GETDATE/GETTIME/GETTIMESTAMP INTERFACE BEHAVIOR CHANGE AFTER UPGRADE 8.0.
* Bug#94457 (29402209), CONNECTOR/J RESULTSET.GETOBJECT( ..., OFFSETDATETIME.CLASS ) THROWS.
* Bug#76775 (20959249), FRACTIONAL SECONDS IN TIME VALUES ARE NOT AVAILABLE VIA JDBC.
* Bug#99013 (31074051), AN EXTRA HOUR GETS ADDED TO THE TIMESTAMP WHEN SUBTRACTING INTERVAL 'N' DAYS.
* Bug#98695 (30962953), EXECUTION OF 'LOAD DATA LOCAL INFILE' COMMAND THROUGH JDBC FOR DATETIME COLUMN.
* Bug#101413 (32099505), JAVA.TIME.LOCALDATETIME CANNOT BE CAST TO JAVA.SQL.TIMESTAMP.
* Bug#101242 (32046007), CANNOT USE BYTEARRAYINPUTSTREAM AS ARGUMENTS IN PREPARED STATEMENTS AN MORE.
* WL#14274, Support for authentication_ldap_sasl_client(SCRAM-SHA-256) authentication plugin.
* WL#14206, Support for authentication_ldap_sasl_client(GSSAPI) authentication plugin.
* WL#14207, Replace language in APIs and source code/docs.
Changes in 8.0.22
* Bug#98667 (31711961), 'All pipe instances are busy' exception on multiple connections to named Pipe.
* Bug#96309 (31699357), MultiHost in loadbalance may lead to a TPS reduction during a quick switch.
* Bug#99076 (31083755), Unclear exception/error when connecting with jdbc:mysql to a mysqlx port.
* Bug#96870 (30304764), Contribution: Allow to disable AbandonedConnectionCleanupThread completely.
* WL#14115, Support for authentication_ldap_sasl_client (SCRAM-SHA-1) authentication plugin.
* WL#14096, Add option to specify LOAD DATA LOCAL allow list folder.
* WL#13780, Skip system-wide trust and key stores (incl. X DevAPI client certs).
* WL#14017, XProtocol -- support for configurable compression algorithms.
* Bug#92903 (28834903), MySQL Connector/j should support wildcard names or alternative names.
* Bug#99767 (31443178), Contribution: Check SubjectAlternativeName for TLS instead of commonName.
* Bug#93444 (29015453), LOCALDATETIME PARAMETER VA UES ALTERED WHEN CLIENT AND SERVER TIMEZONES DIFFER.
* WL#14052, Remove asynchronous variant of X Protocol.
* Bug#99713 (31418928), NPE DURING COM.MYSQL.CJ.SERVERPREPAREDQUERYBINDVALUE.STOREDATE().
* WL#14068, Remove legacy integration with JBoss.
Changes in 8.0.21
* WL#14051, Upgrade Protocol Buffers dependency to protobuf-java-3.11.4.
* WL#14042, Upgrade testsuite to JUnit 5.
* Bug#98237 (30911870), PREPAREDSTATEMENT.SETOBJECT(I, 'FALSE', TYPES.BOOLEAN) ALWAYS SETS TRUE OR 1.
* WL#13008, DevAPI: Add schema validation to create collection.
Changes in 8.0.20
* Bug#30805426, IN CASE OF ISAUTHMETHODSWITCHREQUESTPACKET , TOSERVERS > 1 ARE IGNORED.
* Bug#97714 (30570249), Contribution: Expose elapsed time for query interceptor
* Bug#97724 (30570721), Contribution: Allow \'3.\' formatted numbers.
* Bug#98536 (30877755), SIMPLEDATEFORMAT COULD CACHE A WRONG CALENDAR.
Fix for Bug#91112 (28125069), AGAIN WRONG JAVA.SQL.DATE.
* Bug#30474158, CONNECTOR/J 8 DOES NOT HONOR THE REQUESTED RESULTSETTYPE SCROLL_INSENSITIVE ETC.
* Bug#98445 (30832513), Connection option clientInfoProvider=ClientInfoProviderSP causes NPE.
* WL#12248, DevAPI: Connection compression.
* Bug#30636056, ResultSetUtil.resultSetToMap() can be unsafe to use.
* Bug#97757 (30584907), NULLPOINTEREXCEPTION WITH CACHERESULTSETMETADATA=TRUE AND EXECUTEQUERY OF 'SET'.
Changes in 8.0.19
* WL#13346, Support for mult-host and failover.
* Bug#97413 (30477722), DATABASEMETADATA IS BROKEN AFTER SERVER WL#13528.
* WL#13367, DNS SRV support.
* WL#12736, DevAPI: Specify TLS ciphers to be used by a client or session.
* Bug#96383 (30119545) RS.GETTIMESTAMP() HAS * DIFFERENT RESULTS FOR TIME FIELDS WITH USECURSORFETCH=TRUE.
* Bug#96059 (29999318), ERROR STREAMING MULTI RESULTSETS WITH MYSQL-CONNECTOR-JAVA 8.0.X.
* Bug#96442 (30151808), INCORRECT DATE ERROR WHEN CALLING GETMETADATA ON PREPARED STATEMENT.
Changes in 8.0.18
* WL#13347, Connectors should handle expired password sandbox without SET operations.
* Bug#84098 (25223123), endless loop in LoadBalancedAutoCommitInterceptor.
* Bug#23721537, MULTI-SELECT WITH EXECUTEASYNC() GIVES IMPROPER ERROR.
* Bug#95741 (29898567), METADATA QUERY USES UPPER() AROUND NUMERIC EXPRESSION.
* Bug#20913289, PSTMT.EXECUTEUPDATE() FAILS WHEN SQL MODE IS NO_BACKSLASH_ESCAPES.
* Bug#80441 (22850444), SYNTAX ERROR ON RESULTSET.UPDATEROW() WITH SQL_MODE NO_BACKSLASH_ESCAPES.
Changes in 8.0.17
* WL#13210, Generate Javadocs via ant.
* WL#12247, DevAPI: indexing array fields.
* WL#12726, DevAPI: Add overlaps and not_overlaps as operator.
* Bug#95503 (29821029), Operator IN not mapping consistently to the right X Plugin operation.
* WL#12942, Update README.md and add new CONTRIBUTING.md.
* WL#13125, Support fully qualified hostnames longer than 60 characters.
* Bug#95210 (29807741), ClassCastException in BlobFromLocator when connecting as jdbc:mysql:replication.
* Bug#29591275, THE JAR FILE NEEDS TO CONTAIN A README AND LICENSE FILE.
* WL#13124, Support new utf8mb4 bin collation.
* WL#13009, DevAPI: Deprecate methods.
* WL#11101, Remove de-cache and close of SSPSs on double call to close().
* Bug#89133 (27356869) CONTRIBUTION: UPDATE DA ABASEMETADATA.JAVA.
* Bug#11891000, DABATASEMETADATA.GETTABLES() IGNORES THE SCHEMA_PATTERN ARGUMENT.
* Bug#94101 (29277648), SETTING LOGSLOWQUERIES SHOULD NOT AUTOMATICALLY ENABLE PROFILESQL FOR QUERIES.
* Bug#74690 (20010454), PROFILEREVENT HOSTNAME HAS NO GETTER().
* Bug#70677 (17640628), CONNECTOR J WITH PROFILESQL - LOG CONTAINS LOTS OF STACKTRACE DATA.
* Bug#41172 (11750577), PROFILEREVENT.PACK() THROWS ARRAYINDEXOUTOFBOUNDSEXCEPTION.
* Bug#27453692, CHARACTERS GET GARBLED IN CONCAT() IN PS WHEN USECURSORFETCH=TRUE.
* Bug#94585 (29452669), GETTABLENAME() RETURNS NULL FOR A QUERY HAVING COUNT(*) WITH JDBC DRIVER V8.0.12.
* Bug#94442 (29446059), RESULTSETIMPL.GETDOUBLE IS INEFFICIENT BECAUSE OF BIGDECIMAL (RE)CONSTRUCTIONS.
Changes in 8.0.16
* WL#12825, Remove third-party libraries from sources and bundles.
* Bug#93590 (29054329), javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify.
* Bug#94414 (29384853), Connector/J RPM package have version number in path.
* Bug#27786499, REDUNDANT FILES IN DEBIAN PACKAGE FOR DEBIAN9(COMMUNITY PACKAGE) FOR CJAVA.
* WL#12246, DevAPI: Prepared statement support.
* WL#10839, Adjust c/J tests to the new 'ON' default for explicit_defaults_for_timestamp.
* Bug#29329326, PLEASE AVOID SHOW PROCESSLIST IF POSSIBLE.
* WL#12460, DevAPI: Support new session reset functionality.
* WL#12459, DevAPI: Support connection-attributes.
* Bug#25650385, GETBYTE() RETURNS ERROR FOR BINARY() FLD.
* Bug#27784363, MYSQL 8.0 JDBC DRIVER THROWS NUMBERFORMATEXCEPTION FOR TEXT DATA
* Bug#93007 (28860051), LoadBalancedConnectionProxy.getGlobalBlacklist bug.
* Bug#29186870, CONNECTOR/J REGRESSION: NOT RETURNING PRECISION GETPROCEDURECOLUMNS.
* Bug#22038729, X DEVAPI: ANY API CALL AFTER A FAILED CALL PROC() RESULTS IN HANG.
* Bug#29244101, ADD MAPPING FOR UTF8MB4_ZH_0900_AS_CS COLLATION.
* Bug#92819 (28834959), EXPRPARSER THROWS WRONGARGUMENTEXCEPTION WHEN PARSING EMPTY JSON ARRAY.
* Bug#21921956, X DEVAPI: EXPRESSION PARSE ERROR WITH UNARY OPERATOR.
* Bug#94031 (29257922), WRONG JSON_UNQUOTE WORKAROUND.
* Bug#22931700, BINDINGS.GETBOOLEAN() ALWAYS RETURNS FALSE.
* Bug#25650912, ERROR MESSAGE NOT CLEAR WHEN WE PASS A CHAR DATA TO ANY TABLE API.
* Bug#25642021, CHANGEUSER() FAILS WHEN ENABLEPACKETDEBUG=TRUE.
Changes in 8.0.15
* Bug#94051 (29261254), Not recommended default for 'allowLoadLocalInfile'.
Changes in 8.0.14
* WL#12298, Connectors: Expose metadata about source and binaries in unified way.
* Bug#93111 (28894344), ConnectionUrl.java contains char U+00A7 (section sign).
* WL#12621, DevAPI: Handling of Default Schema.
* Bug#93340 (28970166), C/J BUILD SCRIPT IS TOO VERBOSE
* WL#12462, DevAPI: Be prepared for initial notice on connection.
* Bug#28924137, WL#12463:IF COLLECTION DOESN'T EXIST, COLL.COUNT() IS GIVING A WRONG ERROR MESSAGE.
* WL#12463, DevAPI: Standardize count method.
* Bug#92508 (28747636), mysql-connector in bootclasspath causing memory leak.
* Bug#25650514, UPDATEROW() CALL FAILS WITH NPE WHEN SSPS=TRUE AND TABLE HAS MULTI-FLD KEY.
* Bug#25650482, REFRESHROW() CALL AFTER UPDATEROW() API FAILS WHEN USESERVERPREPSTMTS=TRUE.
* Bug#92536 (28692243), UPDATEING SERVER SIDE PREPSTMTS RESULTSET FAIL.
* Bug#92625 (28731795), CONTRIBUTION: FIX OBSERVED NPE IN CLEARINPUTSTREAM.
* Bug#23045642, ADDING NO-DOC (MYSQLCONNJ-696) RESULTS IN EXCEPTION.
* Bug#91065 (28101003), ZERODATETIMEBEHAVIOR=CONVERT_TO_NULL SHOULD NOT APPLY TO 00:00:00 TIME COLUMNS.
* Bug#92574 (28706219), WHEN CONVERTING FROM VARCHAR TO JAVA BOOLEAN, 'N' IS NOT SUPPORTED.
* Bug#25642226, CHANGEUSER() NOT SETTING THE DATABASE PROPERLY WITH SHA USER.
* Bug#28606708, NAMED PIPE CONNECTION FOR X PROTOCOL RETURNS NPE, EXPECTED PROPER ERROR MESSAGE.
Changes in 8.0.13
* Bug#91317 (28207422), Wrong defaults on collation mappings.
* WL#12245, DevAPI: Implement connect timeout.
* Bug#21774249, UNIT TEST FAILS WITH ERROR ' 'CEST' IS UNRECOGNIZED TIME ZONE'.
* WL#11857, DevAPI: Implement connection pooling for xprotocol.
* Bug#91873 (28444461), REMOVE USEOLDUTF8BEHAVIOR CONNECTION PROPERTY.
* Bug#92264 (28594434), JSONPARSER PUTS UNNECESSARY MAXIMUM LIMIT ON JSONNUMBER TO 10 DIGITS.
* WL#12110, Extend PropertyDefinitions.PropertyKey usage.
* Bug#81063 (23098159), w/ rewriteBatchedStatements, when 2 tables involved, the rewriting not correct.
* Bug#84813 (25501750), rewriteBatchedStatements fails in INSERT.
* Bug#81196 (23227334), CONNECTOR/J NOT FOLLOWING DATABASE CHARACTER SET.
* Bug#72609 (18749544), SETDATE() NOT USING A PROLEPTIC GREGORIAN CALENDAR.
* Bug#87534 (26730196), UNION ALL query fails when useServerPrepStmts=true on database connection.
* Bug#89948 (27658489), Batched statements are not committed for useLocalTransactionState=true.
* BUG#22305979, WRONG RECORD UPDATED IF SENDFRACTIONALSECONDS=FALSE AND SMT IS SCROLLABLE.
* Bug#27102307, CHANGE USESSL AND VERIFYSERVERCERTIFICATE TO SSLMODE OPTION.
* Bug#28150662, CONNECTOR/J 8 MALFORMED DATABASE URL EXCEPTION WHIT CORRECT URL STRING.
* Bug#91421 (28246270), ALLOWED VALUES FOR ZERODATETIMEBEHAVIOR ARE INCOMPATIBLE WITH NETBEANS.
* Bug#23045604, XSESSION.GETURI() RETURNS NPE.
* Bug#21914769, NPE WHEN TRY TO EXECUTE INVALID JSON STRING.
* Bug#BUG#90887 (28034570), DATABASEMETADATAUSINGINFOSCHEMA#GETTABLES FAILS IF METHOD ARGUMENTS ARE NULL.
* Bug#28207088, C/JAVA: UPDATECLOB(INT COLUMNLABEL, JAVA.SQL.CLOB CLOB) IS FAILING.
* Bug#27629553, NPE FROM GETSESSION() FOR SSL CONNECTION WHEN NO PASSWORD PASSED.
Changes in 8.0.12
* Bug#28208000, MASTER : HANG IN ASYNCHRONOUS SELECT TEST.
* WL#10544, Update MySQL 8.0 keywords list.
* WL#11858, DevAPI: Core API v1 alignment.
* Bug#27652379, NPE FROM GETSESSION(PROPERTIES) WHEN HOST PARAMETER IS GIVEN IN SMALL LETTER.
* BUG#87600 (26724154), CONNECTOR THROWS 'MALFORMED DATABASE URL' ON NON MYSQL CONNECTION-URLS.
* BUG#26089880, GETCONNECTION('MYSQLX://..') RETURNS NON-X PROTOCOL CONNECTION.
* WL#11876, Improve connection properties design.
* WL#11933, Connector/J 8.0 X DevAPI reference documentation update.
* WL#11860, Ensure >= 75% code coverage.
* Bug#90753 (27977617), WAIT_TIMEOUT EXCEEDED MESSAGE NOT TRIGGERED.
* Bug#85941 (25924324), WASNULL NOT SET AFTER GETBYTES IS CALLED.
* Bug#28066709, COLLECTION.CREATEINDEX() TEST IS BROKEN AFTER WL#11808 IMPLEMENTATION.
* Bug#90872 (28027459), FILTERPARAMS CLASS IS NOT NEEDED.
* Bug#27522054, POSSIBLE ASYNC XPROTOCOL MESSAGE HANDLING PERF ISSUE.
The 'xdevapi.useAsyncProtocol' connection property default value is changed to 'false'.
Changes in 8.0.11
* WL#11293, DevAPI: Support new locking modes : NOWAIT and SKIP LOCKED.
* Bug#90029 (27678308), FAILURE WHEN GETTING GEOMCOLLECTION COLUMN TYPE.
* BUG#90024 (27677574), SOME TESTS FAILED AGAINST MYSQL 8.0.5 BECAUSE OF DEPRECATED FEATURES REMOVAL.
* Bug#86741 (26314325), Multi-Host connection with autocommit=0 getAutoCommit maybe wrong.
* Bug#27231383, PROVIDE MAVEN-FRIENDLY COMMERCIAL PACKAGES WITHOUT '-BIN'.
* Bug#26819691, SETTING PACKETDEBUGBUFFERSIZE=0 RESULTS IN CONNECTION FAILURE.
* Bug#88227 (27029657), Connector/J 5.1.44 cannot be used against MySQL 5.7.20 without warnings.
* Bug#27374581, CONNECTION FAILS WHEN GPL SERVER STARTED WITH TLS-VERSION=TLSV1.2.
* WL#11419, DevAPI: New document _id generation support.
* WL#11620, Change caching_sha2_password padding.
* WL#11604, DevAPI: Add SHA256_MEMORY support.
* BUG#86278 (26092824), SUPPORT CUSTOM CONSTRUCTION OF SSLSOCKET DURING CONNECTION ESTABLISHMENT.
* BUG#27226293, JSONNUMBER.GETINTEGER() & NUMBERFORMATEXCEPTION.
* WL#10527, Clean up Protocol and Session interfaces.
Changes in 8.0.9
* WL#11469, Update license header in GPL packages.
* BUG#27247349, WL#11208 : UNIQUE DOES NOT GIVE ERROR EVEN THOUGH IT IS NOT SUPPORTED.
* WL#11208, DevAPI: Collection.createIndex.
* WL#10156, Add setters/getters for connection properties to MysqlDataSource,
MysqlXADataSource and MysqlConnectionPoolDataSource.
* WL#11401, DevAPI: Remove configuration API.
* WL#10619, Ensure compatibility with new data dictionary.
* BUG#27217264, WL#10937: NULL POINTER EXCEPTION WHEN NULL IS PASSED AS _ID IN COLL.REPLACEONE.
* WL#10937, DevAPI: ReplaceOne, AddOrReplaceOne, GetOne, RemoveOne.
* Bug#26723646, JSON_MERGE() FUNCTION IS DEPRECATED IN MYSQL 8.0.
* Bug#27185332, WL#11210:ERROR IS THROWN WHEN NESTED EMPTY DOCUMENTS ARE INSERTED TO COLLECTION.
* Bug#27151601, WL#11210: DOCUMENT PATCH EXPRESSIONS ARE NOT SUPPORTED.
* WL#11210, DevAPI: Modify/MergePatch.
* Bug#79612 (22362474), CONNECTION ATTRIBUTES LOST WHEN CONNECTING WITHOUT DEFAULT DATABASE.
* WL#10152, Enable TLSv1.2 on mysqlx.
* Bug#27131768, NULL POINTER EXCEPTION IN CONNECTION.
* Bug#88232 (27047676), c/J does not rollback transaction when autoReconnect=true.
* Bug#88242 (27040063), autoReconnect and socketTimeout JDBC option makes wrong order of client packet.
* Bug#88021 (26939943), High GC pressure when driver configured with serversideprepared statements.
* Bug#26724085, CHARSET MAPPING TO BE UPDATED FOR MYSQL 8.0.3.
* Bug#87704 (26771560), THE STREAM GETS THE RESULT SET ?THE DRIVER SIDE GET WRONG ABOUT GETLONG().
* Bug#24924097, SERVER GREETING ERROR ISN'T RECOGNIZED DURING HANDSHAKE.
* Bug#26748909, MASTER : ERROR - NO OPERATIONS ALLOWED AFTER STATEMENT CLOSED FOR TOSTRING().
* Bug#26266731, CONCUR_UPDATABLE RESULTSET OPERATIONS FAIL AGAINST 8.0 FOR BOOLEAN COLUMN.
* WL#11239, DevAPI: Remove create table implementation.
* Bug#27131100, WL#11212 : SAVEPOINT CREATING WITH EMPTY STRING AND SPACE AS NAME.
* WL#11212, DevAPI: transaction save-points.
* WL#11060, Support new SHA-256 authentication system.
* Bug#87826 (26846249), MYSQL JDBC CONNECTOR/J DATABASEMETADATA NULL PATTERN HANDLING IS NON-COMPLIANT.
* WL#11163, Extract parameter setters, serverPrepare() and serverExecute() to core classes.
* BUG#26995710, WL#11161 : NULL POINTER EXCEPTION IN EXECUTEBATCH() AND CLOSE().
* WL#11161, Unify query bindings.
* WL#8469, Don't extract query text from packets when possible.
Changes in 8.0.8
* BUG#26722030, TEST FAILING DUE TO BINARY LOGGING ENABLED BY DEFAULT IN MYSQL 8.0.3.
* BUG#26722018, TESTS FAILING DUE TO CHANGE IN INFORMATION_SCHEMA.INNODB_SYS_* NAMING.
* BUG#26750807, MASTER : NULL POINTER EXCEPTION IN SCHEMA.DROPVIEW(NULL).
* BUG#26750705, MASTER : ERROR - UNSUPPORTED CONVERSION FROM TIME TO JAVA.SQL.DATE.
* WL#10620, DevAPI: SHA256 Authentication support.
* WL#10936, DevAPI: Row locking for Crud.Find.
* WL#9868, DevAPI: Configuration handling interface.
* WL#10935, DevAPI: Array or Object 'contains' operator.
* WL#9875, Prepare c/J 8.0 for DEB and RPM builds.
* BUG#26259384, CALLABLE STATEMENT GIVES ERROR IN C/JAVA WHEN RUN AGAINST MYSQL 8.0.
* Bug#26393132, NULLPOINTEREXCEPTION IS THROWN WHEN TRIED TO DROP A NULL COLLECTION.
* WL#10532, DevAPI: Cleanup Drop APIs.
* Bug#87429 (26633984), repeated close of ServerPreparedStatement causes memory leak.
* Bug#87379 (26646676), Perform actual TLS capabilities check when restricting TLSv1.2.
* Bug#85601 (25777822), Unit notation is missing in the description of the property involved in the time.
* Bug#87153 (26501245), INCORRECT RESULT OF DBMD.GETVERSIONCOLUMNS() AGAINST MYSQL 8.0.2+.
* Bug#78313 (21931572), proxies not handling Object.equals(Object) calls correctly.
* Bug#85885 (25874048), resultSetConcurrency and resultSetType are swapped in call to prepareStatement.
* Bug#74932 (20066806), ConnectionImp Doesn't Close Server Prepared Statement (PreparedStatement Leak).
* WL#10536, Deprecating COM_SHUTDOWN.
* Bug#25946965, UPDATE THE TIME ZONE MAPPINGS WITH LATEST TZ DATABASES.
* Bug#20182108, INCLUDE CUSTOM LOAD BALANCING STRATEGY USING PLUGIN API.
* Bug#26440544, CONNECTOR/J SHOULD NOT USE TX_{READ_ONLY,ISOLATION} WHICH IS PLANNED FOR REMOVAL.
* Bug#26399958, UNABLE TO CONNECT TO MYSQL 8.0.3.
* Bug#25650305, GETDATE(),GETTIME() AND GETTIMESTAMP() CALL WITH NULL CALENDAR RETURNS NPE.
Changes in 8.0.7
* Bug#26227653, WL#10528 DIFF BEHAVIOUR WHEN SYSTEM PROP JAVAX.NET.SSL.TRUSTSTORETYPE IS SET.
* WL#10528, DevAPI: Ensure all connectors are secure by default.
* WL#8305, Remove internal dependency on connection objects.
* Bug#22972057, X DEVAPI: CLIENT HANGS AFTER CONNECTION FAILURE.
* Bug#26140577, GIS TESTS ARE FAILING WITH MYSQL 8.0.1.
* WL#10765, DevAPI: Forbid modify() and remove() with no condition.
* Bug#26090721, CONNECTION FAILING WHEN SERVER STARTED WITH COLLATION UTF8MB4_DE_PB_0900_AI_CI.
* WL#10781, enum-based connection properties.
* Bug#73775 (19531384), DBMD.getProcedureColumns()/.getFunctionColumns() fail to filter by columnPattern.
* Bug#84324 (25321524), CallableStatement.extractProcedureName() not work when catalog name with dash.
* Bug#79561 (22333996), NullPointerException when calling a fully qualified stored procedure.
* Bug#84783 (25490163), query timeout is not working(thread hang).
* Bug#70704 (17653733), Deadlock using UpdatableResultSet.
* Bug#66430 (16714868), setCatalog on connection leaves ServerPreparedStatement cache for old catalog.
* Bug#70808 (17757070), Set sessionVariables in a single query.
* Bug#77192 (21170603), Description for the Property replicationConnetionGroup Missing from the Manual.
* Bug#83834 (25101890), Typo in Connector/J error message.
* WL#10531, Support utf8mb4 as default charset.
* Bug#85555 (25757019), useConfigs Can't find configuration template named, in mysql-connector-java 6.x
* WL#10529, Move version number to 8.0.
* WL#10530, DevAPI: Remove XSession, rename NodeSession to Session.
* Bug#23510958, CONCURRENT ASYNC OPERATIONS RESULT IN HANG.
* Bug#23597281, GETNODESESSION() CALL WITH SSL PARAMETERS RETURNS CJCOMMUNICATIONSEXCEPTION.
* Bug#25207784, C/J DOESN'T FOLLOW THE FINAL X DEVAPI MY-193 SPECIFICATION.
* Bug#25494338, ENABLEDSSLCIPHERSUITES PARAMETER NOT WORKING AS EXPECTED WITH X-PLUGIN.
* Bug#84084 (25215008), JAVA.LANG.ARRAYINDEXOUTOFBOUNDSEXCEPTION ON ATTEMPT TO GET VALUE FROM RESULTSET.
* WL#10553, Add mapping for Japanese utf8mb4 collation.
* Bug#25575103, NPE FROM CREATETABLE() WHEN SOME OF THE INPUTS ARE NULL.
* Bug#25575156, NPE FROM CREATEVIEW() WHEN SOME OF THE INPUTS ARE NULL.
* Bug#25636947, CONNECTION USING MYSQL CLIENT FAILS IF WE USE THE SSL CERTIFICATES FROM C/J SRC.
* Bug#25687718, INCORRECT TIME ZONE IDENTIFIER IN STATEMENTREGRESSIONTEST.
* Bug#25556597, RESULTSETTEST.TESTPADDING UNIT TEST IS FAILING IN 5.1.41 RELEASE PACKAGE.
* Bug#25517837, CONNECT PERFORMNACE DEGRADED BY 10% IN 5.1.41.
* Bug#25504578, CONNECT FAILS WHEN CONNECTIONCOLLATION=ISO-8859-13.
* Bug#25438355, Improper automatic deserialization of binary data.
* Bug#70785 (17756825), MySQL Connector/J inconsistent init state for autocommit.
* Bug#66884: Property 'elideSetAutoCommits' temporarily defaults to 'false' until this bug is fixed.
* Bug#75615 (21181249), Incorrect implementation of Connection.setNetworkTimeout().
* Bug#81706 (23535001), NullPointerException in driver.
* Bug#83052 (25048543), static method in com.mysql.jdbc.Util relies on null object.
* Bug#69526 (17035755), 'Abandoned connection cleanup thread' at mysql-connector-java-5.1.25.
* Bug#82826 (24942672), Unneeded version requirement for javax.net.ssl Import-Package on OSGi MANIFEST.MF.
Changes in 6.0.6
* Added Core TLS/SSL options for the mysqlx URI scheme.
* Updated collations map.
* Bug#24350526, UNEXPECTED BEHAVIOUR OF IS_NUMBER_SIGNED API IN C/JAVA.
* Bug#82707 (24512766), WRONG MILLI SECOND VALUE RETURNED FROM TIMESTAMP COLUMN.
* Bug#82005 (23702040), JDBCDATEVALUEFACTORY FAILS TO PARSE SOME DATES.
* Bug#83725 (25056803), NPE IN XPROTOCOL.GETPLUGINVERSION() WITH MYSQL 5.7.17.
* Bug#24525461, UPDATABLE RESULTSET FEATURE FAILS WHEN USESERVERPREPSTMTS=TRUE.
* Bug#24527173, QUERY EXECUTION USING PREPARED STMT FAILS WHEN USECURSORFETCH=TRUE.
* Bug#82964 (24658016), JSR-310 DATA TYPES CREATED THROUGH JAVA.SQL TYPES.
* Bug#81202 (23188159), RESULTSETIMPL.GETOBJECT THROWS NULLPOINTEREXCEPTION WHEN FIELD IS NULL.
* Bug#22931277, COLUMN.GETTYPE() RETURNS ERROR FOR VALID DATATYPES.
* BUG#24471057, UPDATE FAILS WHEN THE NEW VALUE IS OF TYPE DBDOC WHICH HAS ARRAY IN IT.
* Bug#81691 (23519211), GETLASTDOCUMENTIDS() DOESN'T REPORT IDS PROVIDED BY USER.
* Bug#82826 (24942672), Unneeded version requirement for javax.net.ssl Import-Package on OSGi MANIFEST.MF.
Changes in 6.0.5
* BUG#82896 (24613062), Unexpected behavior on attempt to connect to JDBC driver with unsupported URL.
* Added client-side failover during XSession initialization for multi-router configuration.
* Removed Extension interface. All extension classes now implement their specific interfaces.
* Bug#22988922, GETLENGTH() RETURNS -1 FOR LONGBLOB AND LONGTEXT FIELDS.
* Bug#24619829, NEW FAILURES IN C/JAVA UNITTESTS AGAINST MYSQL 8.0.
* Bug#75209 (20212882), Set useLocalTransactionState may result in partially committed transaction.
* Bug#48346 (11756431), Communications link failure when reading compressed data with compressed=true.
* Bug#80631 (22891845), ResultSet.getString return garbled result with json type data.
* Bug#64188 (13702433), MysqlXAConnection.MYSQL_ERROR_CODES_TO_XA_ERROR_CODES is missing XA error codes.
* Bug#72632 (18759269), NullPointerException for invalid JDBC URL.
* Bug#82115 (23743956), Some exceptions are intercepted twice or fail to set the init cause.
* Bug#78685 (21938551), Wrong results when retrieving the value of a BIT column as an integer.
* Bug#80615 (22954007), prepared statement leak when rewriteBatchedStatements=true and useServerPrepStmt.
* Extended X DevAPI with flexible parameter lists.
* Added a virtual NodeSession to X DevAPI.
Changes in 6.0.4
* X DevAPI URL prefix changed from 'mysql:x:' to 'mysqlx:'.
* Bug#24301468 X DEVAPI SSL CONNECTION FAILS ON WINDOWS
* The X DevAPI Table object now represents both database tables and views.
* Added support for matching against pattern for X DevAPI list_objects calls.
* Added Schema.getCollections(String pattern) and Schema.getTables(String pattern) interface methods.
* Switched to 'mysqlx' namespace for X DevAPI StmtExecute messages.
This change is incompatible to MySQL server versions < 5.7.14.
* Bug#82046 (23743947), MYSQL CONNECTOR JAVA OSGI METADATA BROKEN.
* Bug#21690043, CONNECT FAILS WHEN PASSWORD IS BLANK.
* Bug#22931433, GETTING VALUE OF BIT COLUMN RESULTS IN EXCEPTION.
Changes in 6.0.3
* Bug#23535571, EXCESSIVE MEMORY USAGE WHEN ENABLEPACKETDEBUG=TRUE.
* Bug#23212347, ALL API CALLS ON RESULTSET METADATA RESULTS IN NPE WHEN USESERVERPREPSTMTS=TRUE.
* Bug#23201930, CLIENT HANG WHEN RSLT CUNCURRENCY=CONCUR_UPDATABLE AND RSLTSET TYPE=FORWARD_ONLY.
* Bug#23188498, CLIENT HANG WHILE USING SERVERPREPSTMT WHEN PROFILESQL=TRUE AND USEIS=TRUE.
* Bug#22678872, NPE DURING UPDATE WITH FABRIC.
* Bug#71131 (18068303), Poor error message in CallableStatement.java.
* Bug#59462 (16736619), ConcurrentModificationException inside ConnectionImpl.closeAllOpenStatements().
* Bug#22848249, LOADBALANCECONNECTIONGROUPMANAGER.REMOVEHOST() NOT WORKING AS EXPECTED.
* Bug#22730682, ARRAYINDEXOUTOFBOUNDSEXCEPTION FROM CONNECTIONGROUPMANAGER.REMOVEHOST().
* Bug#77171 (21181466), On every connect getting sql_mode from server creates unnecessary exception.
* Bug#79343 (22353759), NPE in TimeUtil.loadTimeZoneMappings causing server time zone value unrecognized.
* Bug#22038729, X DevAPI: Any API call after a failed CALL PROC() results in hang
* Replace Schema.drop(), Collection.drop() by X DevAPI's session.dropSchema() and session.dropCollection().
* Added session.dropTable().
* Bug#22932078, GETTIMESTAMP() RETURNS WRONG VALUE FOR FRACTIONAL PART
* Extracted packet readers from MysqlaProtocol.
* Bug#22972057, X protocol CLIENT HANGS AFTER CONNECTION FAILURE
* Bug#23044312, NullPointerException in X protocol AsyncMessageReader due to race condition
* Returned support for MySQL 5.5 and 5.6.
Changes in 6.0.2
* Deprecate the EOF packet.
* Bug#75956, Inserting timestamps using a server PreparedStatement and useLegacyDatetimeCode=false
* Bug#22385172, CONNECTOR/J MANIFEST DOES NOT EXPOSE FABRIC (OSGi).
* Bug#22598938, FABRICMYSQLDATASOURCE.GETCONNECTION() NPE AFTER SWITCHOVER.
* Bug#21286268, CONNECTOR/J REPLICATION USE MASTER IF SLAVE IS UNAVAILABLE.
* Bug#21296840 & Bug#17910835, Server information in a group from Fabric is not refreshed after expired TTL.
* Bug#56122 (11763419), JDBC4 functionality failure when using replication connections.
* Added support for TLSv1.1 and TLSv1.2
* Bug#78961 (22096981), Can't call MySQL procedure with InOut parameters in Fabric environment.
* Bug#56100 (11763401), Replication driver routes DML statements to read-only slaves.
* StandardSSLSocketFactory implements SocketMetadata.
* Bug#21978216, GETTYPEINFO REPORT MAXIMUM PRECISION OF 255 FOR VARBINARY.
* Bug#78706 (21947042), Prefer TLS where supported by MySQL Server.
* Bug#21934573, FABRIC CODE INVOLVED IN THREAD DEADLOCK.
* Bug#21876798, CONNECTOR/J WITH MYSQL FABRIC AND SPRING PRODUCES PROXY ERROR.
Changes in 6.0.1
* Removed useJvmCharsetConverters connection property. JVM charset converters are now used in all cases.
* Refactored value decoding and removed all date/time connection properties
* Refactored connection properties
* Assume existence of INFORMATION_SCHEMA.PARAMETERS (and thus MySQL 5.5) when preparing stored procedure calls.
* Removed retainStatementAfterResultSetClose connection property.
* Null-merge of Bug#54095 (11761585) fix.
* Removed support code for MySQL server versions < 5.7.
* Bug#76859 (20969312), DBMD getColumns using I_S doesn't have column IS_GENERATEDCOLUMN as per JDBC 4.1.
* Added support for GENERATED COLUMNS.
* Update Time Zone mappings with IANA Time Zone database tsdata2015f and Unicode CLDR v.28.
* Update DatabaseMetaData SQL keywords.
* Added tests for Optimizer hints syntax introduced in MySQL 5.7.7.
* Bug#21860833, JSON DATA TYPE DOESN'T WORK WITH SSPS.
* Added support for JSON data type.
* Added support for JDBC 4.2 new features.
* Bug#16634180, LOCK WAIT TIMEOUT EXCEEDED CAUSES SQLEXCEPTION, SHOULD CAUSE SQLTRANSIENTEXCEPTION
* Bug#75849 (20536592), NPE in abortInternal() method on line 1358 of ConnectionImpl.
* Bug#78106 (21648826), Potential memory leak with inflater.
* Bug#78225 (21697684), DEFAULT NO_AUTO_CREATE_USER SQL_MODE BEHAVIOR BROKE SOME TESTS
* Bug#77665 (21415165), JDBC fails to connect with MySQL 5.0.
* Bug#77681 (21429909), rewrite replace sql like insert when rewriteBatchedStatements=true (contribution).
* Bug#77449 (21304726) Add 'truncateFractionalSeconds=true|false' property (contribution).
* Bug#50348 (11758179), mysql connector/j 5.1.10 render the wrong value for dateTime column in GMT DB.
* Bug#75670 (20433047), Connection fails with 'Public Key Retrieval is not allowed' for native auth.
* Bug#76187 (20675539), getTypeInfo report maximum precision of 255 for varchar.
* Add test for new syntax 'ALTER TABLE ... DISCARD|IMPORT PARTITION ...' introduced in MySQL 5.7.4.
* Bug#20727196, GETPROCEDURECOLUMNS() RETURNS EXCEPTION FOR FUNCTION WHICH RETURNS ENUM/SET TYPE.
* Bug#19803348, GETPROCEDURES() RETURNS INCORRECT OUTPUT WHEN USEINFORMATIONSCHEMA=FALSE.
* Bug#21215151, DATABASEMETADATA.GETCATALOGS() FAILS TO SORT RESULTS.
* Bug#72630 (18758686), NullPointerException during handshake in some situations
* Bug#20825727, CONNECT FAILURE WHEN TRY TO CONNECT SHA USER WITH DIFFERENT CHARSET.
* Flag RowDataDynamic.isInterrupted removed as it isn't needed.
* Bug#20518653, XSL FILES IN PACKAGES
* Bug#20804635, GETTIME() AND GETDATE() FUNCTIONS FAILS WHEN FRACTIONAL PART EXISTS
* Bug#62452 (16444069), NPE thrown in JDBC4MySQLPooledException when statement is closed.
* BUG#70927 (17810800), Connector/J COM_CHANGE_USER handling is broken
* Bug#75335 (20283655), Maven artifact for Connector/J is missing source jar.
* BUG#75592 (20408891), 'SHOW VARIABLES WHERE' is expensive.
* Bug#75113 (20821888), Fail in failover of the connection in MySQL fabric
* Bug#72077 (18425861), Fabric connection with username to a server with disabled auth throws NPE
* Add test for already fixed Bug#72546 (18719760), C/J Fabric createGroup() throws ClassCastException
* Bug#77217 (21184949), ClassCastException when executing a streaming PreparedStatement with Fabric
* Bug#19536760, GETSTRING() CALL AFTER RS.RELATIVE() RETURNS NULLPOINTEREXCEPTION
* BUG#20453712, CLOB.SETSTRING() WITH VALID INPUT RETURNS EXCEPTION
* BUG#20453671, CLOB.POSITION() API CALL WITH CLOB INPUT RETURNS EXCEPTION
* Bug#20685022, SSL CONNECTION TO MYSQL 5.7.6 COMMUNITY SERVER FAILS.
* Bug#20606107, TEST FAILURES WHEN RUNNING AGAINST 5.7.6 SERVER VERSION
* Bug#20533907, BUG#20204783 FIX EXPOSES WRONG BEAHAVIORS IN FAILOVER CONNECTIONS.
* Bug#20504139, GETFUNCTIONCOLUMNS() AND GETPROCEDURECOLUMNS() RETURNS ERROR FOR VALID INPUTS.
* Expose PreparedStatment.ParseInfo for external usage, with no capture of the connection
* Bug#75309 (20272931), mysql connector/J driver in streaming mode will in the blocking state.
* New property 'readOnlyPropagatesToServer' controls the implicit propagation of read only transaction access mode to server.
* Bug#54095 (11761585), Unnecessary call in newSetTimestampInternal.
* Bug#67760 (15936413), Deadlock when concurrently executing prepared statements with Timestamp objects.
* Bug#71084 (18028319), Wrong java.sql.Date stored if client and server time zones differ.
* Bug#75080 (20217686), NullPointerException during setTimestamp on Fabric connection.
* Bug#75168 (20204783), loadBalanceExceptionChecker interface cannot work using JDBC4/JDK7.
* Bug#73595 (19465516), Replace usage of StringBuffer in JDBC driver.
* Bug#18925727, SQL INJECTION IN MYSQL JDBC DRIVER.
* Bug#74998 (20112694), readRemainingMultiPackets not computed correctly for rows larger than 16 MB.
* Bug#73012 (19219158), Precedence between timezone options is unclear.
* Implement support for connecting through SOCKS proxies (WL#8105).
* Ant buildfile reworked to fix incompatibilities with latest Eclipse
* Bug#18474141, TESTSUITE.FABRIC TEST CASES FAIL IF NO FABRIC.TESTSUITE PROPERTIES PROVIDED
* Bug#19383371, CONNECT USING MYSQL_OLD_PASSWORD USER FAILS WHEN PWD IS BLANK
* Bug#17441747, C/J DOESN'T SUPPORT XA RECOVER OUTPUT FORMAT CHANGED IN MYSQL 5.7.
* Bug#19145408, Error messages may not be interpreted according to the proper character set
* Bug#19505524, UNIT TEST SUITE DOES NOT CONSIDER ALL THE PARAMETERS PASSED TO BUILD.XML.
* Bug#73474 (19365473), Invalid empty line in MANIFEST.MF
* Bug#70436 (17527948), Incorrect mapping of windows timezone to Olson timezone.
* Bug73163 (19171665), IndexOutOfBoundsException thrown preparing statement.
* Added support for gb18030 character set
* Bug#73663 (19479242), utf8mb4 does not work for connector/j >=5.1.13
* Bug#73594 (19450418), ClassCastException in MysqlXADataSource if pinGlobalTxToPhysicalConnection=true
* Bug#19354014, changeUser() call results in 'packets out of order' error when useCompression=true.
* Bug#73577 (19443777), CHANGEUSER() CALL WITH USECOMPRESSION=TRUE COULD LEAD TO IO FREEZE
* Bug#19172037, TEST FAILURES WHEN RUNNING AGAINST 5.6.20 SERVER VERSION
* Bug#71923 (18344403), Incorrect generated keys if ON DUPLICATE KEY UPDATE not exact.
* Bug#72502 (18691866), NullPointerException in isInterfaceJdbc() when using DynaTrace
* Bug#72890 (18970520), Java jdbc driver returns incorrect return code when it's part of XA transaction.
* Fabric client now supports Fabric 1.5. Older versions are no longer supported.
* Bug#71672 (18232840), Every SQL statement is checked if it contains 'ON DUPLICATE KEY UPDATE' or not.
* Bug#73070 (19034681), Preparing a stored procedure call with Fabric results in an exception
* Bug#73053 (19022745), Endless loop in MysqlIO.clearInputStream due to Linux kernel bug.
* Bug#18869381, CHANGEUSER() FOR SHA USER RESULTS IN NULLPOINTEREXCEPTION
* Bug#62577 (16722757), XA connection fails with ClassCastException
* Bug#18852587, CONNECT WITH A USER CREATED USING SHA256_PASSWORD PLUGIN FAILS WHEN PWD IS BLANK
* Bug#18852682, TEST TESTSHA256PASSWORDPLUGIN FAILS WHEN EXECUTE AGAINST COMMERCIAL SERVER
* failing tests when running test suite with Java 6+.
* Bug#72712 (18836319), No way to configure Connector JDBC to not do extra queries on connection
- Adjust log4j/log4j-mini dependencies to account for the lack of
log4j12/log4jmini12 Provides in some code streams.
Changes in javapackages-tools:
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
- Fix typo in spec file sitearch -> sitelib
- Fix the python subpackage generation
gh#openSUSE/python-rpm-macros#79
- Support python subpackages for each flavor
gh#openSUSE/python-rpm-macros#66
- Replace old nose with pytest gh#fedora-java/javapackages#86
- when building extra flavor, BuildRequire javapackages-filesystem:
/etc/java is being cleaned out of the filesystems package.
- Upgrade to version 5.3.1
- Define _rpmmacrodir for distributions that don't have it
- Use %{_rpmmacrodir} instead of %{_libexecdir}/rpm/macros.d: this
just happens to overlap in some distros.
- Rename gradle-local and ivy-local to javapackages-gradle and
javapackages-ivy and let them depend only on javapackages-tools
and javapackages-local. These packages only install files
produced during the javapackages-tools build. The dependencies
will be pulled by gradle-local, ivy-local and maven-local
meta-packages built in a separate spec file.
- Split maven-local meta-package out of javapackages-tools spec
file
- Make the ivy-local and maven-local sub-packages depend on the
right stuff, so that they actually can be used for building
- Provide both com.sun:tools and sun.jdk:jconsole that are part of
standard OpenJDK installation. These provides cannot be generated
from metadata due to build sequence.
+ fix directories for eclipse.conf too
- Make the javapackages-local package depend on java-devel. It is
used for package building and this avoids each package to require
java-devel itself.
- Replace the occurences of /usr/lib by libdir in configuration
files too
- Update to version 5.3.0
- Modified patch:
- Build the :extras flavour as noarch
+ we did not bump epoch of OpenJDK packages in SUSE
+ fix a potential generation of unresolvable requires
+ adapt the tests to not expect the epoch
- Switch to multibuild layout
- Update to version 5.2.0+git20180620.70fa2258:
* Rename the async kwarg in call_script to wait (reverses the logic)
* Actually bump version to 5.3.0 snapshot
* Bump version in VERSION file
* [man] s/Pacakge/Package/g
* Fix typos in README
* Fix configure-base.sh after filesystem macro split
* Split filesystem macros to separate macro file
* Introduce javapackages-filesystem package
* [java-functions] extend ABRT Java agent options
* change abrt-java-connector upstream URL
* Remove resolverSettings/prefixes from XMvn config
* Add macros to allow passing arbitrary options to XMvn
* [spec] Bump package version to 5.1.0
* Allow specifying custom repo when calling xmvn-install
- Update to version 5.0.0+git20180104.9367c8f6:
* [java-functions] Avoid colons in jar names
* Workaround for SCL enable scripts not working with -e
* Second argument to pom_xpath_inject is mandatory
* [mvn_artifact] Provide more helpful error messages
* Fix traceback on corrupt zipfile
* [test] Add reproducer for rhbz#1481005
* [spec] Fix default JRE path
* [readme] Fix typo
* Add initial content to README.md (#21)
* Decouple JAVA_HOME setting from java command alternatives
- Fix url to correct one https://github.com/fedora-java/javapackages
- Split to python and non-python edition for smaller depgraph
- Fix abs2rel shebang:
- Fix Requires on subpackages to point to javapackages-tools proper
- Update to version 4.7.0+git20170331.ef4057e7:
* Reimplement abs2rel in Python
* Don't expand {scl} in macro definitions
* Install expanded rpmfc attr files
* [spec] Avoid file conflicts between in SCL
* Fix macros.d directory ownership
* Make %ant macro enable SCL when needed
* [spec] Fix file conflicts between SCL and non-SCL packages
* Fix ownership of ivyxmldir
* [test] Force locale for python processes
* Don't include timestamp in generated pom.properties
* We switch to /usr/lib/ location for macros
- Try to reduce some dependencies bsc#1036025
- python-lxml 3.5.0 introduces validation for xml comments, and
one of the comments created in this package were not valid.
This patch fixes the problem. It backported from upstream and
should be in the next release.
https://github.com/mizdebsk/javapackages/commit/84211c0ee761e93ee507f5d37e9fc80ec377e89d
- Version update to 4.6.0:
* various bugfixes for maven tooling
* introduction to gradle-local package for gradle packaging
- Drop dependency over source-highlight as it causes build cycle
- Try to break buildcycle detected on Factory
- Fix build on SLE11
- Use python-devel instead of pkgconfig to build on sle11
- Add python-javapackages as requirement for main package
- Update requires on python packages to properly have all the needed
dependencies on runtime
- Install macros to /etc/rpm as we do in SUSE:
- Cleanup with spec-cleaner
- Fix rpmlint errors
- Enable maven-local
- Avoid unsatisfiable dependencies
- Enable unit tests
- Update to version 4.4.0
- create directories for java, so that ant build works
- Add virtual provide jpackage-utils-java9 to be able to
distinguish the presence of java9 compatibility
- fix bashisms
- SLES patch for ZipFile, having no attribute '__exit__' which was causing
ecj build failures
- set correct libxslt package when building for SLES
Changes in javassist:
+ Add OSGi manifest to the javassist.jar
- Allow building on systems that do not have java 9 or higher
- Install and package the maven pom and metadata files
- BuildRequire at least Java 9. This version uses APIs introduced
in Java 9
- Replace old $RPM_* shell vars by macros.
- Version update to 3.23.1:
* 3.23.1 Github PR #171
* 3.23 Fix leaking file handlers in ClassPool and removed
ClassPath.close(). Github issue #165
* 3.22 Java 9 supports.
JIRA JASSIST-261.
- Specify java target and source version 1.6 in order to allow
building with jdk9
- fix javadoc errors that are fatal with jdk9
- Version update to 3.21.0:
* various compiler settings
* Require java >= 1.6
- Update to version 3.19.0
* Including a number of bug fixes and Java 8 supports.
- Clean up specfile
- Remove redundant %clean section
- Build for java API 1.5
- Remove unzip requirement
- Update home page and download source Urls
Changes in protobuf:
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General
* Support M1 (#8557)
- Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
- update to 3.15.7:
C++
* Remove the ::pb namespace (alias) (#8423)
Ruby
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
- update to 3.15.6:
Ruby
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
- Update to v3.14.0
Protocol Compiler
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
- from version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
- Fix the python subpackage generation
gh#openSUSE/python-rpm-macros#79
- Support multiple python3 flavors gh#openSUSE/python-rpm-macros#66
- Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
if p['result'] == 'FAIL':
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript
* Fix js message pivot selection (#6813)
PHP
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
- Python: Add requirement on python-six
- Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Use tarball provided by upstream
- Small package cleanup
- Updated to version 3.9.2 (bsc#1162343)
(Objective-C)
* Remove OSReadLittle* due to alignment requirements. (#6678)
* Don't use unions and instead use memcpy for the type swaps. (#6672)
- Package also the protobuf-bom pom file
- Update to new upstream release 3.9.1
* Optimized the implementation of RepeatedPtrFieldBase.
* Added delimited parse and serialize util.
* Added FieldDescriptor::PrintableNameForExtension() and
DescriptorPool::FindExtensionByPrintableName(). The latter
will replace Reflection::FindKnownExtensionByName().
* Created a new Add method in repeated field that allows adding
a range of elements all at once.
* Drop building wheel for Python 3.4.
- Specify java source and target levels in order to build
compatible protobuf-java binaries
- Update to new upstream release 3.8.0
* Introduced new MOMI (maybe-outside-memory-interval) parser.
* Added use of C++ override keyword where appropriate.
* Always declare enums to be int-sized.
* Append '_' to C++ reserved keywords for message, enum, extension.
- Disable LTO (boo#1133277).
- fixes build with Bazel 0.22.0.
- Add protobuf-source package - some programs using gRPC and
protobuf need protobuf definitions which are included inside the
source code, but are not included in the devel package.
- Add maven pom files to the protobuf-java package
- update to version v3.6.1:
* PHP namespaces for nested messages and enums (#4536)
* Allows the json marshaller to be passed json marshal options (#4252)
* Make sure to delete temporary maps used by FileDescriptorTables
* fix python cpp kokoro build
* Change C# reflection to avoid using expression trees
* Updated checked-in generated code
* Removed unused variables in repeated_scalar_container.cc
* Removed unused code pertaining to shared_ptr
* Include no_package.proto in Python test
* Only check filenames when end with .py in _CalledFromGeneratedFile() (#4262)
* Convert descriptortype to type for upb_msgval_sizeof (#4357)
* Removed duplicate using statement from ReflectionUtil.cs
* Add support for power ppc64le
* Cat the test-suite.log on errors for presubits
* Address review comments
* Add third-party RPC implementation: raster - a network framework supports pbrpc by 'service' keyword.
* Delete javanano kokoro build configs.
* Updated Ruby conformance test failure list
* Removed use of some type traits
* Adopt php_metadata_namespace in php code generator (#4622)
* Move to Xcode 9.3 which also means a High Sierra image.
* Add protoc release script for Linux build.
* protoc-artifacts: Avoid storing temporary files and use fewer layers
* Rewrite go_benchmark
* Add files to build ruby artifact for mac on kokoro (#4814)
* Remove javanano.
* Comment out unused command from release script.
* Avoid direct check of class name (#4601)
* The JsonParseOptions::ignore_unknown_fields option behavior treats
* Fix php memory leak test (#4692)
* Fix benchmark build
* Add VS2017 optional component dependency details to the C# readme (#4128)
* Fix initialization with Visual Studio
* For windows, all python version should use /MT (#4468)
* use brew install instead of easy_install in OSX (#4537)
* Sync upb change (#4373)
* Always add -std=c++11 for mac (#4684)
* Add kokoro build status badges.
* Removed unrecognized option from no_package.proto
* Fixed up proto3_lite_unittest.cc
* Update Xcode settings
* Cleanup LICENSE file.
* Remove js_embed binary. (#4709)
* Fixed JS parsing of unspecified map keys
* Update version number to 3.6.0
* Deliberately call simple code to avoid Unity linker pruning
* Revert 'Move `compiler/plugin.pb.cc` to libprotobuf with the other WKT sources.'
* protoc-artifacts: Use ENTRYPOINT to enable devtoolset-1.1
* MinGW build failed
* Support using MSVC intrinsics in Log2FloorNonZero
* Fix array constructor in c extension for compatibility (#4667)
* Add space between class name and concat message (#4577)
* fix python
* Add performance.md and add instruction for linking tcmalloc
* Add script for run and upload the benchmark result to bq
* Add test for failing write of raw pointer to output stream
* [objectivec] Fix memory leak of exceptions raised by RaiseException() (#4556)
* Remove stray indent on normal imports.
* Fix python ext build on kokoro (#4527)
* Add compile test sources for to test include order.
* Fixed a Visual Studio 2017 build error. (#4488)
* fix linux kokoro build in docker
* Fixes MSVC compiler warning C4800 'Forcing value to bool 'true' or 'false'' (#4350)
* Updated Docker setup to use GCC 4.8
* Remove broken build status icons.
* Run autogen.sh in release script.
* Output *_pb2_grpc.py when use_grpc_plugin=True
* Adopt ruby_package in ruby generated code. (#4627)
* Cygwin build failed
* Work around an 'old runtime' issue with reflection
* Added Kokoro protoc release build for OS X (#4770)
* Updated change log for 3.6.1 release
* Move methods out of class (#4697)
* Fix to allow AOT compilers to play nicely with reflection
* Update Makefile.am for Java lite files.
* Added map_lite_test.proto to fix LiteTest
* Introduce a compatiblity shim to support .NET 3.5 delegate creation
* Revert 'Removed mention of Buffer in byteSourceToUint8Array'
* Add gogo benchmark
* Set ext.no_native = true for non mac platform
* Removed atomicops.h since it is no longer used
* Rename a shadowed variable.
* Add kokoro bazel configs for 3.6.x branch.
* Deleted scoped_ptr.h
* Check the message to be encoded is the wrong type. (#4885) (#4949)
* protoc-artifacts: Avoid checking out protobuf code
* Add conformance test for null value in list JSON
* Build ruby gem on kokoro (#4819)
* Try using a new version of Visual Studio on AppVeyor
* Make ruby release configs consistent with protoc.
* fix for API change in PHP 7.3 (#4898)
* Add .proto files to extract_includes.bat
* Update protoc build scripts.
* Blacklist all WELL_KNOWN_PROTOS from Bazel C++ code generation.
* Additional support for building and deploying ppcle_64 artifacts
* Fix php tests
* Cleanup + documentation for Java Lite runtime.
* Added Kokoro Windows release build config for protoc (#4766)
* typo
* fix golang kokoro linux build
* Fix spelling error of __GNUC_MINOR__
* Update code to work for Xcode 10b1 (#4729)
* Added pyext/thread_unsafe_shared_ptr.h
* Added missing .inc files to BUILD
* js message support for jstype string on integers (#4332)
* Improve error message when googletest is missing.
* Make assertEquals pass for message (#4947)
* Sync internal benchmark changes
* Removed some unused C++ source files
* Fix missing LIBPROTOC_EXPORT.
* Added new test source files to Makefile.am
* Update php version to 3.6.0 (#4736)
* Fix RepeatedField#delete_if (#4292)
* Merge branch (#4466)
* Implement array constructor in php c extension.
* protoc-artifacts: Update centos base from 6.6 to 6.9
* PHP array constructors for protobuf messages (#4530)
* Fix problem: cmake build failed in c++11 by clang
* Don't assume Windows builds use MSVC.
* Use legacy name in php runtime (#4741)
* Add file option php_metadata_namespace and ruby_package (#4609)
* Fix cpp benchmark dependency on mac
* Use the first enum value instead of 0 in DefaultValueObjectWriter::FindEnumDefault
* Check return value on write of raw pointer
* Delete unused directories.
* Replace //:protoc and similar default macro arguments with
* Add extra C# file to Makefile.am
* includes the expected class in the exception, otherwise the error is harder to track down (#3371)
* Update instructions about getting protobuf source.
* Add cpp tests under release docker image.
* fix java benchmark, fix dashboard build
* `update_file_lists.sh` depends on Bash features, thus needs Bash sebang.
* Rename build_artifacts.cfg to release.cfg (#4818)
* Fix bug: whether always_print_enums_as_ints is true or false, it always print the default value of enums as strings
* source code info for interpreted options; fix source code info for extension range options (#4342)
* Updated version numbers to 3.6.1
* Trim imports for bundled generated protos.
* Require C++11 and pass -std=c++11
* Remove the iOS Test App.
* fix duplicate mkdir in update_file_lists.sh
* Updated csharp/README.md to reflect testing changes
* Fix bazel build of examples.
* Add missing ruby/tests/test_ruby_package.proto
* Fix cpp_distcheck
* Updated the change log with changes for 3.6.0
* some fix
* CMake: Update CXX Standard management
* Add the files added in #4485.
* Change to deal all messages in one loop
* Fix php conformance test.
* Add __init__.py files to compiler and util subpackages (#4117)
* Updated .gitignore to exclude downloaded gmock/ directory
* Fix error in Clang UndefinedBehaviorSanitizer
* Work around MSVC issue with std::atomic initialization (#4777)
* Updated conformance failure lists
* Add back GeneratedClassName to public (#4686)
* Add continuous test for ruby 2.3, 2.4 and 2.5 (#4829)
* Throw error if user want to access message properties (#4603)
* fix json_decode call parameters (#4381)
* Move `compiler/plugin.pb.cc` to libprotobuf with the other WKT sources.
* PHP: fixed typo in message.c
* Add go benchmark
* Allow list values to be null when parsing
* Added instruction for existing ZLIB configuration
* Fix 32bit php tests
* Removed javanano from post_process_dist.sh
* Don't generate imports for the WKTs unless generating the WKTs.
* For encoding upb needs descriptor type instead of type. (#4354)
* Include googletest as a submodule (#3993)
* Write messages to backing field in generated C# cloning code (#4440)
* Integrated internal changes from Google
- bump soname version
update to version v3.5.2:
* Update release date
* Disable pip cache when testing uploaded packages
* Replace private timelib_update_ts with public date_timestamp_get
* Remove py2.6 support.
* Cherrypick for csharp, including:
* Update changelog
* Update changelog for 3.5.1
* Fix uploading binary wheel.
* Fix memory leak when creating map field via array.
* Update rake file to build of 2.1.6.
* Avoid using php_date_get_date_ce() in case date extension is not
* Update protoc-artfacts
* Fix string::back() usage in googletest.cc
* Fix memory leak in php7
* Support ruby2.5
* io_win32: support non-ASCII paths
* Explicitly propagate the status of Flush().
* Add discard unknown API in ruby. (#3990)
* Update version for 3.5.0.post1
* remove nullptr
* Fix more memory leak for php c extension (#4211)
* Bumping number to fix ruby 2.1 on mac
* io_win32_unittest: remove incorrect error check
* Fix memory leak when creating repeated field via array.
* Update version number for php c extension (#3896)
* Fix file permission for python package.
* Create containing directory before generating well_known_types_embed.cc
* Replace C++11 only method std::map::at
* Recursively clear unknown fields in submessages. (#3982)
* Update version number to 3.5.1
* io_win32_unittest: fix condition in GetCwdAsUtf8
* Add release log
* io_win32_unittest: use CWD as last tempdir
* Add PROTOBUF_ENABLE_TIMESTAMP to let user decide whether timestamp util
* Add support for Windows ARM64 build
* Add protobuf-all in post release
* Use fully qualifed name for DescriptorPool in Any.php to avoid name (#3886)
* Add _file_desc_by_toplevel_extension back
* Fix setup.py for windows build.
* io_win32_unittest: make //:win32_test run again
* Provide discardUnknonwnFields API in php (#3976)
* Update php c extension version number to 3.5.0.1
* Fix ruby gc_test in ruby 2.4 (#4011)
* Remove duplicate typedef. (#3975)
* Accept DatetimeInterface in fromDatetime
* io_win32: add more encoding-related tests
* Bump version number to 3.5.2
* Bump protoc-artifact version for a patch rebuild
* Call php method via function name instead of calling directly.
* Well known types are not initialized properly. (#4139)
* Use matching enum type for IsPOD.
* Fix several more memory leak
* Fix for php5.5
* Add backslach to make class explict in global namespace
* Fix compile error undefined reference to
`google::protobuf::internal::Release_CompareAndSwap(long volatile*, long, long)'
on s390x https://github.com/google/protobuf/issues/3937
- Conditionalize python2 and python3 in order to be able to build
without python2 present in distribution
* Use singlespec macros to simplify the logic
- Run fdupes on python modules to avoid duplicates
- Remove shebangs from import-only code
- Update to new upstream release 3.5.0
* Proto3 messages are now preserving unknown fields by default.
If you rely on unknowns fields being dropped, use
DiscardUnknownFields() explicitly.
* Deprecated the unsafe_arena_release_* and
unsafe_arena_add_allocated_* methods for string fields.
* Added move constructor and move assignment to RepeatedField,
RepeatedPtrField and google::protobuf::Any.
* Added perfect forwarding in Arena::CreateMessage.
* In-progress experimental support for implicit weak fields
with lite protos. This feature allows the linker to strip out
more unused messages and reduce binary size.
- Rename %soname to %sover to better reflect its use.
- Install LICENSE
- Update to 3.3.0 :
* C++:
* Fixed map fields serialization of DynamicMessage to correctly serialize
both key and value regardless of their presence.
* Parser now rejects field number 0 correctly.
* New API Message::SpaceUsedLong() that’s equivalent to
Message::SpaceUsed() but returns the value in size_t.
* JSON support
- New flag always_print_enums_as_ints in JsonPrintOptions.
- New flag preserve_proto_field_names in JsonPrintOptions. It will instruct
the JSON printer to use the original field name declared in the .proto
file instead of converting them to lowerCamelCase when printing JSON.
- JsonPrintOptions.always_print_primtive_fields now works for oneof message
fields.
- Fixed a bug that doesn’t allow different fields to set the same json_name
value.
- Fixed a performance bug that causes excessive memory copy when printing
large messages.
* Various performance optimizations.
* Java:
* Map field setters eagerly validate inputs and throw NullPointerExceptions
as appropriate.
* Added ByteBuffer overloads to the generated parsing methods and the Parser
interface.
* proto3 enum's getNumber() method now throws on UNRECOGNIZED values.
* Output of JsonFormat is now locale independent.
* Python:
* Added FindServiceByName() in the pure-Python DescriptorPool. This works only
for descriptors added with DescriptorPool.Add(). Generated descriptor_pool
does not support this yet.
* Added a descriptor_pool parameter for parsing Any in text_format.Parse().
* descriptor_pool.FindFileContainingSymbol() now is able to find nested
extensions.
* Extending empty [] to repeated field now sets parent message presence.
- Update to 3.2.0 :
* Added protoc version number to protoc plugin protocol. It can be used by
protoc plugin to detect which version of protoc is used with the plugin and
mitigate known problems in certain version of protoc.
* C++:
* The default parsing byte size limit has been raised from 64MB to 2GB.
* Added rvalue setters for non-arena string fields.
* Enabled debug logging for Android.
* Fixed a double-free problem when using Reflection::SetAllocatedMessage()
with extension fields.
* Fixed several deterministic serialization bugs:
* MessageLite::SerializeAsString() now respects the global deterministic
serialization flag.
* Extension fields are serialized deterministically as well. Fixed protocol
compiler to correctly report importing-self as an error.
* Fixed FileDescriptor::DebugString() to print custom options correctly.
* Various performance/codesize optimizations and cleanups.
* Java:
* The default parsing byte size limit has been raised from 64MB to 2GB.
* Added recursion limit when parsing JSON.
* Fixed a bug that enumType.getDescriptor().getOptions() doesn't have custom
options.
* Fixed generated code to support field numbers up to 2^29-1.
* Python:
* You can now assign NumPy scalars/arrays (np.int32, np.int64) to protobuf
fields, and assigning other numeric types has been optimized for
performance.
* Pure-Python: message types are now garbage-collectable.
* Python/C++: a lot of internal cleanup/refactoring.
- Increase soname to 13
- Generate python2-protobuf and python3-protobuf packages in Factory
- Make the python2-protobuf package provide and obsolete python-protobuf
to make the transition smooth in Tumbleweed
- Fix an issue with setup.py where some files are built on the
first invocation, but only copied on the second. This resulted
in an incomplete protobuf-python package.
- Update to protobuf v3.1.0. Protobuf v3.0.0 introduceced a new
version of the protocol buffer language, proto3, which supersedes
proto2.
The protoc compiler is able to read old proto2 protocol definitions,
and defaults to the proto2 syntax if a syntax is not specified, thus
packages can be recompiled to link to the new library. For backwards
compatibility, the old library version is available from the
protobuf2 package.
As the API for proto2 is not compatible to the proto3 API, proto3
should only be used for new Protocol Buffers, whereas current users
are advised to keep using proto2. For a detailed list of changes,
see https://github.com/google/protobuf/releases
- Use py_sitedir for library installation with setup.py install
- Drop protobuf-libs as it is just workaround for rpmlint issue
- Cleanup specfile:
* remove any conditionals for versions predating SLES 12/Leap 42.x
* add Provides: protobuf-libs to fix rpmlint warning
Changes in python-python-gflags:
- Don't provide python2-gflags, singlespec packages should use
correct name.
- Provide python-gflags in the python2 package
- Fix URL.
- Update to version 3.1.1
* Added PEP8 style method/function aliases.
- Update to version 3.1.0
* Python3 compatibility
* Removed UnrecognizedFlag exception.
* Replaced flags.DuplicateFlag with flags.DuplicateFlagError.
* Moved the validators.Error class to exceptions.ValidationError.
* Renamed IllegalFlagValue to IllegalFlagValueError.
* Removed MutualExclusionValidator class, in favor of flags.MarkFlagsAsMutualExclusive.
* Removed FlagValues.AddValidator method.
* Removed _helpers.GetMainModule.
* Use xml.dom.minidom to create XML strings, instead of manual crafting.
* Declared PEP8-style names.
* Added examples.
- Update to version 3.0.7
* Removed the unused method ShortestUniquePrefixes.
* Removed _GetCallingModule function alias.
- Update to version 3.0.6
* Declared pypi package classifiers.
* Added support for CLIF flag processing (not included in python-gflags repo
yet).
- Update to version 3.0.5
* Added a warning when FLAGS.SetDefault is used after flags were parsed.
* Added new function: MarkFlagsAsRequired.
- Update to version 3.0.4
* One more fix for setup.py - this time about third_party package.
- Update to version 3.0.3
* Fixed setup.py.
* --noflag if argument is given is no longer allowed.
* Python3 compatibility: removed need for cgi import.
* Disallowed unparsed flag usage after FLAGS.Reset()
- Update to version 3.0.2
* Fix MANIFEST.in to include all relevant files.
- Update to version 3.0.1
* Some changes for python3 compatibility.
* Automatically generate ordering operations for Flag.
* Add optional comma compatibility to whitespace-separated list flags.
* A lot of potentially backwards incompatible changes since 2.0.
* This version is NOT recommended to use in production. Some of the files and
documentation has been lost during export; this will be fixed in next
versions.
- Fix source URL
- Implement single-spec version
ImportantSUSE bug 1036025SUSE bug 1133277SUSE bug 1162343cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for strongswan (Important)SUSE OpenStack Cloud Crowbar 9
This update for strongswan fixes the following issues:
- CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435)
ImportantSUSE bug 1191435CVE-2021-41991 at SUSECVE-2021-41991 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql10 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql10 fixes the following issues:
- Fix for build with llvm12 on s390x. (bsc#1185952)
- Re-enable 'icu' for PostgreSQL 10. (bsc#1179945)
- Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751)
- Upgrade to version 10.18. (bsc#1190177)
Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5):
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
- Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961)
- Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix recently-added timetz test case so it works when the USA is not observing daylight savings time.
ImportantSUSE bug 1178961SUSE bug 1179765SUSE bug 1179945SUSE bug 1183118SUSE bug 1183168SUSE bug 1185924SUSE bug 1185925SUSE bug 1185952SUSE bug 1187751SUSE bug 1190177CVE-2021-32027 at SUSECVE-2021-32027 at NVDCVE-2021-32028 at SUSECVE-2021-32028 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for opensc (Important)SUSE OpenStack Cloud Crowbar 9
This update for opensc fixes the following issues:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
ImportantSUSE bug 1191957SUSE bug 1191992SUSE bug 1192000SUSE bug 1192005CVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for transfig (Important)SUSE OpenStack Cloud Crowbar 9
This update for transfig fixes the following issues:
Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)
- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
- bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
- bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
- bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c
ImportantSUSE bug 1190607SUSE bug 1190611SUSE bug 1190612SUSE bug 1190615SUSE bug 1190616SUSE bug 1190617SUSE bug 1190618SUSE bug 1192019CVE-2020-21529 at SUSECVE-2020-21529 at NVDCVE-2020-21530 at SUSECVE-2020-21530 at NVDCVE-2020-21531 at SUSECVE-2020-21531 at NVDCVE-2020-21532 at SUSECVE-2020-21532 at NVDCVE-2020-21533 at SUSECVE-2020-21533 at NVDCVE-2020-21534 at SUSECVE-2020-21534 at NVDCVE-2020-21535 at SUSECVE-2020-21535 at NVDCVE-2021-32280 at SUSECVE-2021-32280 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for binutils (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for binutils fixes the following issues:
Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
--gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
--sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses 'no
symbols' diagnostic.
Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
-march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the 'variable section' from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
--no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
Update to binutils 2.35.1:
* This is a point release over the previous 2.35 version, containing bug
fixes, and as an exception to the usual rule, one new feature. The
new feature is the support for a new directive in the assembler:
'.nop'. This directive creates a single no-op instruction in whatever
encoding is correct for the target architecture. Unlike the .space or
.fill this is a real instruction, and it does affect the generation of
DWARF line number tables, should they be enabled.
Update to binutils 2.35:
* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
* Readelf will now display '[...]' when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to 'no'.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
--dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
--syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
--disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
The following security fixes are addressed by the update:
- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).
- CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768).
- CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770).
- CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826).
- CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829).
- CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831).
- CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126).
- CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609).
- CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649).
ModerateSUSE bug 1126826SUSE bug 1126829SUSE bug 1126831SUSE bug 1140126SUSE bug 1142649SUSE bug 1143609SUSE bug 1153768SUSE bug 1153770SUSE bug 1157755SUSE bug 1160254SUSE bug 1160590SUSE bug 1163333SUSE bug 1163744SUSE bug 1179036SUSE bug 1179341SUSE bug 1179898SUSE bug 1179899SUSE bug 1179900SUSE bug 1179901SUSE bug 1179902SUSE bug 1179903SUSE bug 1180451SUSE bug 1180454SUSE bug 1180461SUSE bug 1181452SUSE bug 1182252SUSE bug 1183511SUSE bug 1184620SUSE bug 1184794CVE-2019-12972 at SUSECVE-2019-12972 at NVDCVE-2019-14250 at SUSECVE-2019-14250 at NVDCVE-2019-14444 at SUSECVE-2019-14444 at NVDCVE-2019-17450 at SUSECVE-2019-17450 at NVDCVE-2019-17451 at SUSECVE-2019-17451 at NVDCVE-2019-9074 at SUSECVE-2019-9074 at NVDCVE-2019-9075 at SUSECVE-2019-9075 at NVDCVE-2019-9077 at SUSECVE-2019-9077 at NVDCVE-2020-16590 at SUSECVE-2020-16590 at NVDCVE-2020-16591 at SUSECVE-2020-16591 at NVDCVE-2020-16592 at SUSECVE-2020-16592 at NVDCVE-2020-16593 at SUSECVE-2020-16593 at NVDCVE-2020-16598 at SUSECVE-2020-16598 at NVDCVE-2020-16599 at SUSECVE-2020-16599 at NVDCVE-2020-35448 at SUSECVE-2020-35448 at NVDCVE-2020-35493 at SUSECVE-2020-35493 at NVDCVE-2020-35496 at SUSECVE-2020-35496 at NVDCVE-2020-35507 at SUSECVE-2020-35507 at NVDCVE-2021-20197 at SUSECVE-2021-20197 at NVDCVE-2021-20284 at SUSECVE-2021-20284 at NVDCVE-2021-3487 at SUSECVE-2021-3487 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat, javapackages-tools fixes the following issue:
Security issue fixed:
- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).
Non-security issues fixed:
- Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476)
- Rebuild javapackages-tools to fix a missing package on s390.
ImportantSUSE bug 1185476SUSE bug 1188278SUSE bug 1188279SUSE bug 1190558CVE-2021-30640 at SUSECVE-2021-30640 at NVDCVE-2021-33037 at SUSECVE-2021-33037 at NVDCVE-2021-41079 at SUSECVE-2021-41079 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for qemu (Important)SUSE OpenStack Cloud Crowbar 9
This update for qemu fixes the following issues:
Security issues fixed:
- Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748)
- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713)
- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682)
- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
- NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503)
- eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255)
- usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)
ImportantSUSE bug 1180432SUSE bug 1180433SUSE bug 1180434SUSE bug 1180435SUSE bug 1182651SUSE bug 1186012SUSE bug 1189145SUSE bug 1189702SUSE bug 1189938CVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for binutils (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for binutils fixes the following issues:
- For compatibility on old code stream that expect 'brcl 0,label' to
not be disassembled as 'jgnop label' on s390x. (bsc#1192267)
This reverts IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).
Security issue fixed:
- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)
ModerateSUSE bug 1183909SUSE bug 1184519SUSE bug 1188941SUSE bug 1191473SUSE bug 1192267CVE-2021-20294 at SUSECVE-2021-20294 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for pcre (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).
ModerateSUSE bug 1025709SUSE bug 1030066SUSE bug 1030803SUSE bug 1030805SUSE bug 1030807SUSE bug 1172973SUSE bug 1172974CVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to Extended Support Release 91.3.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-49 (bsc#1192250)
* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
* CVE-2021-38504: Use-after-free in file picker dialog
* CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
* CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
* CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
* CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
* CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
* CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
* MOZ-2021-0008: Use-after-free in HTTP2 Session object
* MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
ImportantSUSE bug 1192250CVE-2021-38503 at SUSECVE-2021-38503 at NVDCVE-2021-38504 at SUSECVE-2021-38504 at NVDCVE-2021-38505 at SUSECVE-2021-38505 at NVDCVE-2021-38506 at SUSECVE-2021-38506 at NVDCVE-2021-38507 at SUSECVE-2021-38507 at NVDCVE-2021-38508 at SUSECVE-2021-38508 at NVDCVE-2021-38509 at SUSECVE-2021-38509 at NVDCVE-2021-38510 at SUSECVE-2021-38510 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma contains the following fixes:
Security fixes included in this update:
kibana:
CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868).
python-eventlet:
CVE-2021-21419: Fixed improper handling of highly compressed data and memory allocation with excessive size value. (bsc#1185836)
rubygem-redcarpet:
CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837)
rubygem-puma:
CVE-2021-41136: Fixes build of the Java state machine for parsing HTTP. (bsc#1191681)
Non-security fixes included in this update:
Changes in ardana-ansible:
* Patch service.py to skip blank lines.
Changes in ardana-monasca:
* Use specific TLS versions for monasca-thresh DB connections. (SOC-11543)
Changes in crowbar-openstack:
* keystone wakeup: get new session on any error. (bsc#1189052)
Changes in influxdb:
- Set GO111MODULE=auto to fix build with go1.16 and later where default is GO111MODULE=on
Canges in kibana:
- Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868)
Changes in openstack-cinder:
* Fix typo in Dell EMC Unity driver documentation.
* Drop lower-constraints job.
* [stable-only] Cap bandit to v1.6.2 and fix constraints.
Changes in openstack-ec2-api:
* Remove jobs corresponds to obselete featuresets.
* OpenDev Migration Patch.
Changes in openstack-heat-gbp:
* Add support for Wallaby.
* Fix upstream gate.
Changes in openstack-heat-templates:
* [ussuri][goal] Update contributor documentation.
* Fix zuul config for heat-templates-check.
* Remove testr.
Changes in openstack-horizon-plugin-gbp-ui:
* Add support for Wallaby.
* Fix upstream gate.
Changes in openstack-keystone:
* Retry update\_user when sqlalchemy raises StaleDataErrors.
* Pin keystone-tempest-plugin for py27 compatibility.
Changes in openstack-neutron-gbp:
* Fix update router API.
* Fix HA IP DB migration.
* Revert 'Fix HA IP DB migration'.
* Fix HA IP DB migration.
* Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table.
* Use custom converter for extra attributes.
* Validate network before creating or updating router.
* Fix Data Migration query for HA IP table.
* System security grp:Add system sg in port sg list.
* Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table.
* [apic\_aim]: Fix HA IP UTs.
* Fixing the exception msg for IPAddressGenerationFailure.
* Enhancement regarding router/instance attachment to an external network floating ip and snat subnets.
* Setting legacy-group-based-policy-dsvm-aim to non-voting gate.
* Add support for Wallaby.
* Bug fixes for gbp-validate.
* [apic\_aim]: Filter endpoint details.
* Bugfix: Policy Enforcement Pref.
* Fix unit-tests for tenant-scope validation.
* [AIM] Add Policy Enforcement Pref to network extension.
Changes in openstack-nova:
* [neutron] Get only ID and name of the SGs from Neutron.
* Remove allocations before setting vm\_status to SHELVED\_OFFLOADED.
* libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available.
* Update pci stat pools based on PCI device changes.
* Use subqueryload() instead of joinedload() for (system\_)metadata.
Changes in python-eventlet:
Websocket: Limit maximum uncompressed frame length to 8MiB. (bsc#1185836 CVE-2021-21419)
ModerateSUSE bug 1180837SUSE bug 1185836SUSE bug 1186868SUSE bug 1189052SUSE bug 1191681CVE-2020-26298 at SUSECVE-2020-26298 at NVDCVE-2021-21419 at SUSECVE-2021-21419 at NVDCVE-2021-22141 at SUSECVE-2021-22141 at NVDCVE-2021-41136 at SUSECVE-2021-41136 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Important)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
ImportantSUSE bug 1014440SUSE bug 1192284CVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql, postgresql13, postgresql14 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql, postgresql13 and postgresql14 fixes the following issues:
Security issues fixed:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673)
On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants.
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql10 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql10 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937).
ImportantSUSE bug 1191937CVE-2021-42762 at SUSECVE-2021-42762 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version OpenJDK 8u312 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191903SUSE bug 1191904SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35567 at SUSECVE-2021-35567 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_0-openjdk fixes the following issues:
Update to OpenJDK 7u321 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ruby2.1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for ruby2.1 fixes the following issues:
- CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125).
- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
ImportantSUSE bug 1177125SUSE bug 1188160SUSE bug 1188161SUSE bug 1190375CVE-2020-25613 at SUSECVE-2020-25613 at NVDCVE-2021-31799 at SUSECVE-2021-31799 at NVDCVE-2021-31810 at SUSECVE-2021-31810 at NVDCVE-2021-32066 at SUSECVE-2021-32066 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).
- Integrate bugfixes (bsc#1189373, bsc#1189378)
ModerateSUSE bug 1189373SUSE bug 1189378SUSE bug 1189632SUSE bug 1192554SUSE bug 1192557SUSE bug 1192559CVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for clamav (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for clamav fixes the following issues:
- CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032).
- Update to 0.103.4 (bsc#1192346).
- Update to 0.103.3 (bsc#1188284).
ModerateSUSE bug 1103032SUSE bug 1188284SUSE bug 1192346CVE-2018-14679 at SUSECVE-2018-14679 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
- CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
ImportantSUSE bug 1192063CVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssh (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).
ImportantSUSE bug 1190975CVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
ImportantSUSE bug 1193170CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
The following security bugs were fixed:
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961)
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
- CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351).
- CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898).
- CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374).
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
- CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724).
The following non-security bugs were fixed:
- Add arch-dependent support markers in supported.conf (bsc#1186672)
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- Use /usr/lib/modules as module dir when usermerge is active in the target distro.
- UsrMerge the kernel (boo#1184804)
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- drop debugging statements
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- handle also race conditions in /proc/net/tcp code
- hisax: fix spectre issues (bsc#1192802).
- hv: adjust mana_select_queue to old ndo_select_queue API
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue (bsc#1192802).
- memcg: enable accounting for file lock caches (bsc#1190115).
- mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050).
- mpt3sas: fix spectre issues (bsc#1192802).
- net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855).
- net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802).
- net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
- objtool: Do not fail on missing symbol table (bsc#1192379).
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass (bsc#1190601).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601).
- scripts/git_sort/git_sort.py: add bpf git repo
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802).
- x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400).
- x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
ImportantSUSE bug 1087082SUSE bug 1100416SUSE bug 1108488SUSE bug 1129735SUSE bug 1129898SUSE bug 1133374SUSE bug 1153720SUSE bug 1171420SUSE bug 1176724SUSE bug 1176931SUSE bug 1180624SUSE bug 1181854SUSE bug 1181855SUSE bug 1183050SUSE bug 1183861SUSE bug 1184673SUSE bug 1184804SUSE bug 1185377SUSE bug 1185677SUSE bug 1185726SUSE bug 1185727SUSE bug 1185758SUSE bug 1185973SUSE bug 1186063SUSE bug 1186482SUSE bug 1186483SUSE bug 1186672SUSE bug 1188026SUSE bug 1188172SUSE bug 1188563SUSE bug 1188601SUSE bug 1188613SUSE bug 1188838SUSE bug 1188842SUSE bug 1188876SUSE bug 1188983SUSE bug 1188985SUSE bug 1189057SUSE bug 1189262SUSE bug 1189278SUSE bug 1189291SUSE bug 1189399SUSE bug 1189400SUSE bug 1189418SUSE bug 1189420SUSE bug 1189706SUSE bug 1189846SUSE bug 1189884SUSE bug 1190023SUSE bug 1190025SUSE bug 1190067SUSE bug 1190115SUSE bug 1190117SUSE bug 1190118SUSE bug 1190159SUSE bug 1190276SUSE bug 1190349SUSE bug 1190350SUSE bug 1190351SUSE bug 1190432SUSE bug 1190479SUSE bug 1190534SUSE bug 1190601SUSE bug 1190717SUSE bug 1191193SUSE bug 1191315SUSE bug 1191317SUSE bug 1191318SUSE bug 1191529SUSE bug 1191530SUSE bug 1191628SUSE bug 1191660SUSE bug 1191790SUSE bug 1191801SUSE bug 1191813SUSE bug 1191961SUSE bug 1192036SUSE bug 1192045SUSE bug 1192048SUSE bug 1192267SUSE bug 1192379SUSE bug 1192400SUSE bug 1192444SUSE bug 1192549SUSE bug 1192775SUSE bug 1192781SUSE bug 1192802CVE-2018-13405 at SUSECVE-2018-13405 at NVDCVE-2018-9517 at SUSECVE-2018-9517 at NVDCVE-2019-3874 at SUSECVE-2019-3874 at NVDCVE-2019-3900 at SUSECVE-2019-3900 at NVDCVE-2020-0429 at SUSECVE-2020-0429 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Update to Extended Support Release 91.4.0 (bsc#1193485):
- CVE-2021-43536: URL leakage when navigating while executing asynchronous function
- CVE-2021-43537: Heap buffer overflow when using structured clone
- CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
- CVE-2021-43539: GC rooting failure when calling wasm instance methods
- CVE-2021-43541: External protocol handler parameters were unescaped
- CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
- CVE-2021-43543: Bypass of CSP sandbox directive when embedding
- CVE-2021-43545: Denial of Service when using the Location API in a loop
- CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
- Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)
ImportantSUSE bug 1193321SUSE bug 1193485CVE-2021-43536 at SUSECVE-2021-43536 at NVDCVE-2021-43537 at SUSECVE-2021-43537 at NVDCVE-2021-43538 at SUSECVE-2021-43538 at NVDCVE-2021-43539 at SUSECVE-2021-43539 at NVDCVE-2021-43541 at SUSECVE-2021-43541 at NVDCVE-2021-43542 at SUSECVE-2021-43542 at NVDCVE-2021-43543 at SUSECVE-2021-43543 at NVDCVE-2021-43545 at SUSECVE-2021-43545 at NVDCVE-2021-43546 at SUSECVE-2021-43546 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glib-networking (Important)SUSE OpenStack Cloud Crowbar 9
This update for glib-networking fixes the following issues:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
ImportantSUSE bug 1172460CVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030).
ImportantSUSE bug 1193030CVE-2021-4008 at SUSECVE-2021-4008 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for storm-kit (Critical)SUSE OpenStack Cloud Crowbar 9
This update for storm-kit fixes the following issues:
- Remove JndiLookup from log4j 2.x jars during build to
prevent 'log4shell' code injection. (bsc#1193641, bsc#1193611, CVE-2021-44228)
- Remove JMSAppender from log4j 1.2.x jars during build to prevent attacks when JMS is enabled (bsc#1193641, bsc#1193662, CVE-2021-4104)
CriticalSUSE bug 1193611SUSE bug 1193641SUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDCVE-2021-44228 at SUSECVE-2021-44228 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for log4j (Important)SUSE OpenStack Cloud Crowbar 9
This update for log4j fixes the following issue:
- CVE-2021-4104: Disable the JMSAppender class from log4j to protect against
the log4jshell vulnerability. [bsc#1193662]
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading to out of
bounds memory write. (bsc#1190487)
- CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write. (bsc#1190489)
ImportantSUSE bug 1190487SUSE bug 1190489CVE-2021-4009 at SUSECVE-2021-4009 at NVDCVE-2021-4011 at SUSECVE-2021-4011 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Recommended update for samba (Important)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
The username map advice from the CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails (bsc#1192849).
ImportantSUSE bug 1192849CVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for chrony (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for chrony fixes the following issues:
Chrony was updated to 4.1:
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
- Enable syscallfilter unconditionally (bsc#1181826).
Chrony was updated to 4.0:
Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Chrony was updated to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Update clknetsim to version 79ffe44 (fixes bsc#1162964).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272)
- Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.
- Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529)
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*'
- Enable pps support
Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
ModerateSUSE bug 1063704SUSE bug 1069468SUSE bug 1082318SUSE bug 1083597SUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1156884SUSE bug 1159840SUSE bug 1161119SUSE bug 1162964SUSE bug 1171806SUSE bug 1172113SUSE bug 1173277SUSE bug 1173760SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1183783SUSE bug 1184400SUSE bug 1187906SUSE bug 1190926CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh (Important)SUSE OpenStack Cloud Crowbar 9
This update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh fixes the following issues:
Fixed vulnerability related to log4j version 1.2.x:
- CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662)
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
Update to 10.2.41:
- CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497).
ModerateSUSE bug 1192497CVE-2021-35604 at SUSECVE-2021-35604 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Important)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- buffer overflow in PyCArg_repr in _ctypes/callproc.c,
which may lead to remote code execution (bsc#1181126, CVE-2021-3177).
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686SUSE bug 1181126CVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).
- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
- CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
- CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).
- CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
- CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
- CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
- CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
- CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
- CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
- CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
- CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).
The following non-security bugs were fixed:
- blk-mq: improve heavily contended tag case (bsc#1178198).
- debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
- epoll: Keep a reference on files added to the check list (bsc#1180031).
- fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).
- HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
- iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191).
- kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
- locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032).
- md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
- md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
- md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
- md/cluster: block reshape with remote resync job (bsc#1163727).
- md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
- md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727).
- md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
- md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
- md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
- Move upstreamed bt fixes into sorted section
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- net/x25: prevent a couple of overflows (bsc#1178590).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).
- s390/dasd: fix hanging device offline processing (bsc#1144912).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
- SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191).
- x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
- x86/traps: Simplify pagefault tracing logic (bsc#1179895).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
ImportantSUSE bug 1144912SUSE bug 1149032SUSE bug 1158775SUSE bug 1163727SUSE bug 1171979SUSE bug 1176395SUSE bug 1176846SUSE bug 1176962SUSE bug 1177304SUSE bug 1177666SUSE bug 1178036SUSE bug 1178182SUSE bug 1178198SUSE bug 1178372SUSE bug 1178589SUSE bug 1178590SUSE bug 1178684SUSE bug 1178886SUSE bug 1179107SUSE bug 1179140SUSE bug 1179141SUSE bug 1179419SUSE bug 1179429SUSE bug 1179508SUSE bug 1179509SUSE bug 1179601SUSE bug 1179616SUSE bug 1179663SUSE bug 1179666SUSE bug 1179745SUSE bug 1179877SUSE bug 1179878SUSE bug 1179895SUSE bug 1179960SUSE bug 1179961SUSE bug 1180008SUSE bug 1180027SUSE bug 1180028SUSE bug 1180029SUSE bug 1180030SUSE bug 1180031SUSE bug 1180032SUSE bug 1180052SUSE bug 1180086SUSE bug 1180559SUSE bug 1180562SUSE bug 1180676SUSE bug 1181001SUSE bug 1181158SUSE bug 1181349SUSE bug 1181504SUSE bug 1181553SUSE bug 1181645CVE-2019-20934 at SUSECVE-2019-20934 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for wpa_supplicant (Important)SUSE OpenStack Cloud Crowbar 9
This update for wpa_supplicant fixes the following issues:
- CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).
- CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)
ImportantSUSE bug 1150934SUSE bug 1181777CVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openvswitch (Important)SUSE OpenStack Cloud Crowbar 9
This update for openvswitch fixes the following issues:
- CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742).
ImportantSUSE bug 1181742CVE-2020-35498 at SUSECVE-2020-35498 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for jasper (Important)SUSE OpenStack Cloud Crowbar 9
This update for jasper fixes the following issues:
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
- bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode
ImportantSUSE bug 1179748SUSE bug 1181483CVE-2020-27828 at SUSECVE-2020-27828 at NVDCVE-2021-3272 at SUSECVE-2021-3272 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for screen (Important)SUSE OpenStack Cloud Crowbar 9
This update for screen fixes the following issues:
- CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092).
ImportantSUSE bug 1182092CVE-2021-26937 at SUSECVE-2021-26937 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Recommended update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, release-notes-suse-openstack-cloud, sleshammer (Important)SUSE OpenStack Cloud Crowbar 9
This update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, release-notes-suse-openstack-cloud, sleshammer fixes the following issues:
Security fix included in this update:
python-Django1
- CVE-2021-3281: Fixed a potential directory traversal when extracting
archives (bsc#1181379).
Non-security fixes included in this update
Changes in ardana-db:
- Update to version 9.0+git.1611600773.5f1de5f:
* Add tasks to check for the TLS certificate expiry (bsc#1181040)
Changes in ardana-horizon:
- Update to version 9.0+git.1610491814.38661c2:
* Add Fix for logfile permissions (bsc#1179189)
Changes in ardana-logging:
- Update to version 9.0+git.1610490922.d5f9813:
* Remove some files and fix mysql logs locations (bsc#1179189)
Changes in ardana-monasca:
- Update to version 9.0+git.1610547641.d79ecfd:
* Add Fix for logfile permissions (bsc#1179189)
Changes in ardana-opsconsole-ui:
- Update to version 9.0+git.1611867924.eb82818:
* Adjust period used to query monasca summary metrics (bsc#1181521)
Changes in ardana-osconfig:
- Update to version 9.0+git.1610634027.5934cf8:
* Fix logrotate code that needs to silence the grep (bsc#1179189)
Changes in crowbar-core:
- Update to version 6.0+git.1611320924.849e748ff:
* avoid v4.1.5 of delayed_job_active_record (noref)
* add CVE-2020-26247 to travis ignore list (bsc#1180507)
Changes in crowbar-openstack:
- Update to version 6.0+git.1610402342.21499240d:
* neutron: Fix handling of networks with non-ascii names (SOC-11429)
- Update to version 6.0+git.1610374680.e68ff27d2:
* Terminate ssl on haproxy for cinder (bsc#1149535)
* Terminate ssl on haproxy for nova (bsc#1149535)
Changes in kibana:
- Added kibana.yml symlink (bsc#1048688, FATE#323204)
Changes in openstack-dashboard:
- add 0001-Fix-network_topology-view-memory-and-file-leaks.patch
- Update to version horizon-14.1.1.dev10:
* Fix open redirect (OSSA-2020-008, CVE-2020-29565)
- Update to version horizon-14.1.1.dev8:
* Cap bandit for python 2.7 env
Changes in openstack-manila:
- Update to version manila-7.4.2.dev60:
* [stable/rocky] Adjust CI jobs
* [NetApp] Fix CIFS promote back issue
- Update to version manila-7.4.2.dev58:
* [stable/rocky] Adjust CI jobs
Changes in openstack-manila:
- Update to version manila-7.4.2.dev60:
* [stable/rocky] Adjust CI jobs
* [NetApp] Fix CIFS promote back issue
- Update to version manila-7.4.2.dev58:
* [stable/rocky] Adjust CI jobs
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev147:
* Improve DHCP agent's debug messages
- Update to version neutron-13.0.8.dev145:
* Use consistent filter API syntax
- Update to version neutron-13.0.8.dev144:
* Improve the CIDRs overlap check method for router add interface
- Update to version neutron-13.0.8.dev142:
* [GRE] Add possibility to create GRE tunnels over IPv6
- Update to version neutron-13.0.8.dev140:
* Fix migration from the HA to non-HA routers
- Update to version neutron-13.0.8.dev138:
* Dropping lower constraints testing (stable Rocky)
* Fix calling of add\_tunnel\_port method from sanity checks module
- Update to version neutron-13.0.8.dev136:
* Dropping lower constraints testing (stable Rocky)
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev147:
* Improve DHCP agent's debug messages
- Update to version neutron-13.0.8.dev145:
* Use consistent filter API syntax
- Update to version neutron-13.0.8.dev144:
* Improve the CIDRs overlap check method for router add interface
- Update to version neutron-13.0.8.dev142:
* [GRE] Add possibility to create GRE tunnels over IPv6
- Update to version neutron-13.0.8.dev140:
* Fix migration from the HA to non-HA routers
- Update to version neutron-13.0.8.dev138:
* Dropping lower constraints testing (stable Rocky)
* Fix calling of add\_tunnel\_port method from sanity checks module
- Update to version neutron-13.0.8.dev136:
* Dropping lower constraints testing (stable Rocky)
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev16:
* [AIM] Add extension for ERSPAN
2014.2.rc1
- Update to version group-based-policy-12.0.1.dev15:
* Fix QoS unit tests
2014.2rc1
- Update to version group-based-policy-12.0.1.dev14:
* Fix session handling
* Fix DB query call
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev11:
* Fix bug where security-group rule config doesn't reflect new VMs addition
* Fix DB performance with sessions
2014.2rc1
- Update to version group-based-policy-12.0.1.dev8:
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev11:
* Fix bug where security-group rule config doesn't reflect new VMs addition
* Fix DB performance with sessions
2014.2rc1
- Update to version group-based-policy-12.0.1.dev8:
* Fix upstream gate
2014.2.0rc1
- Update to version group-based-policy-12.0.1.dev7:
* Block qos config in floating ip
* Fix upstream gate
2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev78:
* [stable-only] Cap bandit and make lower-constraints job non-voting
Changes in openstack-nova:
- Update to version nova-18.3.1.dev78:
* [stable-only] Cap bandit and make lower-constraints job non-voting
Changes in python-Django1:
- Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281)
* Fixes a potential directory traversal when extracting archives
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20201214:
* Add workaround for secure boot issue when shim package is updated. Removed deprecated note about Crowbar Octavia plugin. (bsc#1179955)
ImportantSUSE bug 1048688SUSE bug 1149535SUSE bug 1179189SUSE bug 1179955SUSE bug 1180507SUSE bug 1181040SUSE bug 1181379SUSE bug 1181521CVE-2021-3281 at SUSECVE-2021-3281 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bind (Important)SUSE OpenStack Cloud Crowbar 9
This update for bind fixes the following issues:
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625]
ImportantSUSE bug 1182246CVE-2020-8625 at SUSECVE-2020-8625 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for krb5-appl (Important)SUSE OpenStack Cloud Crowbar 9
This update for krb5-appl fixes the following issues:
- CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
- CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).
ImportantSUSE bug 1131109CVE-2019-25017 at SUSECVE-2019-25017 at NVDCVE-2019-25018 at SUSECVE-2019-25018 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u282 (icedtea 3.18.0)
* January 2021 CPU (bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)
* Import of OpenJDK 8 u282 build 01
+ JDK-6962725: Regtest javax/swing/JFileChooser/6738668/
/bug6738668.java fails under Linux
+ JDK-8025936: Windows .pdb and .map files does not have proper
dependencies setup
+ JDK-8030350: Enable additional compiler warnings for GCC
+ JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/
/DisposeFrameOnDragTest.java fails by Timeout on Windows
+ JDK-8036122: Fix warning 'format not a string literal'
+ JDK-8051853: new
URI('x/').resolve('..').getSchemeSpecificPart() returns null!
+ JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/
/DefaultNoDrop.java locks on Windows
+ JDK-8134632: Mark javax/sound/midi/Devices/
/InitializationHang.java as headful
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8148916: Mark bug6400879.java as intermittently failing
+ JDK-8148983: Fix extra comma in changes for JDK-8148916
+ JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java
fails
+ JDK-8165808: Add release barriers when allocating objects
with concurrent collection
+ JDK-8185003: JMX: Add a version of
ThreadMXBean.dumpAllThreads with a maxDepth argument
+ JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on
windows with VS2017
+ JDK-8207766: [testbug] Adapt tests for Aix.
+ JDK-8212070: Introduce diagnostic flag to abort VM on failed
JIT compilation
+ JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
+ JDK-8215727: Restore JFR thread sampler loop to old /
previous behavior
+ JDK-8220657: JFR.dump does not work when filename is set
+ JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
+ JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java
fails with access issues and OOM
+ JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes()
can be quicker for self thread
+ JDK-8231968: getCurrentThreadAllocatedBytes default
implementation s/b getThreadAllocatedBytes
+ JDK-8232114: JVM crashed at imjpapi.dll in native code
+ JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect
numbers for Compiler area
+ JDK-8234339: replace JLI_StrTok in java_md_solinux.c
+ JDK-8238448: RSASSA-PSS signature verification fail when
using certain odd key sizes
+ JDK-8242335: Additional Tests for RSASSA-PSS
+ JDK-8244225: stringop-overflow warning on strncpy call from
compile_the_world_in
+ JDK-8245400: Upgrade to LittleCMS 2.11
+ JDK-8248214: Add paddings for TaskQueueSuper to reduce
false-sharing cache contention
+ JDK-8249176: Update GlobalSignR6CA test certificates
+ JDK-8250665: Wrong translation for the month name of May in
ar_JO,LB,SY
+ JDK-8250928: JFR: Improve hash algorithm for stack traces
+ JDK-8251469: Better cleanup for
test/jdk/javax/imageio/SetOutput.java
+ JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData
should not be in make/mapfiles/libawt_xawt/mapfile-vers
+ JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider
rather than JRE
+ JDK-8252395: [8u] --with-native-debug-symbols=external
doesn't include debuginfo files for binaries
+ JDK-8252497: Incorrect numeric currency code for ROL
+ JDK-8252754: Hash code calculation of JfrStackTrace is
inconsistent
+ JDK-8252904: VM crashes when JFR is used and JFR event class
is transformed
+ JDK-8252975: [8u] JDK-8252395 breaks the build for
--with-native-debug-symbols=internal
+ JDK-8253284: Zero OrderAccess barrier mappings are incorrect
+ JDK-8253550: [8u] JDK-8252395 breaks the build for make
STRIP_POLICY=no_strip
+ JDK-8253752: test/sun/management/jmxremote/bootstrap/
/RmiBootstrapTest.java fails randomly
+ JDK-8254081: java/security/cert/PolicyNode/
/GetPolicyQualifiers.java fails due to an expired certificate
+ JDK-8254144: Non-x86 Zero builds fail with return-type
warning in os_linux_zero.cpp
+ JDK-8254166: Zero: return-type warning in
zeroInterpreter_zero.cpp
+ JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/
/WorkerDeadlockTest.java fails
+ JDK-8255003: Build failures on Solaris
ModerateSUSE bug 1181239CVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Jinja2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Jinja2 fixes the following issues:
- CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex
backtracking. Email matching requires a word character at the start of the
domain part, and only word characters in the TLD. (bsc#1181944)
ImportantSUSE bug 1181944CVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 25
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for open-iscsi (Important)SUSE OpenStack Cloud Crowbar 9
This update for open-iscsi fixes the following issues:
Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):
- check for TCP urgent pointer past end of frame
- check for u8 overflow when processing TCP options
- check for header length underflow during checksum calculation
ImportantSUSE bug 1179908CVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for perl-XML-Twig (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for perl-XML-Twig fixes the following issues:
- Security fix [bsc#1008644, CVE-2016-9180]
* Added: the no_xxe option to XML::Twig::new, which causes the
parse to fail if external entities are used (to prevent
malicious XML to access the filesystem).
* Setting expand_external_ents to 0 or -1 currently doesn't work
as expected; To completely turn off expanding external entities
use no_xxe.
* Update documentation for XML::Twig to mention problems with
expand_external_ents and add information about new no_xxe argument
ModerateSUSE bug 1008644CVE-2016-9180 at SUSECVE-2016-9180 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
ImportantSUSE bug 1182357SUSE bug 1182614CVE-2021-23968 at SUSECVE-2021-23968 at NVDCVE-2021-23969 at SUSECVE-2021-23969 at NVDCVE-2021-23973 at SUSECVE-2021-23973 at NVDCVE-2021-23978 at SUSECVE-2021-23978 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-cryptography (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-cryptography fixes the following issues:
- CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte
values could result in an integer overflow and buffer overflow (bsc#1182066).
ImportantSUSE bug 1182066CVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-cryptography (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-cryptography fixes the following issues:
- CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte
values could result in an integer overflow and buffer overflow (bsc#1182066).
ImportantSUSE bug 1182066CVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for grub2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for grub2 fixes the following issues:
grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)
Following security issues are fixed that can violate secure boot constraints:
- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
- CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)
ImportantSUSE bug 1175970SUSE bug 1176711SUSE bug 1177883SUSE bug 1179264SUSE bug 1179265SUSE bug 1182057SUSE bug 1182262SUSE bug 1182263CVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openldap2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
ImportantSUSE bug 1182279SUSE bug 1182408SUSE bug 1182411SUSE bug 1182412SUSE bug 1182413SUSE bug 1182415SUSE bug 1182416SUSE bug 1182417SUSE bug 1182418SUSE bug 1182419SUSE bug 1182420CVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- cifs: check all path components in resolved dfs target (bsc#1180906).
- cifs: fix check of tcon dfs in smb1 (bsc#1180906).
- cifs: fix nodfs mount option (bsc#1180906).
- cifs: introduce helper for finding referral server (bsc#1180906).
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
- rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886)
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- scsi: fc: add FPIN ELS definition (bsc#1181441).
- scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441)
- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441).
- scsi: Fix trivial spelling (bsc#1181441).
- scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441).
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441).
- scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441).
- scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441).
- scsi: qla2xxx: Add SLER and PI control support (bsc#1181441).
- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441).
- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441).
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441).
- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441).
- scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441).
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441).
- scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441).
- scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441).
- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441).
- scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441).
- scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441).
- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441).
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441).
- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441).
- scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441).
- scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441).
- scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441).
- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441).
- scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441).
- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441).
- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441).
- scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441).
- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441).
- scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441).
- scsi: qla2xxx: Fix login timeout (bsc#1181441).
- scsi: qla2xxx: Fix memory size truncation (bsc#1181441).
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441).
- scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441).
- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441).
- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441).
- scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441).
- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441).
- scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441).
- scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441).
- scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441).
- scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441).
- scsi: qla2xxx: Fix the return value (bsc#1181441).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441).
- scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441).
- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441).
- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441).
- scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441).
- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441).
- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441).
- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441).
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441).
- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441).
- scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441).
- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441).
- scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441).
- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441).
- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441).
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441).
- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441).
- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441).
- scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441).
- scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441).
- scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441).
- scsi: qla2xxx: Performance tweak (bsc#1181441).
- scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441).
- scsi: qla2xxx: Reduce noisy debug message (bsc#1181441).
- scsi: qla2xxx: Remove an unused function (bsc#1181441).
- scsi: qla2xxx: Remove a superfluous cast (bsc#1181441).
- scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441).
- scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1181441).
- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441).
- scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441).
- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441).
- scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441).
- scsi: qla2xxx: SAN congestion management implementation (bsc#1181441).
- scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441).
- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441).
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441).
- scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441).
- scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441).
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use constant when it is known (bsc#1181441).
- scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441).
- scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441).
- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441).
- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441).
- scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441).
- scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441).
- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441).
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
ImportantSUSE bug 1065600SUSE bug 1163592SUSE bug 1176831SUSE bug 1178401SUSE bug 1178762SUSE bug 1179014SUSE bug 1179015SUSE bug 1179045SUSE bug 1179082SUSE bug 1179428SUSE bug 1179660SUSE bug 1180058SUSE bug 1180906SUSE bug 1181441SUSE bug 1181747SUSE bug 1181753SUSE bug 1181843SUSE bug 1182140SUSE bug 1182175CVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29374 at SUSECVE-2020-29374 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for wpa_supplicant (Important)SUSE OpenStack Cloud Crowbar 9
This update for wpa_supplicant fixes the following issues:
- CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805)
ImportantSUSE bug 1182805CVE-2021-27803 at SUSECVE-2021-27803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for git (Important)SUSE OpenStack Cloud Crowbar 9
This update for git fixes the following issues:
- On case-insensitive filesystems, with support for symbolic links,
if Git is configured globally to apply delay-capable clean/smudge
filters (such as Git LFS), Git could be fooled into running
remote code during a clone. (bsc#1183026, CVE-2021-21300)
ImportantSUSE bug 1183026CVE-2021-21300 at SUSECVE-2021-21300 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- python27 was upgraded to 2.7.18
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
ModerateSUSE bug 1182379CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.1 ESR
* Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
* CVE-2020-16044
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
ImportantSUSE bug 1180623CVE-2020-16044 at SUSECVE-2020-16044 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glib2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
ImportantSUSE bug 1182328SUSE bug 1182362CVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for wavpack (Important)SUSE OpenStack Cloud Crowbar 9
This update for wavpack fixes the following issues:
- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414).
ImportantSUSE bug 1180414CVE-2020-35738 at SUSECVE-2020-35738 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for nghttp2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
ImportantSUSE bug 1082318SUSE bug 1088639SUSE bug 1112438SUSE bug 1125689SUSE bug 1134616SUSE bug 1146182SUSE bug 1146184SUSE bug 1181358SUSE bug 962914SUSE bug 964140SUSE bug 966514CVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
ImportantSUSE bug 1183852CVE-2021-3449 at SUSECVE-2021-3449 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
- CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
ImportantSUSE bug 1182909SUSE bug 1182912CVE-2021-25122 at SUSECVE-2021-25122 at NVDCVE-2021-25329 at SUSECVE-2021-25329 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
ImportantSUSE bug 1183942CVE-2021-23981 at SUSECVE-2021-23981 at NVDCVE-2021-23982 at SUSECVE-2021-23982 at NVDCVE-2021-23984 at SUSECVE-2021-23984 at NVDCVE-2021-23987 at SUSECVE-2021-23987 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openvpn (Important)SUSE OpenStack Cloud Crowbar 9
This update for openvpn fixes the following issues:
- CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
ImportantSUSE bug 1197341CVE-2022-0547 at SUSECVE-2022-0547 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
Non-securtiy fix:
- Fixed a broken symlink for javaws (bsc#1195146).
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195146SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2021-45115: Fixed denial-of-service possibility in UserAttributeSimilarityValidator (bsc#1194115).
- CVE-2021-45116: Fixed potential information disclosure in dictsort template filter (bsc#1194117).
- CVE-2021-45452: Fixed potential directory-traversal via Storage.save() (bsc#1194116).
ImportantSUSE bug 1194115SUSE bug 1194116SUSE bug 1194117CVE-2021-45115 at SUSECVE-2021-45115 at NVDCVE-2021-45116 at SUSECVE-2021-45116 at NVDCVE-2021-45452 at SUSECVE-2021-45452 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for zlib (Important)SUSE OpenStack Cloud Crowbar 9
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
- CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902)
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904)
ImportantSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1191902SUSE bug 1191904SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35560 at SUSECVE-2021-35560 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for util-linux (Important)SUSE OpenStack Cloud Crowbar 9
This update for util-linux fixes the following issues:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)
- CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921)
- Prevent outdated pam files (bsc#1082293, bsc#1081947#c68).
- Do not trim read-only volumes (bsc#1106214).
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add `RemainAfterExit=yes` (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196)
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235)
- nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708)
- Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389)
- libblkid: Do not trigger CDROM autoclose. (bsc#1084671)
- Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514)
- Build with libudev support to support non-root users. (bsc#1169006)
- lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to CIFS with mount –a. (bsc#1174942)
ImportantSUSE bug 1081947SUSE bug 1082293SUSE bug 1084671SUSE bug 1085196SUSE bug 1106214SUSE bug 1122417SUSE bug 1125886SUSE bug 1135534SUSE bug 1135708SUSE bug 1151708SUSE bug 1168235SUSE bug 1168389SUSE bug 1169006SUSE bug 1172427SUSE bug 1174942SUSE bug 1175514SUSE bug 1175623SUSE bug 1178236SUSE bug 1178554SUSE bug 1178825SUSE bug 1188921SUSE bug 1194642CVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.8.0 ESR (bsc#1197903):
MFSA 2022-14 (bsc#1197903)
* CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use
* CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions
* CVE-2022-1196: Fixed a use-after-free after VR Process destruction
* CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument
* CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen
* CVE-2022-28286: Fixed that iframe contents could be rendered outside the border
* CVE-2022-24713: Fixed a denial of service via complex regular expressions
* CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-1196 at SUSECVE-2022-1196 at NVDCVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2022-28281 at SUSECVE-2022-28281 at NVDCVE-2022-28282 at SUSECVE-2022-28282 at NVDCVE-2022-28285 at SUSECVE-2022-28285 at NVDCVE-2022-28286 at SUSECVE-2022-28286 at NVDCVE-2022-28289 at SUSECVE-2022-28289 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openjpeg2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openjpeg2 fixes the following issues:
- CVE-2016-1924: Fixed heap buffer overflow (bsc#980504).
- CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617).
- CVE-2016-4797: Fixed heap buffer overflow (bsc#980504).
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016).
- CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
- CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130).
- CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205).
- CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457).
- CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
- CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
ImportantSUSE bug 1102016SUSE bug 1106881SUSE bug 1106882SUSE bug 1140130SUSE bug 1140205SUSE bug 1162090SUSE bug 1173578SUSE bug 1180457SUSE bug 1184774SUSE bug 1197738SUSE bug 971617SUSE bug 980504CVE-2016-1924 at SUSECVE-2016-1924 at NVDCVE-2016-3183 at SUSECVE-2016-3183 at NVDCVE-2016-4797 at SUSECVE-2016-4797 at NVDCVE-2018-14423 at SUSECVE-2018-14423 at NVDCVE-2018-16375 at SUSECVE-2018-16375 at NVDCVE-2018-16376 at SUSECVE-2018-16376 at NVDCVE-2018-20845 at SUSECVE-2018-20845 at NVDCVE-2018-20846 at SUSECVE-2018-20846 at NVDCVE-2020-15389 at SUSECVE-2020-15389 at NVDCVE-2020-27823 at SUSECVE-2020-27823 at NVDCVE-2020-8112 at SUSECVE-2020-8112 at NVDCVE-2021-29338 at SUSECVE-2021-29338 at NVDCVE-2022-1122 at SUSECVE-2022-1122 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python rebuilds python against a symbol versioned openssl 1.0.2
to allow usage with openssl 1.1.1.
Also the following security issues are fixed:
- CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396).
- CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146).
ModerateSUSE bug 1187784SUSE bug 1194146SUSE bug 1195396CVE-2021-4189 at SUSECVE-2021-4189 at NVDCVE-2022-0391 at SUSECVE-2022-0391 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mysql-connector-java (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mysql-connector-java fixes the following issues:
- CVE-2021-2471: Fixed unauthorized access to critical data or complete access to all MySQL Connectors (bsc#1195557).
ModerateSUSE bug 1195557CVE-2021-2471 at SUSECVE-2021-2471 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547).
- CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547).
- CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547).
- CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547).
- CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547).
- CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547).
- CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547).
- CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547).
- CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547).
- CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547).
- CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
ImportantSUSE bug 1194547CVE-2021-4140 at SUSECVE-2021-4140 at NVDCVE-2022-22737 at SUSECVE-2022-22737 at NVDCVE-2022-22738 at SUSECVE-2022-22738 at NVDCVE-2022-22739 at SUSECVE-2022-22739 at NVDCVE-2022-22740 at SUSECVE-2022-22740 at NVDCVE-2022-22741 at SUSECVE-2022-22741 at NVDCVE-2022-22742 at SUSECVE-2022-22742 at NVDCVE-2022-22743 at SUSECVE-2022-22743 at NVDCVE-2022-22744 at SUSECVE-2022-22744 at NVDCVE-2022-22745 at SUSECVE-2022-22745 at NVDCVE-2022-22746 at SUSECVE-2022-22746 at NVDCVE-2022-22747 at SUSECVE-2022-22747 at NVDCVE-2022-22748 at SUSECVE-2022-22748 at NVDCVE-2022-22751 at SUSECVE-2022-22751 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xz (Important)SUSE OpenStack Cloud Crowbar 9
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libexif (Important)SUSE OpenStack Cloud Crowbar 9
This update for libexif fixes the following issues:
- CVE-2020-0181: Fixed an integer overflow that could lead to denial of service
(bsc#1172802).
- CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial
of service (bsc#1172768).
- CVE-2020-0452: Fixed a buffer overflow check that could be optimized away
by the compiler (bsc#1178479).
ImportantSUSE bug 1172768SUSE bug 1172802SUSE bug 1178479CVE-2020-0181 at SUSECVE-2020-0181 at NVDCVE-2020-0198 at SUSECVE-2020-0198 at NVDCVE-2020-0452 at SUSECVE-2020-0452 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1198136cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sssd (Important)SUSE OpenStack Cloud Crowbar 9
This update for sssd fixes the following issues:
- CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492).
- Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773).
Non-security fixes:
- Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564).
ImportantSUSE bug 1183735SUSE bug 1189492SUSE bug 1196564CVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
The following non-security bugs were fixed:
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- sr9700: sanity check for packet length (bsc#1196836).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- x86/tsc: Make calibration refinement more robust (bsc#1196573).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
ImportantSUSE bug 1180153SUSE bug 1189562SUSE bug 1193738SUSE bug 1194943SUSE bug 1195051SUSE bug 1195353SUSE bug 1196018SUSE bug 1196114SUSE bug 1196468SUSE bug 1196488SUSE bug 1196514SUSE bug 1196573SUSE bug 1196639SUSE bug 1196761SUSE bug 1196830SUSE bug 1196836SUSE bug 1196942SUSE bug 1196973SUSE bug 1197211SUSE bug 1197227SUSE bug 1197331SUSE bug 1197366SUSE bug 1197391SUSE bug 1197462SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-39713 at SUSECVE-2021-39713 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gzip (Important)SUSE OpenStack Cloud Crowbar 9
This update for gzip fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
- CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue
mitigations (bsc#1196915).
ImportantSUSE bug 1196915SUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dnsmasq (Important)SUSE OpenStack Cloud Crowbar 9
This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant
outgoing port being used when for certain use cases of the --server option
(bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1183709SUSE bug 1197872CVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for git (Important)SUSE OpenStack Cloud Crowbar 9
This update for git fixes the following issues:
- CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234).
ImportantSUSE bug 1198234CVE-2022-24765 at SUSECVE-2022-24765 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libxml2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490)
ImportantSUSE bug 1196490CVE-2022-23308 at SUSECVE-2022-23308 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for SDL (Important)SUSE OpenStack Cloud Crowbar 9
This update for SDL fixes the following issues:
- CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202)
- CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201)
- CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001)
ImportantSUSE bug 1181201SUSE bug 1181202SUSE bug 1198001CVE-2020-14409 at SUSECVE-2020-14409 at NVDCVE-2020-14410 at SUSECVE-2020-14410 at NVDCVE-2021-33657 at SUSECVE-2021-33657 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openstack-monasca-agent, spark, spark-kit, zookeeper (Important)SUSE OpenStack Cloud Crowbar 9
This update for openstack-monasca-agent, spark, spark-kit, zookeeper fixes the following issues:
- CVE-2021-4104: Remove JMSAppender from log4j jars (bsc#1193662)
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.34.3 (bsc#1194019).
- CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content.
- CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content.
ImportantSUSE bug 1194019CVE-2018-8518 at SUSECVE-2018-8518 at NVDCVE-2018-8523 at SUSECVE-2018-8523 at NVDCVE-2019-8551 at SUSECVE-2019-8551 at NVDCVE-2019-8558 at SUSECVE-2019-8558 at NVDCVE-2019-8559 at SUSECVE-2019-8559 at NVDCVE-2019-8563 at SUSECVE-2019-8563 at NVDCVE-2019-8674 at SUSECVE-2019-8674 at NVDCVE-2019-8681 at SUSECVE-2019-8681 at NVDCVE-2019-8684 at SUSECVE-2019-8684 at NVDCVE-2019-8687 at SUSECVE-2019-8687 at NVDCVE-2019-8688 at SUSECVE-2019-8688 at NVDCVE-2019-8689 at SUSECVE-2019-8689 at NVDCVE-2019-8690 at SUSECVE-2019-8690 at NVDCVE-2019-8707 at SUSECVE-2019-8707 at NVDCVE-2019-8719 at SUSECVE-2019-8719 at NVDCVE-2019-8726 at SUSECVE-2019-8726 at NVDCVE-2019-8733 at SUSECVE-2019-8733 at NVDCVE-2019-8763 at SUSECVE-2019-8763 at NVDCVE-2019-8765 at SUSECVE-2019-8765 at NVDCVE-2019-8766 at SUSECVE-2019-8766 at NVDCVE-2019-8768 at SUSECVE-2019-8768 at NVDCVE-2019-8782 at SUSECVE-2019-8782 at NVDCVE-2019-8808 at SUSECVE-2019-8808 at NVDCVE-2019-8815 at SUSECVE-2019-8815 at NVDCVE-2019-8821 at SUSECVE-2019-8821 at NVDCVE-2019-8822 at SUSECVE-2019-8822 at NVDCVE-2020-10018 at SUSECVE-2020-10018 at NVDCVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-3885 at SUSECVE-2020-3885 at NVDCVE-2020-3894 at SUSECVE-2020-3894 at NVDCVE-2020-3895 at SUSECVE-2020-3895 at NVDCVE-2020-3897 at SUSECVE-2020-3897 at NVDCVE-2020-3900 at SUSECVE-2020-3900 at NVDCVE-2020-3901 at SUSECVE-2020-3901 at NVDCVE-2020-3902 at SUSECVE-2020-3902 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9952 at SUSECVE-2020-9952 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1817 at SUSECVE-2021-1817 at NVDCVE-2021-1820 at SUSECVE-2021-1820 at NVDCVE-2021-1825 at SUSECVE-2021-1825 at NVDCVE-2021-1826 at SUSECVE-2021-1826 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDCVE-2021-30661 at SUSECVE-2021-30661 at NVDCVE-2021-30666 at SUSECVE-2021-30666 at NVDCVE-2021-30682 at SUSECVE-2021-30682 at NVDCVE-2021-30761 at SUSECVE-2021-30761 at NVDCVE-2021-30762 at SUSECVE-2021-30762 at NVDCVE-2021-30809 at SUSECVE-2021-30809 at NVDCVE-2021-30818 at SUSECVE-2021-30818 at NVDCVE-2021-30823 at SUSECVE-2021-30823 at NVDCVE-2021-30836 at SUSECVE-2021-30836 at NVDCVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30848 at SUSECVE-2021-30848 at NVDCVE-2021-30849 at SUSECVE-2021-30849 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDCVE-2021-30884 at SUSECVE-2021-30884 at NVDCVE-2021-30887 at SUSECVE-2021-30887 at NVDCVE-2021-30888 at SUSECVE-2021-30888 at NVDCVE-2021-30889 at SUSECVE-2021-30889 at NVDCVE-2021-30890 at SUSECVE-2021-30890 at NVDCVE-2021-30897 at SUSECVE-2021-30897 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cifs-utils (Important)SUSE OpenStack Cloud Crowbar 9
This update for cifs-utils fixes the following issues:
- CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).
ImportantSUSE bug 1197216CVE-2022-27239 at SUSECVE-2022-27239 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for aide (Important)SUSE OpenStack Cloud Crowbar 9
This update for aide fixes the following issues:
- CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735)
ImportantSUSE bug 1194735CVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issues:
- CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP
request smuggling. (bsc#1198086)
ModerateSUSE bug 1198086CVE-2022-24801 at SUSECVE-2022-24801 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for zsh (Important)SUSE OpenStack Cloud Crowbar 9
This update for zsh fixes the following issues:
- CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294)
- CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294)
ImportantSUSE bug 1107294SUSE bug 1107296CVE-2018-0502 at SUSECVE-2018-0502 at NVDCVE-2018-13259 at SUSECVE-2018-13259 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 5 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
ModerateSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1188568SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2432 at SUSECVE-2021-2432 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gzip (Important)SUSE OpenStack Cloud Crowbar 9
This update for gzip fixes the following issues:
- CVE-2022-1271: Add hardening for zgrep. (bsc#1198062)
ImportantCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.0 (bsc#1198290):
- CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution.
- CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error.
Missing CVE reference for the update to 2.34.6 (bsc#1196133):
- CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
ImportantSUSE bug 1196133SUSE bug 1198290CVE-2022-22594 at SUSECVE-2022-22594 at NVDCVE-2022-22624 at SUSECVE-2022-22624 at NVDCVE-2022-22628 at SUSECVE-2022-22628 at NVDCVE-2022-22629 at SUSECVE-2022-22629 at NVDCVE-2022-22637 at SUSECVE-2022-22637 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for e2fsprogs (Important)SUSE OpenStack Cloud Crowbar 9
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud (Important)SUSE OpenStack Cloud Crowbar 9
This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:
Security fixes included on the update:
ardana-barbican:
- Update policies to protect container secret access (SOC-11621)
- Update policies to protect secret metadata access (SOC-11620)
openstack-neutron:
- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).
rubygem-sinatra:
- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).
python-XStatic-jquery-ui:
- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)
- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)
- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)
python-lxml:
- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).
- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).
- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).
- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).
openstack-barbican:
- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).
- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954).
grafana:
- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).
openstack-keystone:
- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).
Non-security fixes included on the update:
Changes in ardana-barbican:
- Update to version 9.0+git.1644879908.8a641c1:
* Update policies to protect container secret access (SOC-11621)
- Update to version 9.0+git.1643052417.9a3348e:
* update policies to protect secret metadata access (SOC-11620)
Changes in grafana:
- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)
* directory traversal vulnerability for .md files
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache
Changes in openstack-barbican:
- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch
and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix
the legacy policy rules for adding a secret to a container and removing
a secret from a container. bsc#1194954,CVE-2022-23452
- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the
legacy policy rules for accessing secret metadata by checking that
the user making the request is authenticated for the project that
owns the secret. bsc#1194952,CVE-2022-23451
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev4:
* Add support for yoga
- Update to version group-based-policy-automation-14.0.1.dev3:
* Python2/3 compatibility fixes
- Update to version group-based-policy-automation-14.0.1.dev2:
* Add support for xena
- Update to version group-based-policy-automation-14.0.1.dev1:
* Remove py27 from gate jobs
14.0.0
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev3:
* Add support for yoga
- Update to version group-based-policy-ui-14.0.1.dev2:
* Python2/3 compatibility changes
- Update to version group-based-policy-ui-14.0.1.dev1:
* Add support for xena
14.0.0
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-keystone:
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-keystone:
- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix
the problem where AccountLocked exception discloses sensitive information.
bsc#1189390,CVE-2021-38155
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev33:
* Populate network mtu for erspan
- Update to version group-based-policy-14.0.1.dev32:
* ERSPAN config error when Openstack port is created in a different project than network it belongs to
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev31:
* Python2/3 compatibility fixes
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev29:
* Fix oslo\_i18n usage
- Update to version group-based-policy-14.0.1.dev27:
* Update mechanism\_driver cache
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev26:
* Add support for xena
- Update to version group-based-policy-14.0.1.dev24:
* update\_floatingip\_status\_while\_deleting\_the\_vm
- Update to version group-based-policy-14.0.1.dev22:
* Updating host id by appending pid in existing host id
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev20:
* Revert 'Add workaround to get\_subnets'
Changes in python-lxml:
- Fix bsc#1179534 (CVE-2020-27783)
mXSS due to the use of improper parser
Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch
- Fix bsc#1118088 (CVE-2018-19787)
lxml/html/clean.py in the lxml.html.clean module does not remove
javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks
Patch file: 0001-CVE-2018-19787.patch
- Fix bsc#1184177 (CVE-2021-28957)
missing input sanitization for formaction HTML5 attributes may lead to XSS
Patch file: 0001-CVE-2021-28957.patch
- Fix bsc#1193752 (CVE-2021-43818)
Cleaner: Remove SVG image data URLs since they can embed script content.
Reported as GHSL-2021-1037 and GHSL-2021-1038
Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch
Changes in openstack-neutron-doc:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Remove cve-2021-40085-stable-rocky.patch (merged upstream)
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085)
* Remove dhcp_extra_opt value after first newline character
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in python-Pillow:
- Add 030-CVE-2022-22817.patch
* From upstream, backported
* Fixes CVE-2022-22817, bsc#1194521
* test from upstream updated for python2
- Add 028-CVE-2022-22815.patch
* From upstream, backported
* Fixes CVE-2022-22815, bsc#1194552
- Add 029-CVE-2022-22816.patch
* From upstream, backported
* Fixes CVE-2022-22816, bsc#1194551
Changes in python-XStatic-jquery-ui:
- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,
CVE-2021-41184, bsc#1192075, CVE-2021-41183)
* Fix XSS in the altField option of the Datepicker widget
(CVE-2021-41182)
* Fix XSS in *Text options of the Datepicker widget
(CVE-2021-41183)
* Fix XSS in the of option of the .position() util
(CVE-2021-41184)
* Drop support for Query 1.7
* Accordion: allow function parameter for selecting header
elements
* Datepicker: add optional onUpdateDatepicker callback
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20220413:
* Update release notes to indicate support for SES7
- Update to version 9.20220112:
* Add reference to keystone bcrypt issue to known limitations (bsc#1186380)
Changes in rubygem-sinatra:
- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)
ImportantSUSE bug 1118088SUSE bug 1179534SUSE bug 1184177SUSE bug 1186380SUSE bug 1189390SUSE bug 1189794SUSE bug 1192070SUSE bug 1192073SUSE bug 1192075SUSE bug 1193597SUSE bug 1193688SUSE bug 1193752SUSE bug 1194521SUSE bug 1194551SUSE bug 1194552SUSE bug 1194952SUSE bug 1194954SUSE bug 1199138CVE-2018-19787 at SUSECVE-2018-19787 at NVDCVE-2020-27783 at SUSECVE-2020-27783 at NVDCVE-2021-28957 at SUSECVE-2021-28957 at NVDCVE-2021-38155 at SUSECVE-2021-38155 at NVDCVE-2021-40085 at SUSECVE-2021-40085 at NVDCVE-2021-41182 at SUSECVE-2021-41182 at NVDCVE-2021-41183 at SUSECVE-2021-41183 at NVDCVE-2021-41184 at SUSECVE-2021-41184 at NVDCVE-2021-43813 at SUSECVE-2021-43813 at NVDCVE-2021-43818 at SUSECVE-2021-43818 at NVDCVE-2021-44716 at SUSECVE-2021-44716 at NVDCVE-2022-22815 at SUSECVE-2022-22815 at NVDCVE-2022-22816 at SUSECVE-2022-22816 at NVDCVE-2022-22817 at SUSECVE-2022-22817 at NVDCVE-2022-23451 at SUSECVE-2022-23451 at NVDCVE-2022-23452 at SUSECVE-2022-23452 at NVDCVE-2022-29970 at SUSECVE-2022-29970 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423)
Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).
ModerateSUSE bug 1198717SUSE bug 1199423CVE-2022-21151 at SUSECVE-2022-21151 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
ImportantSUSE bug 1198970CVE-2022-29909 at SUSECVE-2022-29909 at NVDCVE-2022-29911 at SUSECVE-2022-29911 at NVDCVE-2022-29912 at SUSECVE-2022-29912 at NVDCVE-2022-29914 at SUSECVE-2022-29914 at NVDCVE-2022-29916 at SUSECVE-2022-29916 at NVDCVE-2022-29917 at SUSECVE-2022-29917 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glib2 (Low)SUSE OpenStack Cloud Crowbar 9
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openldap2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
- Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383).
ImportantSUSE bug 1198383SUSE bug 1199240CVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for expat (Important)SUSE OpenStack Cloud Crowbar 9
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
ImportantSUSE bug 1194251SUSE bug 1194362SUSE bug 1194474SUSE bug 1194476SUSE bug 1194477SUSE bug 1194478SUSE bug 1194479SUSE bug 1194480CVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql10 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql10 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
ImportantSUSE bug 1199768CVE-2022-1529 at SUSECVE-2022-1529 at NVDCVE-2022-1802 at SUSECVE-2022-1802 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-requests (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-requests fixes the following issues:
- CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI
upon receiving a same-hostname https-to-http redirect. (bsc#1111622)
ModerateSUSE bug 1111622CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libxml2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libxml2 fixes the following issues:
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132).
- CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689).
ImportantSUSE bug 1069689SUSE bug 1199132CVE-2017-16932 at SUSECVE-2017-16932 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for pcre2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for kernel-firmware (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for kernel-firmware fixes the following issues:
Update AMD ucode and SEV firmware
- (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744,
bsc#1199459, bsc#1199470)
ModerateSUSE bug 1199459SUSE bug 1199470CVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for wpa_supplicant (Important)SUSE OpenStack Cloud Crowbar 9
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733)
- CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777)
- Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805)
- Limit P2P_DEVICE name to appropriate ifname size
- Enable SAE support(jsc#SLE-14992).
- Fix wicked wlan (bsc#1156920)
- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
network. Fix WLAN config on boot with wicked. (bsc#1166933)
- Adjust the service to start after network.target wrt bsc#1165266
Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
- SAE/EAP-pwd side-channel attack update
[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] ImportantSUSE bug 1131644SUSE bug 1131868SUSE bug 1131870SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874SUSE bug 1133640SUSE bug 1144443SUSE bug 1156920SUSE bug 1165266SUSE bug 1166933SUSE bug 1167331SUSE bug 1182805SUSE bug 1194732SUSE bug 1194733CVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql14 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql14 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ImageMagick (Important)SUSE OpenStack Cloud Crowbar 9
This update for ImageMagick fixes the following issues:
- CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351).
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
ImportantSUSE bug 1198351SUSE bug 1199350CVE-2022-1270 at SUSECVE-2022-1270 at NVDCVE-2022-28463 at SUSECVE-2022-28463 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mailman (Important)SUSE OpenStack Cloud Crowbar 9
This update for mailman fixes the following issues:
- CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316).
- CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741).
- CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735).
- CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959).
ImportantSUSE bug 1191959SUSE bug 1192735SUSE bug 1192741SUSE bug 1193316CVE-2021-42096 at SUSECVE-2021-42096 at NVDCVE-2021-43331 at SUSECVE-2021-43331 at NVDCVE-2021-43332 at SUSECVE-2021-43332 at NVDCVE-2021-44227 at SUSECVE-2021-44227 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for polkit (Important)SUSE OpenStack Cloud Crowbar 9
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).
ImportantSUSE bug 1194568CVE-2021-4034 at SUSECVE-2021-4034 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for librelp (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for librelp fixes the following issues:
- CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730).
ModerateSUSE bug 1086730CVE-2018-1000140 at SUSECVE-2018-1000140 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-yajl-ruby (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-yajl-ruby fixes the following issue:
-CVE-2022-24795: Fixed a heap-based buffer overflow when handling large inputs due to an integer overflow (bsc#1198405)
ModerateSUSE bug 1198405CVE-2022-24795 at SUSECVE-2022-24795 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027)
- CVE-2022-31736: Cross-Origin resource's length leaked
- CVE-2022-31737: Heap buffer overflow in WebGL
- CVE-2022-31738: Browser window spoof using fullscreen mode
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
- CVE-2022-31740: Register allocation problem in WASM on arm64
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
- CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
ImportantSUSE bug 1200027CVE-2022-31736 at SUSECVE-2022-31736 at NVDCVE-2022-31737 at SUSECVE-2022-31737 at NVDCVE-2022-31738 at SUSECVE-2022-31738 at NVDCVE-2022-31739 at SUSECVE-2022-31739 at NVDCVE-2022-31740 at SUSECVE-2022-31740 at NVDCVE-2022-31741 at SUSECVE-2022-31741 at NVDCVE-2022-31742 at SUSECVE-2022-31742 at NVDCVE-2022-31747 at SUSECVE-2022-31747 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for strongswan (Important)SUSE OpenStack Cloud Crowbar 9
This update for strongswan fixes the following issues:
- CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471)
ImportantSUSE bug 1194471CVE-2021-45079 at SUSECVE-2021-45079 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.4 (bsc#1200027)
* CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
ImportantSUSE bug 1200027CVE-2022-31741 at SUSECVE-2022-31741 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for grub2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
ImportantSUSE bug 1191184SUSE bug 1191185SUSE bug 1191186SUSE bug 1193282SUSE bug 1197948SUSE bug 1198460SUSE bug 1198493SUSE bug 1198496SUSE bug 1198581CVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
- CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516)
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- debug: Lock down kgdb (bsc#1199426).
- dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
- lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124).
- lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
- linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124).
- linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
- linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
- linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124).
- net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124).
- net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124).
- net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124).
- net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124).
- net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124).
- net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124).
- net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
- net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124).
- net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124).
- net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124).
- net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124).
- net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124).
- net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124).
- net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124).
- net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124).
- net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124).
- net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
- net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
- net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124).
- net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124).
- net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
- net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
- net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124).
- net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124).
- net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124).
- net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124).
- net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124).
- net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124).
- net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124).
- net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124).
- net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124).
- net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124).
- net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124).
- net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124).
- net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124).
- net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124).
- net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
- net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124).
- net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124).
- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124).
- net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
- net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
- net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124).
- net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
- net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124).
- net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124).
- net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124).
- net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
- net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124).
- net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124).
- net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- x86/pm: Save the MSR validity status at context setup (bsc#1114648).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).
ImportantSUSE bug 1028340SUSE bug 1065729SUSE bug 1071995SUSE bug 1114648SUSE bug 1172456SUSE bug 1182171SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1191958SUSE bug 1195651SUSE bug 1196426SUSE bug 1197099SUSE bug 1197219SUSE bug 1197343SUSE bug 1198400SUSE bug 1198516SUSE bug 1198660SUSE bug 1198687SUSE bug 1198742SUSE bug 1198825SUSE bug 1199012SUSE bug 1199063SUSE bug 1199314SUSE bug 1199399SUSE bug 1199426SUSE bug 1199505SUSE bug 1199605SUSE bug 1199650CVE-2019-20811 at SUSECVE-2019-20811 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-39711 at SUSECVE-2021-39711 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
ImportantSUSE bug 1199287SUSE bug 1200106CVE-2022-26700 at SUSECVE-2022-26700 at NVDCVE-2022-26709 at SUSECVE-2022-26709 at NVDCVE-2022-26716 at SUSECVE-2022-26716 at NVDCVE-2022-26717 at SUSECVE-2022-26717 at NVDCVE-2022-26719 at SUSECVE-2022-26719 at NVDCVE-2022-30293 at SUSECVE-2022-30293 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
ImportantSUSE bug 1200338SUSE bug 1200340SUSE bug 1200341SUSE bug 1200345SUSE bug 1200348SUSE bug 1200350SUSE bug 1200352CVE-2022-26377 at SUSECVE-2022-26377 at NVDCVE-2022-28614 at SUSECVE-2022-28614 at NVDCVE-2022-28615 at SUSECVE-2022-28615 at NVDCVE-2022-29404 at SUSECVE-2022-29404 at NVDCVE-2022-30522 at SUSECVE-2022-30522 at NVDCVE-2022-30556 at SUSECVE-2022-30556 at NVDCVE-2022-31813 at SUSECVE-2022-31813 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
ImportantSUSE bug 1199166CVE-2022-1292 at SUSECVE-2022-1292 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issues:
- CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739).
ImportantSUSE bug 1196739CVE-2022-21716 at SUSECVE-2022-21716 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for log4j (Important)SUSE OpenStack Cloud Crowbar 9
This update for log4j fixes the following issues:
- CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844)
- CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843)
- CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
ImportantSUSE bug 1194842SUSE bug 1194843SUSE bug 1194844CVE-2022-23302 at SUSECVE-2022-23302 at NVDCVE-2022-23305 at SUSECVE-2022-23305 at NVDCVE-2022-23307 at SUSECVE-2022-23307 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for SUSE Manager Client Tools (Important)SUSE OpenStack Cloud Crowbar 9
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update required Go version to 1.16
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error patch that is already included upstream
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
grafana:
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams
API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
ImportantSUSE bug 1181223SUSE bug 1181400SUSE bug 1190462SUSE bug 1190535SUSE bug 1193600SUSE bug 1194873SUSE bug 1195726SUSE bug 1195727SUSE bug 1195728SUSE bug 1196338SUSE bug 1196704SUSE bug 1197507SUSE bug 1197689CVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-39226 at SUSECVE-2021-39226 at NVDCVE-2021-41174 at SUSECVE-2021-41174 at NVDCVE-2021-41244 at SUSECVE-2021-41244 at NVDCVE-2021-43798 at SUSECVE-2021-43798 at NVDCVE-2021-43813 at SUSECVE-2021-43813 at NVDCVE-2021-43815 at SUSECVE-2021-43815 at NVDCVE-2022-21673 at SUSECVE-2022-21673 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-21702 at SUSECVE-2022-21702 at NVDCVE-2022-21703 at SUSECVE-2022-21703 at NVDCVE-2022-21713 at SUSECVE-2022-21713 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for fwupdate (Important)SUSE OpenStack Cloud Crowbar 9
This update of fwupdate fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Important)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-21427 (bsc#1199928)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27445 (bsc#1198629)
ImportantSUSE bug 1198603SUSE bug 1198604SUSE bug 1198606SUSE bug 1198607SUSE bug 1198610SUSE bug 1198611SUSE bug 1198612SUSE bug 1198613SUSE bug 1198629SUSE bug 1199928CVE-2021-46669 at SUSECVE-2021-46669 at NVDCVE-2022-21427 at SUSECVE-2022-21427 at NVDCVE-2022-27377 at SUSECVE-2022-27377 at NVDCVE-2022-27378 at SUSECVE-2022-27378 at NVDCVE-2022-27380 at SUSECVE-2022-27380 at NVDCVE-2022-27381 at SUSECVE-2022-27381 at NVDCVE-2022-27383 at SUSECVE-2022-27383 at NVDCVE-2022-27384 at SUSECVE-2022-27384 at NVDCVE-2022-27386 at SUSECVE-2022-27386 at NVDCVE-2022-27387 at SUSECVE-2022-27387 at NVDCVE-2022-27445 at SUSECVE-2022-27445 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1070738SUSE bug 1198511SUSE bug 1199441CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl fixes the following issues:
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1200550CVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1185637SUSE bug 1199166SUSE bug 1200550CVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for oracleasm (Important)SUSE OpenStack Cloud Crowbar 9
This update of oracleasm fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Important)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1198511CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sysstat (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for sysstat fixes the following issues:
Security issue fixed:
- CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104).
Bug fixes:
- Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958)
ModerateSUSE bug 1144923SUSE bug 1159104CVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dpdk (Important)SUSE OpenStack Cloud Crowbar 9
This update of dpdk fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793):
- CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381)
- CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604)
- CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537)
- CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951)
- CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123)
- CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717)
- CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595)
- CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246)
- CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651)
ImportantSUSE bug 1200793CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-31744 at SUSECVE-2022-31744 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
ImportantSUSE bug 1201099CVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for crash (Important)SUSE OpenStack Cloud Crowbar 9
This update of crash fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rsyslog (Important)SUSE OpenStack Cloud Crowbar 9
This update for rsyslog fixes the following issues:
- CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061)
ImportantSUSE bug 1199061CVE-2022-24903 at SUSECVE-2022-24903 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for pcre (Important)SUSE OpenStack Cloud Crowbar 9
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
- CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
ImportantSUSE bug 1194179SUSE bug 1194181CVE-2022-2319 at SUSECVE-2022-2319 at NVDCVE-2022-2320 at SUSECVE-2022-2320 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for squid (Important)SUSE OpenStack Cloud Crowbar 9
This update for squid fixes the following issues:
- CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436)
- CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921)
- CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907)
ImportantSUSE bug 1183436SUSE bug 1185921SUSE bug 1200907CVE-2020-25097 at SUSECVE-2020-25097 at NVDCVE-2021-28651 at SUSECVE-2021-28651 at NVDCVE-2021-46784 at SUSECVE-2021-46784 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144).
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143).
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577).
- CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426).
- CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266).
The following non-security bugs were fixed:
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- exec: Force single empty string when argv is empty (bsc#1200571).
ImportantSUSE bug 1158266SUSE bug 1162338SUSE bug 1162369SUSE bug 1173871SUSE bug 1177282SUSE bug 1194013SUSE bug 1196901SUSE bug 1198577SUSE bug 1199426SUSE bug 1199487SUSE bug 1199507SUSE bug 1199657SUSE bug 1200059SUSE bug 1200143SUSE bug 1200144SUSE bug 1200249SUSE bug 1200571SUSE bug 1200599SUSE bug 1200604SUSE bug 1200605SUSE bug 1200608SUSE bug 1200619SUSE bug 1200692SUSE bug 1200762SUSE bug 1201050SUSE bug 1201080SUSE bug 1201251CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.4 (bsc#1201221):
- CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information.
- CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted.
- CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantSUSE bug 1201221CVE-2022-22662 at SUSECVE-2022-22662 at NVDCVE-2022-22677 at SUSECVE-2022-22677 at NVDCVE-2022-26710 at SUSECVE-2022-26710 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rack (Critical)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rack fixes the following issues:
- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)
- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)
The following non-security bug was fixed:
- Fixed a regression in CVE-2022-30122 patch (bsc#1201588).
CriticalSUSE bug 1200748SUSE bug 1200750SUSE bug 1201588CVE-2022-30122 at SUSECVE-2022-30122 at NVDCVE-2022-30123 at SUSECVE-2022-30123 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-M2Crypto (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).
ImportantSUSE bug 1178829CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gpg2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
ImportantSUSE bug 1201225CVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)
- CVE-2022-21426: Better XPath expression handling (bsc#1198672)
- CVE-2022-21443: Improved Object Identification (bsc#1198675)
- CVE-2022-21434: Better invocation handler handling (bsc#1198674)
- CVE-2022-21476: Improve Santuario processing (bsc#1198671)
- CVE-2022-21496: Improve URL supports (bsc#1198673)
And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes.
ImportantSUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nspr, mozilla-nss (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to fix various issues:
FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15.
- FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
- FISP: remove hard disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
Version update to NSS 3.79
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Update to NSS 3.78.1
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
update to NSS 3.78
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Update to NSS 3.77:
- resolve mpitests build failure on Windows.
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Add a CI Target for gcc-11.
- Change to makefiles for gcc-4.8.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
update to NSS 3.76.1
- Remove token member from NSSSlot struct.
NSS 3.76
- Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake message.
update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- real move assignment operator.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Update to NSS 3.74:
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (bsc#1195040)
Update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Update to NSS 3.69.1
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with AES_CBC
NSS 3.69
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
- FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
- Enable FIPS during test certificate creation and disables the library checksum
validation during same.
- FIPS: allow checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132.
- FIPS: update validation string to version-release format. (bsc#1192079).
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086).
- FIPS: Add CSP clearing (bmo#1697303, bsc#1192087).
mozilla-nspr was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
update to 4.33:
* fixes to build system and export of private symbols
ModerateSUSE bug 1191546SUSE bug 1192079SUSE bug 1192080SUSE bug 1192086SUSE bug 1192087SUSE bug 1192228SUSE bug 1193170SUSE bug 1195040SUSE bug 1198486SUSE bug 1198980SUSE bug 1200325SUSE bug 1201298CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for git (Important)SUSE OpenStack Cloud Crowbar 9
This update for git fixes the following issues:
- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
- Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119)
ImportantSUSE bug 1200119SUSE bug 1201431CVE-2022-29187 at SUSECVE-2022-29187 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
ImportantSUSE bug 1199965SUSE bug 1199966SUSE bug 1200549SUSE bug 1201394SUSE bug 1201469CVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for pcre2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
ImportantSUSE bug 1199235CVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496).
ModerateSUSE bug 1201496CVE-2022-32742 at SUSECVE-2022-32742 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.12.0 ESR (bsc#1201758):
- CVE-2022-36319: Mouse Position spoofing with CSS transforms
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
ImportantSUSE bug 1201758CVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dovecot22 (Important)SUSE OpenStack Cloud Crowbar 9
This update for dovecot22 fixes the following issues:
- CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267).
ImportantSUSE bug 1201267CVE-2022-30550 at SUSECVE-2022-30550 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for qpdf (Important)SUSE OpenStack Cloud Crowbar 9
This update for qpdf fixes the following issues:
- CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830).
- CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).
ImportantSUSE bug 1188514SUSE bug 1201830CVE-2021-36978 at SUSECVE-2021-36978 at NVDCVE-2022-34503 at SUSECVE-2022-34503 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Critical)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859)
CriticalSUSE bug 1194859CVE-2021-44142 at SUSECVE-2021-44142 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mokutil (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mokutil fixes the following issues:
- Adds SBAT revocation support to mokutil. (bsc#1198458)
New options added (see manpage):
- mokutil --sbat
List all entries in SBAT.
- mokutil --set-sbat-policy (latest | previous | delete)
To set the SBAT acceptance policy.
- mokutil --list-sbat-revocations
To list the current SBAT revocations.
ModerateSUSE bug 1198458cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-tzinfo (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-tzinfo fixes the following issues:
- CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835).
ImportantSUSE bug 1201835CVE-2022-31163 at SUSECVE-2022-31163 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Babel (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Babel fixes the following issues:
- CVE-2021-42771: Fixed relative path traversal leading to loading arbitrary
locale files on disk and executing arbitrary code (bsc#1185768).
ImportantSUSE bug 1185768CVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).
- cifs: To match file servers, make sure the server hostname matches (bsc#1201926).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926).
- cifs: set a minimum of 120s for next dns resolution (bsc#1201926).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926).
- kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type.
- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484).
ImportantSUSE bug 1195775SUSE bug 1195926SUSE bug 1198484SUSE bug 1198829SUSE bug 1200442SUSE bug 1201050SUSE bug 1201635SUSE bug 1201636SUSE bug 1201926SUSE bug 1201930CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issues:
- CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457).
- CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458).
ImportantSUSE bug 1166457SUSE bug 1166458CVE-2020-10108 at SUSECVE-2020-10108 at NVDCVE-2020-10109 at SUSECVE-2020-10109 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for curl (Important)SUSE OpenStack Cloud Crowbar 9
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite
loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223).
- CVE-2022-27782: Fixed an issue where TLS and SSH connections would
be reused even when a related option had been changed (bsc#1199224).
- CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused
by an unbounded number of compression layers (bsc#1200735).
- CVE-2022-32208: Fixed an incorrect message verification issue when
performing FTP transfers using krb5 (bsc#1200737).
ImportantSUSE bug 1199223SUSE bug 1199224SUSE bug 1200735SUSE bug 1200737CVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u345 (icedtea-3.24.0)
- CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694).
- CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692).
- CVE-2022-34169: Fixed an issue where arbitrary bytecode could
be executed via a malicious stylesheet (bsc#1201684).
- Non-security fixes:
- Allowed for customization of PKCS12 keystores (bsc#1195163).
ImportantSUSE bug 1195163SUSE bug 1201684SUSE bug 1201692SUSE bug 1201694CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657).
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
Other fixes:
- Update for functional issues.
See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
| ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
| ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
| ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
ModerateSUSE bug 1201727CVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for zlib (Important)SUSE OpenStack Cloud Crowbar 9
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
ImportantSUSE bug 1202175CVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086)
- CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088)
ImportantSUSE bug 1195086SUSE bug 1195088CVE-2022-22818 at SUSECVE-2022-22818 at NVDCVE-2022-23833 at SUSECVE-2022-23833 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rsync (Important)SUSE OpenStack Cloud Crowbar 9
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
ImportantSUSE bug 1201840CVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rails-html-sanitizer (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rails-html-sanitizer fixes the following issues:
- CVE-2022-32209: Fixed a potential content injection under specific
configurations (bsc#1201183).
ModerateSUSE bug 1201183CVE-2022-32209 at SUSECVE-2022-32209 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
- Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bluez (Important)SUSE OpenStack Cloud Crowbar 9
This update for bluez fixes the following issues:
- CVE-2019-8922: Fixed a buffer overflow in the implementation of the
Service Discovery Protocol (bsc#1193227).
ImportantSUSE bug 1193227CVE-2019-8922 at SUSECVE-2019-8922 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libcroco (Important)SUSE OpenStack Cloud Crowbar 9
This update for libcroco fixes the following issues:
- CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685).
ImportantSUSE bug 1171685CVE-2020-12825 at SUSECVE-2020-12825 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for gstreamer-plugins-good (Important)SUSE OpenStack Cloud Crowbar 9
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
ImportantSUSE bug 1201688SUSE bug 1201693SUSE bug 1201702SUSE bug 1201704SUSE bug 1201706SUSE bug 1201707SUSE bug 1201708CVE-2022-1920 at SUSECVE-2022-1920 at NVDCVE-2022-1921 at SUSECVE-2022-1921 at NVDCVE-2022-1922 at SUSECVE-2022-1922 at NVDCVE-2022-1923 at SUSECVE-2022-1923 at NVDCVE-2022-1924 at SUSECVE-2022-1924 at NVDCVE-2022-1925 at SUSECVE-2022-1925 at NVDCVE-2022-2122 at SUSECVE-2022-2122 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql10 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql10 fixes the following issues:
- Upgrade to 10.22:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.36.5 (bsc#1201980):
- Add support for PAC proxy in the WebDriver implementation.
- Fix video playback when loaded through custom URIs, this fixes
video playback in the Yelp documentation browser.
- Fix WebKitWebView::context-menu when using GTK4.
- Fix LTO builds with GCC.
- Fix several crashes and rendering issues.
- Security fixes:
- CVE-2022-32792: Fixed processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to
UI spoofing.
ImportantSUSE bug 1201980CVE-2022-32792 at SUSECVE-2022-32792 at NVDCVE-2022-32816 at SUSECVE-2022-32816 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for open-vm-tools (Important)SUSE OpenStack Cloud Crowbar 9
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
ImportantSUSE bug 1202657SUSE bug 1202733CVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for net-snmp (Important)SUSE OpenStack Cloud Crowbar 9
This update for net-snmp fixes the following issues:
- CVE-2020-15862: Make extended MIB read-only (bsc#1174961)
ImportantSUSE bug 1100146SUSE bug 1145864SUSE bug 1152968SUSE bug 1174961SUSE bug 1178021SUSE bug 1178351SUSE bug 1179009SUSE bug 1179699SUSE bug 1184839CVE-2020-15862 at SUSECVE-2020-15862 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for json-c (Important)SUSE OpenStack Cloud Crowbar 9
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed an integer overflow that could lead to memory
corruption via a large JSON file (bsc#1171479).
Non-security fixes:
- Updated to version 0.12.1 (jsc#PED-1778).
ImportantSUSE bug 1171479CVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
ImportantSUSE bug 1202645CVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libgda (Important)SUSE OpenStack Cloud Crowbar 9
This update for libgda fixes the following issues:
- CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849).
ImportantSUSE bug 1189849CVE-2021-39359 at SUSECVE-2021-39359 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
- Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when
processing malicious web content and that could lead to arbitrary
code execution.
- Fixed several crashes and rendering issues.
- Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
- Fixed several crashes and rendering issues
ImportantSUSE bug 1202169SUSE bug 1202807CVE-2022-32893 at SUSECVE-2022-32893 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for clamav (Important)SUSE OpenStack Cloud Crowbar 9
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature 'Intermediates' feature.
* Relax constraints on slightly malformed zip archives that
contain overlapping file entries.
ImportantSUSE bug 1202986cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
Note: the issues listed below were NOT fixed with the previous update (8.0-7.11).
- Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694)..
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for udisks2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for udisks2 fixes the following issues:
- CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606).
- Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797).
ModerateSUSE bug 1098797SUSE bug 1190606CVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql12 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql12 fixes the following issues:
- Update to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1198166SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for keepalived (Important)SUSE OpenStack Cloud Crowbar 9
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to
insufficient control in the D-Bus policy (bsc#1193115).
ImportantSUSE bug 1193115CVE-2021-44225 at SUSECVE-2021-44225 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql14 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
ImportantSUSE bug 1198166SUSE bug 1200437SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.2.0esr ESR:
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-34 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155)
Address bar spoofing via XSLT error handling
* CVE-2022-38473 (bmo#1771685)
Cross-origin XSLT Documents would have inherited the parent's
permissions
* CVE-2022-38476 (bmo#1760998)
Data race and potential use-after-free in PK11_ChangePW
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658)
Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Firefox Extended Support Release 102.1 ESR
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-30 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722)
Mouse Position spoofing with CSS transforms
* CVE-2022-36318 (bmo#1771774)
Directory indexes for bundled resources reflected URL
parameters
* CVE-2022-36314 (bmo#1773894)
Opening local <code>.lnk</code> files could cause unexpected
network loads
* CVE-2022-2505 (bmo#1769739, bmo#1772824)
Memory safety bugs fixed in Firefox 103 and 102.1
- Firefox Extended Support Release 102.0.1 ESR
* Fixed: Fixed bookmark shortcut creation by dragging to
Windows File Explorer and dropping partially broken
(bmo#1774683)
* Fixed: Fixed bookmarks sidebar flashing white when opened in
dark mode (bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with
content in both English and a non-Latin alphabet
(bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last
visible message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is
closed* checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
Firefox 102.0 ESR:
* New:
- We now provide more secure connections: Firefox can
now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc
headers.
- For added viewing pleasure, full-range color levels are now
supported for video playback on many systems.
- Find it easier now! Mac users can now access the macOS
share options from the Firefox File menu.
- Voil?! Support for images containing ICC v4 profiles is
enabled on macOS.
- Firefox now supports the new AVIF image format, which is
based on the modern and royalty-free AV1 video codec. It
offers significant bandwidth savings for sites compared to
existing image formats. It also supports transparency and
other advanced features.
- Firefox PDF viewer now supports filling more forms (e.g.,
XFA-based forms, used by multiple governments and banks).
Learn more.
- When available system memory is critically low, Firefox on
Windows will automatically unload tabs based on their last
access time, memory usage, and other attributes. This helps
to reduce Firefox out-of-memory crashes. Forgot something?
Switching to an unloaded tab automatically reloads it.
- To prevent session loss for macOS users who are running
Firefox from a mounted .dmg file, they’ll now be prompted to
finish installation. Bear in mind, this permission prompt
only appears the first time these users run Firefox on their
computer.
- For your safety, Firefox now blocks downloads that rely on
insecure connections, protecting against potentially
malicious or unsafe downloads. Learn more and see where to
find downloads in Firefox.
- Improved web compatibility for privacy protections with
SmartBlock 3.0: In Private Browsing and Strict Tracking
Protection, Firefox goes to great lengths to protect your web
browsing activity from trackers. As part of this, the built-
in content blocking will automatically block third-party
scripts, images, and other content from being loaded from
cross-site tracking companies reported by Disconnect. Learn
more.
- Introducing a new referrer tracking protection in Strict
Tracking Protection and Private Browsing. This feature
prevents sites from unknowingly leaking private information
to trackers. Learn more.
- Introducing Firefox Suggest, a feature that provides
website suggestions as you type into the address bar. Learn
more about this faster way to navigate the web and locale-
specific features.
- Firefox macOS now uses Apple's low-power mode for
fullscreen video on sites such as YouTube and Twitch. This
meaningfully extends battery life in long viewing sessions.
Now your kids can find out what the fox says on a loop
without you ever missing a beat…
- With this release, power users can use about:unloads to
release system resources by manually unloading tabs without
closing them.
- On Windows, there will now be fewer interruptions because
Firefox won’t prompt you for updates. Instead, a background
agent will download and install updates even if Firefox is
closed.
- On Linux, we’ve improved WebGL performance and reduced
power consumption for many users.
- To better protect all Firefox users against side-channel
attacks, such as Spectre, we introduced Site Isolation.
- Firefox no longer warns you by default when you exit the
browser or close a window using a menu, button, or three-key
command. This should cut back on unwelcome notifications,
which is always nice—however, if you prefer a bit of notice,
you’ll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox
Settings. No worries! More details here.
- Firefox supports the new Snap Layouts menus when running on
Windows 11.
- RLBox—a new technology that hardens Firefox against
potential security vulnerabilities in third-party
libraries—is now enabled on all platforms.
- We’ve reduced CPU usage on macOS in Firefox and
WindowServer during event processing.
- We’ve also reduced the power usage of software decoded
video on macOS, especially in fullscreen. This includes
streaming sites such as Netflix and Amazon Prime Video.
- You can now move the Picture-in-Picture toggle button to
the opposite side of the video. Simply look for the new
context menu option Move Picture-in-Picture Toggle to Left
(Right) Side.
- We’ve made significant improvements in noise suppression
and auto-gain-control, as well as slight improvements in
echo-cancellation to provide you with a better overall
experience.
- We’ve also significantly reduced main-thread load.
- When printing, you can now choose to print only the
odd/even pages.
- Firefox now supports and displays the new style of
scrollbars on Windows 11.
- Firefox has a new optimized download flow. Instead of
prompting every time, files will download automatically.
However, they can still be opened from the downloads panel
with just one click. Easy! More information
- Firefox no longer asks what to do for each file by default.
You won’t be prompted to choose a helper application or save
to disk before downloading a file unless you have changed
your download action setting for that type of file.
- Any files you download will be immediately saved on your
disk. Depending on the current configuration, they’ll be
saved in your preferred download folder, or you’ll be asked
to select a location for each download. Windows and Linux
users will find their downloaded files in the destination
folder. They’ll no longer be put in the Temp folder.
- Firefox allows users to choose from a number of built-in
search engines to set as their default. In this release, some
users who had previously configured a default engine might
notice their default search engine has changed since Mozilla
was unable to secure formal permission to continue including
certain search engines in Firefox.
- You can now toggle Narrate in ReaderMode with the keyboard
shortcut 'n.'
- You can find added support for search—with or without
diacritics—in the PDF viewer.
- The Linux sandbox has been strengthened: processes exposed
to web content no longer have access to the X Window system
(X11).
- Firefox now supports credit card autofill and capture in
Germany, France, and the United Kingdom.
- We now support captions/subtitles display on YouTube, Prime
Video, and Netflix videos you watch in Picture-in-Picture.
Just turn on the subtitles on the in-page video player, and
they will appear in PiP.
- Picture-in-Picture now also supports video captions on
websites that use Web Video Text Track (WebVTT) format (e.g.,
Coursera.org, Canadian Broadcasting Corporation, and many
more).
- On the first run after install, Firefox detects when its
language does not match the operating system language and
offers the user a choice between the two languages.
- Firefox spell checking now checks spelling in multiple
languages. To enable additional languages, select them in the
text field’s context menu.
- HDR video is now supported in Firefox on Mac—starting with
YouTube! Firefox users on macOS 11+ (with HDR-compatible
screens) can enjoy higher-fidelity video content. No need to
manually flip any preferences to turn HDR video support
on—just make sure battery preferences are NOT set to
“optimize video streaming while on battery”.
- Hardware-accelerated AV1 video decoding is enabled on
Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2
Excluding Navi 24, GeForce 30). Installing the AV1 Video
Extension from the Microsoft Store may also be required.
- Video overlay is enabled on Windows for Intel GPUs,
reducing power usage during video playback.
- Improved fairness between painting and handling other
events. This noticeably improves the performance of the
volume slider on Twitch.
- Scrollbars on Linux and Windows 11 won't take space by
default. On Linux, users can change this in Settings. On
Windows, Firefox follows the system setting (System Settings
> Accessibility > Visual Effects > Always show scrollbars).
- Firefox now ignores less restricted referrer
policies—including unsafe-url, no-referrer-when-downgrade,
and origin-when-cross-origin—for cross-site
subresource/iframe requests to prevent privacy leaks from the
referrer.
- Reading is now easier with the prefers-contrast media
query, which allows sites to detect if the user has requested
that web content is presented with a higher (or lower)
contrast.
- All non-configured MIME types can now be assigned a custom
action upon download completion.
- Firefox now allows users to use as many microphones as they
want, at the same time, during video conferencing. The most
exciting benefit is that you can easily switch your
microphones at any time (if your conferencing service
provider enables this flexibility).
- Print preview has been updated.
* Fixed: Various security fixes.
- MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34483 (bmo#1335845)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34476 (bmo#1387919)
ASN.1 parser could have been tricked into accepting malformed
ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246)
Potential integer overflow in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138)
Sandboxed iframes could redirect to external schemes
* CVE-2022-34469 (bmo#1721220)
TLS certificate errors on HSTS-protected domains could be
bypassed by the user on Firefox for Android
* CVE-2022-34471 (bmo#1766047)
Compromised server could trick a browser into an addon
downgrade
* CVE-2022-34472 (bmo#1770123)
Unavailable PAC file resulted in OCSP requests being blocked
* CVE-2022-34478 (bmo#1773717)
Microsoft protocols can be attacked if a user accepts a
prompt
* CVE-2022-2200 (bmo#1771381)
Undesired attributes could be set as part of prototype
pollution
* CVE-2022-34480 (bmo#1454072)
Free of uninitialized pointer in lg_init
* CVE-2022-34477 (bmo#1731614)
MediaError message property leaked information on cross-
origin same-site pages
* CVE-2022-34475 (bmo#1757210)
HTML Sanitizer could have been bypassed via same-origin
script via use tags
* CVE-2022-34473 (bmo#1770888)
HTML Sanitizer could have been bypassed via use tags
* CVE-2022-34484 (bmo#1763634, bmo#1772651)
Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
* CVE-2022-34485 (bmo#1768409, bmo#1768578)
Memory safety bugs fixed in Firefox 102
ImportantSUSE bug 1200793SUSE bug 1201758SUSE bug 1202645CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-2505 at SUSECVE-2022-2505 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34469 at SUSECVE-2022-34469 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34471 at SUSECVE-2022-34471 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34473 at SUSECVE-2022-34473 at NVDCVE-2022-34474 at SUSECVE-2022-34474 at NVDCVE-2022-34475 at SUSECVE-2022-34475 at NVDCVE-2022-34476 at SUSECVE-2022-34476 at NVDCVE-2022-34477 at SUSECVE-2022-34477 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34480 at SUSECVE-2022-34480 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34482 at SUSECVE-2022-34482 at NVDCVE-2022-34483 at SUSECVE-2022-34483 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDCVE-2022-34485 at SUSECVE-2022-34485 at NVDCVE-2022-36314 at SUSECVE-2022-36314 at NVDCVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDCVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38476 at SUSECVE-2022-38476 at NVDCVE-2022-38477 at SUSECVE-2022-38477 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative (bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
ImportantSUSE bug 1172145SUSE bug 1177440SUSE bug 1188944SUSE bug 1191881SUSE bug 1194535SUSE bug 1196616SUSE bug 1200598SUSE bug 1200770SUSE bug 1200910SUSE bug 1201019SUSE bug 1201420SUSE bug 1201429SUSE bug 1201705SUSE bug 1201726SUSE bug 1201940SUSE bug 1201948SUSE bug 1202096SUSE bug 1202154SUSE bug 1202346SUSE bug 1202347SUSE bug 1202393SUSE bug 1202396SUSE bug 1202672SUSE bug 1202897SUSE bug 1202898SUSE bug 1203098CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21385 at SUSECVE-2022-21385 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
- CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)
ImportantSUSE bug 1194581SUSE bug 1194588CVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string (bsc#1157665).
rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).
Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev45:
* FIP Status active after dissociate
- Update to version group-based-policy-14.0.1.dev43:
* fixed apic synchronization state for multiple erspan session
- Update to version group-based-policy-14.0.1.dev41:
* Remove\_legacy\_service\_chain\_code(2)
- Update to version group-based-policy-14.0.1.dev39:
* data-migrations spelling fixes
2014.2rc1
- Update to version group-based-policy-14.0.1.dev38:
* Adding support for address group feature in upstream
- Update to version group-based-policy-14.0.1.dev36:
* Add support for yoga
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev35:
* Removed\_legacy\_service\_chain\_code
2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
ModerateSUSE bug 1157665SUSE bug 1164139SUSE bug 1191454SUSE bug 1197818SUSE bug 1198398SUSE bug 1201186CVE-2019-11287 at SUSECVE-2019-11287 at NVDCVE-2020-1734 at SUSECVE-2020-1734 at NVDCVE-2021-39226 at SUSECVE-2021-39226 at NVDCVE-2022-24790 at SUSECVE-2022-24790 at NVDCVE-2022-28346 at SUSECVE-2022-28346 at NVDCVE-2022-34265 at SUSECVE-2022-34265 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libsndfile (Important)SUSE OpenStack Cloud Crowbar 9
This update for libsndfile fixes the following issues:
- CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that
could potentially lead to heap exploitation (bsc#1194006).
ImportantSUSE bug 1194006CVE-2021-4156 at SUSECVE-2021-4156 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sqlite3 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite3 was update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Update to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64.
- CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3.
ImportantSUSE bug 1203477CVE-2022-40956 at SUSECVE-2022-40956 at NVDCVE-2022-40957 at SUSECVE-2022-40957 at NVDCVE-2022-40958 at SUSECVE-2022-40958 at NVDCVE-2022-40959 at SUSECVE-2022-40959 at NVDCVE-2022-40960 at SUSECVE-2022-40960 at NVDCVE-2022-40962 at SUSECVE-2022-40962 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for expat (Important)SUSE OpenStack Cloud Crowbar 9
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for krb5-appl (Important)SUSE OpenStack Cloud Crowbar 9
This update for krb5-appl fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530):
- CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution.
- CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution.
ImportantSUSE bug 1203530CVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bind (Important)SUSE OpenStack Cloud Crowbar 9
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
ImportantSUSE bug 1203614SUSE bug 1203619SUSE bug 1203620CVE-2022-2795 at SUSECVE-2022-2795 at NVDCVE-2022-38177 at SUSECVE-2022-38177 at NVDCVE-2022-38178 at SUSECVE-2022-38178 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for squid (Important)SUSE OpenStack Cloud Crowbar 9
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
ImportantSUSE bug 1203677SUSE bug 1203680CVE-2022-41317 at SUSECVE-2022-41317 at NVDCVE-2022-41318 at SUSECVE-2022-41318 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit (Important)SUSE OpenStack Cloud Crowbar 9
This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues:
- CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662).
- CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842).
- CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843).
- CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844).
ImportantSUSE bug 1193662SUSE bug 1194842SUSE bug 1194843SUSE bug 1194844CVE-2021-4104 at SUSECVE-2021-4104 at NVDCVE-2022-23302 at SUSECVE-2022-23302 at NVDCVE-2022-23305 at SUSECVE-2022-23305 at NVDCVE-2022-23307 at SUSECVE-2022-23307 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql-jdbc (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).
ImportantSUSE bug 1202170CVE-2022-31197 at SUSECVE-2022-31197 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Important)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for clamav (Important)SUSE OpenStack Cloud Crowbar 9
This update for clamav fixes the following issues:
- CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731)
ImportantSUSE bug 1194731CVE-2022-20698 at SUSECVE-2022-20698 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-waitress (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-waitress fixes the following issues:
- CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197256)
ImportantSUSE bug 1197255CVE-2022-24761 at SUSECVE-2022-24761 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
- CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
ImportantSUSE bug 1201309SUSE bug 1202097SUSE bug 1202385SUSE bug 1202677SUSE bug 1202960SUSE bug 1203107SUSE bug 1203552CVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tiff (Important)SUSE OpenStack Cloud Crowbar 9
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).
ImportantSUSE bug 1201723SUSE bug 1201971SUSE bug 1202026SUSE bug 1202466SUSE bug 1202467SUSE bug 1202468SUSE bug 1202968SUSE bug 1202971SUSE bug 1202973CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libksba (Critical)SUSE OpenStack Cloud Crowbar 9
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Mako (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Mako fixes the following issues:
- CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246).
ModerateSUSE bug 1203246CVE-2022-40023 at SUSECVE-2022-40023 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985).
- CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529).
- CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).
- CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727).
- CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207).
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442).
- CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442).
- CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032).
- CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731).
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)
- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162)
- CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575).
The following non-security bugs were fixed:
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- elfcore: fix building with clang (bsc#1169514).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge.
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841).
- kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- net: Using proper atomic helper (bsc#1186222).
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Add XDP support (bsc#1193507).
- net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507).
- net: mana: Improve the HWC error handling (bsc#1193507).
- net: mana: Support hibernation and kexec (bsc#1193507).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- post.sh: detect /usr mountpoint too
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change.
- rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla).
- rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358).
- rpm: use _rpmmacrodir (boo#1191384)
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
- watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
ImportantSUSE bug 1071995SUSE bug 1124431SUSE bug 1167162SUSE bug 1169514SUSE bug 1172073SUSE bug 1177101SUSE bug 1179599SUSE bug 1184804SUSE bug 1185377SUSE bug 1186207SUSE bug 1186222SUSE bug 1187167SUSE bug 1189305SUSE bug 1189841SUSE bug 1190358SUSE bug 1190428SUSE bug 1191229SUSE bug 1191384SUSE bug 1191731SUSE bug 1192032SUSE bug 1192267SUSE bug 1192740SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1193306SUSE bug 1193440SUSE bug 1193442SUSE bug 1193507SUSE bug 1193575SUSE bug 1193669SUSE bug 1193727SUSE bug 1193731SUSE bug 1193767SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194001SUSE bug 1194048SUSE bug 1194087SUSE bug 1194227SUSE bug 1194302SUSE bug 1194516SUSE bug 1194529SUSE bug 1194880SUSE bug 1194888SUSE bug 1194985SUSE bug 1195254CVE-2018-25020 at SUSECVE-2018-25020 at NVDCVE-2019-15126 at SUSECVE-2019-15126 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-0935 at SUSECVE-2021-0935 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-3564 at SUSECVE-2021-3564 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for multipath-tools (Important)SUSE OpenStack Cloud Crowbar 9
This update for multipath-tools fixes the following issues:
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
ImportantSUSE bug 1202616SUSE bug 1202739SUSE bug 1204325CVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libxml2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1201978SUSE bug 1204366SUSE bug 1204367CVE-2016-3709 at SUSECVE-2016-3709 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bluez (Important)SUSE OpenStack Cloud Crowbar 9
This update for bluez fixes the following issues:
- CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237).
- CVE-2016-9803: Fixed memory leak (bsc#1013885).
ImportantSUSE bug 1013885SUSE bug 1193237CVE-2016-9803 at SUSECVE-2016-9803 at NVDCVE-2019-8921 at SUSECVE-2019-8921 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Updated to version 102.4.0 ESR (bsc#1204421):
- CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
ImportantSUSE bug 1204421CVE-2022-42927 at SUSECVE-2022-42927 at NVDCVE-2022-42928 at SUSECVE-2022-42928 at NVDCVE-2022-42929 at SUSECVE-2022-42929 at NVDCVE-2022-42932 at SUSECVE-2022-42932 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for telnet (Important)SUSE OpenStack Cloud Crowbar 9
This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for SUSE Manager Client Tools (Moderate)SUSE OpenStack Cloud Crowbar 9
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
golang-github-prometheus-alertmanager:
- Do not include sources (bsc#1200725)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114)
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
* CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
kiwi-desc-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Use salt bundle
* Add support fo VirtIO disks
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
ModerateSUSE bug 1196338SUSE bug 1198903SUSE bug 1200725SUSE bug 1201535SUSE bug 1201539CVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-31097 at SUSECVE-2022-31097 at NVDCVE-2022-31107 at SUSECVE-2022-31107 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for curl (Important)SUSE OpenStack Cloud Crowbar 9
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593).
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
ImportantSUSE bug 1202593SUSE bug 1204383CVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libtirpc (Important)SUSE OpenStack Cloud Crowbar 9
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
ImportantSUSE bug 1200800SUSE bug 1201680CVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openjpeg2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openjpeg2 fixes the following issues:
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789).
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046).
ImportantSUSE bug 1149789SUSE bug 1179821SUSE bug 1180043SUSE bug 1180044SUSE bug 1180046CVE-2018-21010 at SUSECVE-2018-21010 at NVDCVE-2020-27824 at SUSECVE-2020-27824 at NVDCVE-2020-27842 at SUSECVE-2020-27842 at NVDCVE-2020-27843 at SUSECVE-2020-27843 at NVDCVE-2020-27845 at SUSECVE-2020-27845 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dbus-1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libtasn1 (Critical)SUSE OpenStack Cloud Crowbar 9
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690).
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412).
- CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416).
ImportantSUSE bug 1204412SUSE bug 1204416CVE-2022-3550 at SUSECVE-2022-3550 at NVDCVE-2022-3551 at SUSECVE-2022-3551 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionview-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionview-4_2 fixes the following issues:
- CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helpers (bsc#1199060).
ModerateSUSE bug 1199060CVE-2022-27777 at SUSECVE-2022-27777 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for expat (Important)SUSE OpenStack Cloud Crowbar 9
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-nokogiri (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-nokogiri fixes the following issues:
- CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408)
- CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782)
ImportantSUSE bug 1198408SUSE bug 1199782CVE-2022-24836 at SUSECVE-2022-24836 at NVDCVE-2022-29181 at SUSECVE-2022-29181 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glibc (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for glibc fixes the following issues:
- CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing
a malformed regexp (bsc#1193625)
- x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852)
- Recognize ppc64p7 arch to build for power7
ModerateSUSE bug 1193625SUSE bug 1196852CVE-2015-8985 at SUSECVE-2015-8985 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issues:
- CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781).
ImportantSUSE bug 1204781CVE-2019-12387 at SUSECVE-2019-12387 at NVDCVE-2020-10108 at SUSECVE-2020-10108 at NVDCVE-2022-21712 at SUSECVE-2022-21712 at NVDCVE-2022-39348 at SUSECVE-2022-39348 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-loofah (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-loofah fixes the following issues:
- CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751).
ModerateSUSE bug 1154751CVE-2018-8048 at SUSECVE-2018-8048 at NVDCVE-2019-15587 at SUSECVE-2019-15587 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libvirt (Important)SUSE OpenStack Cloud Crowbar 9
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876)
ImportantSUSE bug 1192876SUSE bug 1193981SUSE bug 1194041CVE-2021-3975 at SUSECVE-2021-3975 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sudo (Important)SUSE OpenStack Cloud Crowbar 9
This update for sudo fixes the following issues:
Security fixes:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).
Other:
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
- Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998).
ImportantSUSE bug 1197998SUSE bug 1203201SUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923)
ImportantSUSE bug 1185104SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2021-28689 at SUSECVE-2021-28689 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270):
- CVE-2022-45403: Service Workers might have learned size of cross-origin media files
- CVE-2022-45404: Fullscreen notification bypass
- CVE-2022-45405: Use-after-free in InputStream implementation
- CVE-2022-45406: Use-after-free of a JavaScript Realm
- CVE-2022-45408: Fullscreen notification bypass via windowName
- CVE-2022-45409: Use-after-free in Garbage Collection
- CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
- CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
- CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
- CVE-2022-45416: Keystroke Side-Channel Leakage
- CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
- CVE-2022-45420: Iframe contents could be rendered outside the iframe
- CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
ImportantSUSE bug 1205270CVE-2022-45403 at SUSECVE-2022-45403 at NVDCVE-2022-45404 at SUSECVE-2022-45404 at NVDCVE-2022-45405 at SUSECVE-2022-45405 at NVDCVE-2022-45406 at SUSECVE-2022-45406 at NVDCVE-2022-45408 at SUSECVE-2022-45408 at NVDCVE-2022-45409 at SUSECVE-2022-45409 at NVDCVE-2022-45410 at SUSECVE-2022-45410 at NVDCVE-2022-45411 at SUSECVE-2022-45411 at NVDCVE-2022-45412 at SUSECVE-2022-45412 at NVDCVE-2022-45416 at SUSECVE-2022-45416 at NVDCVE-2022-45418 at SUSECVE-2022-45418 at NVDCVE-2022-45420 at SUSECVE-2022-45420 at NVDCVE-2022-45421 at SUSECVE-2022-45421 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tiff (Important)SUSE OpenStack Cloud Crowbar 9
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).
ImportantSUSE bug 1204641SUSE bug 1204643SUSE bug 1204644SUSE bug 1204645SUSE bug 1205392CVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for pixman (Important)SUSE OpenStack Cloud Crowbar 9
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125).
- CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).
ImportantSUSE bug 1203125SUSE bug 1205244CVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for exiv2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for exiv2 fixes the following issues:
- CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681)
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332)
- CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338)
- CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
ImportantSUSE bug 1119562SUSE bug 1142681SUSE bug 1185002SUSE bug 1186231SUSE bug 1188733SUSE bug 1189332SUSE bug 1189337SUSE bug 1189338CVE-2018-20097 at SUSECVE-2018-20097 at NVDCVE-2019-13112 at SUSECVE-2019-13112 at NVDCVE-2021-29457 at SUSECVE-2021-29457 at NVDCVE-2021-29473 at SUSECVE-2021-29473 at NVDCVE-2021-31291 at SUSECVE-2021-31291 at NVDCVE-2021-32815 at SUSECVE-2021-32815 at NVDCVE-2021-34334 at SUSECVE-2021-34334 at NVDCVE-2021-37620 at SUSECVE-2021-37620 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for busybox (Important)SUSE OpenStack Cloud Crowbar 9
This update for busybox fixes the following issues:
- CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660).
- CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412).
- CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912).
- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663).
- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662).
- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
- CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976).
- CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978).
- CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428).
- CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869).
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263).
- Update to 1.35.0
- awk: fix printf %%, fix read beyond end of buffer
- chrt: silence analyzer warning
- libarchive: remove duplicate forward declaration
- mount: 'mount -o rw ....' should not fall back to RO mount
- ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find,
mktemp, wget and others
- Enable fdisk (jsc#CAR-16)
- Update to 1.34.1:
* build system: use SOURCE_DATE_EPOCH for timestamp if available
* many bug fixes and new features
* touch: make FEATURE_TOUCH_NODEREF unconditional
- update to 1.33.1:
* httpd: fix sendfile
* ash: fix HISTFILE corruptio
* ash: fix unset variable pattern expansion
* traceroute: fix option parsing
* gunzip: fix for archive corruption
- Update to version 1.33.0
- many bug fixes and new features
- Update to version 1.32.1
- fixes a case where in ash, 'wait' never finishes.
- prepare usrmerge (bsc#1029961)
- Enable testsuite and package it for later rerun (for QA, jsc#CAR-15)
- Update to version 1.31.1:
+ Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion
fix), hush, dpkg-deb, telnet and wget.
- Changes from version 1.31.0:
+ many bugfixes and new features.
- Add busybox-no-stime.patch: stime() has been deprecated in glibc
2.31 and replaced with clock_settime().
- update to 1.25.1:
* fixes for hush, gunzip, ip route, ntpd
- includes changes from 1.25.0:
* many added and expanded implementations of command options
- includes changes from 1.24.2:
* fixes for build system (static build with glibc fixed),
truncate, gunzip and unzip.
- Update to version 1.24.1
* for a full list of changes see http://www.busybox.net/news.html
- Refresh busybox.install.patch
- Update to 1.23.2
* for a full list of changes see http://www.busybox.net/news.html
- Cleaned up spec file with spec-cleaner
- Refreshed patches
- update to 1.22.1:
Many updates and fixes for most included tools, see
see http://www.busybox.net/news.html
ImportantSUSE bug 1029961SUSE bug 1064976SUSE bug 1064978SUSE bug 1069412SUSE bug 1099260SUSE bug 1099263SUSE bug 1102912SUSE bug 1121426SUSE bug 1121428SUSE bug 1184522SUSE bug 1191514SUSE bug 1192869SUSE bug 914660SUSE bug 951562SUSE bug 970662SUSE bug 970663SUSE bug 991940CVE-2011-5325 at SUSECVE-2011-5325 at NVDCVE-2014-9645 at SUSECVE-2014-9645 at NVDCVE-2015-9261 at SUSECVE-2015-9261 at NVDCVE-2016-2147 at SUSECVE-2016-2147 at NVDCVE-2016-2148 at SUSECVE-2016-2148 at NVDCVE-2016-6301 at SUSECVE-2016-6301 at NVDCVE-2017-15873 at SUSECVE-2017-15873 at NVDCVE-2017-15874 at SUSECVE-2017-15874 at NVDCVE-2017-16544 at SUSECVE-2017-16544 at NVDCVE-2018-1000500 at SUSECVE-2018-1000500 at NVDCVE-2018-1000517 at SUSECVE-2018-1000517 at NVDCVE-2018-20679 at SUSECVE-2018-20679 at NVDCVE-2019-5747 at SUSECVE-2019-5747 at NVDCVE-2021-28831 at SUSECVE-2021-28831 at NVDCVE-2021-42373 at SUSECVE-2021-42373 at NVDCVE-2021-42374 at SUSECVE-2021-42374 at NVDCVE-2021-42375 at SUSECVE-2021-42375 at NVDCVE-2021-42376 at SUSECVE-2021-42376 at NVDCVE-2021-42377 at SUSECVE-2021-42377 at NVDCVE-2021-42378 at SUSECVE-2021-42378 at NVDCVE-2021-42379 at SUSECVE-2021-42379 at NVDCVE-2021-42380 at SUSECVE-2021-42380 at NVDCVE-2021-42381 at SUSECVE-2021-42381 at NVDCVE-2021-42382 at SUSECVE-2021-42382 at NVDCVE-2021-42383 at SUSECVE-2021-42383 at NVDCVE-2021-42384 at SUSECVE-2021-42384 at NVDCVE-2021-42385 at SUSECVE-2021-42385 at NVDCVE-2021-42386 at SUSECVE-2021-42386 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Important)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244).
The following non-security bug was fixed:
- Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171).
ImportantSUSE bug 1202666SUSE bug 1205244CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for binutils (Important)SUSE OpenStack Cloud Crowbar 9
This update for binutils fixes the following issues:
The following security bugs were fixed:
- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).
- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).
- CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).
- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).
- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).
- CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).
- CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
- CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).
- CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).
The following non-security bugs were fixed:
- SLE toolchain update of binutils, update to 2.39 from 2.37.
- Update to 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
--weaken-symbols options now works with unique symbols as well.
- Update to 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
--unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
--unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils (bsc#1198458).
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to 'warn' will generate a
warning message whenever any multibyte character is encountered. Using the
option to 'warn-sym-only' will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908).
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
- Add back fix for bsc#1191473, which got lost in the update to 2.38.
- Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
ImportantSUSE bug 1142579SUSE bug 1185597SUSE bug 1185712SUSE bug 1188374SUSE bug 1191473SUSE bug 1191908SUSE bug 1193929SUSE bug 1194783SUSE bug 1197592SUSE bug 1198237SUSE bug 1198458SUSE bug 1202816SUSE bug 1202966SUSE bug 1202967SUSE bug 1202969CVE-2019-1010204 at SUSECVE-2019-1010204 at NVDCVE-2021-3530 at SUSECVE-2021-3530 at NVDCVE-2021-3648 at SUSECVE-2021-3648 at NVDCVE-2021-3826 at SUSECVE-2021-3826 at NVDCVE-2021-45078 at SUSECVE-2021-45078 at NVDCVE-2021-46195 at SUSECVE-2021-46195 at NVDCVE-2022-27943 at SUSECVE-2022-27943 at NVDCVE-2022-38126 at SUSECVE-2022-38126 at NVDCVE-2022-38127 at SUSECVE-2022-38127 at NVDCVE-2022-38533 at SUSECVE-2022-38533 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
Security fixes:
- CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
- CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
- CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
- CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
- CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).
Update to version 2.38.2:
- Fix scrolling issues in some sites having fixed background.
- Fix prolonged buffering during progressive live playback.
- Fix the build with accessibility disabled.
- Fix several crashes and rendering issues.
Update to version 2.38.1:
- Make xdg-dbus-proxy work if host session bus address is an
abstract socket.
- Use a single xdg-dbus-proxy process when sandbox is enabled.
- Fix high resolution video playback due to unimplemented
changeType operation.
- Ensure GSubprocess uses posix_spawn() again and inherit file
descriptors.
- Fix player stucking in buffering (paused) state for progressive
streaming.
- Do not try to preconnect on link click when link preconnect
setting is disabled.
- Fix close status code returned when the client closes a
WebSocket in some cases.
- Fix media player duration calculation.
- Fix several crashes and rendering issues.
Update to version 2.38.0:
- New media controls UI style.
- Add new API to set WebView's Content-Security-Policy for web
extensions support.
- Make it possible to use the remote inspector from other
browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
- MediaSession is enabled by default, allowing remote media
control using MPRIS.
- Add support for PDF documents using PDF.js.
ImportantSUSE bug 1205120SUSE bug 1205121SUSE bug 1205122SUSE bug 1205123SUSE bug 1205124CVE-2022-32888 at SUSECVE-2022-32888 at NVDCVE-2022-32923 at SUSECVE-2022-32923 at NVDCVE-2022-42799 at SUSECVE-2022-42799 at NVDCVE-2022-42823 at SUSECVE-2022-42823 at NVDCVE-2022-42824 at SUSECVE-2022-42824 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
- CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
- CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
- CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
- CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
- CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
- Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302]
* Security:
- The IBM ORB Does Not Support Object-Serialisation Data Filtering
- Large Allocation In CipherSuite
- Avoid Evaluating Sslalgorithmconstraints Twice
- Cache The Results Of Constraint Checks
- An incorrect ShortBufferException is thrown by IBMJCEPlus,
IBMJCEPlusFIPS during cipher update operation
- Disable SHA-1 Signed Jars For Ea
- JSSE Performance Improvement
- Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
* Java 8/Orb:
- Upgrade ibmcfw.jar To Version o2228.02
* Class Libraries:
- Crash In Libjsor.So During An Rdma Failover
- High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
- Update Timezone Information To The Latest tzdata2022c
* Jit Compiler:
- Crash During JIT Compilation
- Incorrect JIT Optimization Of Java Code
- Incorrect Return From Class.isArray()
- Unexpected ClassCastException
- Performance Regression When Calling VM Helper Code On X86
* X/Os Extentions:
- Add RSA-OAEP Cipher Function To IBMJCECCA
- Update to Java 8.0 Service Refresh 7 Fix Pack 16
* Java Virtual Machine
- Assertion failure at ClassLoaderRememberedSet.cpp
- Assertion failure at StandardAccessBarrier.cpp when
-Xgc:concurrentScavenge is set.
- GC can have unflushed ownable synchronizer objects which
can eventually lead to heap corruption and failure when
-Xgc:concurrentScavenge is set.
* JIT Compiler:
- Incorrect JIT optimization of Java code
- JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
* Reliability and Serviceability:
- javacore with 'kill -3' SIGQUIT signal freezes Java process
ModerateSUSE bug 1204468SUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475SUSE bug 1204480SUSE bug 1205302CVE-2022-21618 at SUSECVE-2022-21618 at NVDCVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDCVE-2022-39399 at SUSECVE-2022-39399 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for supportutils (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
ModerateSUSE bug 1203818cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for grub2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520).
- Remove zfs modules (bsc#1205554).
ImportantSUSE bug 1205178SUSE bug 1205182SUSE bug 1205520SUSE bug 1205554CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- CVE-2022-42252: Fixed a request smuggling (bsc#1204918).
ImportantSUSE bug 1204918CVE-2022-42252 at SUSECVE-2022-42252 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for emacs (Important)SUSE OpenStack Cloud Crowbar 9
This update for emacs fixes the following issues:
- CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822).
ImportantSUSE bug 1205822CVE-2022-45939 at SUSECVE-2022-45939 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for krb5 (Important)SUSE OpenStack Cloud Crowbar 9
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u352 (icedtea-3.25.0):
- CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475).
- CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471).
- CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472).
ModerateSUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475CVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for glibc (Important)SUSE OpenStack Cloud Crowbar 9
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Bugs fixed:
- Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458)
- Allow dlopen of filter object to work (bsc#1192620, BZ #16272)
- x86: fix stack alignment in cancelable syscall stub (bsc#1191835)
ImportantSUSE bug 1191835SUSE bug 1192620SUSE bug 1193478SUSE bug 1194640SUSE bug 1194768SUSE bug 1194770CVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):
- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
ImportantSUSE bug 1206242CVE-2022-46872 at SUSECVE-2022-46872 at NVDCVE-2022-46874 at SUSECVE-2022-46874 at NVDCVE-2022-46875 at SUSECVE-2022-46875 at NVDCVE-2022-46878 at SUSECVE-2022-46878 at NVDCVE-2022-46880 at SUSECVE-2022-46880 at NVDCVE-2022-46881 at SUSECVE-2022-46881 at NVDCVE-2022-46882 at SUSECVE-2022-46882 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for zabbix (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for zabbix fixes the following issues:
- CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083).
ModerateSUSE bug 1206083CVE-2022-43515 at SUSECVE-2022-43515 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
- CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
- CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
- CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
- CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
- CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)
- Xi: return an error from XI property changes if verification failed (bsc#1205875)
ImportantSUSE bug 1205874SUSE bug 1205875SUSE bug 1205876SUSE bug 1205877SUSE bug 1205878SUSE bug 1205879SUSE bug 1206017CVE-2022-4283 at SUSECVE-2022-4283 at NVDCVE-2022-46340 at SUSECVE-2022-46340 at NVDCVE-2022-46341 at SUSECVE-2022-46341 at NVDCVE-2022-46342 at SUSECVE-2022-46342 at NVDCVE-2022-46343 at SUSECVE-2022-46343 at NVDCVE-2022-46344 at SUSECVE-2022-46344 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_7_1-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_7_1-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).
- CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
- CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788).
- CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987).
The following non-security bugs were fixed:
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes).
ImportantSUSE bug 1196018SUSE bug 1198702SUSE bug 1200788SUSE bug 1201455SUSE bug 1202686SUSE bug 1203008SUSE bug 1203183SUSE bug 1203290SUSE bug 1203322SUSE bug 1203514SUSE bug 1203960SUSE bug 1203987SUSE bug 1204166SUSE bug 1204168SUSE bug 1204170SUSE bug 1204354SUSE bug 1204355SUSE bug 1204402SUSE bug 1204414SUSE bug 1204415SUSE bug 1204424SUSE bug 1204431SUSE bug 1204432SUSE bug 1204439SUSE bug 1204479SUSE bug 1204574SUSE bug 1204576SUSE bug 1204631SUSE bug 1204635SUSE bug 1204636SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204868SUSE bug 1205006SUSE bug 1205128SUSE bug 1205130SUSE bug 1205220SUSE bug 1205473SUSE bug 1205514SUSE bug 1205671SUSE bug 1205705SUSE bug 1205709SUSE bug 1205796SUSE bug 1206113SUSE bug 1206114SUSE bug 1206207CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-40307 at SUSECVE-2022-40307 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for vim (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for vim fixes the following issues:
Updated to version 9.0.0814:
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
ModerateSUSE bug 1070955SUSE bug 1173256SUSE bug 1174564SUSE bug 1176549SUSE bug 1182324SUSE bug 1190533SUSE bug 1190570SUSE bug 1191770SUSE bug 1191893SUSE bug 1192167SUSE bug 1192478SUSE bug 1192481SUSE bug 1192902SUSE bug 1192903SUSE bug 1192904SUSE bug 1193294SUSE bug 1193298SUSE bug 1193466SUSE bug 1193905SUSE bug 1194093SUSE bug 1194216SUSE bug 1194217SUSE bug 1194388SUSE bug 1194556SUSE bug 1194872SUSE bug 1194885SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195203SUSE bug 1195332SUSE bug 1195354SUSE bug 1195356SUSE bug 1196361SUSE bug 1198596SUSE bug 1198748SUSE bug 1199331SUSE bug 1199333SUSE bug 1199334SUSE bug 1199651SUSE bug 1199655SUSE bug 1199693SUSE bug 1199745SUSE bug 1199747SUSE bug 1199936SUSE bug 1200010SUSE bug 1200011SUSE bug 1200012SUSE bug 1200270SUSE bug 1200697SUSE bug 1200698SUSE bug 1200700SUSE bug 1200701SUSE bug 1200732SUSE bug 1200884SUSE bug 1200902SUSE bug 1200903SUSE bug 1200904SUSE bug 1201132SUSE bug 1201133SUSE bug 1201134SUSE bug 1201135SUSE bug 1201136SUSE bug 1201150SUSE bug 1201151SUSE bug 1201152SUSE bug 1201153SUSE bug 1201154SUSE bug 1201155SUSE bug 1201249SUSE bug 1201356SUSE bug 1201359SUSE bug 1201363SUSE bug 1201620SUSE bug 1201863SUSE bug 1202046SUSE bug 1202049SUSE bug 1202050SUSE bug 1202051SUSE bug 1202414SUSE bug 1202420SUSE bug 1202421SUSE bug 1202511SUSE bug 1202512SUSE bug 1202515SUSE bug 1202552SUSE bug 1202599SUSE bug 1202687SUSE bug 1202689SUSE bug 1202862SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2016-1248 at SUSECVE-2016-1248 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ca-certificates-mozilla (Important)SUSE OpenStack Cloud Crowbar 9
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for virglrenderer (Important)SUSE OpenStack Cloud Crowbar 9
This update for virglrenderer fixes the following issues:
- CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389).
ImportantSUSE bug 1195389CVE-2022-0135 at SUSECVE-2022-0135 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for expat (Important)SUSE OpenStack Cloud Crowbar 9
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
ImportantSUSE bug 1195054SUSE bug 1195217CVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tiff (Important)SUSE OpenStack Cloud Crowbar 9
This update for tiff fixes the following issues:
- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).
ImportantSUSE bug 1071031SUSE bug 1154365SUSE bug 1182808SUSE bug 1182809SUSE bug 1182811SUSE bug 1182812SUSE bug 1190312SUSE bug 1194539CVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tcpdump (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for tcpdump fixes the following issues:
- CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825).
ModerateSUSE bug 1195825CVE-2018-16301 at SUSECVE-2018-16301 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xerces-j2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for xerces-j2 fixes the following issues:
- CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).
ImportantSUSE bug 1195108CVE-2022-23437 at SUSECVE-2022-23437 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682)
- CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service
- CVE-2022-22754: Extensions could have bypassed permission confirmation during update
- CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable
- CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements
- CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types
- CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
- CVE-2022-22763: Script Execution during invalid object state
- CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)
- Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry
ImportantSUSE bug 1195230SUSE bug 1195682CVE-2022-22753 at SUSECVE-2022-22753 at NVDCVE-2022-22754 at SUSECVE-2022-22754 at NVDCVE-2022-22756 at SUSECVE-2022-22756 at NVDCVE-2022-22759 at SUSECVE-2022-22759 at NVDCVE-2022-22760 at SUSECVE-2022-22760 at NVDCVE-2022-22761 at SUSECVE-2022-22761 at NVDCVE-2022-22763 at SUSECVE-2022-22763 at NVDCVE-2022-22764 at SUSECVE-2022-22764 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Important)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220207 release.
- CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615)
- CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779)
- CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780)
- CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781)
- Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
- Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
ImportantSUSE bug 1192615SUSE bug 1195779SUSE bug 1195780SUSE bug 1195781CVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943)
- CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942)
ImportantSUSE bug 1193942SUSE bug 1193943CVE-2021-44224 at SUSECVE-2021-44224 at NVDCVE-2021-44790 at SUSECVE-2021-44790 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.5 (bsc#1195735):
- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.
Update to version 2.34.4 (bsc#1195064):
- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The following CVEs were addressed in a previous update:
- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
ImportantSUSE bug 1195064SUSE bug 1195735CVE-2021-30934 at SUSECVE-2021-30934 at NVDCVE-2021-30936 at SUSECVE-2021-30936 at NVDCVE-2021-30951 at SUSECVE-2021-30951 at NVDCVE-2021-30952 at SUSECVE-2021-30952 at NVDCVE-2021-30953 at SUSECVE-2021-30953 at NVDCVE-2021-30954 at SUSECVE-2021-30954 at NVDCVE-2021-30984 at SUSECVE-2021-30984 at NVDCVE-2021-45481 at SUSECVE-2021-45481 at NVDCVE-2021-45482 at SUSECVE-2021-45482 at NVDCVE-2021-45483 at SUSECVE-2021-45483 at NVDCVE-2022-22589 at SUSECVE-2022-22589 at NVDCVE-2022-22590 at SUSECVE-2022-22590 at NVDCVE-2022-22592 at SUSECVE-2022-22592 at NVDCVE-2022-22594 at SUSECVE-2022-22594 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cyrus-sasl (Important)SUSE OpenStack Cloud Crowbar 9
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
ImportantSUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for expat (Important)SUSE OpenStack Cloud Crowbar 9
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
ImportantSUSE bug 1196025SUSE bug 1196026SUSE bug 1196168SUSE bug 1196169SUSE bug 1196171CVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for zsh (Important)SUSE OpenStack Cloud Crowbar 9
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be
executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be
properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-1100: Fixed a potential code execution via a stack-based buffer
overflow in utils.c:checkmailpath() (bsc#1089030).
ImportantSUSE bug 1089030SUSE bug 1163882SUSE bug 1196435CVE-2018-1100 at SUSECVE-2018-1100 at NVDCVE-2019-20044 at SUSECVE-2019-20044 at NVDCVE-2021-45444 at SUSECVE-2021-45444 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Twisted (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Twisted fixes the following issues:
- CVE-2022-21712: Fixed secret exposure in cross-origin redirects (bsc#1195667, GHSA-92x2-jw7w-xvvx) from
ImportantSUSE bug 1195667CVE-2022-21712 at SUSECVE-2022-21712 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
The following non-security bugs were fixed:
- NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934).
- crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).
- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
ImportantSUSE bug 1107207SUSE bug 1114893SUSE bug 1185973SUSE bug 1191580SUSE bug 1194516SUSE bug 1195536SUSE bug 1195543SUSE bug 1195612SUSE bug 1195840SUSE bug 1195897SUSE bug 1195908SUSE bug 1195934SUSE bug 1195949SUSE bug 1195987SUSE bug 1196079SUSE bug 1196155SUSE bug 1196584SUSE bug 1196601SUSE bug 1196612CVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.1 ESR (bsc#1196809):
- CVE-2022-26485: Use-after-free in XSLT parameter processing
- CVE-2022-26486: Use-after-free in WebGPU IPC Framework
ImportantSUSE bug 1196809CVE-2022-26485 at SUSECVE-2022-26485 at NVDCVE-2022-26486 at SUSECVE-2022-26486 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Important)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
- Update to 10.2.43 (bsc#1196016):
* 10.2.43: CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
* 10.2.42: CVE-2022-24052
CVE-2022-24051
CVE-2022-24050
CVE-2022-24048
CVE-2021-46659, bsc#1195339
- The following issues have already been fixed in this package but weren't
previously mentioned in the changes file:
CVE-2021-46658, bsc#1195334
CVE-2021-46657, bsc#1195325
ImportantSUSE bug 1195325SUSE bug 1195334SUSE bug 1195339SUSE bug 1196016CVE-2021-46657 at SUSECVE-2021-46657 at NVDCVE-2021-46658 at SUSECVE-2021-46658 at NVDCVE-2021-46659 at SUSECVE-2021-46659 at NVDCVE-2021-46661 at SUSECVE-2021-46661 at NVDCVE-2021-46663 at SUSECVE-2021-46663 at NVDCVE-2021-46664 at SUSECVE-2021-46664 at NVDCVE-2021-46665 at SUSECVE-2021-46665 at NVDCVE-2021-46668 at SUSECVE-2021-46668 at NVDCVE-2022-24048 at SUSECVE-2022-24048 at NVDCVE-2022-24050 at SUSECVE-2022-24050 at NVDCVE-2022-24051 at SUSECVE-2022-24051 at NVDCVE-2022-24052 at SUSECVE-2022-24052 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255)
- Remove log4j dependency, which is currently directly in use (bsc#1196137)
- Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
ImportantSUSE bug 1195255SUSE bug 1196091SUSE bug 1196137CVE-2022-23181 at SUSECVE-2022-23181 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.6 (bsc#1196133):
- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.
ImportantSUSE bug 1196133CVE-2022-22620 at SUSECVE-2022-22620 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libcaca (Important)SUSE OpenStack Cloud Crowbar 9
This update for libcaca fixes the following issues:
- CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no
data is written and space is allocated for the header only, not taking into
account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752).
ImportantSUSE bug 1184751SUSE bug 1184752CVE-2021-30498 at SUSECVE-2021-30498 at NVDCVE-2021-30499 at SUSECVE-2021-30499 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.7.0 ESR (bsc#1196900):
- CVE-2022-26383: Browser window spoof using fullscreen mode
- CVE-2022-26384: iframe allow-scripts sandbox bypass
- CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
- CVE-2022-26381: Use-after-free in text reflows
- CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users
ImportantSUSE bug 1196900CVE-2022-26381 at SUSECVE-2022-26381 at NVDCVE-2022-26383 at SUSECVE-2022-26383 at NVDCVE-2022-26384 at SUSECVE-2022-26384 at NVDCVE-2022-26386 at SUSECVE-2022-26386 at NVDCVE-2022-26387 at SUSECVE-2022-26387 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for expat (Important)SUSE OpenStack Cloud Crowbar 9
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249).
ImportantSUSE bug 1196249SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
Non-security issues fixed:
- Fix PAC pointer authentication in ARM. (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
- Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u322 (icedtea-3.22.0)
Including the following security fixes:
- CVE-2022-21248, bsc#1194926: Enhance cross VM serialization
- CVE-2022-21283, bsc#1194937: Better String matching
- CVE-2022-21293, bsc#1194935: Improve String constructions
- CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps
- CVE-2022-21282, bsc#1194933: Better resolution of URIs
- CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management
- CVE-2022-21299, bsc#1194931: Improved scanning of XML entities
- CVE-2022-21305, bsc#1194939: Better array indexing
- CVE-2022-21340, bsc#1194940: Verify Jar Verification
- CVE-2022-21341, bsc#1194941: Improve serial forms for transport
- CVE-2022-21349: Improve Solaris font rendering
- CVE-2022-21360, bsc#1194929: Enhance BMP image support
- CVE-2022-21365, bsc#1194928: Enhanced BMP processing
ImportantSUSE bug 1193314SUSE bug 1193444SUSE bug 1193491SUSE bug 1194926SUSE bug 1194928SUSE bug 1194929SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195163CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bind (Important)SUSE OpenStack Cloud Crowbar 9
This update for bind fixes the following issues:
- CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose
caching rules (bsc#1197135).
ImportantSUSE bug 1197135CVE-2021-25220 at SUSECVE-2021-25220 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for kernel-firmware (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for kernel-firmware fixes the following issues:
Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786):
- CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access.
ModerateSUSE bug 1195786CVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
ImportantSUSE bug 1197091SUSE bug 1197095SUSE bug 1197096SUSE bug 1197098CVE-2022-22719 at SUSECVE-2022-22719 at NVDCVE-2022-22720 at SUSECVE-2022-22720 at NVDCVE-2022-22721 at SUSECVE-2022-22721 at NVDCVE-2022-23943 at SUSECVE-2022-23943 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sudo (Important)SUSE OpenStack Cloud Crowbar 9
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for git (Important)SUSE OpenStack Cloud Crowbar 9
This update for git fixes the following issues:
- CVE-2022-41903: Fixed a heap overflow in the 'git archive' and
'git log --format' commands (bsc#1207033).
- CVE-2022-23521: Fixed an integer overflow that could be triggered
when parsing a gitattributes file (bsc#1207032).
ImportantSUSE bug 1207032SUSE bug 1207033CVE-2022-23521 at SUSECVE-2022-23521 at NVDCVE-2022-41903 at SUSECVE-2022-41903 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.7.0 ESR (bsc#1207119):
- CVE-2022-46871: Updated an out of date library (libusrsctp) which
contained several vulnerabilities.
- CVE-2023-23598: Fixed an arbitrary file read from GTK drag and
drop on Linux.
- CVE-2023-23601: Fixed a potential spoofing attack when dragging a
URL from a cross-origin iframe into the same tab.
- CVE-2023-23602: Fixed a mishandled security check, which caused
the Content Security Policy header to be ignored for WebSockets
in WebWorkers.
- CVE-2022-46877: Fixed a fullscreen notification bypass which
could be leveraged in spoofing attacks.
- CVE-2023-23603: Fixed a Content Security Policy bypass via format
directives.
- CVE-2023-23605: Fixed several memory safety bugs.
ImportantSUSE bug 1207119CVE-2022-46871 at SUSECVE-2022-46871 at NVDCVE-2022-46877 at SUSECVE-2022-46877 at NVDCVE-2023-23598 at SUSECVE-2023-23598 at NVDCVE-2023-23601 at SUSECVE-2023-23601 at NVDCVE-2023-23602 at SUSECVE-2023-23602 at NVDCVE-2023-23603 at SUSECVE-2023-23603 at NVDCVE-2023-23605 at SUSECVE-2023-23605 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for freeradius-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for freeradius-server fixes the following issues:
- CVE-2022-41859: Fixed an issue in EAP-PWD that could leak
information about the password, which could facilitate dictionary
attacks (bsc#1206204).
- CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually
configured, which could be triggered via a malformed SIM option
(bsc#1206205).
- CVE-2022-41861: Fixed a server crash that could be triggered by
sending malformed data from a system in the RADIUS circle of trust
(bsc#1206206).
ImportantSUSE bug 1206204SUSE bug 1206205SUSE bug 1206206CVE-2022-41859 at SUSECVE-2022-41859 at NVDCVE-2022-41860 at SUSECVE-2022-41860 at NVDCVE-2022-41861 at SUSECVE-2022-41861 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Important)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2021-20251: Fixed an issue where the bad password count would
not be properly incremented, which could allow attackers to brute
force a user's password (bsc#1206546).
- CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
Secure channel (bsc#1206504).
- CVE-2022-37966: Fixed an issue where a weak cipher would be
selected to encrypt session keys, which could lead to privilege
escalation (bsc#1205385).
ImportantSUSE bug 1205385SUSE bug 1206504SUSE bug 1206546CVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dpdk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update of dpdk fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libXpm (Important)SUSE OpenStack Cloud Crowbar 9
This update for libXpm fixes the following issues:
- CVE-2022-46285: Fixed an infinite loop that could be triggered
when reading a XPM image with a C-style comment that is never
closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could
be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands
susceptible to PATH environment variable manipulation attacks
(bsc#1207031).
ImportantSUSE bug 1207029SUSE bug 1207030SUSE bug 1207031CVE-2022-44617 at SUSECVE-2022-44617 at NVDCVE-2022-46285 at SUSECVE-2022-46285 at NVDCVE-2022-4883 at SUSECVE-2022-4883 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bluez (Important)SUSE OpenStack Cloud Crowbar 9
This update for bluez fixes the following issues:
- CVE-2022-39176: Fixed a memory safety issue that could allow
physically proximate attackers to obtain sensitive information
(bsc#1203121).
- CVE-2022-39177: Fixed a memory safety issue that could allow
physically proximate attackers to cause a denial of service
(bsc#1203120).
ImportantSUSE bug 1203120SUSE bug 1203121CVE-2022-39176 at SUSECVE-2022-39176 at NVDCVE-2022-39177 at SUSECVE-2022-39177 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).
ImportantSUSE bug 1209622CVE-2023-28708 at SUSECVE-2023-28708 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).
ImportantSUSE bug 1209543CVE-2023-1393 at SUSECVE-2023-1393 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.5 (boo#1208328):
- CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.
- CVE-2023-23518: Processing maliciously crafted web content may lead to
Previously fixed inside update to version 2.38.4 (boo#1207997):
- CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.
ImportantSUSE bug 1207997SUSE bug 1208328CVE-2022-42826 at SUSECVE-2022-42826 at NVDCVE-2023-23518 at SUSECVE-2023-23518 at NVDCVE-2023-23529 at SUSECVE-2023-23529 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sudo (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for sudo fixes the following issues:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
ModerateSUSE bug 1209361SUSE bug 1209362CVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
Security fixes:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
Other fixes:
- Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062)
ModerateSUSE bug 1202062SUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for systemd (Important)SUSE OpenStack Cloud Crowbar 9
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
Bug fixes:
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
- Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244).
- Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529).
- Fixed 'man' tweak description of auto/noauto (bsc#1191502).
ImportantSUSE bug 1191502SUSE bug 1195529SUSE bug 1197244SUSE bug 1198507SUSE bug 1204423SUSE bug 1204968SUSE bug 1205000SUSE bug 1206985SUSE bug 1208958CVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDCVE-2023-26604 at SUSECVE-2023-26604 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ghostscript (Important)SUSE OpenStack Cloud Crowbar 9
This update for ghostscript fixes the following issues:
- CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062).
ImportantSUSE bug 1210062CVE-2023-28879 at SUSECVE-2023-28879 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 102.10.0 ESR (bsc#1210212)
- CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
- CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
- CVE-2023-29533: Fullscreen notification obscured
- MFSA-TMP-2023-0001: Double-free in libwebp
- CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
- CVE-2023-29536: Invalid free from JavaScript code
- CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download
- CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux
- CVE-2023-29542: Bypass of file download extension restrictions
- CVE-2023-29545: Windows Save As dialog resolved environment variables
- CVE-2023-1945: Memory Corruption in Safe Browsing Code
- CVE-2023-29548: Incorrect optimization result on ARM64
- CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
ImportantSUSE bug 1210212CVE-2023-1945 at SUSECVE-2023-1945 at NVDCVE-2023-29531 at SUSECVE-2023-29531 at NVDCVE-2023-29532 at SUSECVE-2023-29532 at NVDCVE-2023-29533 at SUSECVE-2023-29533 at NVDCVE-2023-29535 at SUSECVE-2023-29535 at NVDCVE-2023-29536 at SUSECVE-2023-29536 at NVDCVE-2023-29539 at SUSECVE-2023-29539 at NVDCVE-2023-29541 at SUSECVE-2023-29541 at NVDCVE-2023-29542 at SUSECVE-2023-29542 at NVDCVE-2023-29545 at SUSECVE-2023-29545 at NVDCVE-2023-29548 at SUSECVE-2023-29548 at NVDCVE-2023-29550 at SUSECVE-2023-29550 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for harfbuzz (Important)SUSE OpenStack Cloud Crowbar 9
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 (bsc#1208480):
* Security fixes:
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
* New Features/Enhancements:
- Add RSA-PSS signature to IBMJCECCA.
* Defect Fixes:
- IJ45437 Service, Build, Packaging and Deliver: Getting
FIPSRUNTIMEEXCEPTION when calling java code:
MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
- IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
- IJ45280 Class Libraries: Update timezone information to the
latest TZDATA2022F
- IJ44896 Class Libraries: Update timezone information to the
latest TZDATA2022G
- IJ45436 Java Virtual Machine: Stack walking code gets into
endless loop, hanging the application
- IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified
multiple times on the same command line the first option takes
precedence instead of the last
- IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT()
due to a NULL pointer
- IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static
final field object properties
- IJ44107 JIT Compiler: JIT publishes new object reference to other
threads without executing a memory flush
- IX90193 ORB: Fix security vulnerability CVE-2023-21830
- IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has
similar error of JDK-8253368
- IJ45148 Security: code changes for tech preview
- IJ44621 Security: Computing Diffie-Hellman secret repeatedly,
using IBMJCEPLUS, causes a small memory leak
- IJ44172 Security: Disable SHA-1 signed jars for EA
- IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly,
using IBMJCEPLUS, Causes a small memory leak
- IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305
crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
- IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA
during signature operations resulting in Java cores
- IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
- IJ45202 Security: KEYTOOL NPE if signing certificate does not contain
a SUBJECTKEYIDENTIFIER extension
- IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY()
method uses SHA1XXXX signature algorithms to match private and public keys
- IJ45203 Security: RSAPSS multiple names for KEYTYPE
- IJ43920 Security: The PKCS12 keystore update and the PBES2 support
- IJ40002 XML: Fix security vulnerability CVE-2022-21426
ModerateSUSE bug 1207246SUSE bug 1207248SUSE bug 1207249SUSE bug 1208480CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21835 at SUSECVE-2023-21835 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for liblouis (Important)SUSE OpenStack Cloud Crowbar 9
This update for liblouis fixes the following issues:
- CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429).
- CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431).
- CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432).
ImportantSUSE bug 1209429SUSE bug 1209431SUSE bug 1209432SUSE bug 1209855CVE-2023-26767 at SUSECVE-2023-26767 at NVDCVE-2023-26768 at SUSECVE-2023-26768 at NVDCVE-2023-26769 at SUSECVE-2023-26769 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
backend could cause the response headers to be truncated early,
resulting in some headers being incorporated into the response body
(bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
header could cause memory corruption (bsc#1207247).
ImportantSUSE bug 1207247SUSE bug 1207250SUSE bug 1207251CVE-2006-20001 at SUSECVE-2006-20001 at NVDCVE-2022-36760 at SUSECVE-2022-36760 at NVDCVE-2022-37436 at SUSECVE-2022-37436 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2-mod_auth_openidc (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441).
- CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073).
ImportantSUSE bug 1190855SUSE bug 1206441SUSE bug 1210073CVE-2022-23527 at SUSECVE-2022-23527 at NVDCVE-2023-28625 at SUSECVE-2023-28625 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for shim (Important)SUSE OpenStack Cloud Crowbar 9
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1193315SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rack (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rack fixes the following issues:
- CVE-2023-27539: Fixed denial of service in header parsing (bsc#1209503).
ModerateSUSE bug 1209503CVE-2023-27539 at SUSECVE-2023-27539 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ovmf (Important)SUSE OpenStack Cloud Crowbar 9
This update for ovmf fixes the following issues:
- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246).
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
ImportantSUSE bug 1174246SUSE bug 1196741CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tiff (Important)SUSE OpenStack Cloud Crowbar 9
This update for tiff fixes the following issues:
- CVE-2022-48281: Fixed a buffer overflow that could be triggered via
a crafted image (bsc#1207413).
ImportantSUSE bug 1207413CVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sssd (Important)SUSE OpenStack Cloud Crowbar 9
This update for sssd fixes the following issues:
- CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474)
ImportantSUSE bug 1207474CVE-2022-4254 at SUSECVE-2022-4254 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dmidecode (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.6 (bsc#1210731):
- CVE-2022-0108: Fixed information leak.
- CVE-2022-32885: Fixed arbitrary code execution.
- CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer.
- CVE-2023-27932: Fixed Same Origin Policy bypass.
- CVE-2023-27954: Fixed sensitive user information tracking.
- CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295).
Already fixed in version 2.38.5:
- CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
ImportantSUSE bug 1210295SUSE bug 1210731CVE-2022-0108 at SUSECVE-2022-0108 at NVDCVE-2022-32885 at SUSECVE-2022-32885 at NVDCVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDCVE-2023-25358 at SUSECVE-2023-25358 at NVDCVE-2023-25360 at SUSECVE-2023-25360 at NVDCVE-2023-25361 at SUSECVE-2023-25361 at NVDCVE-2023-25362 at SUSECVE-2023-25362 at NVDCVE-2023-25363 at SUSECVE-2023-25363 at NVDCVE-2023-27932 at SUSECVE-2023-27932 at NVDCVE-2023-27954 at SUSECVE-2023-27954 at NVDCVE-2023-28205 at SUSECVE-2023-28205 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for git (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for git fixes the following issues:
- CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686).
- CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686).
- CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).
ModerateSUSE bug 1210686CVE-2023-25652 at SUSECVE-2023-25652 at NVDCVE-2023-25815 at SUSECVE-2023-25815 at NVDCVE-2023-29007 at SUSECVE-2023-29007 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for shadow (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2023-24580: Fixed potential DoS in file uploads (bsc#1208082).
ImportantSUSE bug 1208082CVE-2023-24580 at SUSECVE-2023-24580 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for vim (Important)SUSE OpenStack Cloud Crowbar 9
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
- CVE-2022-3491: Fixed an out of bounds memory access that could
cause a crash (bsc#1206028).
- CVE-2022-3520: Fixed an out of bounds memory access that could
cause a crash (bsc#1206071).
- CVE-2022-3591: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206072).
- CVE-2022-4292: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206075).
- CVE-2022-4293: Fixed a floating point exception that could cause
a crash (bsc#1206077).
- CVE-2022-4141: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1205797).
- CVE-2022-3705: Fixed an use-after-free issue that could cause
a crash or memory corruption (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077SUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for shim (Important)SUSE OpenStack Cloud Crowbar 9
This update for shim fixes the following issues:
- Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737)
ImportantSUSE bug 1198458CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for dnsmasq (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for dnsmasq fixes the following issues:
- CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358).
ModerateSUSE bug 1209358CVE-2023-28450 at SUSECVE-2023-28450 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.11.0 ESR (bsc#1211175):
- CVE-2023-32205: Browser prompts could have been obscured by popups
- CVE-2023-32206: Crash in RLBox Expat driver
- CVE-2023-32207: Potential permissions request bypass via clickjacking
- CVE-2023-32211: Content process crash due to invalid wasm code
- CVE-2023-32212: Potential spoof due to obscured address bar
- CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
- CVE-2023-32214: Potential DoS via exposed protocol handlers
- CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
ImportantSUSE bug 1211175CVE-2023-32205 at SUSECVE-2023-32205 at NVDCVE-2023-32206 at SUSECVE-2023-32206 at NVDCVE-2023-32207 at SUSECVE-2023-32207 at NVDCVE-2023-32211 at SUSECVE-2023-32211 at NVDCVE-2023-32212 at SUSECVE-2023-32212 at NVDCVE-2023-32213 at SUSECVE-2023-32213 at NVDCVE-2023-32214 at SUSECVE-2023-32214 at NVDCVE-2023-32215 at SUSECVE-2023-32215 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for SUSE Manager Client Tools (Important)SUSE OpenStack Cloud Crowbar 9
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051)
prometheus-blackbox_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062)
- Other non-security bugs fixed and changes:
* Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113)
* On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
prometheus-postgres_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)
- Other non-security issues fixed:
* Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and
clones
* Create the prometheus user for Red Hat Linux Enterprise systems and clones
* Fix broken log-level for values other than debug (bsc#1208965)
golang-github-prometheus-node_exporter:
- Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578):
* CVE-2022-27191: Update go/x/crypto (bsc#1197284)
* CVE-2022-27664: Update go/x/net (bsc#1203185)
* CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
- Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578):
* NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU
thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes
with high numbers of CPUs/CPU threads.
* [BUGFIX] Fix hwmon label sanitizer
* [BUGFIX] Use native endianness when encoding InetDiagMsg
* [BUGFIX] Fix btrfs device stats always being zero
* [BUGFIX] Fix diskstats exclude flags
* [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning
* [BUGFIX] Fix concurrency issue in ethtool collector
* [BUGFIX] Fix concurrency issue in netdev collector
* [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes
* [BUGFIX] Fix iostat on macos broken by deprecation warning
* [BUGFIX] Fix NodeFileDescriptorLimit alerts
* [BUGFIX] Sanitize rapl zone names
* [BUGFIX] Add file descriptor close safely in test
* [BUGFIX] Fix race condition in os_release.go
* [BUGFIX] Skip ZFS IO metrics if their paths are missing
* [BUGFIX] Handle nil CPU thermal power status on M1
* [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE
* [BUGFIX] Sanitize UTF-8 in dmi collector
* [CHANGE] Merge metrics descriptions in textfile collector
* [FEATURE] Add multiple listeners and systemd socket listener activation
* [FEATURE] [node-mixin] Add darwin dashboard to mixin
* [FEATURE] Add 'isolated' metric on cpu collector on linux
* [FEATURE] Add cgroup summary collector
* [FEATURE] Add selinux collector
* [FEATURE] Add slab info collector
* [FEATURE] Add sysctl collector
* [FEATURE] Also track the CPU Spin time for OpenBSD systems
* [FEATURE] Add support for MacOS version
* [ENHANCEMENT] Add RTNL version of netclass collector
* [ENHANCEMENT] [node-mixin] Add missing selectors
* [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default
* [ENHANCEMENT] [node-mixin] Change disk graph to disk table
* [ENHANCEMENT] [node-mixin] Change io time units to %util
* [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd
* [ENHANCEMENT] Add additional vm_stat memory metrics for darwin
* [ENHANCEMENT] Add device filter flags to arp collector
* [ENHANCEMENT] Add diskstats include and exclude device flags
* [ENHANCEMENT] Add node_softirqs_total metric
* [ENHANCEMENT] Add rapl zone name label option
* [ENHANCEMENT] Add slabinfo collector
* [ENHANCEMENT] Allow user to select port on NTP server to query
* [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev
* [ENHANCEMENT] Enable builds against older macOS SDK
* [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
* [ENHANCEMENT] systemd: Expose systemd minor version
* [ENHANCEMENT] Use netlink for tcpstat collector
* [ENHANCEMENT] Use netlink to get netdev stats
* [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles
* [ENHANCEMENT] Add btrfs device error stats
golang-github-prometheus-prometheus:
- Security issues fixed in this version update to 2.37.6 (jsc#PED-3576):
* CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
* CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
- Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576):
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
* [BUGFIX] Properly close file descriptor when logging unfinished queries.
* [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
* [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
* [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
* [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
* [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
* [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
* [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
* [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default
configuration values.
* [BUGFIX] Fix serving of static assets like fonts and favicon.
* [BUGFIX] promtool: Add --lint-fatal option.
* [BUGFIX] Changing TotalQueryableSamples from int to int64.
* [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
* [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
* [BUGFIX] Stop rule manager before TSDB is stopped.
* [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
* [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
* [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page.
* [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
* [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
* [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
* [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset.
* [BUGFIX] UI: Fix bug that sets the range input to the resolution.
* [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled.
* [BUGFIX] Parser: Specify type in metadata parser errors.
* [BUGFIX] Scrape: Fix label limit changes not applying.
* [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch.
* [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
* [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
* [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
* [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
* [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s.
* [BUGFIX] Promtool: Make exit codes more consistent.
* [BUGFIX] Promtool: Fix flakiness of rule testing.
* [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write
irrecoverably fails.
* [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
* [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks.
* [BUGFIX] TSDB: Fix logging of exemplar storage size.
* [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
* [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets.
* [BUGFIX] UI: Fix autocompletion when expression is empty.
* [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
* [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
* [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting
in a new exit code (3) for linter errors.
* [CHANGE] UI: Classic UI removed.
* [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
* [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
* [CHANGE] Web: Promote remote-write-receiver to stable.
* [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery.
* [FEATURE] Add lowercase and uppercase relabel action.
* [FEATURE] SD: Add IONOS Cloud integration.
* [FEATURE] SD: Add Vultr integration.
* [FEATURE] SD: Add Linode SD failure count metric.
* [FEATURE] Add prometheus_ready metric.
* [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit.
Enable with the flag `--enable-feature=auto-gomaxprocs`.
* [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query.
Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using
stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`.
* [FEATURE] Config: Add stripPort template function.
* [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended.
* [FEATURE] SD: Enable target discovery in own K8s namespace.
* [FEATURE] SD: Add provider ID label in K8s SD.
* [FEATURE] Web: Add limit field to the rules API.
* [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
* [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
* [ENHANCEMENT] TSDB: Memory optimizations.
* [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
* [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
* [ENHANCEMENT] Add stripDomain to template function.
* [ENHANCEMENT] UI: Enable active search through dropped targets.
* [ENHANCEMENT] promtool: support matchers when querying label
* [ENHANCEMENT] Add agent mode identifier.
* [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup.
* [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
* [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
* [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1
EndpointSlice (previously only discovery.k8s.io/v1beta1
EndpointSlice was supported).
* [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods.
* [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
* [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
* [ENHANCEMENT] Config: Support overriding minimum TLS version.
* [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag
`--storage.tsdb.head-chunks-write-queue-size`.
* [ENHANCEMENT] HTTP SD: Add a failure counter.
* [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
* [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
* [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape.
* [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1.
* [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read.
* [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
* [ENHANCEMENT] UI: Improve graph colors that were hard to see.
* [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels.
* [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces.
* [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver.
* [ENHANCEMENT] Remote-write: Shard up more when backlogged.
* [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance.
* [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap.
* [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write.
* [ENHANCEMENT] TSDB: Improve label matching performance.
* [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
* [ENHANCEMENT] UI: Optimize the target page and add a search bar.
golang-github-prometheus-promu:
- Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576):
* [BUGFIX] Set build date from last changelog modification (bsc#1047218)
* [BUGFIX] Validate environment variable value
* [BUGFIX]Set build date from SOURCE_DATE_EPOCH
* [BUGFIX]Make extldflags extensible by configuration.
* [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine
* [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag
* [BUGFIX] Fix git repository url parsing
* [CHANGE] Remove ioutil
* [CHANGE] Update common Prometheus files
* [FEATURE] Add the ability to override tags per GOOS
* [FEATURE] Adding changes to support s390x
* [FEATURE] Added check_licenses Command to Promu
* [ENHANCEMENT] Allow to customize nested options via env variables
* [ENHANCEMENT] Add warning if promu info is unable to determine repo info
ImportantSUSE bug 1047218SUSE bug 1197284SUSE bug 1203185SUSE bug 1203599SUSE bug 1204023SUSE bug 1208049SUSE bug 1208051SUSE bug 1208060SUSE bug 1208062SUSE bug 1208064SUSE bug 1208965SUSE bug 1209113CVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql15 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql15 fixes the following issues:
Updated to version 15.3:
- CVE-2023-2454: Fixed an issue where a user having permission to
create a schema could hijack the privileges of a security definer
function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or
modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
ImportantSUSE bug 1210303SUSE bug 1211228SUSE bug 1211229CVE-2023-2454 at SUSECVE-2023-2454 at NVDCVE-2023-2455 at SUSECVE-2023-2455 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-cryptography (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for curl (Important)SUSE OpenStack Cloud Crowbar 9
This update for curl fixes the following issues:
- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ImportantSUSE bug 1206309SUSE bug 1207992SUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233SUSE bug 1211339CVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- Fix kABI breakage (bsc#1208333)
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353).
- cifs: fix double free in dfs mounts (bsc#1209845).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
- cifs: missing null pointer check in cifs_mount (bsc#1209845).
- cifs: serialize all mount attempts (bsc#1209845).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- k-m-s: Drop Linux 2.6 support
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
ImportantSUSE bug 1076830SUSE bug 1194535SUSE bug 1202353SUSE bug 1205128SUSE bug 1207036SUSE bug 1207125SUSE bug 1207168SUSE bug 1207185SUSE bug 1207795SUSE bug 1207845SUSE bug 1208179SUSE bug 1208333SUSE bug 1208599SUSE bug 1208777SUSE bug 1208837SUSE bug 1208850SUSE bug 1209008SUSE bug 1209052SUSE bug 1209256SUSE bug 1209289SUSE bug 1209291SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209613SUSE bug 1209687SUSE bug 1209777SUSE bug 1209778SUSE bug 1209845SUSE bug 1209871SUSE bug 1209887SUSE bug 1210124SUSE bug 1210202SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210647SUSE bug 1211037CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20567 at SUSECVE-2022-20567 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u372 (icedtea-3.27.0):
- CVE-2023-21930: Fixed an issue in the JSSE component that could
allow an attacker to access critical data without authorization
(bsc#1210628).
- CVE-2023-21937: Fixed an issue in the Networking component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210631).
- CVE-2023-21938: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210632).
- CVE-2023-21939: Fixed an issue in the Swing component that could
allow an attacker to update, insert or delete some data without
authorization (bsc#1210634).
- CVE-2023-21954: Fixed an issue in the Hotspot component that
could allow an attacker to access critical data without
authorization (bsc#1210635).
- CVE-2023-21967: Fixed an issue in the JSSE component that could
allow an attacker to cause a hang or frequently repeatable
crash without authorization (bsc#1210636).
- CVE-2023-21968: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210637).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ctags (Important)SUSE OpenStack Cloud Crowbar 9
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a
crafted filename (bsc#1206543).
ImportantSUSE bug 1206543CVE-2022-4515 at SUSECVE-2022-4515 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Important)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382)
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608).
ImportantSUSE bug 1211608CVE-2023-28709 at SUSECVE-2023-28709 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cups (Important)SUSE OpenStack Cloud Crowbar 9
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openvswitch (Important)SUSE OpenStack Cloud Crowbar 9
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
- CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865).
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).
ImportantSUSE bug 1188524SUSE bug 1203865SUSE bug 1206580SUSE bug 1206581CVE-2021-36980 at SUSECVE-2021-36980 at NVDCVE-2022-32166 at SUSECVE-2022-32166 at NVDCVE-2022-4337 at SUSECVE-2022-4337 at NVDCVE-2022-4338 at SUSECVE-2022-4338 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openstack-heat, openstack-swift, python-Werkzeug (Important)SUSE OpenStack Cloud Crowbar 9
This update for openstack-heat, openstack-swift, python-Werkzeug contains the following fixes:
Security fixes included in this update:
openstack-heat:
- CVE-2023-1625: Fixed an issue where parameter values marked as 'hidden' would be shown in the stack's environment (bsc#1209774).
openstack-swift:
- CVE-2022-47950: Fixed a local file disclosure that could be triggered by an authenticated attacker by supplying a malicious XML (bnc#1207035).
python-Werkzeug:
- CVE-2023-25577: Fixed an unbounded resource usage when parsing multipart forms with many fields (bsc#1208283).
Non security changes on this update:
Changes in openstack-heat:
- Honor 'hidden' parameter in 'stack environment show' command. (bsc#1209774, CVE-2023-1625)
Changes in openstack-swift:
- Prevent XXE injections in API. (bsc#1207035, CVE-2022-47950)
Changes in python-Werkzeug;
- Limit maximum number of multipart form parts. (bsc#1208283, CVE-2023-25577)
ImportantSUSE bug 1207035SUSE bug 1208283SUSE bug 1209774CVE-2022-47950 at SUSECVE-2022-47950 at NVDCVE-2023-1625 at SUSECVE-2023-1625 at NVDCVE-2023-25577 at SUSECVE-2023-25577 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.12.0 ESR (bsc#1211922):
- CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
- CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
ImportantSUSE bug 1211922CVE-2023-34414 at SUSECVE-2023-34414 at NVDCVE-2023-34416 at SUSECVE-2023-34416 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637SUSE bug 1210711SUSE bug 1210826SUSE bug 1211615CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDCVE-2023-2597 at SUSECVE-2023-2597 at NVDCVE-2023-30441 at SUSECVE-2023-30441 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libcares2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libcares2 fixes the following issues:
- CVE-2023-32067: Fixed a denial of service that could be triggered by
a 0-byte UDP payload (bsc#1211604).
- CVE-2023-31147: Fixed an insufficient randomness in generation of
DNS query IDs (bsc#1211605).
- CVE-2023-31130: Fixed a buffer underflow when configuring specific
IPv6 addresses (bsc#1211606).
- CVE-2023-31124: Fixed a build issue when cross-compiling that could
lead to insufficient randomness (bsc#1211607).
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libX11 (Important)SUSE OpenStack Cloud Crowbar 9
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287).
- CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
ImportantSUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206878SUSE bug 1209287SUSE bug 1210629SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211105SUSE bug 1211186SUSE bug 1211260SUSE bug 1211592CVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libwebp (Important)SUSE OpenStack Cloud Crowbar 9
This update for libwebp fixes the following issues:
- CVE-2023-1999: Fixed double free (bsc#1210212).
ImportantSUSE bug 1210212CVE-2023-1999 at SUSECVE-2023-1999 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bluez (Important)SUSE OpenStack Cloud Crowbar 9
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Add security patches (bsc#1211846):
- CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
- CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).
ImportantSUSE bug 1211658SUSE bug 1211659SUSE bug 1211846CVE-2023-28204 at SUSECVE-2023-28204 at NVDCVE-2023-32373 at SUSECVE-2023-32373 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests [bsc#1201627]
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
ModerateSUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python (Important)SUSE OpenStack Cloud Crowbar 9
This update for python fixes the following issues:
- CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471).
ImportantSUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for sqlite3 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-sqlparse (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-sqlparse fixes the following issues:
- CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS (bsc#1210617).
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for bind (Important)SUSE OpenStack Cloud Crowbar 9
This update for bind fixes the following issues:
- CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544).
ImportantSUSE bug 1212544CVE-2023-2828 at SUSECVE-2023-2828 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-tornado (Low)SUSE OpenStack Cloud Crowbar 9
This update for python-tornado fixes the following issues:
- CVE-2023-28370: Fixed an open redirect issue in the static file
handler (bsc#1211741).
LowSUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for installation-images (Moderate)SUSE OpenStack Cloud Crowbar 9
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libqt5-qtbase (Important)SUSE OpenStack Cloud Crowbar 9
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408).
- CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798).
ImportantSUSE bug 1189408SUSE bug 1211798CVE-2020-24741 at SUSECVE-2020-24741 at NVDCVE-2023-32763 at SUSECVE-2023-32763 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).
ImportantSUSE bug 1207783CVE-2023-0494 at SUSECVE-2023-0494 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ghostscript (Important)SUSE OpenStack Cloud Crowbar 9
This update for ghostscript fixes the following issues:
- CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711).
ImportantSUSE bug 1212711CVE-2023-36664 at SUSECVE-2023-36664 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
- Required fields are now highlighted in PDF forms.
- Improved performance on high-refresh rate monitors (120Hz+).
- Buttons in the Tabs toolbar can now be reached with Tab,
Shift+Tab, and Arrow keys. View this article for additional
details.
- Windows' 'Make text bigger' accessibility setting now
affects all the UI and content pages, rather than only
applying to system font sizes.
- Non-breaking spaces are now preserved—preventing automatic
line breaks—when copying text from a form control.
- Fixed WebGL performance issues on NVIDIA binary drivers via
DMA-Buf on Linux.
- Fixed an issue in which Firefox startup could be
significantly slowed down by the processing of Web content
local storage. This had the greatest impact on users with
platter hard drives and significant local storage.
- Removed a configuration option to allow SHA-1 signatures in
certificates: SHA-1 signatures in certificates—long since
determined to no longer be secure enough—are now not
supported.
- Highlight color is preserved correctly after typing `Enter`
in the mail composer of Yahoo Mail and Outlook.
After bypassing the https only error page navigating back
would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was
visited.
- Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
plain text contexts, such as input and text area.
- Added an option to print only the current page from the
print preview dialog.
- Swipe to navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) on Windows is now
enabled.
- Stability on Windows is significantly improved as Firefox
handles low-memory situations much better.
- Touchpad scrolling on macOS was made more accessible by
reducing unintended diagonal scrolling opposite of the
intended scroll axis.
- Firefox is less likely to run out of memory on Linux and
performs more efficiently for the rest of the system when
memory runs low.
- It is now possible to edit PDFs: including writing text,
drawing, and adding signatures.
- Setting Firefox as your default browser now also makes it
the default PDF application on Windows systems.
- Swipe-to-navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) now works for Linux
users on Wayland.
- Text Recognition in images allows users on macOS 10.15 and
higher to extract text from the selected image (such as a
meme or screenshot).
- Firefox View helps you get back to content you previously
discovered. A pinned tab allows you to find and open recently
closed tabs on your current device and access tabs from other
devices (via our “Tab Pickup” feature).
- Import maps, which allow web pages to control the behavior
of JavaScript imports, are now enabled by default.
- Processes used for background tabs now use efficiency mode
on Windows 11 to limit resource use.
- The shift+esc keyboard shortcut now opens the Process
Manager, offering a way to quickly identify processes that
are using too many resources.
- Firefox now supports properly color correcting images
tagged with ICCv4 profiles.
- Support for non-English characters when saving and printing
PDF forms.
- The bookmarks toolbar's default 'Only show on New Tab'
state works correctly for blank new tabs. As before, you can
change the bookmark toolbar's behavior using the toolbar
context menu.
- Manifest Version 3 (MV3) extension support is now enabled
by default (MV2 remains enabled/supported). This major update
also ushers an exciting user interface change in the form of
the new extensions button.
- The Arbitrary Code Guard exploit protection has been
enabled in the media playback utility processes, improving
security for Windows users.
- The native HTML date picker for date and datetime inputs
can now be used with a keyboard alone, improving its
accessibility for screen reader users. Users with limited
mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
- Firefox builds in the Spanish from Spain (es-ES) and
Spanish from Argentina (es-AR) locales now come with a built-
in dictionary for the Firefox spellchecker.
- On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls
the page instead of zooming. This avoids accidental zooming
and matches the behavior of other web browsers on macOS.
- It's now possible to import bookmarks, history and
passwords not only from Edge, Chrome or Safari but also from
Opera, Opera GX, and Vivaldi.
- GPU sandboxing has been enabled on Windows.
- On Windows, third-party modules can now be blocked from
injecting themselves into Firefox, which can be helpful if
they are causing crashes or other undesirable behavior.
- Date, time, and datetime-local input fields can now be
cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on
macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and
Linux.
- GPU-accelerated Canvas2D is enabled by default on macOS and
Linux.
- WebGL performance improvement on Windows, MacOS and Linux.
- Enables overlay of hardware-decoded video with non-Intel
GPUs on Windows 10/11, improving video playback performance
and video scaling quality.
- Windows native notifications are now enabled.
- Firefox Relay users can now opt-in to create Relay email
masks directly from the Firefox credential manager. You must
be signed in with your Firefox Account.
- We’ve added two new locales: Silhe Friulian (fur) and
Sardinian (sc).
- Right-clicking on password fields now shows an option to
reveal the password.
- Private windows and ETP set to strict will now include
email tracking protection. This will make it harder for email
trackers to learn the browsing habits of Firefox users. You
can check the Tracking Content in the sub-panel on the shield
icon panel.
- The deprecated U2F Javascript API is now disabled by
default. The U2F protocol remains usable through the WebAuthn
API. The U2F API can be re-enabled using the
`security.webauth.u2f` preference.
- Say hello to enhanced Picture-in-Picture! Rewind, check
video duration, and effortlessly switch to full-screen mode
on the web's most popular video websites.
- Firefox's address bar is already a great place to search
for what you're looking for. Now you'll always be able to see
your web search terms and refine them while viewing your
search's results - no additional scrolling needed! Also, a
new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest
entries.
- Private windows now protect users even better by blocking
third-party cookies and storage of content trackers.
- Passwords automatically generated by Firefox now include
special characters, giving users more secure passwords by
default.
- Firefox 115 introduces a redesigned accessibility engine
which significantly improves the speed, responsiveness, and
stability of Firefox when used with:
- Screen readers, as well as certain other accessibility
software;
- East Asian input methods;
- Enterprise single sign-on software; and
- Other applications which use accessibility frameworks to
access information.
- Firefox 115 now supports AV1 Image Format files containing
animations (AVIS), improving support for AVIF images across
the web.
- The Windows GPU sandbox first shipped in the Firefox 110
release has been tightened to enhance the security benefits
it provides.
- A 13-year-old feature request was fulfilled and Firefox now
supports files being drag-and-dropped directly from Microsoft
Outlook. A special thanks to volunteer contributor Marco
Spiess for helping to get this across the finish line!
- Users on macOS can now access the Services sub-menu
directly from Firefox context menus.
- On Windows, the elastic overscroll effect has been enabled
by default. When two-finger scrolling on the touchpad or
scrolling on the touchscreen, you will now see a bouncing
animation when scrolling past the edge of a scroll container.
- Firefox is now available in the Tajik (tg) language.
- Added UI to manage the DNS over HTTPS exception list.
- Bookmarks can now be searched from the Bookmarks menu. The
Bookmarks menu is accessible by adding the Bookmarks menu
button to the toolbar.
- Restrict searches to your local browsing history by
selecting Search history from the History, Library or
Application menu buttons.
- Mac users can now capture video from their cameras in all
supported native resolutions. This enables resolutions higher
than 1280x720.
- It is now possible to reorder the extensions listed in the
extensions panel.
- Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator.
- Pocket Recommended content can now be seen in France,
Italy, and Spain.
- DNS over HTTPS settings are now part of the Privacy &
Security section of the Settings page and allow the user to
choose from all the supported modes.
- Migrating from another browser? Now you can bring over
payment methods you've saved in Chrome-based browsers to
Firefox.
- Hardware video decoding enabled for Intel GPUs on Linux.
- The Tab Manager dropdown now features close buttons, so you
can close tabs more quickly.
- Windows Magnifier now follows the text cursor correctly
when the Firefox title bar is visible.
- Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions-
using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3
*_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
[6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows
[9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464)
Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002)
Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711)
Potential use-after-free from compartment mismatch in
SpiderMonkey
* CVE-2023-37203 (bmo#291640)
Drag and Drop API may provide access to local system files
* CVE-2023-37204 (bmo#1832195)
Fullscreen notification obscured via option element
* CVE-2023-37205 (bmo#1704420)
URL spoofing in address bar using RTL characters
* CVE-2023-37206 (bmo#1813299)
Insufficient validation of symlinks in the FileSystem API
* CVE-2023-37207 (bmo#1816287)
Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675)
Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993)
Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886)
Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
bmo#1836550, bmo#1837450)
Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,
bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,
bmo#1838587)
Memory safety bugs fixed in Firefox 115
- Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
ImportantSUSE bug 1212101SUSE bug 1212438CVE-2023-3482 at SUSECVE-2023-3482 at NVDCVE-2023-37201 at SUSECVE-2023-37201 at NVDCVE-2023-37202 at SUSECVE-2023-37202 at NVDCVE-2023-37203 at SUSECVE-2023-37203 at NVDCVE-2023-37204 at SUSECVE-2023-37204 at NVDCVE-2023-37205 at SUSECVE-2023-37205 at NVDCVE-2023-37206 at SUSECVE-2023-37206 at NVDCVE-2023-37207 at SUSECVE-2023-37207 at NVDCVE-2023-37208 at SUSECVE-2023-37208 at NVDCVE-2023-37209 at SUSECVE-2023-37209 at NVDCVE-2023-37210 at SUSECVE-2023-37210 at NVDCVE-2023-37211 at SUSECVE-2023-37211 at NVDCVE-2023-37212 at SUSECVE-2023-37212 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-ibm (Important)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000):
- Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection.
ImportantSUSE bug 1213000cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for perl (Important)SUSE OpenStack Cloud Crowbar 9
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for samba (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ModerateSUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230)
Security fixes:
- CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703)
Other fixes:
- Fixed a startup crash experienced by some Windows
users by blocking instances of a malicious injected DLL
(bmo#1841751)
- Fixed a bug with displaying a caret in the text editor
on some websites (bmo#1840804)
- Fixed a bug with broken audio rendering on some
websites (bmo#1841982)
- Fixed a bug with patternTransform translate using the
wrong units (bmo#1840746)
- Fixed a crash affecting Windows 7 users related to the
DLL blocklist.
Firefox Extended Support Release 115.0.1 ESR
- Fixed a startup crash for Windows users with Kingsoft
Antivirus software installed (bmo#1837242)
ImportantSUSE bug 1213230CVE-2023-3600 at SUSECVE-2023-3600 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cjose (Important)SUSE OpenStack Cloud Crowbar 9
This update for cjose fixes the following issues:
- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).
ImportantSUSE bug 1213385CVE-2023-37464 at SUSECVE-2023-37464 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_0_0 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- testsuite: Update further expiring certificates that affect tests [bsc#1201627]
ImportantSUSE bug 1201627SUSE bug 1207533SUSE bug 1207534SUSE bug 1207536CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openssl-1_1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
ImportantSUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libksba (Important)SUSE OpenStack Cloud Crowbar 9
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ImportantSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mariadb (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for mariadb fixes the following issues:
- CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164).
ModerateSUSE bug 1201164CVE-2022-32084 at SUSECVE-2022-32084 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2-mod_security2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2-mod_security2 fixes the following issues:
- CVE-2022-48279: Fixed a potential firewall bypass due to an
incorrect parsing of HTTP multipart requests (bsc#1207378).
ImportantSUSE bug 1207378CVE-2022-48279 at SUSECVE-2022-48279 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2023-36053: Fixed regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742).
ModerateSUSE bug 1212742CVE-2023-36053 at SUSECVE-2023-36053 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137)
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1196137SUSE bug 1198136cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionpack-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionpack-4_2 fixes the following issues:
- CVE-2023-28362: Fixed XSS via User Supplied Values to redirect_to (bsc#1213312).
ModerateSUSE bug 1213312CVE-2023-28362 at SUSECVE-2023-28362 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libapr-util1 (Critical)SUSE OpenStack Cloud Crowbar 9
This update for libapr-util1 fixes the following issues:
- CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)
CriticalSUSE bug 1207866CVE-2022-25147 at SUSECVE-2022-25147 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xrdp (Important)SUSE OpenStack Cloud Crowbar 9
This update for xrdp fixes the following issues:
- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
ImportantSUSE bug 1206300SUSE bug 1206303SUSE bug 1206306SUSE bug 1206307SUSE bug 1206310SUSE bug 1206311SUSE bug 1206312CVE-2022-23468 at SUSECVE-2022-23468 at NVDCVE-2022-23479 at SUSECVE-2022-23479 at NVDCVE-2022-23480 at SUSECVE-2022-23480 at NVDCVE-2022-23481 at SUSECVE-2022-23481 at NVDCVE-2022-23482 at SUSECVE-2022-23482 at NVDCVE-2022-23483 at SUSECVE-2022-23483 at NVDCVE-2022-23484 at SUSECVE-2022-23484 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2023-41164: Fixed a potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (bsc#1214667).
ModerateSUSE bug 1214667CVE-2023-41164 at SUSECVE-2023-41164 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rails-html-sanitizer (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rails-html-sanitizer fixes the following issues:
- CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking (bsc#1206433).
- CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah (bsc#1206434).
- CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer (bsc#1206435).
- CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer (bsc#1206436).
ImportantSUSE bug 1206433SUSE bug 1206434SUSE bug 1206435SUSE bug 1206436CVE-2022-23517 at SUSECVE-2022-23517 at NVDCVE-2022-23518 at SUSECVE-2022-23518 at NVDCVE-2022-23519 at SUSECVE-2022-23519 at NVDCVE-2022-23520 at SUSECVE-2022-23520 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for cups (Important)SUSE OpenStack Cloud Crowbar 9
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
- CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1212230SUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-34241 at SUSECVE-2023-34241 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libwebp (Critical)SUSE OpenStack Cloud Crowbar 9
This update for libwebp fixes the following issues:
- CVE-2023-4863: Fixed a heap buffer overflow (bsc#1215231).
CriticalSUSE bug 1215231CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for postgresql15 (Important)SUSE OpenStack Cloud Crowbar 9
This update for postgresql15 fixes the following issues:
Update to 15.2:
- CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102).
ImportantSUSE bug 1208102CVE-2022-41862 at SUSECVE-2022-41862 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-gevent (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-gevent fixes the following issues:
- CVE-2023-41419: Fixed a http request smuggling (bsc#1215469).
ImportantSUSE bug 1215469CVE-2023-41419 at SUSECVE-2023-41419 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-setuptools (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
by fetching a malicious HTML document (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- Reverted 'constraints: increase disk space for all architectures' (bsc#1203693).
- HID: betop: check shape of output reports (bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186).
- HID: check empty report_list in hid_validate_values() (bsc#1206784).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
ImportantSUSE bug 1203693SUSE bug 1205149SUSE bug 1206073SUSE bug 1206664SUSE bug 1206677SUSE bug 1206784SUSE bug 1207036SUSE bug 1207186SUSE bug 1207237CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ImageMagick (Important)SUSE OpenStack Cloud Crowbar 9
This update for ImageMagick fixes the following issues:
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).
ImportantSUSE bug 1207982SUSE bug 1207983CVE-2022-44267 at SUSECVE-2022-44267 at NVDCVE-2022-44268 at SUSECVE-2022-44268 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for git (Important)SUSE OpenStack Cloud Crowbar 9
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).
ImportantSUSE bug 1208027SUSE bug 1208028CVE-2023-22490 at SUSECVE-2023-22490 at NVDCVE-2023-23946 at SUSECVE-2023-23946 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-urllib3 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
- CVE-2018-25091: Fixed a potential leak of the Authorization header
during a cross-origin redirect (bsc#1216275).
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968SUSE bug 1216275SUSE bug 1216377CVE-2018-25091 at SUSECVE-2018-25091 at NVDCVE-2023-43804 at SUSECVE-2023-43804 at NVDCVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for java-1_8_0-openjdk (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for java-1_8_0-openjdk fixes the following issues:
Updated to version jdk8u362 (icedtea-3.26.0):
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
ModerateSUSE bug 1207248SUSE bug 1207249CVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-actionpack-4_2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-actionpack-4_2 fixes the following issues:
- CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header (bsc#1207451).
- CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted cookies (bsc#1207455).
ImportantSUSE bug 1207451SUSE bug 1207455CVE-2023-22792 at SUSECVE-2023-22792 at NVDCVE-2023-22795 at SUSECVE-2023-22795 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2023-43665: Fixed a denial of service in
django.utils.text.Truncator (bsc#1215978).
ModerateSUSE bug 1215978CVE-2023-43665 at SUSECVE-2023-43665 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for clamav (Critical)SUSE OpenStack Cloud Crowbar 9
This update for clamav fixes the following issues:
- CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363).
- CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).
CriticalSUSE bug 1208363SUSE bug 1208365CVE-2023-20032 at SUSECVE-2023-20032 at NVDCVE-2023-20052 at SUSECVE-2023-20052 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for ucode-intel (Important)SUSE OpenStack Cloud Crowbar 9
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Pillow (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Pillow fixes the following issues:
- CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).
ImportantSUSE bug 1216894CVE-2023-44271 at SUSECVE-2023-44271 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Updated to version 102.8.0 ESR (bsc#1208144):
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
- CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus.
- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
- CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers.
- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
- CVE-2023-25729: Fixed extensions opening external schemes without user knowledge.
- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
- CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads.
- CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey.
- CVE-2023-25744: Fixed Memory safety bugs.
- CVE-2023-25746: Fixed Memory safety bugs.
ImportantSUSE bug 1208138SUSE bug 1208144CVE-2023-0767 at SUSECVE-2023-0767 at NVDCVE-2023-25728 at SUSECVE-2023-25728 at NVDCVE-2023-25729 at SUSECVE-2023-25729 at NVDCVE-2023-25730 at SUSECVE-2023-25730 at NVDCVE-2023-25732 at SUSECVE-2023-25732 at NVDCVE-2023-25734 at SUSECVE-2023-25734 at NVDCVE-2023-25735 at SUSECVE-2023-25735 at NVDCVE-2023-25737 at SUSECVE-2023-25737 at NVDCVE-2023-25738 at SUSECVE-2023-25738 at NVDCVE-2023-25739 at SUSECVE-2023-25739 at NVDCVE-2023-25742 at SUSECVE-2023-25742 at NVDCVE-2023-25743 at SUSECVE-2023-25743 at NVDCVE-2023-25744 at SUSECVE-2023-25744 at NVDCVE-2023-25746 at SUSECVE-2023-25746 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for mozilla-nss (Important)SUSE OpenStack Cloud Crowbar 9
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for poppler (Important)SUSE OpenStack Cloud Crowbar 9
This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).
- CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).
ImportantSUSE bug 1140877SUSE bug 1202692CVE-2019-13283 at SUSECVE-2019-13283 at NVDCVE-2022-38784 at SUSECVE-2022-38784 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-activerecord-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-activerecord-4_2 fixes the following issues:
- CVE-2022-44566: Fixed a potential denial of service due to an
inefficient comparison between integer and numeric values
(bsc#1207450).
ModerateSUSE bug 1207450CVE-2022-44566 at SUSECVE-2022-44566 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libxslt (Important)SUSE OpenStack Cloud Crowbar 9
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xterm (Important)SUSE OpenStack Cloud Crowbar 9
This update for xterm fixes the following issues:
- CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305).
ImportantSUSE bug 1205305CVE-2022-45063 at SUSECVE-2022-45063 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for nrpe (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for nrpe fixes the following issues:
- CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906).
ModerateSUSE bug 931600SUSE bug 938906CVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-activerecord-4_2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-activerecord-4_2 contains the following fixes:
- CVE-2022-44566: Fixed a potential denial of service due to an inefficient
comparison between integer and numeric values. (bsc#1207450)
- fixed regression caused by fix for CVE-2022-44566. (bsc#1207450)
ImportantSUSE bug 1207450CVE-2022-44566 at SUSECVE-2022-44566 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for emacs (Important)SUSE OpenStack Cloud Crowbar 9
This update for emacs fixes the following issues:
- CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515).
- CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512).
ImportantSUSE bug 1208512SUSE bug 1208515CVE-2022-48337 at SUSECVE-2022-48337 at NVDCVE-2022-48339 at SUSECVE-2022-48339 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for webkit2gtk3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.3 (bnc#1206750):
- CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
- CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474).
- CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
- CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
- CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
- CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
- CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
ImportantSUSE bug 1206474SUSE bug 1206750CVE-2022-42852 at SUSECVE-2022-42852 at NVDCVE-2022-42856 at SUSECVE-2022-42856 at NVDCVE-2022-42863 at SUSECVE-2022-42863 at NVDCVE-2022-42867 at SUSECVE-2022-42867 at NVDCVE-2022-46691 at SUSECVE-2022-46691 at NVDCVE-2022-46692 at SUSECVE-2022-46692 at NVDCVE-2022-46698 at SUSECVE-2022-46698 at NVDCVE-2022-46699 at SUSECVE-2022-46699 at NVDCVE-2022-46700 at SUSECVE-2022-46700 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-activesupport-4_2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-activesupport-4_2 fixes the following issues:
- CVE-2023-22796: Fixed a potential denial of service when passing a
crafted input to the underscore method due to an inefficient
regular expression (bsc#1207454).
ModerateSUSE bug 1207454CVE-2023-22796 at SUSECVE-2023-22796 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rack (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rack fixes the following issues:
- CVE-2022-44570: Fixed a potential denial of service when parsing a
RFC2183 multipart boundary (bsc#1207597).
- CVE-2022-44571: Fixed a potential denial of service when parsing a
Range header (bsc#1207599).
ModerateSUSE bug 1207597SUSE bug 1207599CVE-2022-44570 at SUSECVE-2022-44570 at NVDCVE-2022-44571 at SUSECVE-2022-44571 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xorg-x11-server (Important)SUSE OpenStack Cloud Crowbar 9
This update for xorg-x11-server fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874).
ImportantSUSE bug 1205874CVE-2022-46340 at SUSECVE-2022-46340 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python3 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
- CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673).
ImportantSUSE bug 1206673SUSE bug 1208471CVE-2022-40899 at SUSECVE-2022-40899 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for tomcat (Important)SUSE OpenStack Cloud Crowbar 9
This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513CVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp (Important)SUSE OpenStack Cloud Crowbar 9
This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues:
Security fixes included on this update:
openstack-barbican:
- CVE-2022-3100: Fixed an access policy bypass via query string injection (bsc#1203873).
spark:
- CVE-2022-33891: Fixed a command injection vulnerability via Spark UI (bsc#1204326).
Non Security fixes:
Changes in openstack-barbican:
- Add patch to address access policy bypass via query string injection.
(bsc#1203873, CVE-2022-3100.)
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev5:
* Add support for zed
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev6:
* Add support for zed
- Update to version group-based-policy-ui-14.0.1.dev5:
* fix launch instance GBP issue
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev209:
* Update documentation link for openSUSE index
- Update to version neutron-13.0.8.dev208:
* fix: Fix url of Floodlight
- Update to version neutron-13.0.8.dev207:
* Mellanox\_eth.img url expires, remove the mellanox\_eth.img node
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev209:
* Update documentation link for openSUSE index
- Update to version neutron-13.0.8.dev208:
* fix: Fix url of Floodlight
- Update to version neutron-13.0.8.dev207:
* Mellanox\_eth.img url expires, remove the mellanox\_eth.img node
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev52:
* Fix keystone notification listener
- Update to version group-based-policy-14.0.1.dev51:
* Support for epg subnet
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev50:
* Use top-level contract references
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev48:
* Remove py37 jobs from gate
2014.2rc1
Changes in spark:
- Avoid using bash -c in ShellBasedGroupsMappingProvider. (bsc#1204326, CVE-2022-33891)
- Add _constraints to prevent build from running out of disk space
- Update to version group-based-policy-14.0.1.dev47:
* Remove python39 from voting
ImportantSUSE bug 1203873SUSE bug 1204326CVE-2022-3100 at SUSECVE-2022-3100 at NVDCVE-2022-33891 at SUSECVE-2022-33891 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for jakarta-commons-fileupload (Important)SUSE OpenStack Cloud Crowbar 9
This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513SUSE bug 986359CVE-2016-3092 at SUSECVE-2016-3092 at NVDCVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for vim (Important)SUSE OpenStack Cloud Crowbar 9
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for MozillaFirefox (Important)SUSE OpenStack Cloud Crowbar 9
This update for MozillaFirefox fixes the following issues:
Update to version 102.9.0 ESR (bsc#1209173):
- CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
- CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
- CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
- CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28160: Redirect to Web Extension files may have leaked local path
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- CVE-2023-28177: Memory safety bugs fixed in Firefox 111
ImportantSUSE bug 1209173CVE-2023-25748 at SUSECVE-2023-25748 at NVDCVE-2023-25749 at SUSECVE-2023-25749 at NVDCVE-2023-25750 at SUSECVE-2023-25750 at NVDCVE-2023-25751 at SUSECVE-2023-25751 at NVDCVE-2023-25752 at SUSECVE-2023-25752 at NVDCVE-2023-28159 at SUSECVE-2023-28159 at NVDCVE-2023-28160 at SUSECVE-2023-28160 at NVDCVE-2023-28161 at SUSECVE-2023-28161 at NVDCVE-2023-28162 at SUSECVE-2023-28162 at NVDCVE-2023-28163 at SUSECVE-2023-28163 at NVDCVE-2023-28164 at SUSECVE-2023-28164 at NVDCVE-2023-28176 at SUSECVE-2023-28176 at NVDCVE-2023-28177 at SUSECVE-2023-28177 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for apache2 (Important)SUSE OpenStack Cloud Crowbar 9
This update for apache2 fixes the following issues:
- CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).
The following non-security bugs were fixed:
- Fixed passing health check does not recover worker from its error state (bsc#1208708).
ImportantSUSE bug 1208708SUSE bug 1209047CVE-2023-25690 at SUSECVE-2023-25690 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-cffi (Moderate)SUSE OpenStack Cloud Crowbar 9
This update for python-cffi fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to immutable python object being changed (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils (Important)SUSE OpenStack Cloud Crowbar 9
This update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils contains the following fixes:
Security fixes included on this update:
openstack-cinder, openstack-glance, openstack-nova:
- CVE-2022-47951: Fixed file access control through custom VMDK flat descriptor. (bsc#1207321)
Non-security changes included on this update:
Changes in openstack-cinder:
- Fixed file access control through custom VMDK flat descriptor. (bsc#1207321, CVE-2022-47951)
Changes in openstack-glance:
- Enforce image safety during image_conversion. (bsc#1207321, CVE-2022-47951)
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev58:
* Add no nat cidrs network extension
- Update to version group-based-policy-14.0.1.dev57:
* Cleanup stable branches
- Update to version group-based-policy-14.0.1.dev56:
* Revert 'Add no nat cidrs network extension'
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev55:
* Add no nat cidrs network extension
2014.2rc1
- Update to version group-based-policy-14.0.1.dev54:
* Add python39 gate support
* Fixes for tox4
Changes in openstack-nova:
- Fixed file access control through custom VMDK flat descriptor. (bsc#1207321, CVE-2022-47951)
Changes in python-oslo.utils:
- Report format specific details when using JSON output format. (bsc#1207321)
ImportantSUSE bug 1207321CVE-2022-47951 at SUSECVE-2022-47951 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for the Linux Kernel (Important)SUSE OpenStack Cloud Crowbar 9
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).
The following non-security bugs were fixed:
- kabi/severities: add l2tp local symbols
ImportantSUSE bug 1191881SUSE bug 1194535SUSE bug 1201420SUSE bug 1203331SUSE bug 1203332SUSE bug 1205711SUSE bug 1207051SUSE bug 1207773SUSE bug 1207795SUSE bug 1208700SUSE bug 1209188CVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-2991 at SUSECVE-2022-2991 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for oracleasm (Moderate)SUSE OpenStack Cloud Crowbar 9
This update of oracleasm fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for xen (Important)SUSE OpenStack Cloud Crowbar 9
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for grub2 (Moderate)SUSE OpenStack Cloud Crowbar 9
This update of grub2 fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for rubygem-rack (Important)SUSE OpenStack Cloud Crowbar 9
This update for rubygem-rack fixes the following issues:
- CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing (bsc#1220239).
- CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing (bsc#1220242).
- CVE-2024-26146: Fixed a denial-of-service vulnerability in Rack headers parsing routine (bsc#1220248).
ImportantSUSE bug 1220239SUSE bug 1220242SUSE bug 1220248CVE-2024-25126 at SUSECVE-2024-25126 at NVDCVE-2024-26141 at SUSECVE-2024-26141 at NVDCVE-2024-26146 at SUSECVE-2024-26146 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Django fixes the following issues:
- CVE-2024-27351: Align the patch with the upstream one and make it more robust. (bsc#1220358)
ImportantSUSE bug 1220358CVE-2024-27351 at SUSECVE-2024-27351 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Pillow (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Pillow fixes the following issues:
- CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262)
ImportantSUSE bug 1222262CVE-2024-28219 at SUSECVE-2024-28219 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Pillow (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048)
ImportantSUSE bug 1219048CVE-2023-50447 at SUSECVE-2023-50447 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Feature update for LibreOffice (Important)SUSE OpenStack Cloud Crowbar 9
This update for LibreOffice fixes the following issues:
libreoffice:
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* For the highlights of changes of version 7.4 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.4
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
* poppler-data version update from 0.4.10 to 0.4.11
* skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
* New build dependencies:
* fixmath-devel
* libwebp-devel
* zlib-devel
* dragonbox-devel
* at-spi2-core-devel
* libtiff-devel
dragonbox:
- New package at version 1.1.3 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
fixmath:
- New package at version 2022.07.20 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
libmwaw:
- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
* Add debug code to read some private rsrc data
* Allow to read some MacWrite which does not have printer informations
* Add a parser for Scoop files
* Add a parser for ScriptWriter files
* Add a parser for ReadySetGo 1-4 files
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for python-Django1 (Important)SUSE OpenStack Cloud Crowbar 9
This update for python-Django1 fixes the following issues:
- CVE-2024-24680: Fixed a denial-of-service in intcomma template filter (bsc#1219683).
- CVE-2024-27351: Fixed potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` (bsc#1220358).
ImportantSUSE bug 1219683SUSE bug 1220358CVE-2024-24680 at SUSECVE-2024-24680 at NVDCVE-2024-27351 at SUSECVE-2024-27351 at NVDcpe:/o:suse:suse-openstack-cloud-crowbar:9Security update for libgcrypt (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libgcrypt fixes the following issues:
The following security vulnerability was addressed:
- CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for
ECDSA signatures (bsc#1097410).
The following other issues were fixed:
- Extended the fipsdrv dsa-sign and dsa-verify commands with the
--algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455).
- Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766)
ModerateSUSE bug 1064455SUSE bug 1090766SUSE bug 1097410CVE-2018-0495 at SUSECVE-2018-0495 at NVDcpe:/o:suse:sles:12:sp4Security update for python, python-base (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python, python-base fixes the following issues:
Security issues fixed:
- CVE-2018-1000802: Prevent command injection in shutil module (make_archive
function) via passage of unfiltered user input (bsc#1109663).
- CVE-2018-1061: Fixed DoS via regular expression backtracking in
difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
- CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in
apop() method in pop3lib (bsc#1088009).
Bug fixes:
- bsc#1086001: python tarfile uses random order.
ModerateSUSE bug 1086001SUSE bug 1088004SUSE bug 1088009SUSE bug 1109663CVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
ImportantSUSE bug 1109961CVE-2018-11763 at SUSECVE-2018-11763 at NVDcpe:/o:suse:sles:12:sp4Security update for audiofile (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for audiofile fixes the following issues:
- CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586).
ModerateSUSE bug 1111586CVE-2018-17095 at SUSECVE-2018-17095 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Important)SUSE Linux Enterprise Server 12 SP4
This update for wireshark fixes the following issues:
Wireshark was updated to 2.4.10 (bsc#1111647).
Following security issues were fixed:
- CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47)
- CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50)
Further bug fixes and updated protocol support that were done are listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html
ImportantSUSE bug 1111647CVE-2018-12086 at SUSECVE-2018-12086 at NVDCVE-2018-18227 at SUSECVE-2018-18227 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox to ESR 60.2.2 fixes several issues.
These general changes are part of the version 60 release.
- New browser engine with speed improvements
- Redesigned graphical user interface elements
- Unified address and search bar for new installations
- New tab page listing top visited, recently visited and recommended pages
- Support for configuration policies in enterprise deployments via JSON files
- Support for Web Authentication, allowing the use of USB tokens for
authentication to web sites
The following changes affect compatibility:
- Now exclusively supports extensions built using the WebExtension API.
- Unsupported legacy extensions will no longer work in Firefox 60 ESR
- TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted
The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate
trust in those certificates
The following issues affect performance:
- new format for storing private keys, certificates and certificate trust
If the user home or data directory is on a network file system, it is
recommended that users set the following environment variable to avoid
slowdowns: NSS_SDB_USE_CACHE=yes
This setting is not recommended for local, fast file systems.
These security issues were fixed:
- CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343).
- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343).
- CVE-2018-12376: Various memory safety bugs (bsc#1107343).
- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343).
- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343).
- CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343).
- CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506)
- CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507)
- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)
- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)
This update for mozilla-nspr to version 4.19 fixes the follwing issues
- Added TCP Fast Open functionality
- A socket without PR_NSPR_IO_LAYER will no longer trigger
an assertion when polling
This update for mozilla-nss to version 3.36.4 fixes the follwing issues
- Connecting to a server that was recently upgraded to TLS 1.3
would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
- Fix a rare bug with PKCS#12 files.
- Replaces existing vectorized ChaCha20 code with verified
HACL* implementation.
- TLS 1.3 support has been updated to draft -23.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- The following CA certificates were Removed:
OU = Security Communication EV RootCA1
CN = CA Disig Root R1
CN = DST ACES CA X6
Certum CA, O=Unizeto Sp. z o.o.
StartCom Certification Authority
StartCom Certification Authority G2
T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3
ACEDICOM Root
Certinomis - Autorit? Racine
T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
PSCProcert
CA 沃通根证书, O=WoSign CA Limited
Certification Authority of WoSign
Certification Authority of WoSign G2
CA WoSign ECC Root
Subject CN = VeriSign Class 3 Secure Server CA - G2
O = Japanese Government, OU = ApplicationCA
CN = WellsSecure Public Root Certificate Authority
CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
CN = Microsec e-Szigno Root
* The following CA certificates were Removed:
AddTrust Public CA Root
AddTrust Qualified CA Root
China Internet Network Information Center EV Certificates Root
CNNIC ROOT
ComSign Secured CA
GeoTrust Global CA 2
Secure Certificate Services
Swisscom Root CA 1
Swisscom Root EV CA 2
Trusted Certificate Services
UTN-USERFirst-Hardware
UTN-USERFirst-Object
* The following CA certificates were Added
CN = D-TRUST Root CA 3 2013
CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
GDCA TrustAUTH R5 ROOT
SSL.com Root Certification Authority RSA
SSL.com Root Certification Authority ECC
SSL.com EV Root Certification Authority RSA R2
SSL.com EV Root Certification Authority ECC
TrustCor RootCert CA-1
TrustCor RootCert CA-2
TrustCor ECA-1
* The Websites (TLS/SSL) trust bit was turned off for the following
CA certificates:
CN = Chambers of Commerce Root
CN = Global Chambersign Root
* TLS servers are able to handle a ClientHello statelessly, if the
client supports TLS 1.3. If the server sends a HelloRetryRequest,
it is possible to discard the server socket, and make a new socket
to handle any subsequent ClientHello. This better enables stateless
server operation. (This feature is added in support of QUIC, but it
also has utility for DTLS 1.3 servers.)
Due to the update of mozilla-nss apache2-mod_nss needs to be updated to
change to the SQLite certificate database, which is now the default (bsc#1108771)
ImportantSUSE bug 1012260SUSE bug 1021577SUSE bug 1026191SUSE bug 1041469SUSE bug 1041894SUSE bug 1049703SUSE bug 1061204SUSE bug 1064786SUSE bug 1065464SUSE bug 1066489SUSE bug 1073210SUSE bug 1078436SUSE bug 1091551SUSE bug 1092697SUSE bug 1094767SUSE bug 1096515SUSE bug 1107343SUSE bug 1108771SUSE bug 1108986SUSE bug 1109363SUSE bug 1109465SUSE bug 1110506SUSE bug 1110507SUSE bug 703591SUSE bug 839074SUSE bug 857131SUSE bug 893359CVE-2017-16541 at SUSECVE-2017-16541 at NVDCVE-2018-12376 at SUSECVE-2018-12376 at NVDCVE-2018-12377 at SUSECVE-2018-12377 at NVDCVE-2018-12378 at SUSECVE-2018-12378 at NVDCVE-2018-12379 at SUSECVE-2018-12379 at NVDCVE-2018-12381 at SUSECVE-2018-12381 at NVDCVE-2018-12383 at SUSECVE-2018-12383 at NVDCVE-2018-12385 at SUSECVE-2018-12385 at NVDCVE-2018-12386 at SUSECVE-2018-12386 at NVDCVE-2018-12387 at SUSECVE-2018-12387 at NVDcpe:/o:suse:sles:12:sp4Security update for soundtouch (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for soundtouch fixes the following issues:
- CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632)
- CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
- CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630)
ModerateSUSE bug 1108630SUSE bug 1108631SUSE bug 1108632CVE-2018-17096 at SUSECVE-2018-17096 at NVDCVE-2018-17097 at SUSECVE-2018-17097 at NVDCVE-2018-17098 at SUSECVE-2018-17098 at NVDcpe:/o:suse:sles:12:sp4Security update for opensc (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for opensc fixes the following issues:
- CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)
- CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)
- CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)
- CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)
- CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)
- CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)
- CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)
- CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)
- CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)
- CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)
ModerateSUSE bug 1104812SUSE bug 1106998SUSE bug 1106999SUSE bug 1107033SUSE bug 1107034SUSE bug 1107037SUSE bug 1107038SUSE bug 1107039SUSE bug 1107097SUSE bug 1107107SUSE bug 1108318CVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDcpe:/o:suse:sles:12:sp4Security update for libarchive (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libarchive fixes the following issues:
- CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089)
- CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008)
- CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)
- CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)
- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)
- CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)
- CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)
ModerateSUSE bug 1032089SUSE bug 1037008SUSE bug 1037009SUSE bug 1057514SUSE bug 1059100SUSE bug 1059134SUSE bug 1059139CVE-2016-10209 at SUSECVE-2016-10209 at NVDCVE-2016-10349 at SUSECVE-2016-10349 at NVDCVE-2016-10350 at SUSECVE-2016-10350 at NVDCVE-2017-14166 at SUSECVE-2017-14166 at NVDCVE-2017-14501 at SUSECVE-2017-14501 at NVDCVE-2017-14502 at SUSECVE-2017-14502 at NVDCVE-2017-14503 at SUSECVE-2017-14503 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
ImportantSUSE bug 1112852CVE-2018-12389 at SUSECVE-2018-12389 at NVDCVE-2018-12390 at SUSECVE-2018-12390 at NVDCVE-2018-12392 at SUSECVE-2018-12392 at NVDCVE-2018-12393 at SUSECVE-2018-12393 at NVDCVE-2018-12395 at SUSECVE-2018-12395 at NVDCVE-2018-12396 at SUSECVE-2018-12396 at NVDCVE-2018-12397 at SUSECVE-2018-12397 at NVDcpe:/o:suse:sles:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)
- CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665)
Non-security issues fixed:
- dhcp6: split assert_return() to be more debuggable when hit
- core: skip unit deserialization and move to the next one when unit_deserialize() fails
- core: properly handle deserialization of unknown unit types (#6476)
- core: don't create Requires for workdir if 'missing ok' (bsc#1113083)
- logind: use manager_get_user_by_pid() where appropriate
- logind: rework manager_get_{user|session}_by_pid() a bit
- login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)
- core: be more defensive if we can't determine per-connection socket peer (#7329)
- socket-util: introduce port argument in sockaddr_port()
- service: fixup ExecStop for socket-activated shutdown (#4120)
- service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923)
- cryptsetup: build fixes for 'add support for sector-size= option'
- udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278)
- core: keep the kernel coredump defaults when systemd-coredump is disabled
- core: shorten main() a bit, split out coredump initialization
- core: set RLIMIT_CORE to unlimited by default (bsc#1108835)
- core/mount: fstype may be NULL
- journald: don't ship systemd-journald-audit.socket (bsc#1109252)
- core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)
- mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)
- tmp.mount.hm4: After swap.target (#3087)
- Ship systemd-sysv-install helper via the main package
This script was part of systemd-sysvinit sub-package but it was
wrong since systemd-sysv-install is a script used to redirect
enable/disable operations to chkconfig when the unit targets are
sysv init scripts. Therefore it's never been a SySV init tool.
ImportantSUSE bug 1106923SUSE bug 1108835SUSE bug 1109252SUSE bug 1110445SUSE bug 1111278SUSE bug 1112024SUSE bug 1113083SUSE bug 1113632SUSE bug 1113665CVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDcpe:/o:suse:sles:12:sp4Security update for postgresql10 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation (bsc#1114837).
Non-security issues fixed:
- Update to release 10.6:
* https://www.postgresql.org/docs/current/static/release-10-6.html
ModerateSUSE bug 1114837CVE-2018-16850 at SUSECVE-2018-16850 at NVDcpe:/o:suse:sles:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4
This update for squid fixes the following issues:
Security issues fixed:
- CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668).
- CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669).
Non-security issues fixed:
- Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066).
- Install license correctly (bsc#1082318).
ImportantSUSE bug 1082318SUSE bug 1112066SUSE bug 1112695SUSE bug 1113668SUSE bug 1113669CVE-2018-19131 at SUSECVE-2018-19131 at NVDCVE-2018-19132 at SUSECVE-2018-19132 at NVDcpe:/o:suse:sles:12:sp4Security update for rpm (Important)SUSE Linux Enterprise Server 12 SP4
This update for rpm fixes the following issues:
These security issues were fixed:
- CVE-2017-7500: rpm did not properly handle RPM installations when a
destination path was a symbolic link to a directory, possibly changing
ownership and permissions of an arbitrary directory, and RPM files being placed
in an arbitrary destination (bsc#943457).
- CVE-2017-7501: rpm used temporary files with predictable names when
installing an RPM. An attacker with ability to write in a directory where files
will be installed could create symbolic links to an arbitrary location and
modify content, and possibly permissions to arbitrary files, which could be
used for denial of service or possibly privilege escalation (bsc#943457)
This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS,
they have already been released for SUSE Linux Enterprise Server 12 SP3.
ImportantSUSE bug 943457CVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2017-7501 at SUSECVE-2017-7501 at NVDcpe:/o:suse:sles:12:sp4Security update for exiv2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for exiv2 fixes the following issues:
- CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257)
- CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995)
- CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996)
- CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000)
- CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188)
- CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928)
- CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952)
- CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095)
- CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070)
ModerateSUSE bug 1050257SUSE bug 1051188SUSE bug 1060995SUSE bug 1060996SUSE bug 1061000SUSE bug 1072928SUSE bug 1092952SUSE bug 1093095SUSE bug 1095070CVE-2017-11591 at SUSECVE-2017-11591 at NVDCVE-2017-11683 at SUSECVE-2017-11683 at NVDCVE-2017-14859 at SUSECVE-2017-14859 at NVDCVE-2017-14862 at SUSECVE-2017-14862 at NVDCVE-2017-14864 at SUSECVE-2017-14864 at NVDCVE-2017-17669 at SUSECVE-2017-17669 at NVDCVE-2018-10958 at SUSECVE-2018-10958 at NVDCVE-2018-10998 at SUSECVE-2018-10998 at NVDCVE-2018-11531 at SUSECVE-2018-11531 at NVDcpe:/o:suse:sles:12:sp4Security update for tiff (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).
- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).
- CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).
Non-security issues fixed:
- asan_build: build ASAN included
- debug_build: build more suitable for debugging
ModerateSUSE bug 1099257SUSE bug 1113094SUSE bug 1113672CVE-2018-12900 at SUSECVE-2018-12900 at NVDCVE-2018-18557 at SUSECVE-2018-18557 at NVDCVE-2018-18661 at SUSECVE-2018-18661 at NVDcpe:/o:suse:sles:12:sp4Security update for openssh (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssh fixes the following issues:
Following security issues have been fixed:
- CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)
The following non-security issues were fixed:
- Stop leaking File descriptors (bsc#964336)
- sftp-client.c returns wrong error code upon failure [bsc#1091396]
ModerateSUSE bug 1091396SUSE bug 1105010SUSE bug 964336CVE-2018-15473 at SUSECVE-2018-15473 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4
java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574):
* Consumability
- IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API
* Class Libraries
- IJ10934 CVE-2018-13785
- IJ10935 CVE-2018-3136
- IJ10895 CVE-2018-3139
- IJ10932 CVE-2018-3149
- IJ10894 CVE-2018-3180
- IJ10933 CVE-2018-3214
- IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT
- IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT
- IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM
- IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS.
* Java Virtual Machine
- IJ10931 CVE-2018-3169
- IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX
* JIT Compiler
- IJ08205 CRASH WHILE COMPILING
- IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE()
* ORB
- IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION
* Security
- IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY
- IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )
- IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE
- IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS
- IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX
- IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER
- IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION
- IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS
* z/OS Extentions
- PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID
ImportantSUSE bug 1116574CVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2018-3136 at SUSECVE-2018-3136 at NVDCVE-2018-3139 at SUSECVE-2018-3139 at NVDCVE-2018-3149 at SUSECVE-2018-3149 at NVDCVE-2018-3169 at SUSECVE-2018-3169 at NVDCVE-2018-3180 at SUSECVE-2018-3180 at NVDCVE-2018-3214 at SUSECVE-2018-3214 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
- CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372).
- CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).
- CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831).
- CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).
The following non-security bugs were fixed:
- acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128).
- acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510).
- aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes).
- alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
- alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510).
- alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
- alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
- alsa: hda: fix unused variable warning (bsc#1051510).
- alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510).
- alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510).
- alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510).
- apparmor: Check buffer bounds when mapping permissions mask (git-fixes).
- ARM: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468).
- ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510).
- ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
- ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
- ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
- ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510).
- ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510).
- ASoC: wm8804: Add ACPI support (bsc#1051510).
- ath10k: fix kernel panic issue during pci probe (bsc#1051510).
- ath10k: fix scan crash due to incorrect length calculation (bsc#1051510).
- ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510).
- autofs: fix autofs_sbi() does not check super block type (git-fixes).
- autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
- autofs: mount point create should honour passed in mode (git-fixes).
- badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).
- batman-adv: Avoid probe ELP information leak (bsc#1051510).
- batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510).
- batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510).
- bdi: Fix another oops in wb_workfn() (bsc#1112746).
- bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746).
- blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819).
- blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713).
- block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708).
- block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712).
- block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834).
- bpf/verifier: disallow pointer subtraction (bsc#1083647).
- btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).
- btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
- btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901).
- btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919).
- btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543).
- btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915).
- btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904).
- cdc-acm: fix race between reset and control messaging (bsc#1051510).
- ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983).
- cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510).
- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
- cifs: connect to servername instead of IP for IPC$ share (bsc#1106359).
- cifs: fix memory leak in SMB2_open() (bsc#1112894).
- cifs: fix memory leak in SMB2_open() (bsc#1112894).
- cifs: Fix use after free of a mid_q_entry (bsc#1112903).
- cifs: Fix use after free of a mid_q_entry (bsc#1112903).
- clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510).
- clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510).
- clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510).
- clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510).
- coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510).
- crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).
- crypto: ccp - add timeout support in the SEV command (bsc#1106838).
- crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510).
- crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).
- crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510).
- crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510).
- crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).
- dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951).
- debugobjects: Make stack check warning more informative (bsc#1051510).
- Disable DRM patches that broke vbox video driver KMP (bsc#1111076)
- Documentation/l1tf: Fix small spelling typo (bsc#1051510).
- do d_instantiate/unlock_new_inode combinations safely (git-fixes).
- Do not leak MNT_INTERNAL away from internal mounts (git-fixes).
- drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510).
- drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110)
- drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510).
- drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110)
- drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722)
- drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510).
- drm/amdgpu: revert 'fix deadlock of reservation between cs and gpu reset v2' (bsc#1051510).
- drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510).
- drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722)
- drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722)
- drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722)
- drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510).
- drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722)
- drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510).
- drm/i915: Restore vblank interrupts earlier (bsc#1051510).
- drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510).
- drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
- drm/msm: fix OF child-node lookup (bsc#1106110)
- drm/nouveau/disp: fix DP disable race (bsc#1051510).
- drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).
- drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510).
- drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)
- drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110)
- drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722)
- e1000: check on netif_running() before calling e1000_up() (bsc#1051510).
- e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510).
- edac: Raise the maximum number of memory controllers (bsc#1113780).
- edac, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).
- eeprom: at24: change nvmem stride to 1 (bsc#1051510).
- eeprom: at24: check at24_read/write arguments (bsc#1051510).
- eeprom: at24: correctly set the size for at24mac402 (bsc#1051510).
- enic: do not call enic_change_mtu in enic_probe (bsc#1051510).
- enic: handle mtu change for vf properly (bsc#1051510).
- enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510).
- ethtool: fix a privilege escalation bug (bsc#1076830).
- ext2, dax: set ext2_dax_aops for dax files (bsc#1112554).
- ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736).
- ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735).
- ext4: check for NUL characters in extended attribute's name (bsc#1112732).
- ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734).
- ext4: do not mark mmp buffer head dirty (bsc#1112743).
- ext4: fix online resize's handling of a too-small final block group (bsc#1112739).
- ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740).
- ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733).
- ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738).
- ext4: reset error code in ext4_find_entry in fallback (bsc#1112731).
- ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741).
- fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510).
- firmware: raspberrypi: Register hwmon driver (bsc#1108468).
- floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510).
- fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes).
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).
- fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).
- fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745).
- getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes).
- gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510).
- gpio: Fix crash due to registration race (bsc#1051510).
- gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510).
- gpio: mb86s70: Revert 'Return error if requesting an already assigned gpio' (bsc#1051510).
- hfsplus: do not return 0 when fill_super() failed (bsc#1051510).
- hfsplus: stop workqueue when fill_super() failed (bsc#1051510).
- hfs: prevent crash on exit from failed search (bsc#1051510).
- hid: add support for Apple Magic Keyboards (bsc#1051510).
- hid: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510).
- hid: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510).
- hid: quirks: fix support for Apple Magic Keyboards (bsc#1051510).
- hid: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510).
- hv: avoid crash in vmbus sysfs files (bnc#1108377).
- hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (bsc#1109772).
- hv_netvsc: fix schedule in RCU context ().
- hwmon: Add support for RPi voltage sensor (bsc#1108468).
- hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510).
- hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510).
- hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468).
- hwrng: core - document the quality field (bsc#1051510).
- hypfs_kill_super(): deal with failed allocations (bsc#1051510).
- i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510).
- i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510).
- iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).
- iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510).
- iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510).
- Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510).
- Input: atakbd - fix Atari keymap (bsc#1051510).
- intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
- iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237).
- iommu/vt-d: Add definitions for PFSID (bsc#1106237).
- iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
- iommu/vt-d: Fix scatterlist offset handling (bsc#1106237).
- ipc/shm.c add ->pagesize function to shm_vm_ops (bsc#1111811).
- iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510).
- iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
- iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510).
- iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510).
- iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510).
- iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510).
- iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510).
- iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510).
- jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257).
- kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240).
- KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).
- KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840).
- kabi/severities: correct nvdimm kabi exclusion
- kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.
- kabi/severities: ignore __xive_vm_h_* KVM internal symbols.
- Kbuild: fix # escaping in .cmd files for future Make (git-fixes).
- kernfs: update comment about kernfs_path() return value (bsc#1051510).
- kprobes/x86: Fix %p uses in error messages (bsc#1110006).
- ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806).
- kvm: Make VM ioctl do valloc for some archs (bsc#1111506).
- KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).
- KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).
- KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
- KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).
- KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).
- KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
- KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).
- KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).
- KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).
- KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).
- KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).
- KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).
- KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
- KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).
- KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).
- KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).
- KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).
- KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
- KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).
- KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).
- KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).
- KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
- KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
- KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
- KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).
- KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).
- KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).
- KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
- KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).
- KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840).
- KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).
- KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).
- KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).
- KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).
- KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
- KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
- KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).
- KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
- KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).
- KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).
- KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).
- KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).
- KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).
- KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).
- KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).
- KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
- KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).
- KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).
- KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).
- KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).
- KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).
- KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).
- KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).
- KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).
- KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).
- KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).
- KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).
- KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).
- KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).
- KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).
- KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240).
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240).
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240).
- KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240).
- KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506).
- KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240).
- kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506).
- kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240).
- libertas: call into generic suspend code before turning off power (bsc#1051510).
- libnvdimm, badrange: remove a WARN for list_empty (bsc#112128).
- libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408).
- libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm: Introduce locked DIMM capacity support (bsc#112128).
- libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408).
- libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, ).
- libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm: move poison list functions to a new 'badrange' file (bsc#112128).
- libnvdimm/nfit_test: add firmware download emulation (bsc#112128).
- libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#112128).
- libnvdimm, testing: Add emulation for smart injection commands (bsc#112128).
- libnvdimm, testing: update the default smart ctrl_temperature (bsc#112128).
- lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510).
- lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
- livepatch: create and include UAPI headers ().
- lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).
- loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711).
- loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710).
- loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284).
- mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510).
- mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510).
- mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510).
- mac80211: fix a race between restart and CSA flows (bsc#1051510).
- mac80211: Fix station bandwidth setting after channel switch (bsc#1051510).
- mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510).
- mac80211_hwsim: require at least one channel (bsc#1051510).
- mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510).
- mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510).
- mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510).
- mac80211: shorten the IBSS debug messages (bsc#1051510).
- mach64: detect the dot clock divider correctly on sparc (bsc#1051510).
- make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).
- md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).
- md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).
- md/raid1: add error handling of read error from FailFast device (git-fixes).
- md/raid5-cache: disable reshape completely (git-fixes).
- md/raid5: fix data corruption of replacements after originals dropped (git-fixes).
- media: af9035: prevent buffer overflow on write (bsc#1051510).
- media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510).
- media: dvb: fix compat ioctl translation (bsc#1051510).
- media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).
- media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).
- media: pci: cx23885: handle adding to list failure (bsc#1051510).
- media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).
- media: tvp5150: fix switch exit in set control handler (bsc#1051510).
- media: tvp5150: fix width alignment during set_selection() (bsc#1051510).
- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510).
- media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510).
- media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510).
- media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).
- mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510).
- mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510).
- mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841).
- mm/migrate: Use spin_trylock() while resetting rate limit ().
- mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907).
- modpost: ignore livepatch unresolved relocations ().
- move changes without Git-commit out of sorted section
- mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510).
- net/smc: retain old name for diag_mode field (bsc#1106287, LTC#170892).
- net/smc: use __aligned_u64 for 64-bit smc_diag fields (bsc#1101138, LTC#164002).
- NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).
- nfit_test: add error injection DSMs (bsc#112128).
- nfit_test: fix buffer overrun, add sanity check (bsc#112128).
- nfit_test: improve structure offset handling (bsc#112128).
- nfit_test: prevent parsing error of nfit_test.0 (bsc#112128).
- nfit_test: when clearing poison, also remove badrange entries (bsc#112128).
- NFS: Avoid quadratic search when freeing delegations (bsc#1084760).
- nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408).
- nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, ).
- nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, ).
- nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408).
- nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408).
- nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972).
- of: add helper to lookup compatible child node (bsc#1106110)
- orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510).
- orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510).
- orangefs_kill_sb(): deal with allocation failures (bsc#1051510).
- orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510).
- ovl: fix format of setxattr debug (git-fixes).
- ovl: Sync upper dirty data when syncing overlayfs (git-fixes).
- PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510).
- PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806).
- PCI: hv: Use effective affinity mask (bsc#1109772).
- PCI: Reprogram bridge prefetch registers on resume (bsc#1051510).
- pipe: match pipe_max_size data type with procfs (git-fixes).
- PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510).
- powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
- powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
- powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800).
- powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).
- powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784).
- powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
- powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120).
- powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).
- powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).
- powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).
- powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).
- powerpc/powernv: Rework TCE level allocation (bsc#1061840).
- powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes).
- powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).
- powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295).
- powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295).
- powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870).
- powerpc/xive: Move definition of ESB bits (bsc#1061840).
- powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
- printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170).
- printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208).
- proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf:
- qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510).
- qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
- r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510).
- race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
- RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes).
- random: rate limit unseeded randomness warnings (git-fixes).
- rculist: add list_for_each_entry_from_rcu() (bsc#1084760).
- rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760).
- reiserfs: add check to detect corrupted directory entry (bsc#1109818).
- reiserfs: do not panic on bad directory entries (bsc#1109818).
- rename a hv patch to reduce conflicts in -AZURE
- reorder a qedi patch to allow further work in this branch
- resource: Include resource end in walk_*() interfaces (bsc#1114279).
- Revert 'drm/amdgpu: Add an ATPX quirk for hybrid laptop' (bsc#1051510).
- Revert 'drm/i915/gvt: set max priority for gvt context' (bsc#1051510).
- Revert 'gpio: set up initial state from .get_direction()' (bsc#1051510).
- Revert 'iommu/io-pgtable: Avoid redundant TLB syncs' (bsc#1106237).
- Revert 'mwifiex: fix incorrect ht capability problem' (bsc#1051510).
- Revert 'mwifiex: handle race during mwifiex_usb_disconnect' (bsc#1051510).
- Revert 'pinctrl: sunxi: Do not enforce bias disable (for now)' (bsc#1051510).
- rpc_pipefs: fix double-dput() (bsc#1051510).
- rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes).
- sched/numa: Limit the conditions where scan period is reset ().
- scripts/series2git:
- scripts/series2git: Revert the change mistakenly taken A 'fix' for series2git went in mistakenly among other patches. Revert it here. It'll be picked up from a proper branch if need.
- scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
- scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
- scsi: ipr: Eliminate duplicate barriers ().
- scsi: ipr: fix incorrect indentation of assignment statement ().
- scsi: ipr: Use dma_pool_zalloc() ().
- scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731).
- scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731).
- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
- scsi: qla2xxx: do not allow negative thresholds (bsc#1108870).
- scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870).
- scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870).
- scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870).
- scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830).
- scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870).
- scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870).
- scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870).
- scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870).
- scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870).
- scsi: qla2xxx: Return switch command on a timeout (bsc#1108870).
- scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928).
- serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).
- signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).
- smb2: fix missing files in root share directory listing (bsc#1112907).
- smb2: fix missing files in root share directory listing (bsc#1112907).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905).
- smb3: fix reset of bytes read and written stats (bsc#1112906).
- smb3: fix reset of bytes read and written stats (bsc#1112906).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899).
- sock_diag: fix use-after-free read in __sk_free (bsc#1051510).
- soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
- soreuseport: initialise timewait reuseport field (bsc#1051510).
- sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510).
- sound: enable interrupt after dma buffer initialization (bsc#1051510).
- spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
- spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510).
- spi: sh-msiof: fix deferred probing (bsc#1051510).
- squashfs: be more careful about metadata corruption (bsc#1051510).
- Squashfs: Compute expected length from inode size rather than block length (bsc#1051510).
- squashfs metadata 2: electric boogaloo (bsc#1051510).
- squashfs: more metadata hardening (bsc#1051510).
- squashfs: more metadata hardening (bsc#1051510).
- staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510).
- stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510).
- supported.conf: mark raspberrypi-hwmon as supported
- switchtec: Fix Spectre v1 vulnerability (bsc#1051510).
- sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes).
- target: log Data-Out timeouts as errors (bsc#1095805).
- target: log NOP ping timeouts as errors (bsc#1095805).
- target: split out helper for cxn timeout error stashing (bsc#1095805).
- target: stash sess_err_stats on Data-Out timeout (bsc#1095805).
- target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).
- team: Forbid enslaving team device to itself (bsc#1051510).
- tools build: fix # escaping in .cmd files for future Make (git-fixes).
- tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#112128).
- tools/testing/nvdimm: allow custom error code injection (bsc#112128).
- tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#112128).
- tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#112128).
- tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#112128).
- tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#112128).
- tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#112128).
- tools/testing/nvdimm: improve emulation of smart injection (bsc#112128).
- tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#112128).
- tools/testing/nvdimm: Make DSM failure code injection an override (bsc#112128).
- tools/testing/nvdimm: smart alarm/threshold control (bsc#112128).
- tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#112128).
- tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#112128).
- tools/testing/nvdimm: unit test clear-error commands (bsc#112128).
- tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510).
- tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510).
- tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219).
- tty: Do not block on IO when ldisc change is pending (bnc#1105428).
- tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).
- tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).
- tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
- tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
- tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).
- tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).
- tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
- Update patches.arch/KVM-PPC-Book3S-HV-Snapshot-timebase-offset-on-guest-.patch (bsc#1061840, bsc#1086196).
- Update patches.arch/powerpc-powernv-ioda2-Reduce-upper-limit-for-DMA-win.patch (bsc#1061840, bsc#1055120).
- Update patches.fixes/0002-nfs41-do-not-return-ENOMEM-on-LAYOUTUNAVAILABLE.patch (git-fixes, bsc#1103925).
- Update patches.fixes/libnvdimm-dimm-maximize-label-transfer-size.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/libnvdimm-label-change-nvdimm_num_label_slots-per-uefi-2-7.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/libnvdimm-label-fix-sparse-warning.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/nvdimm-clarify-comment-in-sizeof_namespace_index.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/nvdimm-remove-empty-if-statement.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/nvdimm-sanity-check-labeloff.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/nvdimm-split-label-init-out-from-the-logic-for-getting-config-data.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- Update patches.fixes/nvdimm-use-namespace-index-data-to-reduce-number-of-label-reads-needed.patch (bsc#1111921, bsc#1113408, bsc#1113972).
- usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).
- usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510).
- usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510).
- usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510).
- usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).
- USB: remove LPM management from usb_driver_claim_interface() (bsc#1051510).
- USB: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).
- USB: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510).
- usb: xhci-mtk: resume USB3 roothub first (bsc#1051510).
- USB: yurex: Check for truncation in yurex_read() (bsc#1051510).
- userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739).
- use the new async probing feature for the hyperv drivers (bsc#1109772).
- Use upstream version of pci-hyperv patch (35a88a1)
- VFS: close race between getcwd() and d_move() (git-fixes).
- vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).
- vmbus: do not return values for uninitalized channels (bsc#1051510).
- vti4: Do not count header length twice on tunnel setup (bsc#1051510).
- vti6: fix PMTU caching and reporting on xmit (bsc#1051510).
- vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510).
- Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).
- x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006).
- x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878).
- x86/boot: Move EISA setup to a separate file (bsc#1110006).
- x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006).
- x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006).
- x86/eisa: Add missing include (bsc#1110006).
- x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006).
- x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).
- x86/kasan: Panic if there is not enough memory to boot (bsc#1110006).
- x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).
- x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006).
- x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#112128).
- x86/paravirt: Fix some warning messages (bnc#1065600).
- x86/percpu: Fix this_cpu_read() (bsc#1110006).
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536).
- x86/time: Correct the attribute on jiffies' definition (bsc#1110006).
- xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600).
- xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600).
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600).
- xfrm: use complete IPv6 addresses for hash (bsc#1109330).
- xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025).
- xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025).
- xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510).
- xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510).
ImportantSUSE bug 1051510SUSE bug 1055120SUSE bug 1061840SUSE bug 1065600SUSE bug 1066674SUSE bug 1067906SUSE bug 1076830SUSE bug 1079524SUSE bug 1083647SUSE bug 1084760SUSE bug 1084831SUSE bug 1086196SUSE bug 1091800SUSE bug 1094825SUSE bug 1095805SUSE bug 1100132SUSE bug 1101138SUSE bug 1103356SUSE bug 1103543SUSE bug 1103925SUSE bug 1104124SUSE bug 1104731SUSE bug 1105025SUSE bug 1105428SUSE bug 1105536SUSE bug 1106110SUSE bug 1106237SUSE bug 1106240SUSE bug 1106287SUSE bug 1106359SUSE bug 1106838SUSE bug 1108377SUSE bug 1108468SUSE bug 1108870SUSE bug 1109330SUSE bug 1109739SUSE bug 1109772SUSE bug 1109784SUSE bug 1109806SUSE bug 1109818SUSE bug 1109907SUSE bug 1109911SUSE bug 1109915SUSE bug 1109919SUSE bug 1109951SUSE bug 1110006SUSE bug 1111040SUSE bug 1111076SUSE bug 1111506SUSE bug 1111806SUSE bug 1111811SUSE bug 1111819SUSE bug 1111830SUSE bug 1111834SUSE bug 1111841SUSE bug 1111870SUSE bug 1111901SUSE bug 1111904SUSE bug 1111921SUSE bug 1111928SUSE bug 1111983SUSE bug 1112170SUSE bug 1112173SUSE bug 1112208SUSE bug 1112219SUSE bug 1112221SUSE bug 1112246SUSE bug 1112372SUSE bug 1112514SUSE bug 1112554SUSE bug 1112708SUSE bug 1112710SUSE bug 1112711SUSE bug 1112712SUSE bug 1112713SUSE bug 1112731SUSE bug 1112732SUSE bug 1112733SUSE bug 1112734SUSE bug 1112735SUSE bug 1112736SUSE bug 1112738SUSE bug 1112739SUSE bug 1112740SUSE bug 1112741SUSE bug 1112743SUSE bug 1112745SUSE bug 1112746SUSE bug 1112878SUSE bug 1112894SUSE bug 1112899SUSE bug 1112902SUSE bug 1112903SUSE bug 1112905SUSE bug 1112906SUSE bug 1112907SUSE bug 1113257SUSE bug 1113284SUSE bug 1113295SUSE bug 1113408SUSE bug 1113667SUSE bug 1113722SUSE bug 1113751SUSE bug 1113780SUSE bug 1113972SUSE bug 1114279CVE-2017-16533 at SUSECVE-2017-16533 at NVDCVE-2017-18224 at SUSECVE-2017-18224 at NVDCVE-2018-18386 at SUSECVE-2018-18386 at NVDCVE-2018-18445 at SUSECVE-2018-18445 at NVDCVE-2018-18710 at SUSECVE-2018-18710 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_1 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651).
Non-security issues fixed:
- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).
ModerateSUSE bug 1112209SUSE bug 1113651SUSE bug 1113652CVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDcpe:/o:suse:sles:12:sp4Security update for ncurses (Important)SUSE Linux Enterprise Server 12 SP4
This update for ncurses fixes the following issue:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
ImportantSUSE bug 1115929CVE-2018-19211 at SUSECVE-2018-19211 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
Non-security issues fixed:
- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).
- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
ModerateSUSE bug 1100078SUSE bug 1112209SUSE bug 1113534SUSE bug 1113652SUSE bug 1113742CVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-5407 at SUSECVE-2018-5407 at NVDcpe:/o:suse:sles:12:sp4Security update for ImageMagick (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064).
Non-security issues fixed:
- Improve import documentation (bsc#1057246).
- Allow override system security policy (bsc#1117463).
- asan_build: build ASAN included
- debug_build: build more suitable for debugging
ModerateSUSE bug 1057246SUSE bug 1113064SUSE bug 1117463CVE-2018-18544 at SUSECVE-2018-18544 at NVDcpe:/o:suse:sles:12:sp4Security update for python-cryptography, python-pyOpenSSL (Important)SUSE Linux Enterprise Server 12 SP4
This update for python-cryptography, python-pyOpenSSL fixes the following issues:
Security issues fixed:
- CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634)
- CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635)
- avoid bad interaction with python-cryptography package. (bsc#1021578)
ImportantSUSE bug 1021578SUSE bug 1111634SUSE bug 1111635CVE-2018-1000807 at SUSECVE-2018-1000807 at NVDCVE-2018-1000808 at SUSECVE-2018-1000808 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4
java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574)
* Class Libraries:
- IJ10934 CVE-2018-13785
- IJ10935 CVE-2018-3136
- IJ10895 CVE-2018-3139
- IJ10932 CVE-2018-3149
- IJ10894 CVE-2018-3180
- IJ10930 CVE-2018-3183
- IJ10933 CVE-2018-3214
- IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT
- IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT
- IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS.
- IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC
* Java Virtual Machine
- IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT
- IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP
- IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED.
- IJ10931 CVE-2018-3169
- IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE
- IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION
- IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API
- IJ10680 RECURRENT ABORTED SCAVENGE
* ORB
- IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION
* Reliability and Serviceability
- IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES
* Security
- IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY
- IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD
- IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )
- IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE
- IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS
- IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX
- IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER
- IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION
- IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS
* z/OS Extentions
- PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE
- PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059
- PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK
This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22:
* Java Virtual Machine
- IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS
* JIT Compiler
- IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32
- IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION
- IJ08850 CRASH IN ARRAYLIST$ITR.NEXT()
- IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER
* z/OS Extentions
- PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services
- PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID
Also the update to Java 8.0 Service Refresh 5 Fix Pack 21
* Class Libraries
- IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM
- IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM
* Java Virtual Machine
- IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS
- IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE)
* JIT Compiler
- IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE
- IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS
- IJ08205 CRASH WHILE COMPILING
- IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM
- IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE()
ImportantSUSE bug 1116574CVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2018-3136 at SUSECVE-2018-3136 at NVDCVE-2018-3139 at SUSECVE-2018-3139 at NVDCVE-2018-3149 at SUSECVE-2018-3149 at NVDCVE-2018-3169 at SUSECVE-2018-3169 at NVDCVE-2018-3180 at SUSECVE-2018-3180 at NVDCVE-2018-3183 at SUSECVE-2018-3183 at NVDCVE-2018-3214 at SUSECVE-2018-3214 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
- CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372).
- CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).
- CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831).
- CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).
The following non-security bugs were fixed:
- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
- ACPICA: Tables: Add WSMT support (bsc#1089350).
- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).
- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).
- ACPI, nfit: Fix ARS overflow continuation (bsc#1116895).
- ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128).
- ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).
- ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).
- ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
- ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510).
- ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).
- act_ife: fix a potential use-after-free (networking-stable-18_09_11).
- Add the cherry-picked dup id for PCI dwc fix
- Add version information to KLP_SYMBOLS file
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
- ALSA: control: Fix race between adding and removing a user element (bsc#1051510).
- ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
- ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510).
- ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
- ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
- ALSA: hda: fix unused variable warning (bsc#1051510).
- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).
- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).
- ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).
- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).
- ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).
- ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510).
- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
- ALSA: hda/realtek - Support ALC300 (bsc#1051510).
- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).
- ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510).
- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).
- arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).
- arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).
- arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).
- ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).
- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)
- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).
- ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510).
- ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
- ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
- ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
- ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510).
- ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510).
- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
- ASoC: wm8804: Add ACPI support (bsc#1051510).
- ata: Fix racy link clearance (bsc#1107866).
- ataflop: fix error handling during setup (bsc#1051510).
- ath10k: fix kernel panic issue during pci probe (bsc#1051510).
- ath10k: fix scan crash due to incorrect length calculation (bsc#1051510).
- ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510).
- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
- autofs: fix autofs_sbi() does not check super block type (git-fixes).
- autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
- autofs: mount point create should honour passed in mode (git-fixes).
- badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).
- batman-adv: Avoid probe ELP information leak (bsc#1051510).
- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
- batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510).
- batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510).
- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
- bdi: Fix another oops in wb_workfn() (bsc#1112746).
- bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746).
- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
- bitops: protect variables in set_mask_bits() macro (bsc#1051510).
- Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579)
- Blacklist sd_zbc patch that is too invasive (bsc#1114583)
- Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585)
- blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713).
- block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708).
- block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).
- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).
- bonding: avoid possible dead-lock (networking-stable-18_10_16).
- bonding: fix length of actor system (networking-stable-18_11_02).
- bonding: fix warning message (networking-stable-18_10_16).
- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).
- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
- bpf/verifier: disallow pointer subtraction (bsc#1083647).
- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).
- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).
- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).
- Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).
- Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
- Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).
- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
- Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).
- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).
- Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).
- Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919).
- Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).
- Btrfs: fix use-after-free during inode eviction (bsc#1116701).
- Btrfs: fix use-after-free when dumping free space (bsc#1116862).
- Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).
- Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).
- Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915).
- Btrfs: make sure we create all new block groups (bsc#1116699).
- Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
- Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).
- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).
- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).
- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).
- can: hi311x: Use level-triggered interrupt (bsc#1051510).
- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
- can: rcar_can: Fix erroneous registration (bsc#1051510).
- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).
- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).
- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).
- cdc-acm: fix race between reset and control messaging (bsc#1051510).
- ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).
- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
- cifs: fix memory leak in SMB2_open() (bsc#1112894).
- cifs: Fix use after free of a mid_q_entry (bsc#1112903).
- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
- clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510).
- clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).
- clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510).
- clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510).
- coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510).
- configfs: replace strncpy with memcpy (bsc#1051510).
- crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).
- crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510).
- crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).
- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).
- crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).
- dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951).
- debugobjects: Make stack check warning more informative (bsc#1051510).
- Documentation/l1tf: Fix small spelling typo (bsc#1051510).
- Documentation/l1tf: Fix typos (bsc#1051510).
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).
- do d_instantiate/unlock_new_inode combinations safely (git-fixes).
- Do not leak MNT_INTERNAL away from internal mounts (git-fixes).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).
- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).
- drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510).
- drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110)
- drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722)
- drm/ast: change resolution may cause screen blurred (boo#1112963).
- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
- drm/ast: Fix incorrect free on ioregs (bsc#1051510).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/dp_mst: Check if primary mstb is null (bsc#1051510).
- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)
- drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510).
- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
- drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722)
- drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722)
- drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722)
- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).
- drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
- drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510).
- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).
- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
- drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722)
- drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510).
- drm/i915/glk: Remove 99% limitation (bsc#1051510).
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
- drm/i915: Mark pin flags as u64 (bsc#1051510).
- drm/i915: Restore vblank interrupts earlier (bsc#1051510).
- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).
- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
- drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510).
- drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
- drm/meson: add support for 1080p25 mode (bsc#1051510).
- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).
- drm/msm: fix OF child-node lookup (bsc#1106110)
- drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
- drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).
- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
- drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)
- drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110)
- drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722)
- e1000: check on netif_running() before calling e1000_up() (bsc#1051510).
- e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510).
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
- EDAC: Raise the maximum number of memory controllers (bsc#1113780).
- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
- EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).
- eeprom: at24: change nvmem stride to 1 (bsc#1051510).
- eeprom: at24: check at24_read/write arguments (bsc#1051510).
- eeprom: at24: correctly set the size for at24mac402 (bsc#1051510).
- Enable LSPCON instead of blindly disabling HDMI
- enic: do not call enic_change_mtu in enic_probe (bsc#1051510).
- enic: handle mtu change for vf properly (bsc#1051510).
- enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510).
- ethtool: fix a privilege escalation bug (bsc#1076830).
- ext2, dax: set ext2_dax_aops for dax files (bsc#1112554).
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).
- ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
- ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).
- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).
- ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).
- ext4: check for NUL characters in extended attribute's name (bsc#1112732).
- ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734).
- ext4: do not mark mmp buffer head dirty (bsc#1112743).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).
- ext4: fix online resize's handling of a too-small final block group (bsc#1112739).
- ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).
- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).
- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
- ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733).
- ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).
- ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738).
- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).
- ext4: reset error code in ext4_find_entry in fallback (bsc#1112731).
- ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741).
- fbdev: fix broken menu dependencies (bsc#1113722)
- fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510).
- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
- firmware: dcdbas: include linux/io.h (bsc#1089350).
- Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).
- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).
- fscache: fix race between enablement and dropping of object (bsc#1107385).
- fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes).
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).
- fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).
- fs: Make extension of struct super_block transparent (bsc#1117822).
- fsnotify: Fix busy inodes during unmount (bsc#1117822).
- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
- fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745).
- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).
- ftrace: Remove incorrect setting of glob search field (bsc#1117184).
- genirq: Fix race on spurious interrupt detection (bsc#1051510).
- getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes).
- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
- gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).
- hfsplus: do not return 0 when fill_super() failed (bsc#1051510).
- hfsplus: stop workqueue when fill_super() failed (bsc#1051510).
- hfs: prevent crash on exit from failed search (bsc#1051510).
- HID: hiddev: fix potential Spectre v1 (bsc#1051510).
- HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510).
- HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510).
- HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510).
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).
- hv: avoid crash in vmbus sysfs files (bnc#1108377).
- hv_netvsc: fix schedule in RCU context ().
- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
- hwrng: core - document the quality field (bsc#1051510).
- hypfs_kill_super(): deal with failed allocations (bsc#1051510).
- i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510).
- i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510).
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
- ibmvnic: remove ndo_poll_controller ().
- ibmvnic: Update driver queues after change in ring size support ().
- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).
- iio: ad5064: Fix regulator handling (bsc#1051510).
- iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).
- iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510).
- iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510).
- iio:st_magn: Fix enable device after trigger (bsc#1051510).
- ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).
- include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).
- Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510).
- Input: atakbd - fix Atari keymap (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).
- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).
- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
- Input: xpad - fix some coding style issues (bsc#1051510).
- intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).
- iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Add definitions for PFSID (bsc#1106237).
- iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).
- iommu/vt-d: Fix scatterlist offset handling (bsc#1106237).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).
- ipmi: Fix timer race with module unload (bsc#1051510).
- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).
- ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21).
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).
- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).
- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).
- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
- iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510).
- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
- iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
- iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510).
- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).
- iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510).
- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).
- iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510).
- iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510).
- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).
- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
- iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510).
- iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510).
- jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257).
- KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).
- kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240).
- KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).
- KABI: mask raw in struct bpf_reg_state (bsc#1083647).
- KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840).
- KABI: powerpc: Revert npu callback signature change (bsc#1055120).
- KABI: protect struct fib_nh_exception (kabi).
- KABI: protect struct rtable (kabi).
- KABI/severities: ignore __xive_vm_h_* KVM internal symbols.
- Kbuild: fix # escaping in .cmd files for future Make (git-fixes).
- kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
- kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).
- kernfs: update comment about kernfs_path() return value (bsc#1051510).
- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
- kprobes/x86: Fix %p uses in error messages (bsc#1110006).
- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
- KVM: Make VM ioctl do valloc for some archs (bsc#1111506).
- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).
- KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).
- KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).
- KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
- KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).
- KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).
- KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
- KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).
- KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).
- KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).
- KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).
- KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).
- KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).
- KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
- KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).
- KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).
- KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).
- KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).
- KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
- KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).
- KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).
- KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).
- KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
- KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
- KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
- KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).
- KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).
- KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).
- KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
- KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).
- KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840).
- KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).
- KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).
- KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).
- KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).
- KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
- KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
- KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).
- KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
- KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).
- KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).
- KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).
- KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).
- KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).
- KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).
- KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).
- KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
- KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).
- KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).
- KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).
- KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).
- KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).
- KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).
- KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).
- KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).
- KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).
- KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).
- KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).
- KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).
- KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).
- KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).
- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).
- KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240).
- KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).
- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240).
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240).
- KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240).
- KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506).
- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).
- KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240).
- KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506).
- KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libceph: fall back to sendmsg for slab pages (bsc#1118316).
- libertas: call into generic suspend code before turning off power (bsc#1051510).
- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128).
- libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).
- libnvdimm: Introduce locked DIMM capacity support (bsc#1112128).
- libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128).
- libnvdimm/nfit_test: add firmware download emulation (bsc#1112128).
- libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128).
- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).
- libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128).
- libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128).
- lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510).
- lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
- livepatch: create and include UAPI headers ().
- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).
- lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).
- loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711).
- loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710).
- loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284).
- mac80211: Always report TX status (bsc#1051510).
- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).
- mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510).
- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
- mach64: detect the dot clock divider correctly on sparc (bsc#1051510).
- mach64: fix display corruption on big endian machines (bsc#1113722)
- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)
- mailbox: PCC: handle parse error (bsc#1051510).
- make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).
- md: allow metadata updates while suspending an array - fix (git-fixes).
- MD: fix invalid stored role for a disk - try2 (git-fixes).
- md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).
- md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).
- md/raid1: add error handling of read error from FailFast device (git-fixes).
- md/raid5-cache: disable reshape completely (git-fixes).
- md/raid5: fix data corruption of replacements after originals dropped (git-fixes).
- media: af9035: prevent buffer overflow on write (bsc#1051510).
- media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510).
- media: dvb: fix compat ioctl translation (bsc#1051510).
- media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).
- media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).
- media: pci: cx23885: handle adding to list failure (bsc#1051510).
- media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).
- media: tvp5150: fix switch exit in set control handler (bsc#1051510).
- media: tvp5150: fix width alignment during set_selection() (bsc#1051510).
- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510).
- media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510).
- media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).
- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
- mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510).
- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).
- mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510).
- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).
- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
- mm/migrate: Use spin_trylock() while resetting rate limit ().
- mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907).
- mm: rework memcg kernel stack accounting (bnc#1113677).
- modpost: ignore livepatch unresolved relocations ().
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
- move changes without Git-commit out of sorted section
- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).
- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).
- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).
- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).
- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).
- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).
- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).
- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).
- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).
- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).
- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).
- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).
- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).
- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).
- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).
- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).
- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).
- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).
- net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).
- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).
- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).
- net: ibm: fix return type of ndo_start_xmit function ().
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).
- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).
- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).
- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).
- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).
- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).
- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).
- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).
- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).
- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).
- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).
- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).
- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).
- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).
- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).
- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).
- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).
- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).
- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
- net: socket: fix a missing-check bug (networking-stable-18_11_02).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).
- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).
- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).
- net: systemport: Protect stop from timeout (networking-stable-18_11_21).
- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).
- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).
- NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).
- nfit_test: add error injection DSMs (bsc#1112128).
- nfit_test: fix buffer overrun, add sanity check (bsc#1112128).
- nfit_test: improve structure offset handling (bsc#1112128).
- nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128).
- nfit_test: when clearing poison, also remove badrange entries (bsc#1112128).
- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).
- NFS: Avoid quadratic search when freeing delegations (bsc#1084760).
- NFS: Avoid RCU usage in tracepoints (git-fixes).
- NFS: commit direct writes even if they fail partially (git-fixes).
- nfsd4: permit layoutget of executable-only files (git-fixes).
- nfsd: check for use of the closed special stateid (git-fixes).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).
- nfsd: deal with revoked delegations appropriately (git-fixes).
- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).
- nfsd: Fix another OPEN stateid race (git-fixes).
- nfsd: fix corrupted reply to badly ordered compound (git-fixes).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).
- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
- NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).
- NFS: Ensure we commit after writeback is complete (bsc#1111809).
- NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).
- NFS: Fix a typo in nfs_rename() (git-fixes).
- NFS: Fix typo in nomigration mount option (git-fixes).
- NFS: Fix unstable write completion (git-fixes).
- NFSv4.0 fix client reference leak in callback (git-fixes).
- NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
- NFSv4.1 fix infinite loop on I/O (git-fixes).
- NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
- NFSv4.1: Fix up replays of interrupted requests (git-fixes).
- NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
- nospec: Include <asm/barrier.h> dependency (bsc#1114279).
- nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972).
- nvme: Free ctrl device name on init failure ().
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).
- ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).
- ocfs2: fix ocfs2 read block panic (bsc#1117815).
- ocfs2: free up write context when direct IO failed (bsc#1117821).
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).
- of: add helper to lookup compatible child node (bsc#1106110)
- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).
- orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510).
- orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510).
- orangefs_kill_sb(): deal with allocation failures (bsc#1051510).
- orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510).
- PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).
- PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).
- PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510).
- PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)
- PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806).
- PCI: hv: Use effective affinity mask (bsc#1109772).
- PCI: imx6: Fix link training status detection in link up check (bsc#1109806).
- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).
- PCI: Reprogram bridge prefetch registers on resume (bsc#1051510).
- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).
- perf: fix invalid bit in diagnostic entry (git-fixes).
- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).
- pinctrl: meson: fix pinconf bias disable (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).
- pipe: match pipe_max_size data type with procfs (git-fixes).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).
- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
- pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).
- pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes).
- pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).
- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).
- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
- powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
- powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
- powerpc/mm: Fix typo in comments (bsc#1065729).
- powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800).
- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
- powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).
- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).
- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).
- powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).
- powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120).
- powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).
- powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).
- powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).
- powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).
- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).
- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).
- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).
- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).
- powerpc/powernv: Rework TCE level allocation (bsc#1061840).
- powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes).
- powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).
- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
- powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295).
- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).
- powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295).
- powerpc/xive: Move definition of ESB bits (bsc#1061840).
- powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).
- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).
- printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170).
- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).
- printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208).
- provide linux/set_memory.h (bsc#1113295).
- ptp: fix Spectre v1 vulnerability (bsc#1051510).
- pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).
- pxa168fb: prepare the clock (bsc#1051510).
- qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510).
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).
- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
- qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
- r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510).
- r8169: fix NAPI handling under high load (networking-stable-18_11_02).
- race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
- RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes).
- random: rate limit unseeded randomness warnings (git-fixes).
- rculist: add list_for_each_entry_from_rcu() (bsc#1084760).
- rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760).
- rds: fix two RCU related problems (networking-stable-18_09_18).
- README: Clean-up trailing whitespace
- reiserfs: add check to detect corrupted directory entry (bsc#1109818).
- reiserfs: do not panic on bad directory entries (bsc#1109818).
- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
- rename a hv patch to reduce conflicts in -AZURE
- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
- reset: imx7: Fix always writing bits as 0 (bsc#1051510).
- resource: Include resource end in walk_*() interfaces (bsc#1114279).
- Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839).
- Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729).
- Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra'
- Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510).
- rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes).
- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).
- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).
- s390/qeth: handle failure on workqueue creation (git-fixes).
- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).
- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
- sched/numa: Limit the conditions where scan period is reset ().
- scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
- scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).
- scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731).
- scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731).
- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
- scsi: lpfc: add Trunking support (bsc#1114015).
- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).
- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).
- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).
- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).
- scsi: lpfc: Fix errors in log messages (bsc#1114015).
- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).
- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).
- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).
- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).
- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).
- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
- scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).
- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).
- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
- scsi: sg: fix minor memory leak in error path (bsc#1114584).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).
- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).
- scsi: target: tcmu: add read length support (bsc#1097755).
- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).
- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).
- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).
- sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).
- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).
- serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).
- signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).
- skip LAYOUTRETURN if layout is invalid (git-fixes).
- smb2: fix missing files in root share directory listing (bsc#1112907).
- smb2: fix missing files in root share directory listing (bsc#1112907).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905).
- smb3: fix reset of bytes read and written stats (bsc#1112906).
- smb3: fix reset of bytes read and written stats (bsc#1112906).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899).
- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).
- soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
- sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510).
- sound: enable interrupt after dma buffer initialization (bsc#1051510).
- spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
- spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510).
- spi: sh-msiof: fix deferred probing (bsc#1051510).
- staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510).
- staging:iio:ad7606: fix voltage scales (bsc#1051510).
- staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).
- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
- sunrpc: Allow connect to return EHOSTUNREACH (git-fixes).
- sunrpc: Do not use stack buffer with scatterlist (git-fixes).
- sunrpc: Fix rpc_task_begin trace point (git-fixes).
- sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).
- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).
- target: log Data-Out timeouts as errors (bsc#1095805).
- target: log NOP ping timeouts as errors (bsc#1095805).
- target: split out helper for cxn timeout error stashing (bsc#1095805).
- target: stash sess_err_stats on Data-Out timeout (bsc#1095805).
- target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).
- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).
- test_firmware: fix error return getting clobbered (bsc#1051510).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).
- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).
- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).
- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).
- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).
- tools build: fix # escaping in .cmd files for future Make (git-fixes).
- tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128).
- tools/testing/nvdimm: allow custom error code injection (bsc#1112128).
- tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128).
- tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128).
- tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128).
- tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128).
- tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128).
- tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128).
- tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128).
- tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128).
- tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128).
- tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128).
- tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128).
- tools/testing/nvdimm: unit test clear-error commands (bsc#1112128).
- tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510).
- tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510).
- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
- tpm: add retry logic (bsc#1082555).
- tpm: consolidate the TPM startup code (bsc#1082555).
- tpm: do not suspend/resume if power stays on (bsc#1082555).
- tpm: fix intermittent failure with self tests (bsc#1082555).
- tpm: fix response size validation in tpm_get_random() (bsc#1082555).
- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).
- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).
- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).
- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).
- tpm: Restore functionality to xen vtpm driver (bsc#1082555).
- tpm: self test failure should not cause suspend to fail (bsc#1082555).
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).
- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
- tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219).
- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
- tracing: Erase irqsoff trace with empty write (bsc#1117189).
- tty: check name length in tty_find_polling_driver() (bsc#1051510).
- tty: Do not block on IO when ldisc change is pending (bnc#1105428).
- tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).
- tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).
- tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
- tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
- tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).
- tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).
- tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
- tty: wipe buffer (bsc#1051510).
- tty: wipe buffer if not echoing data (bsc#1051510).
- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).
- tuntap: fix multiqueue rx (networking-stable-18_11_21).
- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).
- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).
- udp6: fix encap return code for resubmitting (git-fixes).
- uio: ensure class is registered before devices (bsc#1051510).
- uio: Fix an Oops on load (bsc#1051510).
- uio: make symbol 'uio_class_registered' static (bsc#1051510).
- Update config files. Enabled ENA (Amazon network driver) for arm64.
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
- usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).
- usb: core: Fix hub port connection events lost (bsc#1051510).
- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).
- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).
- usb: dwc3: core: Clean up ULPI device (bsc#1051510).
- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).
- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).
- usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510).
- usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
- usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).
- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).
- usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).
- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
- usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510).
- usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).
- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).
- usb: serial: option: drop redundant interface-class test (bsc#1051510).
- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).
- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
- userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739).
- Use upstream version of pci-hyperv patch (35a88a1)
- VFS: close race between getcwd() and d_move() (git-fixes).
- VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).
- vhost: Fix Spectre V1 vulnerability (bsc#1051510).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).
- VMCI: Resource wildcard match fixed (bsc#1051510).
- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
- Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).
- x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006).
- x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878).
- x86/boot: Move EISA setup to a separate file (bsc#1110006).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).
- x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006).
- x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006).
- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
- x86/eisa: Add missing include (bsc#1110006).
- x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006).
- x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006).
- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).
- x86/kasan: Panic if there is not enough memory to boot (bsc#1110006).
- x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).
- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).
- x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006).
- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).
- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
- x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128).
- x86/paravirt: Fix some warning messages (bnc#1065600).
- x86/percpu: Fix this_cpu_read() (bsc#1110006).
- x86/speculation: Support Enhanced IBRS on future CPUs ().
- x86/time: Correct the attribute on jiffies' definition (bsc#1110006).
- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
- xen/balloon: Support xend-based toolstack (bnc#1065600).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).
- xen: fix race in xen_qlock_wait() (bnc#1107256).
- xen: fix xen_qlock_wait() (bnc#1107256).
- xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600).
- xen: make xen_qlock_wait() nestable (bnc#1107256).
- xen/netfront: do not bug in case of too many frags (bnc#1104824).
- xen/pvh: do not try to unplug emulated devices (bnc#1065600).
- xen/pvh: increase early stack size (bnc#1065600).
- xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600).
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600).
- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).
- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).
- xfrm: use complete IPv6 addresses for hash (bsc#1109330).
- xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).
- xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510).
- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
- xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).
ImportantSUSE bug 1051510SUSE bug 1055120SUSE bug 1061840SUSE bug 1065600SUSE bug 1065729SUSE bug 1066674SUSE bug 1067906SUSE bug 1068273SUSE bug 1076830SUSE bug 1078248SUSE bug 1079524SUSE bug 1082555SUSE bug 1082653SUSE bug 1083647SUSE bug 1084760SUSE bug 1084831SUSE bug 1085535SUSE bug 1086196SUSE bug 1089350SUSE bug 1091800SUSE bug 1094825SUSE bug 1095805SUSE bug 1097755SUSE bug 1100132SUSE bug 1103356SUSE bug 1103925SUSE bug 1104124SUSE bug 1104731SUSE bug 1104824SUSE bug 1105025SUSE bug 1105428SUSE bug 1106105SUSE bug 1106110SUSE bug 1106237SUSE bug 1106240SUSE bug 1107256SUSE bug 1107385SUSE bug 1107866SUSE bug 1108377SUSE bug 1108468SUSE bug 1109330SUSE bug 1109739SUSE bug 1109772SUSE bug 1109806SUSE bug 1109818SUSE bug 1109907SUSE bug 1109911SUSE bug 1109915SUSE bug 1109919SUSE bug 1109951SUSE bug 1110006SUSE bug 1110998SUSE bug 1111040SUSE bug 1111062SUSE bug 1111174SUSE bug 1111506SUSE bug 1111696SUSE bug 1111809SUSE bug 1111921SUSE bug 1111983SUSE bug 1112128SUSE bug 1112170SUSE bug 1112173SUSE bug 1112208SUSE bug 1112219SUSE bug 1112221SUSE bug 1112246SUSE bug 1112372SUSE bug 1112514SUSE bug 1112554SUSE bug 1112708SUSE bug 1112710SUSE bug 1112711SUSE bug 1112712SUSE bug 1112713SUSE bug 1112731SUSE bug 1112732SUSE bug 1112733SUSE bug 1112734SUSE bug 1112735SUSE bug 1112736SUSE bug 1112738SUSE bug 1112739SUSE bug 1112740SUSE bug 1112741SUSE bug 1112743SUSE bug 1112745SUSE bug 1112746SUSE bug 1112878SUSE bug 1112894SUSE bug 1112899SUSE bug 1112902SUSE bug 1112903SUSE bug 1112905SUSE bug 1112906SUSE bug 1112907SUSE bug 1112963SUSE bug 1113257SUSE bug 1113284SUSE bug 1113295SUSE bug 1113408SUSE bug 1113412SUSE bug 1113501SUSE bug 1113667SUSE bug 1113677SUSE bug 1113722SUSE bug 1113751SUSE bug 1113769SUSE bug 1113780SUSE bug 1113972SUSE bug 1114015SUSE bug 1114178SUSE bug 1114279SUSE bug 1114385SUSE bug 1114576SUSE bug 1114577SUSE bug 1114578SUSE bug 1114579SUSE bug 1114580SUSE bug 1114581SUSE bug 1114582SUSE bug 1114583SUSE bug 1114584SUSE bug 1114585SUSE bug 1114839SUSE bug 1115074SUSE bug 1115269SUSE bug 1115431SUSE bug 1115433SUSE bug 1115440SUSE bug 1115567SUSE bug 1115709SUSE bug 1115976SUSE bug 1116183SUSE bug 1116692SUSE bug 1116693SUSE bug 1116698SUSE bug 1116699SUSE bug 1116700SUSE bug 1116701SUSE bug 1116862SUSE bug 1116863SUSE bug 1116876SUSE bug 1116877SUSE bug 1116878SUSE bug 1116891SUSE bug 1116895SUSE bug 1116899SUSE bug 1116950SUSE bug 1117168SUSE bug 1117172SUSE bug 1117174SUSE bug 1117181SUSE bug 1117184SUSE bug 1117188SUSE bug 1117189SUSE bug 1117349SUSE bug 1117561SUSE bug 1117788SUSE bug 1117789SUSE bug 1117790SUSE bug 1117791SUSE bug 1117792SUSE bug 1117794SUSE bug 1117795SUSE bug 1117796SUSE bug 1117798SUSE bug 1117799SUSE bug 1117801SUSE bug 1117802SUSE bug 1117803SUSE bug 1117804SUSE bug 1117805SUSE bug 1117806SUSE bug 1117807SUSE bug 1117808SUSE bug 1117815SUSE bug 1117816SUSE bug 1117817SUSE bug 1117818SUSE bug 1117819SUSE bug 1117820SUSE bug 1117821SUSE bug 1117822SUSE bug 1118102SUSE bug 1118136SUSE bug 1118137SUSE bug 1118138SUSE bug 1118140SUSE bug 1118152SUSE bug 1118316CVE-2017-16533 at SUSECVE-2017-16533 at NVDCVE-2017-18224 at SUSECVE-2017-18224 at NVDCVE-2018-18281 at SUSECVE-2018-18281 at NVDCVE-2018-18386 at SUSECVE-2018-18386 at NVDCVE-2018-18445 at SUSECVE-2018-18445 at NVDCVE-2018-18710 at SUSECVE-2018-18710 at NVDCVE-2018-19824 at SUSECVE-2018-19824 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript to version 9.26 fixes the following issues:
Security issues fixed:
- CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327)
- CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)
- CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274)
- CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022)
- CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229)
- CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)
- CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)
- CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)
Version update to 9.26 (bsc#1117331):
- Security issues have been the primary focus
- Minor bug fixes and improvements
- For release summary see: http://www.ghostscript.com/doc/9.26/News.htm
ImportantSUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117274SUSE bug 1117313SUSE bug 1117327SUSE bug 1117331CVE-2018-17183 at SUSECVE-2018-17183 at NVDCVE-2018-17961 at SUSECVE-2018-17961 at NVDCVE-2018-18073 at SUSECVE-2018-18073 at NVDCVE-2018-18284 at SUSECVE-2018-18284 at NVDCVE-2018-19409 at SUSECVE-2018-19409 at NVDCVE-2018-19475 at SUSECVE-2018-19475 at NVDCVE-2018-19476 at SUSECVE-2018-19476 at NVDCVE-2018-19477 at SUSECVE-2018-19477 at NVDcpe:/o:suse:sles:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4
This update for cups fixes the following issues:
Security issue fixed:
- CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750).
ImportantSUSE bug 1115750CVE-2018-4700 at SUSECVE-2018-4700 at NVDcpe:/o:suse:sles:12:sp4Security update for tcpdump (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for tcpdump fixes the following issues:
Security issues fixed:
- CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267)
ModerateSUSE bug 1117267CVE-2018-19519 at SUSECVE-2018-19519 at NVDcpe:/o:suse:sles:12:sp4Security update for openldap2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openldap2 fixes the following issues:
Security issue fixed:
- CVE-2017-17740: When both the nops module and the memberof overlay
are enabled, attempts to free a buffer that was allocated on the stack,
which allows remote attackers to cause a denial of service (slapd crash)
via a member MODDN operation. (bsc#1073313)
ModerateSUSE bug 1073313CVE-2017-17740 at SUSECVE-2017-17740 at NVDcpe:/o:suse:sles:12:sp4Security update for libqt5-qtbase (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libqt5-qtbase fixes the following issues:
Security issues fixed:
- CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)
- CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)
ModerateSUSE bug 1118595SUSE bug 1118596CVE-2018-15518 at SUSECVE-2018-15518 at NVDCVE-2018-19873 at SUSECVE-2018-19873 at NVDcpe:/o:suse:sles:12:sp4Security update for qemu (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
- CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529).
Non-security issue fixed:
- Fixed a condition when retry logic does not have been executed in case of data transmit failure or connection hungup (bsc#1108474).
ModerateSUSE bug 1106222SUSE bug 1108474SUSE bug 1110910SUSE bug 1111006SUSE bug 1111010SUSE bug 1111013SUSE bug 1114422SUSE bug 1114529CVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDcpe:/o:suse:sles:12:sp4Security update for bluez (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721)
- CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732)
ModerateSUSE bug 1013721SUSE bug 1013732CVE-2016-9800 at SUSECVE-2016-9800 at NVDCVE-2016-9801 at SUSECVE-2016-9801 at NVDcpe:/o:suse:sles:12:sp4Security update for ovmf (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916).
- CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917).
- CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917).
- CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917).
- CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917).
Non security issues fixed:
- Fixed an issue with the default owner of PK/KEK/db/dbx and make the
auto-enrollment only happen at the very first time. (bsc#1117998)
ModerateSUSE bug 1115916SUSE bug 1115917SUSE bug 1117998CVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDcpe:/o:suse:sles:12:sp4Security update for tiff (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717).
- CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594).
- CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693).
- CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693).
- CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693).
- CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460).
ModerateSUSE bug 1017693SUSE bug 1054594SUSE bug 1115717SUSE bug 990460CVE-2016-10092 at SUSECVE-2016-10092 at NVDCVE-2016-10093 at SUSECVE-2016-10093 at NVDCVE-2016-10094 at SUSECVE-2016-10094 at NVDCVE-2016-6223 at SUSECVE-2016-6223 at NVDCVE-2017-12944 at SUSECVE-2017-12944 at NVDCVE-2018-19210 at SUSECVE-2018-19210 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4
This update for mariadb fixes the following issues:
Update to MariaDB 10.0.37 GA (bsc#1116686).
Security issues fixed:
- CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)
- CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)
- CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)
- CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)
- CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)
- CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)
- CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)
- CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)
- CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)
- CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)
Non-security changes:
- Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
- do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency)
Release notes and changelog:
- https://kb.askmonty.org/en/mariadb-10037-release-notes
- https://kb.askmonty.org/en/mariadb-10037-changelog
- https://kb.askmonty.org/en/mariadb-10036-release-notes
- https://kb.askmonty.org/en/mariadb-10036-changelog
ImportantSUSE bug 1013882SUSE bug 1101676SUSE bug 1101677SUSE bug 1101678SUSE bug 1103342SUSE bug 1112368SUSE bug 1112397SUSE bug 1112417SUSE bug 1112421SUSE bug 1112432SUSE bug 1116686SUSE bug 1118754CVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2018-3058 at SUSECVE-2018-3058 at NVDCVE-2018-3063 at SUSECVE-2018-3063 at NVDCVE-2018-3064 at SUSECVE-2018-3064 at NVDCVE-2018-3066 at SUSECVE-2018-3066 at NVDCVE-2018-3143 at SUSECVE-2018-3143 at NVDCVE-2018-3156 at SUSECVE-2018-3156 at NVDCVE-2018-3174 at SUSECVE-2018-3174 at NVDCVE-2018-3251 at SUSECVE-2018-3251 at NVDCVE-2018-3282 at SUSECVE-2018-3282 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:
- Update to Firefox ESR 60.4 (bsc#1119105)
- CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
- CVE-2018-18492: Fixed a use-after-free with select element
- CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries
to steal cross-origin URLs
- CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Fixed a few memory safety bugs
Issues fixed in mozilla-nss:
- Update to NSS 3.40.1 (bsc#1119105)
- CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
- CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an
SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
- CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
- Fixed a decryption failure during FFDHE key exchange
- Various security fixes in the ASN.1 code
Issues fixed in mozilla-nspr:
- Update mozilla-nspr to 4.20 (bsc#1119105)
ImportantSUSE bug 1097410SUSE bug 1106873SUSE bug 1119069SUSE bug 1119105CVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-12405 at SUSECVE-2018-12405 at NVDCVE-2018-17466 at SUSECVE-2018-17466 at NVDCVE-2018-18492 at SUSECVE-2018-18492 at NVDCVE-2018-18493 at SUSECVE-2018-18493 at NVDCVE-2018-18494 at SUSECVE-2018-18494 at NVDCVE-2018-18498 at SUSECVE-2018-18498 at NVDcpe:/o:suse:sles:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4
This update for mailman fixes the following security vulnerabilities:
- Fixed a XSS vulnerability and information leak in user options CGI, which
could be used to execute arbitrary scripts in the user's browser via
specially encoded URLs (bsc#1077358 CVE-2018-5950)
- Fixed a directory traversal vulnerability in MTA transports when using the
recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775)
- Fixed a XSS vulnerability, which allowed malicious listowners to inject
scripts into the listinfo pages (bsc#1099510 CVE-2018-0618)
- Fixed arbitrary text injection vulnerability in several mailman CGIs
(CVE-2018-13796 bsc#1101288)
- Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352)
ImportantSUSE bug 1077358SUSE bug 1099510SUSE bug 1101288SUSE bug 925502SUSE bug 995352CVE-2015-2775 at SUSECVE-2015-2775 at NVDCVE-2016-6893 at SUSECVE-2016-6893 at NVDCVE-2018-0618 at SUSECVE-2018-0618 at NVDCVE-2018-13796 at SUSECVE-2018-13796 at NVDCVE-2018-5950 at SUSECVE-2018-5950 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wireshark fixes the following issues:
Update to Wireshark 2.4.11 (bsc#1117740).
Security issues fixed:
- CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51)
- CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52)
- CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53)
- CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54)
- CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55)
- CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56)
Further bug fixes and updated protocol support as listed in:
- https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html
ModerateSUSE bug 1117740CVE-2018-19622 at SUSECVE-2018-19622 at NVDCVE-2018-19623 at SUSECVE-2018-19623 at NVDCVE-2018-19624 at SUSECVE-2018-19624 at NVDCVE-2018-19625 at SUSECVE-2018-19625 at NVDCVE-2018-19626 at SUSECVE-2018-19626 at NVDCVE-2018-19627 at SUSECVE-2018-19627 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 fixes the following issues:
Security issue fixed:
- CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog
size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768).
ModerateSUSE bug 1126768CVE-2019-8375 at SUSECVE-2019-8375 at NVDcpe:/o:suse:sles:12:sp4Security update for ImageMagick (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330).
- CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317).
- CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).
- CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381).
- CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).
- CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).
- CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368).
- CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989).
- CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996).
- CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609).
- CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060).
- CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054).
- CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053).
- Added extra -config- packages with Postscript/EPS/PDF readers still enabled.
Removing the PS decoders is used to harden ImageMagick against security issues within
ghostscript. Enabling them might impact security. (bsc#1122033)
These are two packages that can be selected:
- ImageMagick-config-6-SUSE: This has the PS decoders disabled.
- ImageMagick-config-6-upstream: This has the PS decoders enabled.
Depending on your local needs install either one of them. The default is the -SUSE configuration.
ModerateSUSE bug 1106989SUSE bug 1106996SUSE bug 1107609SUSE bug 1120381SUSE bug 1122033SUSE bug 1124365SUSE bug 1124366SUSE bug 1124368SUSE bug 1128649SUSE bug 1130330SUSE bug 1131317SUSE bug 1132053SUSE bug 1132054SUSE bug 1132060CVE-2018-16412 at SUSECVE-2018-16412 at NVDCVE-2018-16413 at SUSECVE-2018-16413 at NVDCVE-2018-16644 at SUSECVE-2018-16644 at NVDCVE-2018-20467 at SUSECVE-2018-20467 at NVDCVE-2019-10650 at SUSECVE-2019-10650 at NVDCVE-2019-11007 at SUSECVE-2019-11007 at NVDCVE-2019-11008 at SUSECVE-2019-11008 at NVDCVE-2019-11009 at SUSECVE-2019-11009 at NVDCVE-2019-7175 at SUSECVE-2019-7175 at NVDCVE-2019-7395 at SUSECVE-2019-7395 at NVDCVE-2019-7397 at SUSECVE-2019-7397 at NVDCVE-2019-7398 at SUSECVE-2019-7398 at NVDCVE-2019-9956 at SUSECVE-2019-9956 at NVDcpe:/o:suse:sles:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
Non-security issues fixed:
- Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153).
- Abide by load_printers smb.conf parameter (bsc#1124223).
- s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755).
- s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590).
- s3:winbind: Fix regression (bsc#1123755).
ModerateSUSE bug 1099590SUSE bug 1123755SUSE bug 1124223SUSE bug 1127153SUSE bug 1131060CVE-2019-3880 at SUSECVE-2019-3880 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wireshark to version 2.4.14 fixes the following issues:
Security issues fixed:
- CVE-2019-10895: NetScaler file parser crash.
- CVE-2019-10899: SRVLOC dissector crash.
- CVE-2019-10894: GSS-API dissector crash.
- CVE-2019-10896: DOF dissector crash.
- CVE-2019-10901: LDSS dissector crash.
- CVE-2019-10903: DCERPC SPOOLSS dissector crash.
Non-security issue fixed:
- Update to version 2.4.14 (bsc#1131945).
ModerateSUSE bug 1131945CVE-2019-10894 at SUSECVE-2019-10894 at NVDCVE-2019-10895 at SUSECVE-2019-10895 at NVDCVE-2019-10896 at SUSECVE-2019-10896 at NVDCVE-2019-10899 at SUSECVE-2019-10899 at NVDCVE-2019-10901 at SUSECVE-2019-10901 at NVDCVE-2019-10903 at SUSECVE-2019-10903 at NVDcpe:/o:suse:sles:12:sp4Security update for libssh2_org (Important)SUSE Linux Enterprise Server 12 SP4
This update for libssh2_org fixes the following issues:
- Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103]
ImportantSUSE bug 1130103SUSE bug 1133528CVE-2019-3859 at SUSECVE-2019-3859 at NVDcpe:/o:suse:sles:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4
This update for git fixes the following issue:
- CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949).
ImportantSUSE bug 1110949CVE-2018-17456 at SUSECVE-2018-17456 at NVDcpe:/o:suse:sles:12:sp4Security update for wpa_supplicant (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wpa_supplicant fixes the following issues:
This security issue was fixed:
- CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages
was not checked, leading to a decryption oracle. An attacker within range of
the Access Point and client could have abused the vulnerability to recover
sensitive information (bsc#1104205).
This non-security issue was fixed:
- Enabled PWD as EAP method. This allows for password-based authentication,
which is easier to setup than most of the other methods, and is used by the
Eduroam network (bsc#1109209).
ModerateSUSE bug 1104205SUSE bug 1109209CVE-2018-14526 at SUSECVE-2018-14526 at NVDcpe:/o:suse:sles:12:sp4Security update for atftp (Important)SUSE Linux Enterprise Server 12 SP4
This update for atftp fixes the following issues:
Security issues fixed:
- CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145).
- CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114).
ImportantSUSE bug 1133114SUSE bug 1133145CVE-2019-11365 at SUSECVE-2019-11365 at NVDCVE-2019-11366 at SUSECVE-2019-11366 at NVDcpe:/o:suse:sles:12:sp4Security update for glibc (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114)
- CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018)
- CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986)
Non-security issues fixed:
- Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271)
- Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093)
- Added cfi information for start routines in order to stop unwinding (bsc#1128574)
- ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964)
ModerateSUSE bug 1100396SUSE bug 1110661SUSE bug 1122729SUSE bug 1127223SUSE bug 1127308SUSE bug 1128574SUSE bug 1131994CVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDcpe:/o:suse:sles:12:sp4Security update for krb5 (Important)SUSE Linux Enterprise Server 12 SP4
This update for krb5 fixes the following issues:
Security issue fixed:
- CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489)
ImportantSUSE bug 1120489CVE-2018-20217 at SUSECVE-2018-20217 at NVDcpe:/o:suse:sles:12:sp4Security update for libjpeg-turbo (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libjpeg-turbo fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function
which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c,
which allowed remote attackers to cause a denial-of-service via crafted JPG
files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused
by a divide by zero when processing a crafted BMP image (bsc#1098155)
ModerateSUSE bug 1096209SUSE bug 1098155SUSE bug 1128712CVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDcpe:/o:suse:sles:12:sp4Security update for hostinfo, supportutils (Important)SUSE Linux Enterprise Server 12 SP4
This update for hostinfo, supportutils fixes the following issues:
Security issues fixed for supportutils:
- CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463).
- CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460).
- CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462).
- CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776).
- CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751).
Other issues fixed for supportutils:
- Fixed invalid exit code commands (bsc#1125666)
- SUSE separation in supportconfig (bsc#1125623)
- Clarified supportconfig(8) -x option (bsc#1115245)
- supportconfig: 3.0.127
- btrfs filesystem usage
- List products.d
- Dump lsof errors
- Added ha commands for corosync
- Dumped find errors in ib_info
Issues fixed in hostinfo:
- Removed extra kernel install dates (bsc#1099498)
- Resolved network bond issue (bsc#1054979)
ImportantSUSE bug 1054979SUSE bug 1099498SUSE bug 1115245SUSE bug 1117751SUSE bug 1117776SUSE bug 1118460SUSE bug 1118462SUSE bug 1118463SUSE bug 1125623SUSE bug 1125666CVE-2018-19636 at SUSECVE-2018-19636 at NVDCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_1 to version 1.1.1b fixes the following issues:
- Changed the info callback signals for the start and end of a post-handshake
message exchange in TLSv1.3.
- Fixed a bug in DTLS over SCTP. This breaks interoperability with older versions
of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
- Fixed the handling of strerror_r with glibc.
ModerateSUSE bug 1133925cpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 to version 2.24.1 fixes the following issues:
Security issues fixed:
- CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506,
CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551,
CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256).
ImportantSUSE bug 1132256CVE-2019-11070 at SUSECVE-2019-11070 at NVDCVE-2019-6201 at SUSECVE-2019-6201 at NVDCVE-2019-6251 at SUSECVE-2019-6251 at NVDCVE-2019-7285 at SUSECVE-2019-7285 at NVDCVE-2019-7292 at SUSECVE-2019-7292 at NVDCVE-2019-8503 at SUSECVE-2019-8503 at NVDCVE-2019-8506 at SUSECVE-2019-8506 at NVDCVE-2019-8515 at SUSECVE-2019-8515 at NVDCVE-2019-8524 at SUSECVE-2019-8524 at NVDCVE-2019-8535 at SUSECVE-2019-8535 at NVDCVE-2019-8536 at SUSECVE-2019-8536 at NVDCVE-2019-8544 at SUSECVE-2019-8544 at NVDCVE-2019-8551 at SUSECVE-2019-8551 at NVDCVE-2019-8558 at SUSECVE-2019-8558 at NVDCVE-2019-8559 at SUSECVE-2019-8559 at NVDCVE-2019-8563 at SUSECVE-2019-8563 at NVDcpe:/o:suse:sles:12:sp4Security update for ovmf (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ovmf fixes the following issues:
Security issue fixed:
- CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could
potentially be triggered by a local unauthenticated user (bsc#1131361).
ModerateSUSE bug 1131361CVE-2019-0161 at SUSECVE-2019-0161 at NVDcpe:/o:suse:sles:12:sp4Security update for freeradius-server (Important)SUSE Linux Enterprise Server 12 SP4
This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).
ImportantSUSE bug 1132549SUSE bug 1132664CVE-2019-11234 at SUSECVE-2019-11234 at NVDCVE-2019-11235 at SUSECVE-2019-11235 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4
This update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686)
Security issues fixed:
- CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)
- CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156,
CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162,
CVE-2018-3173, CVE-2018-3200, CVE-2018-3284:
Fixed multiple denial of service vulnerabilities
(bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417,
bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386,
bsc#1112404, bsc#1112377, bsc#1112384)
Non-security issues fixed:
- Fixed database corruption after renaming a prefix-indexed column (bsc#1120041)
- Remove PerconaFT from the package as it has a AGPL license (bsc#1118754)
- Enable testing for client plugins (bsc#1111859)
- Improve test coverage by keeping debug_key_management.so (bsc#1111858)
ImportantSUSE bug 1013882SUSE bug 1111858SUSE bug 1111859SUSE bug 1112368SUSE bug 1112377SUSE bug 1112384SUSE bug 1112386SUSE bug 1112391SUSE bug 1112397SUSE bug 1112404SUSE bug 1112415SUSE bug 1112417SUSE bug 1112421SUSE bug 1112432SUSE bug 1116686SUSE bug 1118754SUSE bug 1120041CVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2018-3143 at SUSECVE-2018-3143 at NVDCVE-2018-3156 at SUSECVE-2018-3156 at NVDCVE-2018-3162 at SUSECVE-2018-3162 at NVDCVE-2018-3173 at SUSECVE-2018-3173 at NVDCVE-2018-3174 at SUSECVE-2018-3174 at NVDCVE-2018-3185 at SUSECVE-2018-3185 at NVDCVE-2018-3200 at SUSECVE-2018-3200 at NVDCVE-2018-3251 at SUSECVE-2018-3251 at NVDCVE-2018-3277 at SUSECVE-2018-3277 at NVDCVE-2018-3282 at SUSECVE-2018-3282 at NVDCVE-2018-3284 at SUSECVE-2018-3284 at NVDcpe:/o:suse:sles:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).
- CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).
ModerateSUSE bug 1085790SUSE bug 1132045CVE-2017-10989 at SUSECVE-2017-10989 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDcpe:/o:suse:sles:12:sp4Security update for jakarta-commons-fileupload (Important)SUSE Linux Enterprise Server 12 SP4
This update for jakarta-commons-fileupload fixes the following issue:
Security issue fixed:
- CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829).
ImportantSUSE bug 1128829SUSE bug 1128963CVE-2016-1000031 at SUSECVE-2016-1000031 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-openjdk to version 8u212 fixes the following issues:
Security issues fixed:
- CVE-2019-2602: Better String parsing (bsc#1132728).
- CVE-2019-2684: More dynamic RMI interactions (bsc#1132732).
- CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729).
- CVE-2019-2422: Better FileChannel (bsc#1122293).
- CVE-2018-11212: Improve JPEG (bsc#1122299).
Non-Security issue fixed:
- Disable LTO (bsc#1133135).
- Added Japanese new era name.
ImportantSUSE bug 1122293SUSE bug 1122299SUSE bug 1132728SUSE bug 1132729SUSE bug 1132732SUSE bug 1133135CVE-2018-11212 at SUSECVE-2018-11212 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2019-2422 at SUSECVE-2019-2422 at NVDCVE-2019-2426 at SUSECVE-2019-2426 at NVDCVE-2019-2602 at SUSECVE-2019-2602 at NVDCVE-2019-2684 at SUSECVE-2019-2684 at NVDCVE-2019-2698 at SUSECVE-2019-2698 at NVDcpe:/o:suse:sles:12:sp4Security update for libxslt (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libxslt fixes the following issues:
- CVE-2019-11068: Fixed a protection mechanism bypass where callers of
xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an
error (bsc#1132160).
ModerateSUSE bug 1132160CVE-2019-11068 at SUSECVE-2019-11068 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
These updates contain the CPU Microcode adjustments for the software mitigations.
For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736
Release notes:
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2
- ---- updated platforms ------------------------------------
- SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
- IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3
- HSW C0 6-3c-3/32 00000025->00000027 Core Gen4
- BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5
- IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2
- IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2
- HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3
- HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3
- HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4
- HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4
- BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5
- SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6
- SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
- SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx
- BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40
- BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
- BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87
- BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53
- APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
- SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
- DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series
- GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx
- AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
- WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
- KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8
- CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9
ImportantSUSE bug 1111331CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDcpe:/o:suse:sles:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4
This update for qemu fixes the following issues:
- CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)
- CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host
information, which can be considered a security issue (bsc#1126455)
- CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721)
- CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675)
- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest
upstream adjustments for the same. Basically now the security fix
is to provide a dummy host-model and host-serial value, which
overrides getting that value from the host
- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331)
Other bugs fixed:
- Use a new approach to handling the file input to -smbios option,
which accepts either legacy or per-spec formats regardless of the
machine type.
- Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962)
ImportantSUSE bug 1111331SUSE bug 1125721SUSE bug 1126455SUSE bug 1129622SUSE bug 1129962SUSE bug 1130675CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-3812 at SUSECVE-2019-3812 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.
For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736
The following security bugs were fixed:
- CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767).
- CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427).
- CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704).
- CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681).
- CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828).
The following non-security bugs were fixed:
- 9p: do not trust pdu content for stat item size (bsc#1051510).
- ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399).
- acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426).
- ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).
- alsa: core: Fix card races between register and disconnect (bsc#1051510).
- alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510).
- alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510).
- alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510).
- alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510).
- alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510).
- alsa: firewire-motu: add support for Motu Traveler (bsc#1051510).
- alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510).
- alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510).
- alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510).
- alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510).
- alsa: hda: Initialize power_state field properly (bsc#1051510).
- alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).
- alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442).
- alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510).
- alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510).
- alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510).
- alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510).
- alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).
- alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510).
- alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510).
- alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510).
- alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510).
- alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).
- alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510).
- alsa: info: Fix racy addition/deletion of nodes (bsc#1051510).
- alsa: line6: use dynamic buffers (bsc#1051510).
- alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510).
- alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510).
- alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510).
- alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510).
- alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: sb8: add a check for request_region (bsc#1051510).
- alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).
- alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510).
- ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510).
- ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).
- ASoC: topology: free created components in tplg load error (bsc#1051510).
- assume flash part size to be 4MB, if it can't be determined (bsc#1127371).
- ath10k: avoid possible string overflow (bsc#1051510).
- auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510).
- auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510).
- batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510).
- batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510).
- batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510).
- bcm2835 MMC issues (bsc#1070872).
- blkcg: Introduce blkg_root_lookup() (bsc#1131673).
- blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673).
- blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673).
- blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673).
- blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673).
- blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673).
- blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).
- blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673).
- blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673).
- block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673).
- block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673).
- block: Introduce blk_exit_queue() (bsc#1131673).
- block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).
- block: remove bio_rewind_iter() (bsc#1131673).
- bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).
- bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510).
- bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510).
- bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510).
- bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510).
- bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731).
- bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07).
- bonding: fix PACKET_ORIGDEV regression (git-fixes).
- bpf: fix use after free in bpf_evict_inode (bsc#1083647).
- btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes).
- btrfs: check for refs on snapshot delete resume (bsc#1131335).
- btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848).
- btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).
- btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518).
- btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195).
- btrfs: remove WARN_ON in log_dir_items (bsc#1131847).
- btrfs: save drop_progress if we drop refs at all (bsc#1131336).
- cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).
- cgroup: fix parsing empty mount option string (bsc#1133094).
- cifs: allow guest mounts to work for smb3.11 (bsc#1051510).
- cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).
- cifs: do not dereference smb_file_target before null check (bsc#1051510).
- cifs: Do not hide EINTR after sending network packets (bsc#1051510).
- cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).
- cifs: Do not reset lease state to NONE on lease break (bsc#1051510).
- cifs: Fix adjustment of credits for MTU requests (bsc#1051510).
- cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510).
- cifs: Fix credits calculations for reads with errors (bsc#1051510).
- cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).
- cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).
- cifs: Fix potential OOB access of lock element array (bsc#1051510).
- cifs: Fix read after write for files with read caching (bsc#1051510).
- clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510).
- clk: fractional-divider: check parent rate only if flag is set (bsc#1051510).
- clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510).
- clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510).
- clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).
- clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510).
- clk: vc5: Abort clock configuration without upstream clock (bsc#1051510).
- clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510).
- clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510).
- clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510).
- cpcap-charger: generate events for userspace (bsc#1051510).
- cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510).
- cpufreq: tegra124: add missing of_node_put() (bsc#1051510).
- cpupowerutils: bench - Fix cpu online check (bsc#1051510).
- cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
- crypto: caam - add missing put_device() call (bsc#1129770).
- crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).
- crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).
- crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).
- crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).
- crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510).
- cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371).
- cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371).
- cxgb4: Add flag tc_flower_initialized (bsc#1127371).
- cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).
- cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).
- cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).
- cxgb4: add per rx-queue counter for packet errors (bsc#1127371).
- cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).
- cxgb4: add support to display DCB info (bsc#1127371).
- cxgb4: Add support to read actual provisioned resources (bsc#1127371).
- cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).
- cxgb4: collect hardware queue descriptors (bsc#1127371).
- cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).
- cxgb4: convert flower table to use rhashtable (bsc#1127371).
- cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371).
- cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).
- cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).
- cxgb4/cxgb4vf: Link management changes (bsc#1127371).
- cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371).
- cxgb4: display number of rx and tx pages free (bsc#1127371).
- cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).
- cxgb4: Export sge_host_page_size to ulds (bsc#1127371).
- cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).
- cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).
- cxgb4: Mask out interrupts that are not enabled (bsc#1127175).
- cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).
- cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371).
- cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).
- cxgb4: remove the unneeded locks (bsc#1127371).
- cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).
- cxgb4: Support ethtool private flags (bsc#1127371).
- cxgb4: update supported DCB version (bsc#1127371).
- cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).
- cxgb4vf: Few more link management changes (bsc#1127374).
- cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).
- cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).
- device_cgroup: fix RCU imbalance in error case (bsc#1051510).
- device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510).
- Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).
- dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510).
- dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).
- dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510).
- dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).
- dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).
- Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).
- Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).
- drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510).
- drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722)
- drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510).
- drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510).
- drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)
- drm/i915/gvt: Annotate iomem usage (bsc#1051510).
- drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510).
- drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)
- drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510).
- drm/i915: Relax mmap VMA check (bsc#1051510).
- drm/imx: ignore plane updates on disabled crtcs (bsc#1051510).
- drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510).
- drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722)
- drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510).
- drm/meson: Uninstall IRQ handler (bsc#1051510).
- drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510).
- drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).
- drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).
- drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)
- drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722)
- drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722)
- drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722)
- drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722)
- drm/udl: add a release method and delay modeset teardown (bsc#1085536)
- drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)
- dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20).
- e1000e: fix cyclic resets at link up with active tx (bsc#1051510).
- e1000e: Fix -Wformat-truncation warnings (bsc#1051510).
- ext2: Fix underflow in ext2_max_size() (bsc#1131174).
- ext4: add mask of ext4 flags to swap (bsc#1131170).
- ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176).
- ext4: Avoid panic during forced reboot (bsc#1126356).
- ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173).
- ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).
- ext4: cleanup pagecache before swap i_data (bsc#1131178).
- ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177).
- ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172).
- ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180).
- ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171).
- ext4: update quota information while swapping boot loader inode (bsc#1131179).
- fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510).
- fix cgroup_do_mount() handling of failure exits (bsc#1133095).
- Fix kabi after 'md: batch flush requests.' (bsc#1119680).
- Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937).
- fm10k: Fix a potential NULL pointer dereference (bsc#1051510).
- fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).
- fs/dax: deposit pagetable even when installing zero page (bsc#1126740).
- fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).
- futex: Cure exit race (bsc#1050549).
- futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549).
- futex: Handle early deadlock return correctly (bsc#1050549).
- gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510).
- gpio: gpio-omap: fix level interrupt idling (bsc#1051510).
- gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).
- hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486).
- hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).
- hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510).
- hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07).
- hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus ().
- hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887).
- hwrng: virtio - Avoid repeated init of completion (bsc#1051510).
- i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).
- i2c: tegra: fix maximum transfer size (bsc#1051510).
- ibmvnic: Enable GRO (bsc#1132227).
- ibmvnic: Fix completion structure initialization (bsc#1131659).
- ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).
- iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510).
- iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).
- iio: ad_sigma_delta: select channel when reading register (bsc#1051510).
- iio: core: fix a possible circular locking dependency (bsc#1051510).
- iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).
- iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510).
- iio: Fix scan mask selection (bsc#1051510).
- iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).
- iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).
- input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510).
- input: matrix_keypad - use flush_delayed_work() (bsc#1051510).
- input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510).
- input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510).
- input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510).
- input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902).
- intel_idle: add support for Jacobsville (jsc#SLE-5394).
- io: accel: kxcjk1013: restore the range after resume (bsc#1051510).
- iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336).
- iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337).
- iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425).
- iommu/amd: Set exclusion range correctly (bsc#1130425).
- iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130).
- iommu/vt-d: Check capability before disabling protected memory (bsc#1130338).
- ip6: fix PMTU discovery when using /127 subnets (git-fixes).
- ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes).
- ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes).
- ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).
- ipmi_ssif: Remove duplicate NULL check (bsc#1108193).
- ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).
- ipv4/route: fail early when inet dev is missing (git-fixes).
- ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).
- ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).
- ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).
- ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).
- ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15).
- ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).
- irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510).
- irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510).
- iscsi_ibft: Fix missing break in switch statement (bsc#1051510).
- iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).
- iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).
- iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).
- iwlwifi: mvm: fix firmware statistics usage (bsc#1129770).
- jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167).
- jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168).
- kABI: restore icmp_send (kabi).
- kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372)
- kabi/severities: add libcxgb to cxgb intra module symbols as well
- kabi/severities: exclude cxgb4 inter-module symbols
- kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510).
- kbuild: fix false positive warning/error about missing libelf (bsc#1051510).
- kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290).
- kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).
- kcm: switch order of device registration to fix a crash (bnc#1130527).
- kernfs: do not set dentry->d_fsdata (boo#1133115).
- keys: always initialize keyring_index_key::desc_len (bsc#1051510).
- keys: user: Align the payload buffer (bsc#1051510).
- kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563).
- kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).
- kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561).
- kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564).
- kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562).
- kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840).
- kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149).
- kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555).
- kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).
- kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570).
- kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571).
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).
- leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510).
- libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427).
- libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- lightnvm: if LUNs are already allocated fix return (bsc#1085535).
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331).
- mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510).
- mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510).
- mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510).
- md: batch flush requests (bsc#1119680).
- md: Fix failed allocation of md_register_thread (git-fixes).
- md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).
- md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).
- media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).
- media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132).
- media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510).
- media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086).
- memremap: fix softlockup reports at teardown (bnc#1130154).
- mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510).
- missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15).
- mmc: davinci: remove extraneous __init annotation (bsc#1051510).
- mmc: pxamci: fix enum type confusion (bsc#1051510).
- mmc: sdhci: Fix data command CRC error handling (bsc#1051510).
- mmc: sdhci: Handle auto-command errors (bsc#1051510).
- mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510).
- mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).
- mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).
- mm: Fix modifying of page protection by insert_pfn() (bsc#1126740).
- mm: Fix warning in insert_pfn() (bsc#1126740).
- mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740).
- mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935).
- mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825).
- mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07).
- mt7601u: bump supported EEPROM version (bsc#1051510).
- mwifiex: do not advertise IBSS features without FW support (bsc#1129770).
- net: Add header for usage of fls64() (networking-stable-19_02_20).
- net: Add __icmp_send helper (networking-stable-19_03_07).
- net: avoid false positives in untrusted gso validation (git-fixes).
- net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).
- net: bridge: add vlan_tunnel to bridge port policies (git-fixes).
- net: bridge: fix per-port af_packet sockets (git-fixes).
- net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes).
- net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes).
- net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20).
- net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).
- net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342).
- netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes).
- netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes).
- netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes).
- netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes).
- netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes).
- netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes).
- netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes).
- net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20).
- net: fix IPv6 prefix route residue (networking-stable-19_02_20).
- net: Fix untag for vlan packets without ethernet header (git-fixes).
- net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes).
- net/hsr: Check skb_put_padto() return value (git-fixes).
- net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15).
- net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15).
- netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07).
- netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes).
- net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24).
- net/ncsi: Fix AEN HNCDSC packet length (git-fixes).
- net/ncsi: Stop monitor if channel times out or is inactive (git-fixes).
- net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07).
- net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24).
- net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes).
- net_sched: acquire RTNL in tc_action_net_exit() (git-fixes).
- net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24).
- net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15).
- net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07).
- net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15).
- net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07).
- net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes).
- net: validate untrusted gso packets without csum offload (networking-stable-19_02_20).
- net/x25: fix a race in x25_bind() (networking-stable-19_03_15).
- net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15).
- net/x25: reset state in x25_connect() (networking-stable-19_03_15).
- net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes).
- nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510).
- nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes).
- nfsd4: catch some false session retries (git-fixes).
- nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes).
- nfsd: fix memory corruption caused by readdir (bsc#1127445).
- nfsd: fix memory corruption caused by readdir (bsc#1127445).
- nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes).
- nfs: Do not use page_file_mapping after removing the page (git-fixes).
- nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).
- nfs: Fix a soft lockup in the delegation recovery code (git-fixes).
- nfs: Fix a typo in nfs_init_timeout_values() (git-fixes).
- nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).
- nfs: Fix I/O request leakages (git-fixes).
- nfs: fix mount/umount race in nlmclnt (git-fixes).
- nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes).
- nfsv4.1 do not free interrupted slot on open (git-fixes).
- nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes).
- nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes).
- nvme: add proper discard setup for the multipath device (bsc#1114638).
- nvme: fix the dangerous reference of namespaces list (bsc#1131673).
- nvme: make sure ns head inherits underlying device limits (bsc#1131673).
- nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273).
- nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673).
- nvme: only reconfigure discard if necessary (bsc#1114638).
- nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105).
- ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169).
- pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510).
- pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510).
- pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510).
- pci: pciehp: Convert to threaded IRQ (bsc#1133005).
- pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005).
- phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510).
- pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510).
- powercap: intel_rapl: add support for Jacobsville ().
- powercap: intel_rapl: add support for Jacobsville (FATE#327454).
- powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).
- powerpc/64: Disable the speculation barrier from the command line (bsc#1131107).
- powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes).
- powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).
- powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107).
- powerpc/64s: Add support for software count cache flush (bsc#1131107).
- powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).
- powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937).
- powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107).
- powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).
- powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).
- powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840).
- powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).
- powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900).
- powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).
- powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).
- powerpc/mm: Check secondary hash page table (bsc#1065729).
- powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes).
- powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes).
- powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900).
- powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes).
- powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes).
- powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes).
- powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes).
- powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584).
- powerpc/numa: improve control of topology updates (bsc#1133584).
- powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).
- powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043).
- powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121).
- powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840).
- powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).
- powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840).
- powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840).
- powerpc/powernv: Make opal log only readable by root (bsc#1065729).
- powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107).
- powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).
- powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes).
- powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107).
- powerpc/security: Fix spectre_v2 reporting (bsc#1131107).
- powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
- powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).
- powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587).
- power: supply: charger-manager: Fix incorrect return value (bsc#1051510).
- pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510).
- qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07).
- qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510).
- qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510).
- raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes).
- ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535).
- ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15).
- rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).
- rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).
- rdma/cxgb4: Add support for srq functions & structs (bsc#1127371).
- rdma/cxgb4: fix some info leaks (bsc#1127371).
- rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).
- rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).
- rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).
- rds: fix refcount bug in rds_sock_addref (git-fixes).
- rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes).
- regulator: max77620: Initialize values for DT properties (bsc#1051510).
- regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510).
- Revert drm/i915 patches that caused regressions (bsc#1131062)
- Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes).
- rhashtable: Still do rehash when we get EEXIST (bsc#1051510).
- ring-buffer: Check if memory is available before allocation (bsc#1132531).
- rpm/config.sh: Fix build project and bugzilla product.
- rtc: 88pm80x: fix unintended sign extension (bsc#1051510).
- rtc: 88pm860x: fix unintended sign extension (bsc#1051510).
- rtc: cmos: ignore bogus century byte (bsc#1051510).
- rtc: ds1672: fix unintended sign extension (bsc#1051510).
- rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510).
- rtc: pm8xxx: fix unintended sign extension (bsc#1051510).
- rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes).
- rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes).
- rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes).
- rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes).
- rxrpc: Do not release call mutex on error pointer (git-fixes).
- rxrpc: Do not treat call aborts as conn aborts (git-fixes).
- rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15).
- rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes).
- s390/dasd: fix panic for failed online processing (bsc#1132589).
- s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544).
- s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
- scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378).
- scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).
- scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579).
- sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24).
- serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510).
- serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510).
- serial: imx: Update cached mctrl value when changing RTS (bsc#1051510).
- serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510).
- serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510).
- sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24).
- smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510).
- soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510).
- SoC: imx-sgtl5000: add missing put_device() (bsc#1051510).
- soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).
- soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).
- spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510).
- spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510).
- spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510).
- staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510).
- staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510).
- staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510).
- staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510).
- staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).
- staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).
- staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510).
- staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).
- sunrpc/cache: handle missing listeners better (bsc#1126221).
- sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes).
- supported.conf: Add vxlan to kernel-default-base (bsc#1132083).
- supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574).
- svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).
- svm: Fix AVIC DFR and LDR handling (bsc#1132558).
- svm: Fix improper check when deactivate AVIC (bsc#1130335).
- sysctl: handle overflow for file-max (bsc#1051510).
- tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).
- tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20).
- thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510).
- thermal/intel_powerclamp: fix truncated kthread name ().
- thermal/intel_powerclamp: fix truncated kthread name (FATE#326597).
- tipc: fix race condition causing hung sendto (networking-stable-19_03_07).
- tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510).
- tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555).
- tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510).
- tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510).
- tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702).
- tracing: Fix buffer_ref pipe ops (bsc#1133698).
- tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527).
- tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510).
- tun: fix blocking read (networking-stable-19_03_07).
- tun: remove unnecessary memory barrier (networking-stable-19_03_07).
- udf: Fix crash on IO error during truncate (bsc#1131175).
- uio: Reduce return paths from uio_write() (bsc#1051510).
- Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371).
- usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).
- usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).
- usb: common: Consider only available nodes for dr_mode (bsc#1129770).
- usb: core: only clean up what we allocated (bsc#1051510).
- usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510).
- usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510).
- usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510).
- usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770).
- usb: gadget: Potential NULL dereference on allocation error (bsc#1051510).
- usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510).
- usb: mtu3: fix EXTCON dependency (bsc#1051510).
- usb: phy: fix link errors (bsc#1051510).
- usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510).
- usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770).
- usb: serial: cp210x: add new device id (bsc#1051510).
- usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).
- usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510).
- usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770).
- usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770).
- usb: serial: option: add Olicard 600 (bsc#1051510).
- usb: serial: option: add support for Quectel EM12 (bsc#1051510).
- usb: serial: option: add Telit ME910 ECM composition (bsc#1129770).
- usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770).
- vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219).
- vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219).
- vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219).
- vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219).
- vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219).
- vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219).
- vfs: limit size of dedupe (bsc#1132397, bsc#1132219).
- vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219).
- vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).
- vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219).
- vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219).
- video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510).
- vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20).
- wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510).
- wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510).
- x86/cpu: Add Atom Tremont (Jacobsville) ().
- x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454).
- x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279).
- x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331).
- x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572).
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331).
- x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415).
- x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415).
- x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415).
- x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415).
- x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).
- x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).
- x86/mce: Handle varying MCA bank counts (bsc#1128415).
- x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279).
- x86/msr-index: Cleanup bit defines (bsc#1111331).
- x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).
- x86/speculation: Consolidate CPU whitelists (bsc#1111331).
- x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331).
- x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).
- x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331).
- x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331).
- x86/speculation/mds: Add mitigation control for MDS (bsc#1111331).
- x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331).
- x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331).
- x86/speculation/mds: Add SMT warning message (bsc#1111331).
- x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331).
- x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331).
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331).
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331).
- x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331).
- x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).
- x86/speculation: Simplify the CPU bug detection logic (bsc#1111331).
- x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
- x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).
- x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279).
- xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07).
- xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07).
- xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).
- xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes).
- xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes).
- xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes).
- xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).
- xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219).
- xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219).
- xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).
- xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219).
- xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219).
- xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219).
- xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219).
- xfs: fix reporting supported extra file attributes for statx() (bsc#1133529).
- xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219).
- xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675).
- xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219).
- xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219).
- xfs: refactor xfs_trans_roll (bsc#1133667).
- xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219).
- xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219).
- xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219).
- xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).
- xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).
- xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219).
- xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219).
- xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510).
- xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510).
ImportantSUSE bug 1050549SUSE bug 1051510SUSE bug 1052904SUSE bug 1053043SUSE bug 1055117SUSE bug 1055121SUSE bug 1055186SUSE bug 1061840SUSE bug 1065600SUSE bug 1065729SUSE bug 1070872SUSE bug 1082555SUSE bug 1083647SUSE bug 1085535SUSE bug 1085536SUSE bug 1088804SUSE bug 1094244SUSE bug 1097583SUSE bug 1097584SUSE bug 1097585SUSE bug 1097586SUSE bug 1097587SUSE bug 1097588SUSE bug 1100132SUSE bug 1103186SUSE bug 1103259SUSE bug 1108193SUSE bug 1108937SUSE bug 1111331SUSE bug 1112128SUSE bug 1112178SUSE bug 1113399SUSE bug 1113722SUSE bug 1114279SUSE bug 1114542SUSE bug 1114638SUSE bug 1119086SUSE bug 1119680SUSE bug 1120318SUSE bug 1120902SUSE bug 1122767SUSE bug 1123105SUSE bug 1125342SUSE bug 1126221SUSE bug 1126356SUSE bug 1126704SUSE bug 1126740SUSE bug 1127175SUSE bug 1127371SUSE bug 1127372SUSE bug 1127374SUSE bug 1127378SUSE bug 1127445SUSE bug 1128415SUSE bug 1128544SUSE bug 1129273SUSE bug 1129276SUSE bug 1129770SUSE bug 1130130SUSE bug 1130154SUSE bug 1130195SUSE bug 1130335SUSE bug 1130336SUSE bug 1130337SUSE bug 1130338SUSE bug 1130425SUSE bug 1130427SUSE bug 1130518SUSE bug 1130527SUSE bug 1130567SUSE bug 1130579SUSE bug 1131062SUSE bug 1131107SUSE bug 1131167SUSE bug 1131168SUSE bug 1131169SUSE bug 1131170SUSE bug 1131171SUSE bug 1131172SUSE bug 1131173SUSE bug 1131174SUSE bug 1131175SUSE bug 1131176SUSE bug 1131177SUSE bug 1131178SUSE bug 1131179SUSE bug 1131180SUSE bug 1131290SUSE bug 1131326SUSE bug 1131335SUSE bug 1131336SUSE bug 1131416SUSE bug 1131427SUSE bug 1131442SUSE bug 1131467SUSE bug 1131574SUSE bug 1131587SUSE bug 1131659SUSE bug 1131673SUSE bug 1131847SUSE bug 1131848SUSE bug 1131851SUSE bug 1131900SUSE bug 1131934SUSE bug 1131935SUSE bug 1132083SUSE bug 1132219SUSE bug 1132226SUSE bug 1132227SUSE bug 1132365SUSE bug 1132368SUSE bug 1132369SUSE bug 1132370SUSE bug 1132372SUSE bug 1132373SUSE bug 1132384SUSE bug 1132397SUSE bug 1132402SUSE bug 1132403SUSE bug 1132404SUSE bug 1132405SUSE bug 1132407SUSE bug 1132411SUSE bug 1132412SUSE bug 1132413SUSE bug 1132414SUSE bug 1132426SUSE bug 1132527SUSE bug 1132531SUSE bug 1132555SUSE bug 1132558SUSE bug 1132561SUSE bug 1132562SUSE bug 1132563SUSE bug 1132564SUSE bug 1132570SUSE bug 1132571SUSE bug 1132572SUSE bug 1132589SUSE bug 1132618SUSE bug 1132681SUSE bug 1132726SUSE bug 1132828SUSE bug 1132943SUSE bug 1133005SUSE bug 1133094SUSE bug 1133095SUSE bug 1133115SUSE bug 1133149SUSE bug 1133486SUSE bug 1133529SUSE bug 1133584SUSE bug 1133667SUSE bug 1133668SUSE bug 1133672SUSE bug 1133674SUSE bug 1133675SUSE bug 1133698SUSE bug 1133702SUSE bug 1133731SUSE bug 1133769SUSE bug 1133772SUSE bug 1133774SUSE bug 1133778SUSE bug 1133779SUSE bug 1133780SUSE bug 1133825SUSE bug 1133850SUSE bug 1133851SUSE bug 1133852CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-16880 at SUSECVE-2018-16880 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-3882 at SUSECVE-2019-3882 at NVDCVE-2019-9003 at SUSECVE-2019-9003 at NVDCVE-2019-9500 at SUSECVE-2019-9500 at NVDCVE-2019-9503 at SUSECVE-2019-9503 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes.
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.
For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736
The following security bugs were fixed:
- CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767).
- CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704).
- CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828).
- CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681).
- CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427).
The following non-security bugs were fixed:
- 9p: do not trust pdu content for stat item size (bsc#1051510).
- acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399).
- acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128) (bsc#1132426).
- acpi / sbs: Fix GPE storm on recent MacBookPro's (bsc#1051510).
- alsa: core: Fix card races between register and disconnect (bsc#1051510).
- alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510).
- alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510).
- alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510).
- alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510).
- alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510).
- alsa: firewire-motu: add support for Motu Traveler (bsc#1051510).
- alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510).
- alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510).
- alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510).
- alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510).
- alsa: hda: Initialize power_state field properly (bsc#1051510).
- alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).
- alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442).
- alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510).
- alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510).
- alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510).
- alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510).
- alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).
- alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510).
- alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510).
- alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510).
- alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510).
- alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).
- alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510).
- alsa: info: Fix racy addition/deletion of nodes (bsc#1051510).
- alsa: line6: use dynamic buffers (bsc#1051510).
- alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510).
- alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510).
- alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510).
- alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510).
- alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: sb8: add a check for request_region (bsc#1051510).
- alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).
- alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510).
- ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510).
- ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).
- ASoC: topology: free created components in tplg load error (bsc#1051510).
- assume flash part size to be 4MB, if it can't be determined (bsc#1127371).
- ath10k: avoid possible string overflow (bsc#1051510).
- auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510).
- auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510).
- batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510).
- batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510).
- batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510).
- bcm2835 MMC issues (bsc#1070872).
- blkcg: Introduce blkg_root_lookup() (bsc#1131673).
- blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673).
- blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673).
- blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673).
- blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673).
- blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673).
- blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).
- blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673).
- blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673).
- block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673).
- block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673).
- block: Introduce blk_exit_queue() (bsc#1131673).
- block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).
- block: remove bio_rewind_iter() (bsc#1131673).
- bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).
- bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510).
- bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510).
- bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510).
- bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510).
- bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731).
- bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07).
- bonding: fix PACKET_ORIGDEV regression (git-fixes).
- bpf: fix use after free in bpf_evict_inode (bsc#1083647).
- btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes).
- btrfs: check for refs on snapshot delete resume (bsc#1131335).
- btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848).
- btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).
- btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518).
- btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195).
- btrfs: remove WARN_ON in log_dir_items (bsc#1131847).
- btrfs: save drop_progress if we drop refs at all (bsc#1131336).
- cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).
- cgroup: fix parsing empty mount option string (bsc#1133094).
- cifs: allow guest mounts to work for smb3.11 (bsc#1051510).
- cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).
- cifs: do not dereference smb_file_target before null check (bsc#1051510).
- cifs: Do not hide EINTR after sending network packets (bsc#1051510).
- cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).
- cifs: Do not reset lease state to NONE on lease break (bsc#1051510).
- cifs: Fix adjustment of credits for MTU requests (bsc#1051510).
- cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510).
- cifs: Fix credits calculations for reads with errors (bsc#1051510).
- cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).
- cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).
- cifs: Fix potential OOB access of lock element array (bsc#1051510).
- cifs: Fix read after write for files with read caching (bsc#1051510).
- clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510).
- clk: fractional-divider: check parent rate only if flag is set (bsc#1051510).
- clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510).
- clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510).
- clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).
- clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510).
- clk: vc5: Abort clock configuration without upstream clock (bsc#1051510).
- clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510).
- clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510).
- clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510).
- cpcap-charger: generate events for userspace (bsc#1051510).
- cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510).
- cpufreq: tegra124: add missing of_node_put() (bsc#1051510).
- cpupowerutils: bench - Fix cpu online check (bsc#1051510).
- cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
- crypto: caam - add missing put_device() call (bsc#1129770).
- crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).
- crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).
- crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).
- crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).
- crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510).
- cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371).
- cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371).
- cxgb4: Add flag tc_flower_initialized (bsc#1127371).
- cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).
- cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).
- cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).
- cxgb4: add per rx-queue counter for packet errors (bsc#1127371).
- cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).
- cxgb4: add support to display DCB info (bsc#1127371).
- cxgb4: Add support to read actual provisioned resources (bsc#1127371).
- cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).
- cxgb4: collect hardware queue descriptors (bsc#1127371).
- cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).
- cxgb4: convert flower table to use rhashtable (bsc#1127371).
- cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371).
- cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).
- cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).
- cxgb4/cxgb4vf: Link management changes (bsc#1127371).
- cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371).
- cxgb4: display number of rx and tx pages free (bsc#1127371).
- cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).
- cxgb4: Export sge_host_page_size to ulds (bsc#1127371).
- cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).
- cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).
- cxgb4: Mask out interrupts that are not enabled (bsc#1127175).
- cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).
- cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371).
- cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).
- cxgb4: remove the unneeded locks (bsc#1127371).
- cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).
- cxgb4: Support ethtool private flags (bsc#1127371).
- cxgb4: update supported DCB version (bsc#1127371).
- cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).
- cxgb4vf: Few more link management changes (bsc#1127374).
- cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).
- cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).
- device_cgroup: fix RCU imbalance in error case (bsc#1051510).
- device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510).
- Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).
- dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510).
- dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).
- dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510).
- dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).
- dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).
- drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).
- drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).
- drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).
- drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510).
- drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722)
- drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510).
- drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510).
- drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)
- drm/i915/gvt: Annotate iomem usage (bsc#1051510).
- drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510).
- drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)
- drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510).
- drm/i915: Relax mmap VMA check (bsc#1051510).
- drm/imx: ignore plane updates on disabled crtcs (bsc#1051510).
- drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510).
- drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722)
- drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510).
- drm/meson: Uninstall IRQ handler (bsc#1051510).
- drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510).
- drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).
- drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).
- drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)
- drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722)
- drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722)
- drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722)
- drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722)
- drm/udl: add a release method and delay modeset teardown (bsc#1085536)
- drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)
- dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20).
- e1000e: fix cyclic resets at link up with active tx (bsc#1051510).
- e1000e: Fix -Wformat-truncation warnings (bsc#1051510).
- ext2: Fix underflow in ext2_max_size() (bsc#1131174).
- ext4: add mask of ext4 flags to swap (bsc#1131170).
- ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176).
- ext4: Avoid panic during forced reboot (bsc#1126356).
- ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173).
- ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).
- ext4: cleanup pagecache before swap i_data (bsc#1131178).
- ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177).
- ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172).
- ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180).
- ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171).
- ext4: update quota information while swapping boot loader inode (bsc#1131179).
- fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510).
- fix cgroup_do_mount() handling of failure exits (bsc#1133095).
- Fix kabi after 'md: batch flush requests.' (bsc#1119680).
- Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937).
- fm10k: Fix a potential NULL pointer dereference (bsc#1051510).
- fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).
- fs/dax: deposit pagetable even when installing zero page (bsc#1126740).
- fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).
- futex: Cure exit race (bsc#1050549).
- futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549).
- futex: Handle early deadlock return correctly (bsc#1050549).
- gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510).
- gpio: gpio-omap: fix level interrupt idling (bsc#1051510).
- gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).
- hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486).
- hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).
- hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510).
- hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07).
- hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus ().
- hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887).
- hwrng: virtio - Avoid repeated init of completion (bsc#1051510).
- i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).
- i2c: tegra: fix maximum transfer size (bsc#1051510).
- ibmvnic: Enable GRO (bsc#1132227).
- ibmvnic: Fix completion structure initialization (bsc#1131659).
- ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).
- iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510).
- iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).
- iio: ad_sigma_delta: select channel when reading register (bsc#1051510).
- iio: core: fix a possible circular locking dependency (bsc#1051510).
- iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).
- iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510).
- iio: Fix scan mask selection (bsc#1051510).
- iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).
- iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).
- input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510).
- input: matrix_keypad - use flush_delayed_work() (bsc#1051510).
- input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510).
- input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510).
- input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510).
- input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902).
- intel_idle: add support for Jacobsville (jsc#SLE-5394).
- io: accel: kxcjk1013: restore the range after resume (bsc#1051510).
- iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336).
- iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337).
- iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425).
- iommu/amd: Set exclusion range correctly (bsc#1130425).
- iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130).
- iommu/vt-d: Check capability before disabling protected memory (bsc#1130338).
- ip6: fix PMTU discovery when using /127 subnets (git-fixes).
- ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes).
- ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes).
- ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).
- ipmi_ssif: Remove duplicate NULL check (bsc#1108193).
- ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).
- ipv4/route: fail early when inet dev is missing (git-fixes).
- ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).
- ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).
- ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).
- ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).
- ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15).
- ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).
- irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510).
- irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510).
- iscsi_ibft: Fix missing break in switch statement (bsc#1051510).
- iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).
- iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).
- iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).
- iwlwifi: mvm: fix firmware statistics usage (bsc#1129770).
- jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167).
- jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168).
- kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372)
- kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510).
- kbuild: fix false positive warning/error about missing libelf (bsc#1051510).
- kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290).
- kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).
- kcm: switch order of device registration to fix a crash (bnc#1130527).
- kernfs: do not set dentry->d_fsdata (boo#1133115).
- keys: always initialize keyring_index_key::desc_len (bsc#1051510).
- keys: user: Align the payload buffer (bsc#1051510).
- kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563).
- kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).
- kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561).
- kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564).
- kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562).
- kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840).
- kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149).
- kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555).
- kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).
- kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570).
- kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571).
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).
- leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510).
- libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427).
- libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- lightnvm: if LUNs are already allocated fix return (bsc#1085535).
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331).
- mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510).
- mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510).
- mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510).
- md: batch flush requests (bsc#1119680).
- md: Fix failed allocation of md_register_thread (git-fixes).
- md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).
- md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).
- media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).
- media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132).
- media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510).
- media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510).
- media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086).
- memremap: fix softlockup reports at teardown (bnc#1130154).
- mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510).
- missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15).
- mmc: davinci: remove extraneous __init annotation (bsc#1051510).
- mmc: pxamci: fix enum type confusion (bsc#1051510).
- mmc: sdhci: Fix data command CRC error handling (bsc#1051510).
- mmc: sdhci: Handle auto-command errors (bsc#1051510).
- mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510).
- mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).
- mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).
- mm: Fix modifying of page protection by insert_pfn() (bsc#1126740).
- mm: Fix warning in insert_pfn() (bsc#1126740).
- mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740).
- mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935).
- mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825).
- mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07).
- mt7601u: bump supported EEPROM version (bsc#1051510).
- mwifiex: do not advertise IBSS features without FW support (bsc#1129770).
- net: Add header for usage of fls64() (networking-stable-19_02_20).
- net: Add __icmp_send helper (networking-stable-19_03_07).
- net: avoid false positives in untrusted gso validation (git-fixes).
- net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).
- net: bridge: add vlan_tunnel to bridge port policies (git-fixes).
- net: bridge: fix per-port af_packet sockets (git-fixes).
- net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes).
- net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes).
- net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20).
- net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).
- net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342).
- netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes).
- netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes).
- netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes).
- netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes).
- netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes).
- netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes).
- netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes).
- net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20).
- net: fix IPv6 prefix route residue (networking-stable-19_02_20).
- net: Fix untag for vlan packets without ethernet header (git-fixes).
- net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes).
- net/hsr: Check skb_put_padto() return value (git-fixes).
- net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15).
- net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15).
- netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07).
- netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes).
- net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24).
- net/ncsi: Fix AEN HNCDSC packet length (git-fixes).
- net/ncsi: Stop monitor if channel times out or is inactive (git-fixes).
- net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07).
- net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24).
- net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes).
- net_sched: acquire RTNL in tc_action_net_exit() (git-fixes).
- net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24).
- net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15).
- net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07).
- net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15).
- net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07).
- net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes).
- net: validate untrusted gso packets without csum offload (networking-stable-19_02_20).
- net/x25: fix a race in x25_bind() (networking-stable-19_03_15).
- net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15).
- net/x25: reset state in x25_connect() (networking-stable-19_03_15).
- net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes).
- nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510).
- nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes).
- nfsd4: catch some false session retries (git-fixes).
- nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes).
- nfsd: fix memory corruption caused by readdir (bsc#1127445).
- nfsd: fix memory corruption caused by readdir (bsc#1127445).
- nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes).
- nfs: Do not use page_file_mapping after removing the page (git-fixes).
- nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).
- nfs: Fix a soft lockup in the delegation recovery code (git-fixes).
- nfs: Fix a typo in nfs_init_timeout_values() (git-fixes).
- nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).
- nfs: Fix I/O request leakages (git-fixes).
- nfs: fix mount/umount race in nlmclnt (git-fixes).
- nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes).
- nfsv4.1 do not free interrupted slot on open (git-fixes).
- nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes).
- nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes).
- nvme: add proper discard setup for the multipath device (bsc#1114638).
- nvme: fix the dangerous reference of namespaces list (bsc#1131673).
- nvme: make sure ns head inherits underlying device limits (bsc#1131673).
- nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273).
- nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673).
- nvme: only reconfigure discard if necessary (bsc#1114638).
- nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105).
- ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169).
- pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510).
- pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510).
- pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510).
- pci: pciehp: Convert to threaded IRQ (bsc#1133005).
- pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005).
- phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510).
- pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510).
- powercap: intel_rapl: add support for Jacobsville ().
- powercap: intel_rapl: add support for Jacobsville (FATE#327454).
- powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).
- powerpc/64: Disable the speculation barrier from the command line (bsc#1131107).
- powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes).
- powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).
- powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107).
- powerpc/64s: Add support for software count cache flush (bsc#1131107).
- powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).
- powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937).
- powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107).
- powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).
- powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).
- powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840).
- powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).
- powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900).
- powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).
- powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).
- powerpc/mm: Check secondary hash page table (bsc#1065729).
- powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes).
- powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes).
- powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900).
- powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes).
- powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes).
- powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes).
- powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes).
- powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584).
- powerpc/numa: improve control of topology updates (bsc#1133584).
- powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).
- powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043).
- powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121).
- powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840).
- powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).
- powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840).
- powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840).
- powerpc/powernv: Make opal log only readable by root (bsc#1065729).
- powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107).
- powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).
- powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes).
- powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107).
- powerpc/security: Fix spectre_v2 reporting (bsc#1131107).
- powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
- powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).
- powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587).
- power: supply: charger-manager: Fix incorrect return value (bsc#1051510).
- pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510).
- qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07).
- qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510).
- qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510).
- raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes).
- ras/CEC: Check the correct variable in the debugfs error handling (bsc#1085535).
- ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15).
- rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).
- rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).
- rdma/cxgb4: Add support for srq functions & structs (bsc#1127371).
- rdma/cxgb4: fix some info leaks (bsc#1127371).
- rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).
- rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).
- rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).
- rds: fix refcount bug in rds_sock_addref (git-fixes).
- rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes).
- regulator: max77620: Initialize values for DT properties (bsc#1051510).
- regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510).
- Revert drm/i915 patches that caused regressions (bsc#1131062)
- rhashtable: Still do rehash when we get EEXIST (bsc#1051510).
- ring-buffer: Check if memory is available before allocation (bsc#1132531).
- rpm/config.sh: Fix build project and bugzilla product.
- rtc: 88pm80x: fix unintended sign extension (bsc#1051510).
- rtc: 88pm860x: fix unintended sign extension (bsc#1051510).
- rtc: cmos: ignore bogus century byte (bsc#1051510).
- rtc: ds1672: fix unintended sign extension (bsc#1051510).
- rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510).
- rtc: pm8xxx: fix unintended sign extension (bsc#1051510).
- rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes).
- rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes).
- rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes).
- rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes).
- rxrpc: Do not release call mutex on error pointer (git-fixes).
- rxrpc: Do not treat call aborts as conn aborts (git-fixes).
- rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15).
- rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes).
- s390/dasd: fix panic for failed online processing (bsc#1132589).
- s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544).
- s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
- scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378).
- scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).
- scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579).
- sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24).
- serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510).
- serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510).
- serial: imx: Update cached mctrl value when changing RTS (bsc#1051510).
- serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510).
- serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510).
- sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24).
- smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510).
- soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510).
- SoC: imx-sgtl5000: add missing put_device() (bsc#1051510).
- soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).
- soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).
- spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510).
- spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510).
- spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510).
- staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510).
- staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510).
- staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510).
- staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510).
- staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).
- staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).
- staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510).
- staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).
- sunrpc/cache: handle missing listeners better (bsc#1126221).
- sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes).
- supported.conf: Add vxlan to kernel-default-base (bsc#1132083).
- supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574).
- svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).
- svm: Fix AVIC DFR and LDR handling (bsc#1132558).
- svm: Fix improper check when deactivate AVIC (bsc#1130335).
- sysctl: handle overflow for file-max (bsc#1051510).
- tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).
- tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20).
- thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510).
- thermal/intel_powerclamp: fix truncated kthread name ().
- thermal/intel_powerclamp: fix truncated kthread name (FATE#326597).
- tipc: fix race condition causing hung sendto (networking-stable-19_03_07).
- tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510).
- tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555).
- tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510).
- tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510).
- tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702).
- tracing: Fix buffer_ref pipe ops (bsc#1133698).
- tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527).
- tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510).
- tun: fix blocking read (networking-stable-19_03_07).
- tun: remove unnecessary memory barrier (networking-stable-19_03_07).
- udf: Fix crash on IO error during truncate (bsc#1131175).
- uio: Reduce return paths from uio_write() (bsc#1051510).
- Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371).
- usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).
- usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).
- usb: common: Consider only available nodes for dr_mode (bsc#1129770).
- usb: core: only clean up what we allocated (bsc#1051510).
- usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510).
- usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510).
- usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510).
- usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770).
- usb: gadget: Potential NULL dereference on allocation error (bsc#1051510).
- usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510).
- usb: mtu3: fix EXTCON dependency (bsc#1051510).
- usb: phy: fix link errors (bsc#1051510).
- usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510).
- usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770).
- usb: serial: cp210x: add new device id (bsc#1051510).
- usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).
- usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510).
- usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770).
- usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770).
- usb: serial: option: add Olicard 600 (bsc#1051510).
- usb: serial: option: add support for Quectel EM12 (bsc#1051510).
- usb: serial: option: add Telit ME910 ECM composition (bsc#1129770).
- usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770).
- vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219).
- vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219).
- vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219).
- vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219).
- vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219).
- vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219).
- vfs: limit size of dedupe (bsc#1132397, bsc#1132219).
- vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219).
- vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).
- vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219).
- vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219).
- video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510).
- vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20).
- wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510).
- wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510).
- x86/cpu: Add Atom Tremont (Jacobsville) ().
- x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454).
- x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279).
- x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331).
- x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572).
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331).
- x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415).
- x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415).
- x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415).
- x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415).
- x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).
- x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).
- x86/mce: Handle varying MCA bank counts (bsc#1128415).
- x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279).
- x86/msr-index: Cleanup bit defines (bsc#1111331).
- x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).
- x86/speculation: Consolidate CPU whitelists (bsc#1111331).
- x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331).
- x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).
- x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331).
- x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331).
- x86/speculation/mds: Add mitigation control for MDS (bsc#1111331).
- x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331).
- x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331).
- x86/speculation/mds: Add SMT warning message (bsc#1111331).
- x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331).
- x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331).
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331).
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331).
- x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331).
- x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).
- x86/speculation: Simplify the CPU bug detection logic (bsc#1111331).
- x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
- x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).
- x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279).
- xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07).
- xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07).
- xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).
- xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes).
- xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes).
- xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes).
- xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).
- xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219).
- xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219).
- xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).
- xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219).
- xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219).
- xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219).
- xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219).
- xfs: fix reporting supported extra file attributes for statx() (bsc#1133529).
- xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219).
- xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675).
- xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219).
- xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219).
- xfs: refactor xfs_trans_roll (bsc#1133667).
- xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219).
- xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219).
- xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219).
- xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).
- xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).
- xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219).
- xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219).
- xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510).
- xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510).
ImportantSUSE bug 1050549SUSE bug 1051510SUSE bug 1052904SUSE bug 1053043SUSE bug 1055117SUSE bug 1055121SUSE bug 1055186SUSE bug 1061840SUSE bug 1065600SUSE bug 1065729SUSE bug 1070872SUSE bug 1078216SUSE bug 1082555SUSE bug 1083647SUSE bug 1085535SUSE bug 1085536SUSE bug 1088804SUSE bug 1093777SUSE bug 1094120SUSE bug 1094244SUSE bug 1097583SUSE bug 1097584SUSE bug 1097585SUSE bug 1097586SUSE bug 1097587SUSE bug 1097588SUSE bug 1100132SUSE bug 1103186SUSE bug 1103259SUSE bug 1107937SUSE bug 1108193SUSE bug 1108937SUSE bug 1111331SUSE bug 1112128SUSE bug 1112178SUSE bug 1113399SUSE bug 1113722SUSE bug 1114279SUSE bug 1114542SUSE bug 1114638SUSE bug 1119086SUSE bug 1119680SUSE bug 1120318SUSE bug 1120902SUSE bug 1122767SUSE bug 1123105SUSE bug 1125342SUSE bug 1126221SUSE bug 1126356SUSE bug 1126704SUSE bug 1126740SUSE bug 1127175SUSE bug 1127371SUSE bug 1127372SUSE bug 1127374SUSE bug 1127378SUSE bug 1127445SUSE bug 1128415SUSE bug 1128544SUSE bug 1129273SUSE bug 1129276SUSE bug 1129770SUSE bug 1130130SUSE bug 1130154SUSE bug 1130195SUSE bug 1130335SUSE bug 1130336SUSE bug 1130337SUSE bug 1130338SUSE bug 1130425SUSE bug 1130427SUSE bug 1130518SUSE bug 1130527SUSE bug 1130567SUSE bug 1130579SUSE bug 1131062SUSE bug 1131107SUSE bug 1131167SUSE bug 1131168SUSE bug 1131169SUSE bug 1131170SUSE bug 1131171SUSE bug 1131172SUSE bug 1131173SUSE bug 1131174SUSE bug 1131175SUSE bug 1131176SUSE bug 1131177SUSE bug 1131178SUSE bug 1131179SUSE bug 1131180SUSE bug 1131290SUSE bug 1131326SUSE bug 1131335SUSE bug 1131336SUSE bug 1131416SUSE bug 1131427SUSE bug 1131442SUSE bug 1131467SUSE bug 1131574SUSE bug 1131587SUSE bug 1131659SUSE bug 1131673SUSE bug 1131847SUSE bug 1131848SUSE bug 1131851SUSE bug 1131900SUSE bug 1131934SUSE bug 1131935SUSE bug 1132083SUSE bug 1132219SUSE bug 1132226SUSE bug 1132227SUSE bug 1132365SUSE bug 1132368SUSE bug 1132369SUSE bug 1132370SUSE bug 1132372SUSE bug 1132373SUSE bug 1132384SUSE bug 1132397SUSE bug 1132402SUSE bug 1132403SUSE bug 1132404SUSE bug 1132405SUSE bug 1132407SUSE bug 1132411SUSE bug 1132412SUSE bug 1132413SUSE bug 1132414SUSE bug 1132426SUSE bug 1132527SUSE bug 1132531SUSE bug 1132555SUSE bug 1132558SUSE bug 1132561SUSE bug 1132562SUSE bug 1132563SUSE bug 1132564SUSE bug 1132570SUSE bug 1132571SUSE bug 1132572SUSE bug 1132589SUSE bug 1132618SUSE bug 1132681SUSE bug 1132726SUSE bug 1132828SUSE bug 1132943SUSE bug 1133005SUSE bug 1133094SUSE bug 1133095SUSE bug 1133115SUSE bug 1133149SUSE bug 1133486SUSE bug 1133529SUSE bug 1133584SUSE bug 1133667SUSE bug 1133668SUSE bug 1133672SUSE bug 1133674SUSE bug 1133675SUSE bug 1133698SUSE bug 1133702SUSE bug 1133731SUSE bug 1133769SUSE bug 1133772SUSE bug 1133774SUSE bug 1133778SUSE bug 1133779SUSE bug 1133780SUSE bug 1133825SUSE bug 1133850SUSE bug 1133851SUSE bug 1133852CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-16880 at SUSECVE-2018-16880 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-3882 at SUSECVE-2019-3882 at NVDCVE-2019-9003 at SUSECVE-2019-9003 at NVDCVE-2019-9500 at SUSECVE-2019-9500 at NVDCVE-2019-9503 at SUSECVE-2019-9503 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen fixes the following issues:
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates.
The mitigation can be controlled via the 'mds' commandline option, see the documentation.
For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736
Security issue fixed:
- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680)
Other fixes:
- Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.
The included README has details about the impact of this change (bsc#1120095)
- Fixes in Live migrating PV domUs
An earlier change broke live migration of PV domUs without a device
model. The migration would stall for 10 seconds while the domU was
paused, which caused network connections to drop. Fix this by tracking
the need for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025)
ImportantSUSE bug 1027519SUSE bug 1079730SUSE bug 1098403SUSE bug 1111025SUSE bug 1111331SUSE bug 1120095SUSE bug 1130680CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDcpe:/o:suse:sles:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles
which allowed a local user to obtain ownership of arbitrary files (bsc#1080919).
- CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352).
Non-security issues fixed:
- systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- core: only watch processes when it's really necessary (bsc#955942 bsc#1128657)
- rules: load drivers only on 'add' events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- Do not automatically online memory on s390x (bsc#1127557)
ImportantSUSE bug 1080919SUSE bug 1121563SUSE bug 1125352SUSE bug 1126056SUSE bug 1127557SUSE bug 1128657SUSE bug 1130230SUSE bug 1132348SUSE bug 1132400SUSE bug 1132721SUSE bug 955942CVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDcpe:/o:suse:sles:12:sp4Security update for PackageKit (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for PackageKit fixes the following issues:
- Fixed displaying the license agreement pop up window during package update (bsc#1038425).
ModerateSUSE bug 1038425cpe:/o:suse:sles:12:sp4Security update for nmap (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for nmap fixes the following issues:
Security issue fixed:
- CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139).
ModerateSUSE bug 1104139CVE-2018-15173 at SUSECVE-2018-15173 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331
CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091)
---- new platforms ----------------------------------------
VLV C0 6-37-8/02 00000838 Atom Z series
VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx
VLV D0 6-37-9/0F 0000090c Atom E38xx
CHV C0 6-4c-3/01 00000368 Atom X series
CHV D0 6-4c-4/01 00000411 Atom X series
Readded Broadwell CPU ucode that was missing in last update:
BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx
ImportantSUSE bug 1111331CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDcpe:/o:suse:sles:12:sp4Security update for openssh (Important)SUSE Linux Enterprise Server 12 SP4
This update for openssh fixes the following issues:
Security issue fixed:
- CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571)
- CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816)
- CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818)
- CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821)
ImportantSUSE bug 1121571SUSE bug 1121816SUSE bug 1121818SUSE bug 1121821CVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDcpe:/o:suse:sles:12:sp4Security update for sysstat (Low)SUSE Linux Enterprise Server 12 SP4
This update for sysstat fixes the following issues:
Security issues fixed:
- CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001).
- CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260).
LowSUSE bug 1117001SUSE bug 1117260CVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDcpe:/o:suse:sles:12:sp4Security update for bluez (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for bluez fixes the following issues:
Security vulnerability addressed:
- CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708).
- CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712).
- CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171).
- CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893).
- CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(),
which could be triggered by processing a corrupted dump file and will result
in a crash of the hcidump tool (bsc#1015173)
ModerateSUSE bug 1013708SUSE bug 1013712SUSE bug 1013893SUSE bug 1015171SUSE bug 1015173CVE-2016-9797 at SUSECVE-2016-9797 at NVDCVE-2016-9798 at SUSECVE-2016-9798 at NVDCVE-2016-9802 at SUSECVE-2016-9802 at NVDCVE-2016-9917 at SUSECVE-2016-9917 at NVDCVE-2016-9918 at SUSECVE-2016-9918 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_1-ibm fixes the following issues:
Update to Java 7.1 Service Refresh 4 Fix Pack 45.
Security issues fixed:
- CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718).
- CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729).
- CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).
- CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728).
- CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732).
ImportantSUSE bug 1132728SUSE bug 1132729SUSE bug 1132732SUSE bug 1132734SUSE bug 1134718CVE-2019-10245 at SUSECVE-2019-10245 at NVDCVE-2019-2602 at SUSECVE-2019-2602 at NVDCVE-2019-2684 at SUSECVE-2019-2684 at NVDCVE-2019-2697 at SUSECVE-2019-2697 at NVDCVE-2019-2698 at SUSECVE-2019-2698 at NVDcpe:/o:suse:sles:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4
This update for libvirt fixes the following issues:
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).
For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736
ImportantSUSE bug 1111331SUSE bug 1135273CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDcpe:/o:suse:sles:12:sp4Security update for systemd (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for systemd provides the following fixes:
Security issues fixed:
- CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323)
- CVE-2018-16866: Fixed an information leak in journald (bsc#1120323)
- Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971)
Non-security issues fixed:
- core: Queue loading transient units after setting their properties. (bsc#1115518)
- logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591)
- terminal-util: introduce vt_release() and vt_restore() helpers.
- terminal: Unify code for resetting kbd utf8 mode a bit.
- terminal Reset should honour default_utf8 kernel setting.
- logind: Make session_restore_vt() static.
- udev: Downgrade message when settting inotify watch up fails. (bsc#1005023)
- log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981)
- udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3,
80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to
detect non-zvm environment. The systemd-detect-virt returns exit failure code when it
detected _none_ state. The exit failure code causes that the hot-add memory block can
not be set to online. (bsc#1076696)
ModerateSUSE bug 1005023SUSE bug 1076696SUSE bug 1101591SUSE bug 1114981SUSE bug 1115518SUSE bug 1119971SUSE bug 1120323CVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-16866 at SUSECVE-2018-16866 at NVDcpe:/o:suse:sles:12:sp4Security update for screen (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for screen fixes the following issues:
Security issue fixed:
- CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458).
Non-security issue fixed:
- Fixed segmentation faults related to altscreen and resizing screen (bsc#1130831).
ModerateSUSE bug 1130831SUSE bug 944458CVE-2015-6806 at SUSECVE-2015-6806 at NVDcpe:/o:suse:sles:12:sp4Security update for libtasn1 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libtasn1 fixes the following issues:
Security issues fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
- CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).
ModerateSUSE bug 1040621SUSE bug 1105435CVE-2017-6891 at SUSECVE-2017-6891 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wireshark to version 2.4.12 fixes the following issues:
Security issues fixed:
- CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232)
- CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233)
- CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234)
- CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235)
ModerateSUSE bug 1121232SUSE bug 1121233SUSE bug 1121234SUSE bug 1121235CVE-2019-5717 at SUSECVE-2019-5717 at NVDCVE-2019-5718 at SUSECVE-2019-5718 at NVDCVE-2019-5719 at SUSECVE-2019-5719 at NVDCVE-2019-5721 at SUSECVE-2019-5721 at NVDcpe:/o:suse:sles:12:sp4Security update for axis (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for axis fixes the following issues:
Security issue fixed:
- CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598).
ModerateSUSE bug 1134598CVE-2012-5784 at SUSECVE-2012-5784 at NVDCVE-2014-3596 at SUSECVE-2014-3596 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- CVE-2019-11691: Use-after-free in XMLHttpRequest
- CVE-2019-11692: Use-after-free removing listeners in the event listener manager
- CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
- CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
- CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
- CVE-2019-7317: Use-after-free in png_image_free of libpng library
- CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
- CVE-2019-9816: Type confusion with object groups and UnboxedObjects
- CVE-2019-9817: Stealing of cross-domain images using canvas
- CVE-2019-9818: Use-after-free in crash generation server
- CVE-2019-9819: Compartment mismatch with fetch API
- CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
Non-security issues fixed:
- Font and date adjustments to accommodate the new Reiwa era in Japan
- Update to Firefox ESR 60.7 (bsc#1135824)
ImportantSUSE bug 1135824CVE-2019-11691 at SUSECVE-2019-11691 at NVDCVE-2019-11692 at SUSECVE-2019-11692 at NVDCVE-2019-11693 at SUSECVE-2019-11693 at NVDCVE-2019-11694 at SUSECVE-2019-11694 at NVDCVE-2019-11698 at SUSECVE-2019-11698 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDCVE-2019-9800 at SUSECVE-2019-9800 at NVDCVE-2019-9815 at SUSECVE-2019-9815 at NVDCVE-2019-9816 at SUSECVE-2019-9816 at NVDCVE-2019-9817 at SUSECVE-2019-9817 at NVDCVE-2019-9818 at SUSECVE-2019-9818 at NVDCVE-2019-9819 at SUSECVE-2019-9819 at NVDCVE-2019-9820 at SUSECVE-2019-9820 at NVDcpe:/o:suse:sles:12:sp4Security update for gnome-shell (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gnome-shell fixes the following issues:
Security issue fixed:
- CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493).
Fixed bugs:
- Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660).
ModerateSUSE bug 1124493CVE-2019-3820 at SUSECVE-2019-3820 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_0-openjdk fixes the following issues:
Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU)
Security issues fixed:
- CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728).
- CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732).
- CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729).
- CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293).
- CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299).
- CVE-2019-2426: Improve web server connections (bsc#1134297).
Bug fixes:
- Please check the package Changelog for detailed information.
ModerateSUSE bug 1122293SUSE bug 1122299SUSE bug 1132728SUSE bug 1132729SUSE bug 1132732SUSE bug 1134297CVE-2018-11212 at SUSECVE-2018-11212 at NVDCVE-2019-2422 at SUSECVE-2019-2422 at NVDCVE-2019-2426 at SUSECVE-2019-2426 at NVDCVE-2019-2602 at SUSECVE-2019-2602 at NVDCVE-2019-2684 at SUSECVE-2019-2684 at NVDCVE-2019-2698 at SUSECVE-2019-2698 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2-mod_jk (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache2-mod_jk fixes the following issue:
Security issue fixed:
- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).
ImportantSUSE bug 1114612CVE-2018-11759 at SUSECVE-2018-11759 at NVDcpe:/o:suse:sles:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4
This update for python fixes the following issues:
Security issues fixed:
- CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847).
- CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346).
ImportantSUSE bug 1129346SUSE bug 1130847CVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9948 at SUSECVE-2019-9948 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript to version 9.26a fixes the following issues:
Security issue fixed:
- CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319)
ImportantSUSE bug 1122319CVE-2019-6116 at SUSECVE-2019-6116 at NVDcpe:/o:suse:sles:12:sp4Security update for vim (Important)SUSE Linux Enterprise Server 12 SP4
This update for vim fixes the following issue:
Security issue fixed:
- CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).
ImportantSUSE bug 1137443CVE-2019-12735 at SUSECVE-2019-12735 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 to version 2.22.5 fixes the following issues:
Security issues fixed:
- CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554)
- CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464:
Fixed multiple memory corruption issues with improved memory handling
(bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558)
ImportantSUSE bug 1119553SUSE bug 1119554SUSE bug 1119555SUSE bug 1119556SUSE bug 1119557SUSE bug 1119558CVE-2018-4437 at SUSECVE-2018-4437 at NVDCVE-2018-4438 at SUSECVE-2018-4438 at NVDCVE-2018-4441 at SUSECVE-2018-4441 at NVDCVE-2018-4442 at SUSECVE-2018-4442 at NVDCVE-2018-4443 at SUSECVE-2018-4443 at NVDCVE-2018-4464 at SUSECVE-2018-4464 at NVDcpe:/o:suse:sles:12:sp4Security update for libcroco (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libcroco fixes the following issues:
Security issues fixed:
- CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481).
- CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482).
- CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898).
- CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899).
ModerateSUSE bug 1034481SUSE bug 1034482SUSE bug 1043898SUSE bug 1043899CVE-2017-7960 at SUSECVE-2017-7960 at NVDCVE-2017-7961 at SUSECVE-2017-7961 at NVDCVE-2017-8834 at SUSECVE-2017-8834 at NVDCVE-2017-8871 at SUSECVE-2017-8871 at NVDcpe:/o:suse:sles:12:sp4Security update for sssd (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sssd fixes the following issues:
Security issue fixed:
- CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194)
Non-security issues fixed:
- Missing GPOs directory could have led to login problems (bsc#1132879)
- Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657)
- Allow defaults sudoRole without sudoUser attribute (bsc#1135247)
ModerateSUSE bug 1124194SUSE bug 1132657SUSE bug 1132879SUSE bug 1135247CVE-2018-16838 at SUSECVE-2018-16838 at NVDcpe:/o:suse:sles:12:sp4Security update for postgresql10 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689).
Bug fixes:
- For a complete list of fixes check the release notes.
* https://www.postgresql.org/docs/10/release-10-8.html
* https://www.postgresql.org/docs/10/release-10-7.html
ModerateSUSE bug 1134689CVE-2019-10130 at SUSECVE-2019-10130 at NVDcpe:/o:suse:sles:12:sp4Security update for openssh (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssh fixes the following issues:
Security vulnerabilities addressed:
- CVE-2019-6109: Fixed an character encoding issue in the progress display of
the scp client that could be used to manipulate client output, allowing
for spoofing during file transfers (bsc#1121816).
- CVE-2019-6111: Properly validate object names received by the scp client to
prevent arbitrary file overwrites when interacting with a malicious SSH server
(bsc#1121821).
Other issues fixed:
- Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183).
- Returned proper reason for port forwarding failures (bsc#1090671).
- Fixed a double free() in the KDF CAVS testing tool (bsc#1065237).
ModerateSUSE bug 1065237SUSE bug 1090671SUSE bug 1119183SUSE bug 1121816SUSE bug 1121821SUSE bug 1131709CVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will
fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same TCP connection.
- CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power.
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)
- CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586)
- CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)
- CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)
- CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)
- CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)
- CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278)
- CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)
- CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848)
- CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)
The following non-security bugs were fixed:
- 9p locks: add mount option for lock retry interval (bsc#1051510).
- Update config files. Debug kernel is not supported (bsc#1135492).
- acpi / utils: Drop reference in test for device presence (bsc#1051510).
- acpi: button: reinitialize button state upon resume (bsc#1051510).
- acpi: fix menuconfig presentation of acpi submenu (bsc#1117158).
- acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510).
- acpica: Namespace: remove address node from global list after method termination (bsc#1051510).
- alsa: core: Do not refer to snd_cards array directly (bsc#1051510).
- alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).
- alsa: hda - Register irq handler after the chip initialization (bsc#1051510).
- alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).
- alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).
- alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).
- alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).
- alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).
- alsa: hda/realtek - EAPD turn on later (bsc#1051510).
- alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).
- alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).
- alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510).
- alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).
- alsa: line6: Avoid polluting led_* namespace (bsc#1051510).
- alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).
- alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).
- alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).
- alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).
- alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).
- alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).
- alsa: seq: Remove superfluous irqsave flags (bsc#1051510).
- alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).
- alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).
- alsa: timer: Coding style fixes (bsc#1051510).
- alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).
- alsa: timer: Make sure to clear pending ack list (bsc#1051510).
- alsa: timer: Revert active callback sync check at close (bsc#1051510).
- alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).
- alsa: timer: Unify timer callback process code (bsc#1051510).
- alsa: usb-audio: Fix a memory leak bug (bsc#1051510).
- alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).
- alsa: usx2y: fix a double free bug (bsc#1051510).
- appletalk: Fix compile regression (bsc#1051510).
- appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).
- arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158).
- arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi
- arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).
- arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158).
- arm64: fix acpi dependencies (bsc#1117158).
- arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).
- arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).
- arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).
- arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).
- arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).
- arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).
- arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).
- arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).
- arm: iop: do not use using 64-bit DMA masks (bsc#1051510).
- arm: orion: do not use using 64-bit DMA masks (bsc#1051510).
- arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).
- arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).
- arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510).
- asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510).
- asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).
- asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510).
- asoc: fix valid stream condition (bsc#1051510).
- asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510).
- asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510).
- asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510).
- asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510).
- asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510).
- asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510).
- asoc: stm32: fix sai driver name initialisation (bsc#1051510).
- asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510).
- asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).
- asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).
- at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510).
- audit: fix a memleak caused by auditing load module (bsc#1051510).
- b43: shut up clang -Wuninitialized variable warning (bsc#1051510).
- backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510).
- bcache: Move couple of functions to sysfs.c (bsc#1130972).
- bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
- bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
- bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972).
- bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).
- bcache: add MODULE_DESCRIPTION information (bsc#1130972).
- bcache: add a comment in super.c (bsc#1130972).
- bcache: add code comments for bset.c (bsc#1130972).
- bcache: add comment for cache_set->fill_iter (bsc#1130972).
- bcache: add identifier names to arguments of function definitions (bsc#1130972).
- bcache: add missing SPDX header (bsc#1130972).
- bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
- bcache: add static const prefix to char * array declarations (bsc#1130972).
- bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).
- bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
- bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
- bcache: correct dirty data statistics (bsc#1130972).
- bcache: do not assign in if condition in bcache_init() (bsc#1130972).
- bcache: do not assign in if condition register_bcache() (bsc#1130972).
- bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).
- bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
- bcache: do not clone bio in bch_data_verify (bsc#1130972).
- bcache: do not mark writeback_running too early (bsc#1130972).
- bcache: export backing_dev_name via sysfs (bsc#1130972).
- bcache: export backing_dev_uuid via sysfs (bsc#1130972).
- bcache: fix code comments style (bsc#1130972).
- bcache: fix indent by replacing blank by tabs (bsc#1130972).
- bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
- bcache: fix input integer overflow of congested threshold (bsc#1130972).
- bcache: fix input overflow to cache set io_error_limit (bsc#1130972).
- bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).
- bcache: fix input overflow to journal_delay_ms (bsc#1130972).
- bcache: fix input overflow to sequential_cutoff (bsc#1130972).
- bcache: fix input overflow to writeback_delay (bsc#1130972).
- bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
- bcache: fix ioctl in flash device (bsc#1130972).
- bcache: fix mistaken code comments in bcache.h (bsc#1130972).
- bcache: fix mistaken comments in request.c (bsc#1130972).
- bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).
- bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).
- bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
- bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).
- bcache: improve sysfs_strtoul_clamp() (bsc#1130972).
- bcache: introduce force_wake_up_gc() (bsc#1130972).
- bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).
- bcache: move open brace at end of function definitions to next line (bsc#1130972).
- bcache: never writeback a discard operation (bsc#1130972).
- bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).
- bcache: option to automatically run gc thread after writeback (bsc#1130972).
- bcache: panic fix for making cache device (bsc#1130972).
- bcache: prefer 'help' in Kconfig (bsc#1130972).
- bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
- bcache: recal cached_dev_sectors on detach (bsc#1130972).
- bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
- bcache: remove unused bch_passthrough_cache (bsc#1130972).
- bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
- bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
- bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
- bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
- bcache: replace printk() by pr_*() routines (bsc#1130972).
- bcache: set writeback_percent in a flexible range (bsc#1130972).
- bcache: split combined if-condition code into separate ones (bsc#1130972).
- bcache: stop bcache device when backing device is offline (bsc#1130972).
- bcache: stop using the deprecated get_seconds() (bsc#1130972).
- bcache: style fix to add a blank line after declarations (bsc#1130972).
- bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
- bcache: style fixes for lines over 80 characters (bsc#1130972).
- bcache: treat stale and dirty keys as bad keys (bsc#1130972).
- bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
- bcache: update comment for bch_data_insert (bsc#1130972).
- bcache: update comment in sysfs.c (bsc#1130972).
- bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).
- bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).
- bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
- bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
- bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).
- block: Do not revalidate bdev of hidden gendisk (bsc#1120091).
- block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).
- block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).
- block: do not leak memory in bio_copy_user_iov() (bsc#1135309).
- block: fix the return errno for direct IO (bsc#1135320).
- block: fix use-after-free on gendisk (bsc#1135312).
- bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510).
- bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556).
- bluetooth: hidp: fix buffer overflow (bsc#1051510).
- bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242).
- bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10).
- bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04).
- bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).
- bonding: fix event handling for stacked bonds (networking-stable-19_04_19).
- bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647).
- bpf: Add missed newline in verifier verbose log (bsc#1056787).
- bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647).
- brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).
- btrfs: Do not panic when we can't find a root key (bsc#1112063).
- btrfs: Factor out common delayed refs init code (bsc#1134813).
- btrfs: Introduce init_delayed_ref_head (bsc#1134813).
- btrfs: Open-code add_delayed_data_ref (bsc#1134813).
- btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
- btrfs: add a helper to return a head ref (bsc#1134813).
- btrfs: breakout empty head cleanup to a helper (bsc#1134813).
- btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758).
- btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881).
- btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151).
- btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477).
- btrfs: fix race updating log root item during fsync (bsc#1137153).
- btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152).
- btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454).
- btrfs: move all ref head cleanup to the helper function (bsc#1134813).
- btrfs: move extent_op cleanup to a helper (bsc#1134813).
- btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
- btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).
- btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).
- btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).
- btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612).
- btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
- btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).
- btrfs: split delayed ref head initialization and addition (bsc#1134813).
- btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
- btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478).
- ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).
- ceph: fix ci->i_head_snapc leak (bsc#1122776).
- ceph: fix use-after-free on symlink traversal (bsc#1134459).
- ceph: only use d_name directly when parent is locked (bsc#1134460).
- cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
- clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).
- clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).
- configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510).
- configfs: fix possible use-after-free in configfs_register_group (bsc#1051510).
- crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510).
- crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510).
- crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510).
- crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510).
- crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).
- crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510).
- crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).
- crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510).
- crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510).
- crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).
- crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).
- crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).
- crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).
- crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).
- crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510).
- dccp: Fix memleak in __feat_register_sp (bsc#1051510).
- dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).
- debugfs: fix use-after-free on symlink traversal (bsc#1051510).
- devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).
- dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510).
- dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).
- documentation: Add MDS vulnerability documentation (bsc#1135642).
- drivers: acpi: add dependency of EFI for arm64 (bsc#1117158).
- drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).
- drm/etnaviv: lock MMU while dumping core (bsc#1113722)
- drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510).
- drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510).
- drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722)
- drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722)
- drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722)
- drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722)
- drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510).
- drm/i915/gvt: refine ggtt range validation (bsc#1113722)
- drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).
- drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).
- drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).
- drm/imx: do not skip DP channel disable for background plane (bsc#1051510).
- drm/mediatek: fix possible object reference leak (bsc#1051510).
- drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722)
- drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722)
- drm/rockchip: fix for mailbox read validation (bsc#1051510).
- drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).
- drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)
- drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)
- drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510).
- drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722)
- drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510).
- dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902).
- dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902).
- dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535).
- dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770).
- dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902).
- dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510).
- efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158).
- efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).
- efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158).
- efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158).
- efi/arm: libstub: add a root memreserve config table (bsc#1117158).
- efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158).
- efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158).
- efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158).
- efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158).
- efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158).
- efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158).
- efi: add API to reserve memory persistently across kexec reboot (bsc#1117158).
- efi: honour memory reservations passed via a linux specific config table (bsc#1117158).
- ext4: Do not warn when enabling DAX (bsc#1132894).
- ext4: actually request zeroing of inode table after grow (bsc#1135315).
- ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356).
- ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428).
- ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).
- ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).
- ext4: make sanity check in mballoc more strict (bsc#1136439).
- ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438).
- fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722)
- fbdev: fix divide error in fb_var_to_videomode (bsc#1113722)
- firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).
- fix rtnh_ok() (git-fixes).
- fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432).
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435).
- ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658).
- genetlink: Fix a memory leak on error path (networking-stable-19_03_28).
- ghes, EDAC: Fix ghes_edac registration (bsc#1133176).
- gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).
- gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).
- hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510).
- hid: input: add mapping for 'Toggle Display' key (bsc#1051510).
- hid: input: add mapping for Assistant key (bsc#1051510).
- hid: input: add mapping for Expose/Overview key (bsc#1051510).
- hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510).
- hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510).
- hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- ibmvnic: Add device identification to requested IRQs (bsc#1137739).
- ibmvnic: Do not close unopened driver during reset (bsc#1137752).
- ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
- ibmvnic: Refresh device multicast list after reset (bsc#1137752).
- ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
- igmp: fix incorrect unsolicit report count when join group (git-fixes).
- iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).
- indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503).
- inetpeer: fix uninit-value in inet_getpeer (git-fixes).
- input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510).
- input: introduce KEY_ASSISTANT (bsc#1051510).
- input: synaptics-rmi4 - fix possible double free (bsc#1051510).
- intel_th: msu: Fix single mode with IOMMU (bsc#1051510).
- intel_th: pci: Add Comet Lake support (bsc#1051510).
- iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158).
- iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671).
- iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006).
- iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007).
- iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).
- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10).
- ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes).
- ip_gre: fix parsing gre header in ipgre_err (git-fixes).
- ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes).
- ipconfig: Correctly initialise ic_nameservers (bsc#1051510).
- ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510).
- ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes).
- ipv4: add sanity checks in ipv4_link_failure() (git-fixes).
- ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19).
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04).
- ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19).
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30).
- ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes).
- ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).
- ipv6: fix cleanup ordering for pingv6 registration (git-fixes).
- ipv6: invert flowlabel sharing check in process and user mode (git-fixes).
- ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes).
- ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510).
- ipvlan: fix ipv6 outbound device (bsc#1051510).
- ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).
- ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).
- ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes).
- ipvs: fix buffer overflow with sync daemon and service (git-fixes).
- ipvs: fix check on xmit to non-local addresses (git-fixes).
- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510).
- ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).
- ipvs: fix stats update from local clients (git-fixes).
- iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).
- jbd2: check superblock mapped prior to committing (bsc#1136430).
- kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510).
- kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510).
- kABI: protect dma-mapping.h include (kabi).
- kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346).
- kABI: protect ip_options_rcv_srr (kabi).
- kABI: protect struct mlx5_td (kabi).
- kABI: protect struct pci_dev (kabi).
- kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346).
- kABI: protect struct smc_link (bsc#1129857 LTC#176247).
- kABI: protect struct smcd_dev (bsc#1130409 LTC#176346).
- kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
- kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647).
- kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586).
- kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes).
- kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes).
- kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510).
- kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510).
- keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642).
- kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078).
- kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077).
- kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).
- kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202).
- kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).
- kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201).
- kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206).
- kvm: s390: provide io interrupt kvm_stat (bsc#1136206).
- kvm: s390: use created_vcpus in more places (bsc#1136206).
- kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206).
- kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203).
- kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204).
- kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205).
- l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).
- l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).
- l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).
- l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).
- l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes).
- l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510).
- leds: avoid races with workqueue (bsc#1051510).
- leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).
- lib: add crc64 calculation routines (bsc#1130972).
- lib: do not depend on linux headers being installed (bsc#1130972).
- libata: fix using DMA buffers on stack (bsc#1051510).
- linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510).
- livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995).
- livepatch: Remove custom kobject state handling (bsc#1071995).
- livepatch: Remove duplicated code for early initialization (bsc#1071995).
- lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).
- mISDN: Check address length before reading address family (bsc#1051510).
- mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).
- mac80211: fix unaligned access in mesh table hash function (bsc#1051510).
- mac8390: Fix mmio access size probe (bsc#1051510).
- md: fix invalid stored role for a disk (bsc#1051510).
- media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).
- media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).
- media: cx23885: check allocation return (bsc#1051510).
- media: davinci-isif: avoid uninitialized variable use (bsc#1051510).
- media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510).
- media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).
- media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510).
- media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).
- media: pvrusb2: Prevent a buffer overflow (bsc#1129770).
- media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510).
- media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510).
- media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510).
- media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).
- media: wl128x: prevent two potential buffer overflows (bsc#1051510).
- memcg: make it work on sparse non-0-node systems (bnc#1133616).
- memcg: make it work on sparse non-0-node systems kabi (bnc#1133616).
- mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30).
- mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330).
- mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372)
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
- mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616).
- mmc: core: fix possible use after free of host (bsc#1051510).
- mount: copy the port field into the cloned nfs_server structure (bsc#1136990).
- mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510).
- mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).
- mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510).
- mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510).
- mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770).
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
- mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).
- mwifiex: Fix possible buffer overflows at parsing bss descriptor
- mwifiex: prevent an array overflow (bsc#1051510).
- mwl8k: Fix rate_idx underflow (bsc#1051510).
- neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes).
- net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10).
- net/ibmvnic: Remove tests of member address (bsc#1137739).
- net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760).
- net/ibmvnic: Update carrier state after link state change (bsc#1135100).
- net/ipv4: defensive cipso option parsing (git-fixes).
- net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes).
- net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).
- net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes).
- net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes).
- net/mlx5: Decrease default mr cache size (networking-stable-19_04_10).
- net/mlx5e: Add a lock on tir list (networking-stable-19_04_10).
- net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10).
- net/mlx5e: Fix trailing semicolon (bsc#1075020).
- net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020).
- net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30).
- net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30).
- net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10).
- net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129).
- net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10).
- net/smc: add pnet table namespace support (bsc#1130409 LTC#176346).
- net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346).
- net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247).
- net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346).
- net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346).
- net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247).
- net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247).
- net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518).
- net/smc: check port_idx of ib event (bsc#1129857 LTC#176247).
- net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346).
- net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518).
- net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518).
- net/smc: consolidate function parameters (bsc#1134607 LTC#177518).
- net/smc: correct state change for peer closing (bsc#1129857 LTC#176247).
- net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247).
- net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247).
- net/smc: do not wait under send_lock (bsc#1129857 LTC#176247).
- net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518).
- net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518).
- net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247).
- net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249).
- net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518).
- net/smc: fix sender_free computation (bsc#1129857 LTC#176247).
- net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249).
- net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247).
- net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518).
- net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518).
- net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247).
- net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518).
- net/smc: move wake up of close waiter (bsc#1129857 LTC#176247).
- net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247).
- net/smc: nonblocking connect rework (bsc#1134607 LTC#177518).
- net/smc: postpone release of clcsock (bsc#1129857 LTC#176247).
- net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247).
- net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247).
- net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518).
- net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247).
- net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247).
- net/smc: reset cursor update required flag (bsc#1129857 LTC#176247).
- net/smc: rework pnet table (bsc#1130409 LTC#176346).
- net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247).
- net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247).
- net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247).
- net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247).
- net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518).
- net: Fix a bug in removing queues from XPS map (git-fixes).
- net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28).
- net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19).
- net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).
- net: do not keep lonely packets forever in the gro hash (git-fixes).
- net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04).
- net: dsa: legacy: do not unmask port bitmaps (git-fixes).
- net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes).
- net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561).
- net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10).
- net: fix uninit-value in __hw_addr_add_ex() (git-fixes).
- net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19).
- net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056).
- net: initialize skb->peeked when cloning (git-fixes).
- net: make skb_partial_csum_set() more robust against overflows (git-fixes).
- net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04).
- net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30).
- net: rose: fix a possible stack overflow (networking-stable-19_03_28).
- net: socket: fix potential spectre v1 gadget in socketcall (git-fixes).
- net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28).
- net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30).
- net: test tailroom before appending to linear skb (git-fixes).
- net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19).
- net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19).
- net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).
- net: use indirect call wrappers at GRO network layer (bsc#1124503).
- net: use indirect call wrappers at GRO transport layer (bsc#1124503).
- netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes).
- netfilter: bridge: ebt_among: add missing match size checks (git-fixes).
- netfilter: bridge: ebt_among: add more missing match size checks (git-fixes).
- netfilter: drop template ct when conntrack is skipped (git-fixes).
- netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes).
- netfilter: ebtables: handle string from userspace with care (git-fixes).
- netfilter: ebtables: reject non-bridge targets (git-fixes).
- netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes).
- netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes).
- netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).
- netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes).
- netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes).
- netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes).
- netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes).
- netfilter: nf_tables: fix leaking object reference count (git-fixes).
- netfilter: nf_tables: release chain in flushing set (git-fixes).
- netfilter: nft_compat: do not dump private area (git-fixes).
- netfilter: x_tables: initialise match/target check parameter struct (git-fixes).
- netlink: fix uninit-value in netlink_sendmsg (git-fixes).
- nfs add module option to limit nfsv4 minor version (jsc#PM-231).
- nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0
- nfsv4.x: always serialize open/close operations (bsc#1114893).
- nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510).
- nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423).
- nvme: Do not remove namespaces during reset (bsc#1131673).
- nvme: flush scan_work when resetting controller (bsc#1131673).
- objtool: Fix function fallthrough detection (bsc#1058115).
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434).
- ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.
- of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
- omapfb: add missing of_node_put after of_device_is_available (bsc#1051510).
- openvswitch: add seqadj extension when NAT is used (bsc#1051510).
- openvswitch: fix flow actions reallocation (bsc#1051510).
- p54: drop device reference count if fails to enable device (bsc#1135642).
- packet: fix reserve calculation (git-fixes).
- packet: in packet_snd start writing at link layer allocation (git-fixes).
- packet: refine ring v3 block size test to hold one frame (git-fixes).
- packet: reset network header if packet shorter than ll reserved space (git-fixes).
- packet: validate msg_namelen in send directly (git-fixes).
- packets: Always register packet sk in the same order (networking-stable-19_03_28).
- pci: Factor out pcie_retrain_link() function (git-fixes).
- pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).
- pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).
- pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes).
- pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes).
- phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510).
- platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).
- platform/x86: dell-rbtn: Add missing #include (bsc#1051510).
- platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).
- platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510).
- platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510).
- platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510).
- platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).
- platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).
- power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510).
- power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).
- powerpc/eeh: Fix race with driver un/bind (bsc#1065729).
- powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729).
- powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
- powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729).
- powerpc/process: Fix sparse address space warnings (bsc#1065729).
- powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729).
- powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729).
- proc/kcore: do not bounds check against address 0 (bsc#1051510).
- proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).
- proc: revalidate kernel thread inodes to root:root (bsc#1051510).
- ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes).
- pwm: Fix deadlock warning when removing PWM device (bsc#1051510).
- pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).
- pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510).
- pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510).
- pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).
- qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).
- qla2xxx: always allocate qla_tgt_wq (bsc#1131451).
- qmi_wwan: add Olicard 600 (bsc#1051510).
- rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ).
- rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992).
- regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510).
- rt2x00: do not increment sequence number while re-transmitting (bsc#1051510).
- rtc: da9063: set uie_unsupported when relevant (bsc#1051510).
- rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510).
- rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).
- rxrpc: Fix error reception on AF_INET6 sockets (git-fixes).
- rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes).
- s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247).
- s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).
- sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510).
- sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).
- sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).
- scripts: override locale from environment when running recordmcount.pl (bsc#1134354).
- scsi: qedf: fixup bit operations (bsc#1135542).
- scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542).
- scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542).
- scsi: qla2xxx: Declare local functions 'static' (bsc#1137444).
- scsi: qla2xxx: Fix function argument descriptions (bsc#1118139).
- scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139).
- scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).
- scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444).
- scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444).
- scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444).
- scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444).
- scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444).
- scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444).
- scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444).
- scsi: qla2xxx: Remove unused symbols (bsc#1118139).
- scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444).
- scsi: qla2xxx: Use %p for printing pointers (bsc#1118139).
- scsi: qla2xxx: fix error message on qla2400 (bsc#1118139).
- scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139).
- scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444).
- scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).
- scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139).
- scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444).
- sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04).
- sctp: fix identification of new acks for SFR-CACC (git-fixes).
- sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28).
- sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10).
- sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes).
- sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).
- selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).
- serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).
- serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510).
- serial: uartps: console_setup() can't be placed to init section (bsc#1051510).
- signal: Always notice exiting tasks (git-fixes).
- signal: Better detection of synchronous signals (git-fixes).
- signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).
- smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247).
- soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).
- soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510).
- spi: Micrel eth switch: declare missing of table (bsc#1051510).
- spi: ST ST95HF NFC: declare missing of table (bsc#1051510).
- spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).
- spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510).
- spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510).
- spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510).
- spi: rspi: Fix sequencer reset during initialization (bsc#1051510).
- ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510).
- staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510).
- stm class: Fix an endless loop in channel allocation (bsc#1051510).
- stm class: Fix channel free in stm output free path (bsc#1051510).
- stm class: Prevent division by zero (bsc#1051510).
- stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30).
- supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
- supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
- switchtec: Fix unintended mask of MRPC event (git-fixes).
- tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10).
- tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
- tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
- tcp: limit payload size of sacked skbs (bsc#1137586).
- tcp: purge write queue in tcp_connect_init() (git-fixes).
- tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
- tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19).
- team: fix possible recursive locking when add slaves (networking-stable-19_04_30).
- team: set slave to promisc if team is already in promisc mode (bsc#1051510).
- thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).
- thermal/int340x_thermal: fix mode setting (bsc#1051510).
- thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510).
- thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28).
- thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28).
- tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes).
- tipc: missing entries in name table of publications (networking-stable-19_04_19).
- tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).
- tracing: Fix partial reading of trace event's id file (bsc#1136573).
- treewide: Use DEVICE_ATTR_WO (bsc#1137739).
- tty: increase the default flip buffer limit to 2*640K (bsc#1051510).
- tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510).
- tty: serial_core, add ->install (bnc#1129693).
- tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510).
- tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28).
- tun: properly test for IFF_UP (networking-stable-19_03_28).
- uas: fix alignment of scatter/gather segments (bsc#1129770).
- udp: use indirect call wrappers for GRO socket lookup (bsc#1124503).
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323).
- usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).
- usb: cdc-acm: fix unthrottle races (bsc#1051510).
- usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510).
- usb: core: Fix unterminated string returned by usb_string() (bsc#1051510).
- usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).
- usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).
- usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).
- usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).
- usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).
- usb: serial: fix unthrottle races (bsc#1051510).
- usb: u132-hcd: fix resource leak (bsc#1051510).
- usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510).
- usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).
- usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510).
- usb: yurex: Fix protection fault after device removal (bsc#1051510).
- userfaultfd: use RCU to free the task struct when fork fails (git-fixes).
- vfio/mdev: Avoid release parent reference during error path (bsc#1051510).
- vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510).
- vfio/pci: use correct format characters (bsc#1051510).
- vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510).
- vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).
- vhost: reject zero size iova range (networking-stable-19_04_19).
- virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).
- virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).
- virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).
- vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10).
- vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510).
- vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).
- vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510).
- vsock/virtio: reset connected sockets on device removal (bsc#1051510).
- vt: always call notifier with the console lock held (bsc#1051510).
- vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28).
- x86/speculation/mds: Fix documentation typo (bsc#1135642).
- x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
- x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
- xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600).
- xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes).
- xfrm6: call kfree_skb when skb is toobig (git-fixes).
- xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).
- xfrm: Return error on unknown encap_type in init_state (git-fixes).
- xfrm: Validate address prefix lengths in the xfrm selector (git-fixes).
- xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes).
- xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes).
- xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).
- xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes).
- xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes).
- xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes).
- xfs: add log item pinning error injection tag (bsc#1114427).
- xfs: buffer lru reference count error injection tag (bsc#1114427).
- xfs: check _btree_check_block value (bsc#1123663).
- xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).
- xfs: create block pointer check functions (bsc#1123663).
- xfs: create inode pointer verifiers (bsc#1114427).
- xfs: detect and fix bad summary counts at mount (bsc#1114427).
- xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427).
- xfs: export various function for the online scrubber (bsc#1123663).
- xfs: expose errortag knobs via sysfs (bsc#1114427).
- xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).
- xfs: force summary counter recalc at next mount (bsc#1114427).
- xfs: kill meaningless variable 'zero' (bsc#1106011).
- xfs: make errortag a per-mountpoint structure (bsc#1123663).
- xfs: move error injection tags into their own file (bsc#1114427).
- xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).
- xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011).
- xfs: refactor btree block header checking functions (bsc#1123663).
- xfs: refactor btree pointer checks (bsc#1123663).
- xfs: refactor unmount record write (bsc#1114427).
- xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).
- xfs: remove xfs_zero_range (bsc#1106011).
- xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).
- xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427).
- xfs: sanity-check the unused space before trying to use it (bsc#1123663).
- xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936).
ImportantSUSE bug 1012382SUSE bug 1050242SUSE bug 1051510SUSE bug 1053043SUSE bug 1056787SUSE bug 1058115SUSE bug 1063638SUSE bug 1064802SUSE bug 1065600SUSE bug 1065729SUSE bug 1066129SUSE bug 1068546SUSE bug 1071995SUSE bug 1075020SUSE bug 1082387SUSE bug 1083647SUSE bug 1085535SUSE bug 1099658SUSE bug 1103992SUSE bug 1104353SUSE bug 1104427SUSE bug 1106011SUSE bug 1106284SUSE bug 1108838SUSE bug 1110946SUSE bug 1111696SUSE bug 1112063SUSE bug 1113722SUSE bug 1114427SUSE bug 1114893SUSE bug 1115688SUSE bug 1117158SUSE bug 1117561SUSE bug 1118139SUSE bug 1119843SUSE bug 1120091SUSE bug 1120423SUSE bug 1120566SUSE bug 1120843SUSE bug 1120902SUSE bug 1122776SUSE bug 1123454SUSE bug 1123663SUSE bug 1124503SUSE bug 1124839SUSE bug 1126356SUSE bug 1127616SUSE bug 1128052SUSE bug 1128904SUSE bug 1128905SUSE bug 1128979SUSE bug 1129138SUSE bug 1129497SUSE bug 1129693SUSE bug 1129770SUSE bug 1129848SUSE bug 1129857SUSE bug 1130409SUSE bug 1130699SUSE bug 1130972SUSE bug 1131451SUSE bug 1131488SUSE bug 1131565SUSE bug 1131673SUSE bug 1132044SUSE bug 1132894SUSE bug 1133176SUSE bug 1133188SUSE bug 1133190SUSE bug 1133320SUSE bug 1133612SUSE bug 1133616SUSE bug 1134160SUSE bug 1134162SUSE bug 1134199SUSE bug 1134200SUSE bug 1134201SUSE bug 1134202SUSE bug 1134203SUSE bug 1134204SUSE bug 1134205SUSE bug 1134354SUSE bug 1134393SUSE bug 1134459SUSE bug 1134460SUSE bug 1134461SUSE bug 1134537SUSE bug 1134591SUSE bug 1134597SUSE bug 1134607SUSE bug 1134651SUSE bug 1134671SUSE bug 1134760SUSE bug 1134806SUSE bug 1134810SUSE bug 1134813SUSE bug 1134848SUSE bug 1134936SUSE bug 1135006SUSE bug 1135007SUSE bug 1135008SUSE bug 1135056SUSE bug 1135100SUSE bug 1135120SUSE bug 1135278SUSE bug 1135281SUSE bug 1135309SUSE bug 1135312SUSE bug 1135314SUSE bug 1135315SUSE bug 1135316SUSE bug 1135320SUSE bug 1135323SUSE bug 1135330SUSE bug 1135492SUSE bug 1135542SUSE bug 1135556SUSE bug 1135603SUSE bug 1135642SUSE bug 1135661SUSE bug 1135758SUSE bug 1136206SUSE bug 1136424SUSE bug 1136428SUSE bug 1136430SUSE bug 1136432SUSE bug 1136434SUSE bug 1136435SUSE bug 1136438SUSE bug 1136439SUSE bug 1136477SUSE bug 1136478SUSE bug 1136573SUSE bug 1136586SUSE bug 1136881SUSE bug 1136935SUSE bug 1136990SUSE bug 1137151SUSE bug 1137152SUSE bug 1137153SUSE bug 1137162SUSE bug 1137372SUSE bug 1137444SUSE bug 1137586SUSE bug 1137739SUSE bug 1137752CVE-2018-7191 at SUSECVE-2018-7191 at NVDCVE-2019-10124 at SUSECVE-2019-10124 at NVDCVE-2019-11085 at SUSECVE-2019-11085 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-11486 at SUSECVE-2019-11486 at NVDCVE-2019-11487 at SUSECVE-2019-11487 at NVDCVE-2019-11815 at SUSECVE-2019-11815 at NVDCVE-2019-11833 at SUSECVE-2019-11833 at NVDCVE-2019-11884 at SUSECVE-2019-11884 at NVDCVE-2019-12382 at SUSECVE-2019-12382 at NVDCVE-2019-3846 at SUSECVE-2019-3846 at NVDCVE-2019-5489 at SUSECVE-2019-5489 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.
- CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power.
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)
- CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586)
- CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190)
- CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)
- CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)
- CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)
- CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278)
- CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)
- CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848)
- CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)
The following non-security bugs were fixed:
- 9p locks: add mount option for lock retry interval (bsc#1051510).
- acpi: button: reinitialize button state upon resume (bsc#1051510).
- acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510).
- acpica: Namespace: remove address node from global list after method termination (bsc#1051510).
- acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158).
- acpi / utils: Drop reference in test for device presence (bsc#1051510).
- alsa: core: Do not refer to snd_cards array directly (bsc#1051510).
- alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).
- alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).
- alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).
- alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).
- alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).
- alsa: hda/realtek - EAPD turn on later (bsc#1051510).
- alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).
- alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).
- alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510).
- alsa: hda - Register irq handler after the chip initialization (bsc#1051510).
- alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).
- alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).
- alsa: line6: Avoid polluting led_* namespace (bsc#1051510).
- alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).
- alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).
- alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).
- alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).
- alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).
- alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).
- alsa: seq: Remove superfluous irqsave flags (bsc#1051510).
- alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).
- alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).
- alsa: timer: Coding style fixes (bsc#1051510).
- alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).
- alsa: timer: Make sure to clear pending ack list (bsc#1051510).
- alsa: timer: Revert active callback sync check at close (bsc#1051510).
- alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).
- alsa: timer: Unify timer callback process code (bsc#1051510).
- alsa: usb-audio: Fix a memory leak bug (bsc#1051510).
- alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).
- alsa: usx2y: fix a double free bug (bsc#1051510).
- appletalk: Fix compile regression (bsc#1051510).
- appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).
- arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
- arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158).
- arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).
- arm64: fix ACPI dependencies (bsc#1117158).
- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158).
- arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).
- arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).
- arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).
- arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).
- arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).
- arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).
- arm: iop: do not use using 64-bit DMA masks (bsc#1051510).
- arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).
- arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).
- arm: orion: do not use using 64-bit DMA masks (bsc#1051510).
- arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).
- arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).
- arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510).
- asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510).
- asoc: fix valid stream condition (bsc#1051510).
- asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510).
- asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510).
- asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510).
- asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510).
- asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510).
- asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510).
- asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).
- asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510).
- asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).
- asoc: stm32: fix sai driver name initialisation (bsc#1051510).
- asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510).
- asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).
- at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510).
- audit: fix a memleak caused by auditing load module (bsc#1051510).
- b43: shut up clang -Wuninitialized variable warning (bsc#1051510).
- backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510).
- bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).
- bcache: add a comment in super.c (bsc#1130972).
- bcache: add code comments for bset.c (bsc#1130972).
- bcache: add comment for cache_set->fill_iter (bsc#1130972).
- bcache: add identifier names to arguments of function definitions (bsc#1130972).
- bcache: add missing SPDX header (bsc#1130972).
- bcache: add MODULE_DESCRIPTION information (bsc#1130972).
- bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
- bcache: add static const prefix to char * array declarations (bsc#1130972).
- bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).
- bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
- bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
- bcache: correct dirty data statistics (bsc#1130972).
- bcache: do not assign in if condition in bcache_init() (bsc#1130972).
- bcache: do not assign in if condition register_bcache() (bsc#1130972).
- bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
- bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).
- bcache: do not clone bio in bch_data_verify (bsc#1130972).
- bcache: do not mark writeback_running too early (bsc#1130972).
- bcache: export backing_dev_name via sysfs (bsc#1130972).
- bcache: export backing_dev_uuid via sysfs (bsc#1130972).
- bcache: fix code comments style (bsc#1130972).
- bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
- bcache: fix indent by replacing blank by tabs (bsc#1130972).
- bcache: fix input integer overflow of congested threshold (bsc#1130972).
- bcache: fix input overflow to cache set io_error_limit (bsc#1130972).
- bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).
- bcache: fix input overflow to journal_delay_ms (bsc#1130972).
- bcache: fix input overflow to sequential_cutoff (bsc#1130972).
- bcache: fix input overflow to writeback_delay (bsc#1130972).
- bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
- bcache: fix ioctl in flash device (bsc#1130972).
- bcache: fix mistaken code comments in bcache.h (bsc#1130972).
- bcache: fix mistaken comments in request.c (bsc#1130972).
- bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).
- bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).
- bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).
- bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
- bcache: improve sysfs_strtoul_clamp() (bsc#1130972).
- bcache: introduce force_wake_up_gc() (bsc#1130972).
- bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).
- bcache: Move couple of functions to sysfs.c (bsc#1130972).
- bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
- bcache: move open brace at end of function definitions to next line (bsc#1130972).
- bcache: never writeback a discard operation (bsc#1130972).
- bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).
- bcache: option to automatically run gc thread after writeback (bsc#1130972).
- bcache: panic fix for making cache device (bsc#1130972).
- bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
- bcache: prefer 'help' in Kconfig (bsc#1130972).
- bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
- bcache: recal cached_dev_sectors on detach (bsc#1130972).
- bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
- bcache: remove unused bch_passthrough_cache (bsc#1130972).
- bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
- bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972).
- bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
- bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
- bcache: replace printk() by pr_*() routines (bsc#1130972).
- bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
- bcache: set writeback_percent in a flexible range (bsc#1130972).
- bcache: split combined if-condition code into separate ones (bsc#1130972).
- bcache: stop bcache device when backing device is offline (bsc#1130972).
- bcache: stop using the deprecated get_seconds() (bsc#1130972).
- bcache: style fixes for lines over 80 characters (bsc#1130972).
- bcache: style fix to add a blank line after declarations (bsc#1130972).
- bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
- bcache: treat stale dirty keys as bad keys (bsc#1130972).
- bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
- bcache: update comment for bch_data_insert (bsc#1130972).
- bcache: update comment in sysfs.c (bsc#1130972).
- bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).
- bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).
- bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
- bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
- bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).
- block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).
- block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).
- block: do not leak memory in bio_copy_user_iov() (bsc#1135309).
- block: Do not revalidate bdev of hidden gendisk (bsc#1120091).
- block: fix the return errno for direct IO (bsc#1135320).
- block: fix use-after-free on gendisk (bsc#1135312).
- bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510).
- bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556).
- bluetooth: hidp: fix buffer overflow (bsc#1051510).
- bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242).
- bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04).
- bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10).
- bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).
- bonding: fix event handling for stacked bonds (networking-stable-19_04_19).
- bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647).
- bpf: Add missed newline in verifier verbose log (bsc#1056787).
- bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647).
- brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).
- btrfs: add a helper to return a head ref (bsc#1134813).
- btrfs: breakout empty head cleanup to a helper (bsc#1134813).
- btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758).
- btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881).
- btrfs: Do not panic when we can't find a root key (bsc#1112063).
- btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: Factor out common delayed refs init code (bsc#1134813).
- btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151).
- btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477).
- btrfs: fix race updating log root item during fsync (bsc#1137153).
- btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152).
- btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454).
- btrfs: Introduce init_delayed_ref_head (bsc#1134813).
- btrfs: move all ref head cleanup to the helper function (bsc#1134813).
- btrfs: move extent_op cleanup to a helper (bsc#1134813).
- btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
- btrfs: Open-code add_delayed_data_ref (bsc#1134813).
- btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
- btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).
- btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).
- btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).
- btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).
- btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612).
- btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
- btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).
- btrfs: split delayed ref head initialization and addition (bsc#1134813).
- btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
- btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478).
- btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
- btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
- ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).
- ceph: fix ci->i_head_snapc leak (bsc#1122776).
- ceph: fix use-after-free on symlink traversal (bsc#1134459).
- ceph: only use d_name directly when parent is locked (bsc#1134460).
- cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
- clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).
- clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).
- configfs: fix possible use-after-free in configfs_register_group (bsc#1051510).
- configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510).
- crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510).
- crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510).
- crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510).
- crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510).
- crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).
- crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510).
- crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).
- crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510).
- crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510).
- crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).
- crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).
- crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).
- crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).
- crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).
- crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510).
- dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).
- dccp: Fix memleak in __feat_register_sp (bsc#1051510).
- debugfs: fix use-after-free on symlink traversal (bsc#1051510).
- devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).
- dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510).
- dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).
- documentation: Add MDS vulnerability documentation (bsc#1135642).
- drivers: acpi: add dependency of EFI for arm64 (bsc#1117158).
- drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).
- drm/etnaviv: lock MMU while dumping core (bsc#1113722)
- drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510).
- drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).
- drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).
- drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510).
- drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).
- drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722)
- drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510).
- drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722)
- drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722)
- drm/i915/gvt: refine ggtt range validation (bsc#1113722)
- drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722)
- drm/imx: do not skip DP channel disable for background plane (bsc#1051510).
- drm/mediatek: fix possible object reference leak (bsc#1051510).
- drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722)
- drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722)
- drm/rockchip: fix for mailbox read validation (bsc#1051510).
- drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).
- drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)
- drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)
- drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510).
- drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510).
- drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722)
- dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902).
- dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902).
- dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535).
- dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770).
- dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902).
- dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510).
- efi: add API to reserve memory persistently across kexec reboot (bsc#1117158).
- efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158).
- efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).
- efi/arm: libstub: add a root memreserve config table (bsc#1117158).
- efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158).
- efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158).
- efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158).
- efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158).
- efi: honour memory reservations passed via a linux specific config table (bsc#1117158).
- efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158).
- efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158).
- efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158).
- efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158).
- ext4: actually request zeroing of inode table after grow (bsc#1135315).
- ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356).
- ext4: Do not warn when enabling DAX (bsc#1132894).
- ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428).
- ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).
- ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).
- ext4: make sanity check in mballoc more strict (bsc#1136439).
- ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438).
- fbdev: fix divide error in fb_var_to_videomode (bsc#1113722)
- fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722)
- firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).
- fix rtnh_ok() (git-fixes).
- fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432).
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435).
- ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658).
- genetlink: Fix a memory leak on error path (networking-stable-19_03_28).
- ghes, EDAC: Fix ghes_edac registration (bsc#1133176).
- git_sort: add crypto maintainer tree.
- git-sort: Always explicitely handle a pygit2 import error As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73 ('series_sort: Catch pygit2 import failure.') is wrong; given that there is no explicit installation step of the git-sort scripts and that they are 'just there' in the kernel-source repository, every user-callable script needs to check that the user followed installation requirements.
- git-sort: Handle new pygit2.discover_repository behavior A consequence of pygit2 commit c32ee0c25384 ('Now discover_repository returns None if repo not found').
- git-sort: Move mainline remote check to series_sort git_sort can be used on any git repository. series_sort() OTOH expects the reference repository to be a clone of the mainline Linux kernel repository. Move the warning accordingly and make it an error since further operations would fail. Fixes: 027d52475873 ('scripts: git_sort: Warn about missing upstream repo')
- git-sort: README: Add information about how to report problems
- gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).
- gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).
- hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510).
- hid: input: add mapping for Assistant key (bsc#1051510).
- hid: input: add mapping for Expose/Overview key (bsc#1051510).
- hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510).
- hid: input: add mapping for 'Toggle Display' key (bsc#1051510).
- hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510).
- hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510).
- ibmvnic: Add device identification to requested IRQs (bsc#1137739).
- ibmvnic: Do not close unopened driver during reset (bsc#1137752).
- ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
- ibmvnic: Refresh device multicast list after reset (bsc#1137752).
- ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
- igmp: fix incorrect unsolicit report count when join group (git-fixes).
- iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).
- indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503).
- inetpeer: fix uninit-value in inet_getpeer (git-fixes).
- input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510).
- input: introduce KEY_ASSISTANT (bsc#1051510).
- input: synaptics-rmi4 - fix possible double free (bsc#1051510).
- intel_th: msu: Fix single mode with IOMMU (bsc#1051510).
- intel_th: pci: Add Comet Lake support (bsc#1051510).
- iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158).
- iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671).
- iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006).
- iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007).
- iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).
- ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes).
- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10).
- ipconfig: Correctly initialise ic_nameservers (bsc#1051510).
- ip_gre: fix parsing gre header in ipgre_err (git-fixes).
- ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510).
- ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes).
- ipv4: add sanity checks in ipv4_link_failure() (git-fixes).
- ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes).
- ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19).
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04).
- ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19).
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30).
- ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).
- ipv6: fix cleanup ordering for pingv6 registration (git-fixes).
- ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes).
- ipv6: invert flowlabel sharing check in process and user mode (git-fixes).
- ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes).
- ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510).
- ipvlan: fix ipv6 outbound device (bsc#1051510).
- ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).
- ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes).
- ipvs: fix buffer overflow with sync daemon and service (git-fixes).
- ipvs: fix check on xmit to non-local addresses (git-fixes).
- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510).
- ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).
- ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).
- ipvs: fix stats update from local clients (git-fixes).
- iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).
- jbd2: check superblock mapped prior to committing (bsc#1136430).
- kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
- kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647).
- kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586).
- kABI: protect dma-mapping.h include (kabi).
- kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346).
- kABI: protect ip_options_rcv_srr (kabi).
- kABI: protect struct mlx5_td (kabi).
- kABI: protect struct pci_dev (kabi).
- kABI: protect struct smcd_dev (bsc#1130409 LTC#176346).
- kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346).
- kABI: protect struct smc_link (bsc#1129857 LTC#176247).
- kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510).
- kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510).
- kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes).
- kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes).
- kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510).
- kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510).
- keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642).
- kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078).
- kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128905 LTC#176077).
- kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).
- kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).
- kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201).
- kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206).
- kvm: s390: provide io interrupt kvm_stat (bsc#1136206).
- kvm: s390: use created_vcpus in more places (bsc#1136206).
- kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206).
- kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202).
- kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203).
- kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204).
- kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205).
- l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).
- l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).
- l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).
- l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).
- l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes).
- l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510).
- leds: avoid races with workqueue (bsc#1051510).
- leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).
- lib: add crc64 calculation routines (bsc#1130972).
- libata: fix using DMA buffers on stack (bsc#1051510).
- lib: do not depend on linux headers being installed (bsc#1130972).
- linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510).
- livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995).
- livepatch: Remove custom kobject state handling (bsc#1071995).
- livepatch: Remove duplicated code for early initialization (bsc#1071995).
- lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).
- mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).
- mac80211: fix unaligned access in mesh table hash function (bsc#1051510).
- mac8390: Fix mmio access size probe (bsc#1051510).
- md: fix invalid stored role for a disk (bsc#1051510).
- media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).
- media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).
- media: cx23885: check allocation return (bsc#1051510).
- media: davinci-isif: avoid uninitialized variable use (bsc#1051510).
- media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510).
- media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).
- media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510).
- media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).
- media: pvrusb2: Prevent a buffer overflow (bsc#1129770).
- media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510).
- media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510).
- media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510).
- media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).
- media: wl128x: prevent two potential buffer overflows (bsc#1051510).
- memcg: make it work on sparse non-0-node systems (bnc#1133616).
- memcg: make it work on sparse non-0-node systems kabi (bnc#1133616).
- mISDN: Check address length before reading address family (bsc#1051510).
- mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30).
- mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616).
- mmc: core: fix possible use after free of host (bsc#1051510).
- mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372)
- mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330).
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
- mount: copy the port field into the cloned nfs_server structure (bsc#1136990).
- mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).
- mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510).
- mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510).
- mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510).
- mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770).
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
- mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).
- mwifiex: Fix possible buffer overflows at parsing bss descriptor
- mwifiex: prevent an array overflow (bsc#1051510).
- mwl8k: Fix rate_idx underflow (bsc#1051510).
- neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes).
- net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28).
- net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19).
- net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).
- net: do not keep lonely packets forever in the gro hash (git-fixes).
- net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04).
- net: dsa: legacy: do not unmask port bitmaps (git-fixes).
- net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes).
- net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561).
- net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10).
- netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes).
- netfilter: bridge: ebt_among: add missing match size checks (git-fixes).
- netfilter: bridge: ebt_among: add more missing match size checks (git-fixes).
- netfilter: drop template ct when conntrack is skipped (git-fixes).
- netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes).
- netfilter: ebtables: handle string from userspace with care (git-fixes).
- netfilter: ebtables: reject non-bridge targets (git-fixes).
- netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes).
- netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes).
- netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).
- netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes).
- netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes).
- netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes).
- netfilter: nf_tables: fix leaking object reference count (git-fixes).
- netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes).
- netfilter: nf_tables: release chain in flushing set (git-fixes).
- netfilter: nft_compat: do not dump private area (git-fixes).
- netfilter: x_tables: initialise match/target check parameter struct (git-fixes).
- net: Fix a bug in removing queues from XPS map (git-fixes).
- net: fix uninit-value in __hw_addr_add_ex() (git-fixes).
- net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19).
- net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10).
- net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056).
- net/ibmvnic: Remove tests of member address (bsc#1137739).
- net/ibmvnic: Update carrier state after link state change (bsc#1135100).
- net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760).
- net: initialize skb->peeked when cloning (git-fixes).
- net/ipv4: defensive cipso option parsing (git-fixes).
- net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes).
- net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).
- net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes).
- net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes).
- netlink: fix uninit-value in netlink_sendmsg (git-fixes).
- net: make skb_partial_csum_set() more robust against overflows (git-fixes).
- net/mlx5: Decrease default mr cache size (networking-stable-19_04_10).
- net/mlx5e: Add a lock on tir list (networking-stable-19_04_10).
- net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30).
- net/mlx5e: Fix trailing semicolon (bsc#1075020).
- net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020).
- net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04).
- net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30).
- net: rose: fix a possible stack overflow (networking-stable-19_03_28).
- net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30).
- net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10).
- net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129).
- net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10).
- net/smc: add pnet table namespace support (bsc#1130409 LTC#176346).
- net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346).
- net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247).
- net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346).
- net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346).
- net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247).
- net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247).
- net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518).
- net/smc: check port_idx of ib event (bsc#1129857 LTC#176247).
- net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346).
- net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518).
- net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518).
- net/smc: consolidate function parameters (bsc#1134607 LTC#177518).
- net/smc: correct state change for peer closing (bsc#1129857 LTC#176247).
- net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247).
- net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247).
- net/smc: do not wait under send_lock (bsc#1129857 LTC#176247).
- net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518).
- net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247).
- net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518).
- net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249).
- net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518).
- net/smc: fix sender_free computation (bsc#1129857 LTC#176247).
- net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249).
- net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247).
- net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518).
- net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518).
- net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247).
- net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518).
- net/smc: move wake up of close waiter (bsc#1129857 LTC#176247).
- net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247).
- net/smc: nonblocking connect rework (bsc#1134607 LTC#177518).
- net/smc: postpone release of clcsock (bsc#1129857 LTC#176247).
- net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247).
- net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247).
- net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518).
- net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247).
- net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247).
- net/smc: reset cursor update required flag (bsc#1129857 LTC#176247).
- net/smc: rework pnet table (bsc#1130409 LTC#176346).
- net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247).
- net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247).
- net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247).
- net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247).
- net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518).
- net: socket: fix potential spectre v1 gadget in socketcall (git-fixes).
- net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28).
- net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30).
- net: test tailroom before appending to linear skb (git-fixes).
- net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19).
- net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19).
- net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).
- net: use indirect call wrappers at GRO network layer (bsc#1124503).
- net: use indirect call wrappers at GRO transport layer (bsc#1124503).
- nfs: add module option to limit NFSv4 minor version (jsc#PM-231).
- nfs: Update config files for NFSv4.2 Enable NFSv4.2 support - jsc@PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0
- nfsv4.x: always serialize open/close operations (bsc#1114893).
- nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510).
- nvme: Do not remove namespaces during reset (bsc#1131673).
- nvme: flush scan_work when resetting controller (bsc#1131673).
- nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423).
- objtool: Fix function fallthrough detection (bsc#1058115).
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434).
- ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.
- of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
- omapfb: add missing of_node_put after of_device_is_available (bsc#1051510).
- openvswitch: add seqadj extension when NAT is used (bsc#1051510).
- openvswitch: fix flow actions reallocation (bsc#1051510).
- p54: drop device reference count if fails to enable device (bsc#1135642).
- packet: fix reserve calculation (git-fixes).
- packet: in packet_snd start writing at link layer allocation (git-fixes).
- packet: refine ring v3 block size test to hold one frame (git-fixes).
- packet: reset network header if packet shorter than ll reserved space (git-fixes).
- packets: Always register packet sk in the same order (networking-stable-19_03_28).
- packet: validate msg_namelen in send directly (git-fixes).
- pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes).
- pci: Factor out pcie_retrain_link() function (git-fixes).
- pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).
- pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).
- pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes).
- phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510).
- platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).
- platform/x86: dell-rbtn: Add missing #include (bsc#1051510).
- platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).
- platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510).
- platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510).
- platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510).
- platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).
- platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).
- powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729).
- powerpc/eeh: Fix race with driver un/bind (bsc#1065729).
- powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729).
- powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729).
- powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
- powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729).
- powerpc/process: Fix sparse address space warnings (bsc#1065729).
- power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510).
- power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).
- proc/kcore: do not bounds check against address 0 (bsc#1051510).
- proc: revalidate kernel thread inodes to root:root (bsc#1051510).
- proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).
- ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes).
- pwm: Fix deadlock warning when removing PWM device (bsc#1051510).
- pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).
- pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510).
- pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510).
- pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).
- qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).
- qla2xxx: always allocate qla_tgt_wq (bsc#1131451).
- qmi_wwan: add Olicard 600 (bsc#1051510).
- rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ).
- rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992).
- re-export snd_cards for kABI compatibility (bsc#1051510).
- regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510).
- Revert 'ALSA: seq: Protect in-kernel ioctl calls with mutex' (bsc#1051510).
- Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843).
- Revert 'drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)' The patch seems buggy, breaks the build for armv7hl/pae config.
- Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946).
- Revert 'tty: pty: Fix race condition between release_one_tty and pty_write' (bsc#1051510).
- rt2x00: do not increment sequence number while re-transmitting (bsc#1051510).
- rtc: da9063: set uie_unsupported when relevant (bsc#1051510).
- rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510).
- rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).
- rxrpc: Fix error reception on AF_INET6 sockets (git-fixes).
- rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes).
- s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247).
- s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).
- sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510).
- sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).
- sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).
- scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword
- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
- scripts: override locale from environment when running recordmcount.pl (bsc#1134354).
- scsi: qedf: fixup bit operations (bsc#1135542).
- scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542).
- scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542).
- scsi: qla2xxx: Declare local functions 'static' (bsc#1137444).
- scsi: qla2xxx: fix error message on qla2400 (bsc#1118139).
- scsi: qla2xxx: Fix function argument descriptions (bsc#1118139).
- scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139).
- scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).
- scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139).
- scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444).
- scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).
- scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444).
- scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444).
- scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444).
- scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444).
- scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444).
- scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444).
- scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139).
- scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444).
- scsi: qla2xxx: Remove unused symbols (bsc#1118139).
- scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444).
- scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444).
- scsi: qla2xxx: Use %p for printing pointers (bsc#1118139).
- sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04).
- sctp: fix identification of new acks for SFR-CACC (git-fixes).
- sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28).
- sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10).
- sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes).
- sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).
- selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).
- serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).
- serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510).
- serial: uartps: console_setup() can't be placed to init section (bsc#1051510).
- signal: Always notice exiting tasks (git-fixes).
- signal: Better detection of synchronous signals (git-fixes).
- signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).
- smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247).
- soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).
- soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510).
- spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).
- spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510).
- spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510).
- spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510).
- spi: Micrel eth switch: declare missing of table (bsc#1051510).
- spi: rspi: Fix sequencer reset during initialization (bsc#1051510).
- spi: ST ST95HF NFC: declare missing of table (bsc#1051510).
- ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510).
- staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510).
- stm class: Fix an endless loop in channel allocation (bsc#1051510).
- stm class: Fix channel free in stm output free path (bsc#1051510).
- stm class: Prevent division by zero (bsc#1051510).
- stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30).
- supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
- supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
- switchtec: Fix unintended mask of MRPC event (git-fixes).
- tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
- tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
- tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10).
- tcp: limit payload size of sacked skbs (bsc#1137586).
- tcp: purge write queue in tcp_connect_init() (git-fixes).
- tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
- tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19).
- team: fix possible recursive locking when add slaves (networking-stable-19_04_30).
- team: set slave to promisc if team is already in promisc mode (bsc#1051510).
- thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510).
- thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).
- thermal/int340x_thermal: fix mode setting (bsc#1051510).
- thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28).
- thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28).
- tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes).
- tipc: missing entries in name table of publications (networking-stable-19_04_19).
- tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).
- tracing: Fix partial reading of trace event's id file (bsc#1136573).
- treewide: Use DEVICE_ATTR_WO (bsc#1137739).
- tty: increase the default flip buffer limit to 2*640K (bsc#1051510).
- tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510).
- tty: serial_core, add ->install (bnc#1129693).
- tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510).
- tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28).
- tun: properly test for IFF_UP (networking-stable-19_03_28).
- uas: fix alignment of scatter/gather segments (bsc#1129770).
- udp: use indirect call wrappers for GRO socket lookup (bsc#1124503).
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323).
- usb: cdc-acm: fix unthrottle races (bsc#1051510).
- usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510).
- usb: core: Fix unterminated string returned by usb_string() (bsc#1051510).
- usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).
- usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).
- usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).
- usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).
- usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).
- usb: serial: fix unthrottle races (bsc#1051510).
- usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).
- usb: u132-hcd: fix resource leak (bsc#1051510).
- usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510).
- usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).
- usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510).
- usb: yurex: Fix protection fault after device removal (bsc#1051510).
- userfaultfd: use RCU to free the task struct when fork fails (git-fixes).
- vfio/mdev: Avoid release parent reference during error path (bsc#1051510).
- vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510).
- vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510).
- vfio/pci: use correct format characters (bsc#1051510).
- vhost: reject zero size iova range (networking-stable-19_04_19).
- vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).
- virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).
- virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).
- virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).
- vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10).
- vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).
- vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510).
- vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510).
- vsock/virtio: reset connected sockets on device removal (bsc#1051510).
- vt: always call notifier with the console lock held (bsc#1051510).
- vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28).
- x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
- x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
- x86/speculation/mds: Fix documentation typo (bsc#1135642).
- xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600).
- xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes).
- xfrm6: call kfree_skb when skb is toobig (git-fixes).
- xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes).
- xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes).
- xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).
- xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).
- xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes).
- xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes).
- xfrm: Return error on unknown encap_type in init_state (git-fixes).
- xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes).
- xfrm: Validate address prefix lengths in the xfrm selector (git-fixes).
- xfs: add log item pinning error injection tag (bsc#1114427).
- xfs: buffer lru reference count error injection tag (bsc#1114427).
- xfs: check _btree_check_block value (bsc#1123663).
- xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).
- xfs: create block pointer check functions (bsc#1123663).
- xfs: create inode pointer verifiers (bsc#1114427).
- xfs: detect and fix bad summary counts at mount (bsc#1114427).
- xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427).
- xfs: export various function for the online scrubber (bsc#1123663).
- xfs: expose errortag knobs via sysfs (bsc#1114427).
- xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).
- xfs: force summary counter recalc at next mount (bsc#1114427).
- xfs: kill meaningless variable 'zero' (bsc#1106011).
- xfs: make errortag a per-mountpoint structure (bsc#1123663).
- xfs: move error injection tags into their own file (bsc#1114427).
- xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).
- xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011).
- xfs: refactor btree block header checking functions (bsc#1123663).
- xfs: refactor btree pointer checks (bsc#1123663).
- xfs: refactor unmount record write (bsc#1114427).
- xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).
- xfs: remove xfs_zero_range (bsc#1106011).
- xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).
- xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427).
- xfs: sanity-check the unused space before trying to use it (bsc#1123663).
- xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936).
ImportantSUSE bug 1012382SUSE bug 1050242SUSE bug 1051510SUSE bug 1053043SUSE bug 1056787SUSE bug 1058115SUSE bug 1063638SUSE bug 1064802SUSE bug 1065600SUSE bug 1065729SUSE bug 1066129SUSE bug 1068546SUSE bug 1071995SUSE bug 1075020SUSE bug 1082387SUSE bug 1083647SUSE bug 1085535SUSE bug 1099658SUSE bug 1103992SUSE bug 1104353SUSE bug 1104427SUSE bug 1106011SUSE bug 1106284SUSE bug 1108838SUSE bug 1110946SUSE bug 1111696SUSE bug 1112063SUSE bug 1113722SUSE bug 1114427SUSE bug 1114893SUSE bug 1115688SUSE bug 1117158SUSE bug 1117561SUSE bug 1118139SUSE bug 1119843SUSE bug 1120091SUSE bug 1120423SUSE bug 1120566SUSE bug 1120843SUSE bug 1120902SUSE bug 1122776SUSE bug 1123454SUSE bug 1123663SUSE bug 1124503SUSE bug 1124839SUSE bug 1126356SUSE bug 1127616SUSE bug 1128052SUSE bug 1128904SUSE bug 1128905SUSE bug 1128979SUSE bug 1129138SUSE bug 1129497SUSE bug 1129693SUSE bug 1129770SUSE bug 1129848SUSE bug 1129857SUSE bug 1130409SUSE bug 1130972SUSE bug 1131451SUSE bug 1131488SUSE bug 1131565SUSE bug 1131673SUSE bug 1132044SUSE bug 1132894SUSE bug 1133176SUSE bug 1133188SUSE bug 1133190SUSE bug 1133320SUSE bug 1133612SUSE bug 1133616SUSE bug 1134160SUSE bug 1134162SUSE bug 1134199SUSE bug 1134200SUSE bug 1134201SUSE bug 1134202SUSE bug 1134203SUSE bug 1134204SUSE bug 1134205SUSE bug 1134354SUSE bug 1134393SUSE bug 1134459SUSE bug 1134460SUSE bug 1134461SUSE bug 1134537SUSE bug 1134591SUSE bug 1134597SUSE bug 1134607SUSE bug 1134651SUSE bug 1134671SUSE bug 1134760SUSE bug 1134806SUSE bug 1134810SUSE bug 1134813SUSE bug 1134848SUSE bug 1134936SUSE bug 1135006SUSE bug 1135007SUSE bug 1135008SUSE bug 1135056SUSE bug 1135100SUSE bug 1135120SUSE bug 1135278SUSE bug 1135281SUSE bug 1135309SUSE bug 1135312SUSE bug 1135314SUSE bug 1135315SUSE bug 1135316SUSE bug 1135320SUSE bug 1135323SUSE bug 1135330SUSE bug 1135492SUSE bug 1135542SUSE bug 1135556SUSE bug 1135603SUSE bug 1135642SUSE bug 1135661SUSE bug 1135758SUSE bug 1136206SUSE bug 1136424SUSE bug 1136428SUSE bug 1136430SUSE bug 1136432SUSE bug 1136434SUSE bug 1136435SUSE bug 1136438SUSE bug 1136439SUSE bug 1136477SUSE bug 1136478SUSE bug 1136573SUSE bug 1136586SUSE bug 1136881SUSE bug 1136935SUSE bug 1136990SUSE bug 1137151SUSE bug 1137152SUSE bug 1137153SUSE bug 1137162SUSE bug 1137372SUSE bug 1137444SUSE bug 1137586SUSE bug 1137739SUSE bug 1137752CVE-2018-7191 at SUSECVE-2018-7191 at NVDCVE-2019-10124 at SUSECVE-2019-10124 at NVDCVE-2019-11085 at SUSECVE-2019-11085 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-11486 at SUSECVE-2019-11486 at NVDCVE-2019-11487 at SUSECVE-2019-11487 at NVDCVE-2019-11815 at SUSECVE-2019-11815 at NVDCVE-2019-11833 at SUSECVE-2019-11833 at NVDCVE-2019-11884 at SUSECVE-2019-11884 at NVDCVE-2019-12382 at SUSECVE-2019-12382 at NVDCVE-2019-3846 at SUSECVE-2019-3846 at NVDCVE-2019-5489 at SUSECVE-2019-5489 at NVDcpe:/o:suse:sles:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path
parameter pointing anywhere on the system and potentially leading to execution
of a malicious file with root privileges by libvirtd (bsc#1138301).
- CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have
been used to alter the domain's config used for managedsave or execute arbitrary
emulator binaries (bsc#1138302).
- CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which
could have been used to execute arbitrary emulators (bsc#1138303).
ImportantSUSE bug 1138301SUSE bug 1138302SUSE bug 1138303CVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDcpe:/o:suse:sles:12:sp4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Server 12 SP4
This update for gstreamer-plugins-base fixes the following issue:
Security issue fixed:
- CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375).
ImportantSUSE bug 1133375CVE-2019-9928 at SUSECVE-2019-9928 at NVDcpe:/o:suse:sles:12:sp4Security update for sqlite3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976).
ImportantSUSE bug 1136976CVE-2019-8457 at SUSECVE-2019-8457 at NVDcpe:/o:suse:sles:12:sp4Security update for libssh2_org (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libssh2_org fixes the following issues:
- Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481)
(Out-of-bounds reads with specially crafted SFTP packets)
ModerateSUSE bug 1128481SUSE bug 1136570CVE-2019-3860 at SUSECVE-2019-3860 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wireshark to version 2.4.15 fixes the following issues:
Security issue fixed:
- Fixed a denial of service in the dissection engine (bsc#1136021).
ModerateSUSE bug 1136021cpe:/o:suse:sles:12:sp4Recommended update for MozillaFirefox (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox to version 60.7.1 fixes the following issues:
Security issue fixed:
- CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614)
Other issue addressed:
- Fixed broken language plugins (bsc#1137792)
ModerateSUSE bug 1137792SUSE bug 1138614CVE-2019-11707 at SUSECVE-2019-11707 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 5 Fix Pack 35.
Security issues fixed:
- CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718).
- CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729).
- CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).
- CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728).
- CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732).
ImportantSUSE bug 1132728SUSE bug 1132729SUSE bug 1132732SUSE bug 1132734SUSE bug 1134718CVE-2019-10245 at SUSECVE-2019-10245 at NVDCVE-2019-2602 at SUSECVE-2019-2602 at NVDCVE-2019-2684 at SUSECVE-2019-2684 at NVDCVE-2019-2697 at SUSECVE-2019-2697 at NVDCVE-2019-2698 at SUSECVE-2019-2698 at NVDcpe:/o:suse:sles:12:sp4Security update for netpbm (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for netpbm fixes the following issues:
Security issues fixed:
- CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause
a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777).
- CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288).
- CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291).
- create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936)
ModerateSUSE bug 1024288SUSE bug 1024291SUSE bug 1086777SUSE bug 1136936CVE-2017-2579 at SUSECVE-2017-2579 at NVDCVE-2017-2580 at SUSECVE-2017-2580 at NVDCVE-2018-8975 at SUSECVE-2018-8975 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
- Mozilla Firefox Firefox 60.7.2
MFSA 2019-19 (bsc#1138872)
- CVE-2019-11708: Fix sandbox escape using Prompt:Open.
* Insufficient vetting of parameters passed with the Prompt:Open IPC
message between child and parent processes could result in the non-sandboxed
parent process opening web content chosen by a compromised child process.
When combined with additional vulnerabilities this could result in executing
arbitrary code on the user's computer.
ImportantSUSE bug 1138872CVE-2019-11708 at SUSECVE-2019-11708 at NVDcpe:/o:suse:sles:12:sp4Security update for ImageMagick (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).
- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).
- CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).
- CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).
- CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732)
We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)
ModerateSUSE bug 1133204SUSE bug 1133205SUSE bug 1133498SUSE bug 1133501SUSE bug 1134075SUSE bug 1135232SUSE bug 1135236SUSE bug 1136183SUSE bug 1136732SUSE bug 1138425SUSE bug 1138464CVE-2017-12805 at SUSECVE-2017-12805 at NVDCVE-2017-12806 at SUSECVE-2017-12806 at NVDCVE-2019-10131 at SUSECVE-2019-10131 at NVDCVE-2019-11470 at SUSECVE-2019-11470 at NVDCVE-2019-11472 at SUSECVE-2019-11472 at NVDCVE-2019-11505 at SUSECVE-2019-11505 at NVDCVE-2019-11506 at SUSECVE-2019-11506 at NVDCVE-2019-11597 at SUSECVE-2019-11597 at NVDCVE-2019-11598 at SUSECVE-2019-11598 at NVDcpe:/o:suse:sles:12:sp4Security update for glibc (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE (bsc#941234).
Feature work:
- IBM zSeries arch13 hardware support in glibc added (fate#327072, bsc#1132678)
Other issue addressed:
- Fixed a concurrency issue with ldconfig (bsc#1117993).
ModerateSUSE bug 1117993SUSE bug 1132678SUSE bug 941234CVE-2015-5180 at SUSECVE-2015-5180 at NVDcpe:/o:suse:sles:12:sp4Security update for dnsmasq (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for dnsmasq fixes the following issues:
Security issue fixed:
- CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of
wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958)
Non-security issue fixed:
- Reload system dbus to pick up policy change on install (bsc#1054429).
ModerateSUSE bug 1054429SUSE bug 1076958CVE-2017-15107 at SUSECVE-2017-15107 at NVDcpe:/o:suse:sles:12:sp4Security update for glib2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for glib2 provides the following fix:
Security issues fixed:
- CVE-2019-12450: Fixed an improper file permission when copy operation
takes place (bsc#1137001).
- CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121).
- CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116).
Non-security issues fixed:
- Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599)
ImportantSUSE bug 1061599SUSE bug 1107116SUSE bug 1107121SUSE bug 1137001CVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDcpe:/o:suse:sles:12:sp4Security update for elfutils (Low)SUSE Linux Enterprise Server 12 SP4
This update for elfutils fixes the following issues:
Security issues fixed:
- CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067).
- CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472).
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007).
- CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476).
- CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files
to be read (bsc#1123685).
- CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
- CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088).
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections
and the number of segments in a crafted ELF file (bsc#1033090).
- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084).
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085).
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087).
- CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723).
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089).
- CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973).
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).
LowSUSE bug 1030472SUSE bug 1030476SUSE bug 1033084SUSE bug 1033085SUSE bug 1033087SUSE bug 1033088SUSE bug 1033089SUSE bug 1033090SUSE bug 1106390SUSE bug 1107067SUSE bug 1111973SUSE bug 1112723SUSE bug 1112726SUSE bug 1123685SUSE bug 1125007CVE-2016-10254 at SUSECVE-2016-10254 at NVDCVE-2016-10255 at SUSECVE-2016-10255 at NVDCVE-2017-7607 at SUSECVE-2017-7607 at NVDCVE-2017-7608 at SUSECVE-2017-7608 at NVDCVE-2017-7610 at SUSECVE-2017-7610 at NVDCVE-2017-7611 at SUSECVE-2017-7611 at NVDCVE-2017-7612 at SUSECVE-2017-7612 at NVDCVE-2017-7613 at SUSECVE-2017-7613 at NVDCVE-2018-16062 at SUSECVE-2018-16062 at NVDCVE-2018-16403 at SUSECVE-2018-16403 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:sles:12:sp4Security update for libu2f-host (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:
Security issues fixed for libu2f-host:
- CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).
- CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow
with a custom made malicious USB device (bsc#1124781).
Security issues fixed for pam_u2f:
- CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
- CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).
ModerateSUSE bug 1124781SUSE bug 1128140SUSE bug 1135727SUSE bug 1135729CVE-2018-20340 at SUSECVE-2018-20340 at NVDCVE-2019-12209 at SUSECVE-2019-12209 at NVDCVE-2019-12210 at SUSECVE-2019-12210 at NVDCVE-2019-9578 at SUSECVE-2019-9578 at NVDcpe:/o:suse:sles:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4
This update for postgresql10 to version 10.9 fixes the following issue:
Security issue fixed:
- CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).
More information at https://www.postgresql.org/docs/10/release-10-9.html
ImportantSUSE bug 1138034CVE-2019-10164 at SUSECVE-2019-10164 at NVDcpe:/o:suse:sles:12:sp4Security update for avahi (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for avahi fixes the following issues:
Security issue fixed:
- CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281)
ModerateSUSE bug 1120281CVE-2018-1000845 at SUSECVE-2018-1000845 at NVDcpe:/o:suse:sles:12:sp4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for kernel-firmware aligns the firmware code with
SUSE Linux Enterprise Server 15. The version is now at 20190618.
Please refer to the kernel-firmware rpm changelog file to see the full history of changes. ModerateSUSE bug 1091203SUSE bug 1104289SUSE bug 1110720SUSE bug 1122456SUSE bug 1128292SUSE bug 1132303SUSE bug 1136334SUSE bug 1136498SUSE bug 1139383CVE-2019-9836 at SUSECVE-2019-9836 at NVDcpe:/o:suse:sles:12:sp4Security update for kernel-source-azure (Important)SUSE Linux Enterprise Server 12 SP4
This update for kernel-source-azure fixes the following issues:
- CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP
ID values the kernel produces for connection-less protocols. When such
traffic was sent to multiple destination IP addresses, it was possible to
obtain hash collisions (of indices to the counter array) and thereby obtain
the hashing key (via enumeration). An attack could have been conducted by
hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to
attacker-controlled IP addresses. [bnc#1140575]
- CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial
kernel address disclosure), leading to a KASLR bypass. Specifically, it was
possible to extract the KASLR kernel image offset using the IP ID values the
kernel produces for connection-less protocols. When such traffic was sent to
multiple destination IP addresses, it was possible to obtain hash collisions
(of indices to the counter array) and thereby obtain the hashing key (via
enumeration). This key contains enough bits from a kernel address (of a
static variable) so when the key was extracted (via enumeration), the offset
of the kernel image was exposed. This attack could be carried out remotely by
the attacker forcing the target device to send UDP or ICMP traffic to
attacker-controlled IP addresses. Forcing a server to send UDP traffic is
trivial if the server is a DNS server. ICMP traffic is trivial if the server
answers ICMP Echo requests (ping). For client targets, if the target visits
the attacker's web page, then WebRTC or gQUIC can be used to force UDP
traffic to attacker-controlled IP addresses. [bnc#1140577]
- CVE-2018-20836: A race condition used to exist in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a
use-after-free. [bnc#1134395]
- CVE-2019-10126: A heap based buffer overflow in the wireless driver code was
fixed. This issue might have lead to memory corruption and possibly other
consequences. [bnc#1136935]
- CVE-2019-11599: The coredump implementation did not use locking or other
mechanisms to prevent vma layout or vma flags changes while it ran, which
allowed local users to obtain sensitive information, cause a denial of
service, or possibly have unspecified other impact by triggering a race
condition with mmget_not_zero or get_task_mm calls. [bnc#1131645].
- CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC
platforms, which allowed an attacker to cause a denial of service (NULL
pointer dereference and system crash). [bnc#1137194]
- CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who
was able to mount an exported NFS filesystem was able to trigger a null
pointer dereference by an invalid NFS sequence. This could panic the machine
and deny access to the NFS server. Any outstanding disk writes to the NFS
server will were lost. [bnc#1137103]
- CVE-2019-12819: The function __mdiobus_register() used to call put_device(),
which would trigger a fixed_mdio_bus_init use-after-free error. This would
cause a denial of service. [bnc#1138291]
- CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c
may return NULL. If the caller did not check for this, it could trigger a
NULL pointer dereference. This would cause denial of service. [bnc#1138293]
- CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed
local users to cause a denial of service or possibly have unspecified other
impact by changing the value of ioc_number between two kernel reads of that
value, aka a 'double fetch' vulnerability. [bsc#1136922]
- CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled
memory allocation failures. Note, however, that all relevant code runs only
at boot-time, before any user processes are started. Therefore, there was no
possibility for an unprivileged user to exploit this issue. [bnc#1136598]
- 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
- acpi / property: fix handling of data_nodes in
- acpi: Add Hygon Dhyana support (fate#327735).
- af_key: unconditionally clone on broadcast (bsc#1051510).
- alsa: firewire-lib/fireworks: fix miss detection of received
- alsa: firewire-motu: fix destruction of data for isochronous
- alsa: hda - Force polling mode on CNL for fixing codec
- alsa: hda/realtek - Change front mic location for Lenovo M710q
- alsa: hda/realtek - Set default power save node to 0
- alsa: hda/realtek - Update headset mode for ALC256
- alsa: hda/realtek: Add quirks for several Clevo notebook
- alsa: line6: Fix write on zero-sized buffer (bsc#1051510).
- alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
- alsa: seq: fix incorrect order of dest_client/dest_ports
- alsa: usb-audio: fix sign unintended sign extension on left
- apparmor: enforce nullbyte at end of tag string (bsc#1051510).
- asoc: cs42xx8: Add regcache mask dirty (bsc#1051510).
- asoc: eukrea-tlv320: fix a leaked reference by adding missing
- asoc: fsl_asrc: Fix the issue about unsupported rate
- asoc: fsl_sai: Update is_slave_mode with correct value
- asoc: fsl_utils: fix a leaked reference by adding missing
- asoc: hdmi-codec: unlock the device on startup errors
- audit: fix a memory leak bug (bsc#1051510).
- ax25: fix inconsistent lock state in ax25_destroy_timer
- batman-adv: allow updating DAT entry timeouts on incoming ARP
- blk-mq: fix hang caused by freeze/unfreeze sequence
- blk-mq: free hw queue's resource in hctx's release handler
- block: Fix a NULL pointer dereference in generic_make_request()
- bluetooth: Fix faulty expression for minimum encryption key
- brcmfmac: convert dev_init_lock mutex to completion
- brcmfmac: fix Oops when bringing up interface during USB
- brcmfmac: fix WARNING during USB disconnect in case of unempty
- brcmfmac: fix missing checks for kmemdup (bsc#1051510).
- brcmfmac: fix race during disconnect when USB completion is
- can: af_can: Fix error path of can_init() (bsc#1051510).
- can: flexcan: fix timeout when set small bitrate (bsc#1051510).
- can: purge socket error queue on sock destruct (bsc#1051510).
- ceph: flush dirty inodes before proceeding with remount
- cfg80211: fix memory leak of wiphy device name (bsc#1051510).
- chardev: add additional check for minor range overlap
- clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288
- clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides
- coredump: fix race condition between
- coredump: fix race condition between collapse_huge_page()
- coresight: etb10: Fix handling of perf mode (bsc#1051510).
- coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
- cpu/topology: Export die_id (jsc#SLE-5454).
- cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ
- cpufreq: Add Hygon Dhyana support (fate#327735).
- crypto: algapi - guard against uninitialized spawn list in
- crypto: cryptd - Fix skcipher instance memory leak
- crypto: user - prevent operating on larval algorithms
- device core: Consolidate locking and unlocking of parent and
- dm, dax: Fix detection of DAX support (bsc#1139782).
- dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
- doc: Cope with the deprecation of AutoReporter (bsc#1051510).
- docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
- documentation: Correct the possible MDS sysfs values
- drbd: Avoid Clang warning about pointless switch statment
- drbd: disconnect, if the wrong UUIDs are attached on a connected
- drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
- drbd: skip spurious timeout (ping-timeo) when failing promote
- driver core: Establish order of operations for device_add and
- driver core: Probe devices asynchronously instead of the driver
- drivers/base: Introduce kill_device() (bsc#1139865).
- drivers/base: kABI fixes for struct device_private
- drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak
- drivers/rapidio/rio_cm.c: fix potential oops in
- drivers: thermal: tsens: Don't print error message on
- drm/amdgpu: fix old fence check in amdgpu_fence_emit
- drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
- drm/drv: Hold ref on parent device during drm_device lifetime
- drm/gma500/cdv: Check vbt config bits when detecting lvds panels
- drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
- drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
- drm/i915/sdvo: Implement proper HDMI audio support for SDVO
- drm/nouveau/disp/dp: respect sink limits when selecting failsafe
- drm/radeon: prefer lower reference dividers (bsc#1051510).
- drm: Wake up next in drm_read() chain if we are forced to
- edac, amd64: Add Hygon Dhyana support (fate#327735).
- edac/mc: Fix edac_mc_find() in case no device is found
- efi/x86/Add missing error handling to old_memmap 1:1 mapping
- extcon: arizona: Disable mic detect if running when driver is
- ftrace/x86: Remove possible deadlock between register_kprobe()
- fuse: fallocate: fix return with locked inode (bsc#1051510).
- fuse: fix writepages on 32bit (bsc#1051510).
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).
- genirq: Prevent use-after-free and work list corruption
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in
- genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
- gpio: Remove obsolete comment about gpiochip_free_hogs() usage
- gpio: fix gpio-adp5588 build errors (bsc#1051510).
- hid: Wacom: switch Dell canvas into highres mode (bsc#1051510).
- hid: input: fix a4tech horizontal wheel custom usage
- hid: logitech-hidpp: change low battery level threshold from
- hid: logitech-hidpp: use RAP instead of FAP to get the protocol
- hid: wacom: Add ability to provide explicit battery status info
- hid: wacom: Add support for 3rd generation Intuos BT
- hid: wacom: Add support for Pro Pen slim (bsc#1051510).
- hid: wacom: Correct button numbering 2nd-gen Intuos Pro over
- hid: wacom: Don't report anything prior to the tool entering
- hid: wacom: Don't set tool type until we're in range
- hid: wacom: Mark expected switch fall-through (bsc#1051510).
- hid: wacom: Move HID fix for AES serial number into
- hid: wacom: Move handling of HID quirks into a dedicated
- hid: wacom: Properly handle AES serial number and tool type
- hid: wacom: Queue events with missing type/serial data for
- hid: wacom: Remove comparison of u8 mode with zero and simplify
- hid: wacom: Replace touch_max fixup code with static touch_max
- hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser
- hid: wacom: Support 'in range' for Intuos/Bamboo tablets where
- hid: wacom: Sync INTUOSP2_BT touch state after each frame if
- hid: wacom: Work around HID descriptor bug in DTK-2451 and
- hid: wacom: convert Wacom custom usages to standard HID usages
- hid: wacom: fix mistake in printk (bsc#1051510).
- hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0
- hid: wacom: generic: Leave tool in prox until it completely
- hid: wacom: generic: Refactor generic battery handling
- hid: wacom: generic: Report AES battery information
- hid: wacom: generic: Reset events back to zero when pen leaves
- hid: wacom: generic: Scale battery capacity measurements to
- hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches
- hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen
- hid: wacom: generic: Support multiple tools per report
- hid: wacom: generic: Use generic codepath terminology in
- hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510).
- hid: wacom: wacom_wac_collection() is local to wacom_wac.c
- hwmon/coretemp: Cosmetic: Rename internal variables to zones
- hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs
- hwmon: (core) add thermal sensors only if dev->of_node is
- hwmon: (k10temp) 27C Offset needed for Threadripper2
- hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).
- hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
- hwmon: (k10temp) Add support for Stoney Ridge and Bristol
- hwmon: (k10temp) Add support for family 17h (FATE#327735).
- hwmon: (k10temp) Add support for temperature offsets
- hwmon: (k10temp) Add temperature offset for Ryzen 1900X
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X
- hwmon: (k10temp) Correct model name for Ryzen 1600X
- hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).
- hwmon: (k10temp) Fix reading critical temperature register
- hwmon: (k10temp) Make function get_raw_temp static
- hwmon: (k10temp) Move chip specific code into probe function
- hwmon: (k10temp) Only apply temperature offset if result is
- hwmon: (k10temp) Support all Family 15h Model 6xh and Model
- hwmon: (k10temp) Use API function to access System Management
- hwmon: (pmbus/core) Treat parameters as paged if on multiple
- hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify
- hwrng: omap - Set default quality (bsc#1051510).
- i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).
- i2c: acorn: fix i2c warning (bsc#1135642).
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
- i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331).
- ibmveth: Update ethtool settings to reflect virtual properties
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS
- iio: common: ssp_sensors: Initialize calculated_time in
- iio: hmc5843: fix potential NULL pointer dereferences
- inet: switch IP ID generator to siphash (CVE-2019-10638
- input: synaptics - enable SMBus on ThinkPad E480 and E580
- input: uinput - add compat ioctl number translation for
- iwlwifi: mvm: check for length correctness in
- iwlwifi: pcie: don't crash on invalid RX interrupt
- kABI workaround for the new pci_dev.skip_bus_pm field addition
- kabi: fixup blk_mq_register_dev() (bsc#1140637).
- kabi: handle addition of net::hash_mix (CVE-2019-10639
- kabi: handle addition of netns_ipv4::ip_id_key (CVE-2019-10638
- kabi: x86/topology: Add CPUID.1F multi-die/package support
- kabi: x86/topology: Define topology_logical_die_id()
- kernel-binary: Use -c grep option in klp project detection.
- kernel-binary: fix missing \
- kernel-binary: rpm does not support multiline condition
- kernel-subpackage-spec: Add dummy package to ensure subpackages are
- kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
- kmps: provide and conflict a kernel version specific KMP name
- kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode
- kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough
- kvm: PPC: Book3S: Protect memslots while validating user address
- kvm: PPC: Release all hardware TCE tables attached to a group
- kvm: PPC: Remove redundand permission bits removal
- kvm: PPC: Validate TCEs against preregistered memory page sizes
- kvm: PPC: Validate all tces before updating tables
- kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID
- kvm: x86: Include multiple indices with CPUID leaf 0x8000001d
- leds: avoid flush_work in atomic context (bsc#1051510).
- libata: Extend quirks for the ST1000LM024 drives with NOLPM
- libnvdimm, pfn: Fix over-trim in trim_pfn_device()
- libnvdimm/bus: Prevent duplicate device_unregister() calls
- mISDN: make sure device name is NUL terminated (bsc#1051510).
- mac80211/cfg80211: update bss channel on channel switch
- mac80211: Do not use stack memory with scatterlist for GMAC
- mac80211: Fix kernel panic due to use of txq after free
- mac80211: drop robust management frames from unknown TA
- mac80211: handle deauthentication/disassociation from TDLS peer
- media: au0828: Fix NULL pointer dereference in
- media: au0828: stop video streaming only when last user stops
- media: coda: clear error return value before picture run
- media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
- media: go7007: avoid clang frame overflow warning with KASAN
- media: m88ds3103: serialize reset messages in
- media: ov2659: make S_FMT succeed even if requested format
- media: saa7146: avoid high stack usage with clang (bsc#1051510).
- media: smsusb: better handle optional alignment (bsc#1051510).
- media: usb: siano: Fix false-positive 'uninitialized variable'
- media: usb: siano: Fix general protection fault in smsusb
- media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
- mfd: da9063: Fix OTP control register names to match datasheets
- mfd: intel-lpss: Set the device in reset state when init
- mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
- mfd: tps65912-spi: Add missing of table registration
- mfd: twl6040: Fix device init errors for ACCCTL register
- mm: pagechage-limit: Calculate pagecache-limit based
- mmc: core: Prevent processing SDIO IRQs when the card is
- mmc: core: Verify SD bus width (bsc#1051510).
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO
- mmc: mmci: Prevent polling for busy detection in IRQ context
- mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time
- mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data
- mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
- mmc_spi: add a status check for spi_sync_locked (bsc#1051510).
- module: Fix livepatch/ftrace module text permissions race
- net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
- net: mvpp2: prs: Fix parser range for VID filtering
- net: mvpp2: prs: Use the correct helpers when removing all
- netns: get more entropy from net_hash_mix() (CVE-2019-10638
- netns: provide pure entropy for net_hash_mix() (CVE-2019-10639
- nfit/ars: Allow root to busy-poll the ARS state machine
- nfit/ars: Avoid stale ARS results (jsc#SLE-5433).
- nfit/ars: Introduce scrub_flags (jsc#SLE-5433).
- nfs: Don't restrict NFSv4.2 on openSUSE (bsc#1138719).
- ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
- nvme-rdma: fix double freeing of async event data (bsc#1120423).
- nvme-rdma: fix possible double free of controller async event
- nvme: copy MTFA field from identify controller (bsc#1140715).
- nvme: skip nvme_update_disk_info() if the controller is not live
- nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us
- nvmem: allow to select i.MX nvmem driver for i.MX 7D
- nvmem: core: fix read buffer in place (bsc#1051510).
- nvmem: correct Broadcom OTP controller driver writes
- nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
- nvmem: imx-ocotp: Add support for banked OTP addressing
- nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
- nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated
- nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
- nvmem: imx-ocotp: Restrict OTP write to IMX6 processors
- nvmem: imx-ocotp: Update module description (bsc#1051510).
- nvmem: properly handle returned value nvmem_reg_read
- ocfs2: try to reuse extent block in dealloc without meta_alloc
- parport: Fix mem leak in parport_register_dev_model
- pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
- pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
- pci: rpadlpar: Fix leaked device_node references in add/remove
- perf tools: Add Hygon Dhyana support (fate#327735).
- perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/rapl: Cosmetic rename internal variables in
- perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/uncore: Cosmetic renames in response to
- perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
- platform/chrome: cros_ec_proto: check for NULL transfer function
- platform/x86: mlx-platform: Fix parent device in i2c-mux-reg
- pm / core: Propagate dev->power.wakeup_path when no callbacks
- power: supply: max14656: fix potential use-before-alloc
- power: supply: sysfs: prevent endless uevent loop with
- powercap/intel_rapl: Simplify rapl_find_package()
- powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
- powercap/intel_rapl: Update RAPL domain name and debug messages
- powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
- powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9
- powerpc/perf: Add POWER9 alternate PM_RUN_CYC and
- powerpc/pseries/dlpar: Fix a missing check in
- powerpc/pseries/mobility: prevent cpu hotplug during DT update
- powerpc/pseries/mobility: rebuild cacheinfo hierarchy
- powerpc/pseries: Fix oops in hotplug memory notifier
- powerpc/rtas: retry when cpu offline races with
- ppp: mppe: Add softdep to arc4 (bsc#1088047).
- qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
- qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
- qmi_wwan: add network device usage statistics for qmimux devices
- qmi_wwan: add support for QMAP padding in the RX path
- qmi_wwan: avoid RCU stalls on device disconnect when in QMAP
- qmi_wwan: extend permitted QMAP mux_id value range
- rapidio: fix a NULL pointer dereference when create_workqueue()
- ras/cec: Convert the timer callback to a workqueue
- ras/cec: Fix binary search function (bsc#1114279).
- rtc: 88pm860x: prevent use-after-free on device remove
- rtc: don't reference bogus function pointer in kdoc
- rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
- s390/dasd: fix using offset into zero size array error
- s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).
- s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
- s390/qeth: fix race when initializing the IP address table
- s390/setup: fix early warning messages (bsc#1051510).
- s390/virtio: handle find on invalid queue gracefully
- sbitmap: fix improper use of smp_mb__before_atomic()
- sched/topology: Improve load balancing on AMD EPYC
- scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.
- scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes
- scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
- scsi: libsas: fix a race condition when smp task timeout
- scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main()
- scsi: qla2xxx: Fix FC-AL connection target discovery
- scsi: qla2xxx: Fix N2N target discovery with Local loop
- scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
- scsi: qla2xxx: Fix incorrect region-size setting in optrom
- scsi: target/iblock: Fix overrun in WRITE SAME emulation
- scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
- scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from
- scsi: zfcp: fix rport unblock if deleted SCSI devices on
- scsi: zfcp: fix scsi_eh host reset with port_forced ERP for
- scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs
- serial: sh-sci: disable DMA for uart_console (bsc#1051510).
- smb3: Fix endian warning (bsc#1137884).
- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
- soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers
- spi: Fix zero length xfer bug (bsc#1051510).
- spi: bitbang: Fix NULL pointer dereference in
- spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331).
- spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
- spi: spi-fsl-spi: call spi_finalize_current_message() at the
- spi: tegra114: reset controller on probe (bsc#1051510).
- staging: comedi: ni_mio_common: Fix divide-by-zero for DIO
- staging: vc04_services: prevent integer overflow in
- staging: wlan-ng: fix adapter initialization failure
- svm: Add warning message for AVIC IPI invalid target
- svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
- sysctl: handle overflow in proc_get_long (bsc#1051510).
- tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478
- test_firmware: Use correct snprintf() limit (bsc#1135642).
- thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal
- thermal/x86_pkg_temp_thermal: Support multi-die/package
- thermal: rcar_gen3_thermal: disable interrupt in .remove
- thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
- tmpfs: fix link accounting when a tmpfile is linked in
- tmpfs: fix uninitialized return value in shmem_link
- tools/cpupower: Add Hygon Dhyana support (fate#327735).
- topology: Create core_cpus and die_cpus sysfs attributes
- topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
- tracing/snapshot: Resize spare buffer if size changed
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
- tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
- tty: max310x: Fix external crystal register setup (bsc#1051510).
- tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
- update upstream references:
- usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
- usb: Fix chipmunk-like voice when using Logitech C270 for
- usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor
- usb: chipidea: udc: workaround for endpoint conflict issue
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
- usb: core: Don't unbind interfaces following device reset
- usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
- usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam
- usb: rio500: fix memory leak in close after disconnect
- usb: rio500: refuse more than one device at a time
- usb: serial: fix initial-termios handling (bsc#1135642).
- usb: serial: option: add Telit 0x1260 and 0x1261 compositions
- usb: serial: option: add support for Simcom SIM7500/SIM7600
- usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
- usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
- usb: sisusbvga: fix oops in error path of sisusb_probe
- usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).
- usb: xhci: avoid null pointer deref when bos field is NULL
- usbip: usbip_host: fix BUG: sleeping function called from
- usbip: usbip_host: fix stub_dev lock context imbalance
- usbnet: fix kernel crash after disconnect (bsc#1051510).
- usbnet: ipheth: fix racing condition (bsc#1051510).
- vfio: ccw: only free cp on final interrupt (bsc#1051510).
- video: hgafb: fix potential NULL pointer dereference
- video: imsttfb: fix potential NULL pointer dereferences
- virtio_console: initialize vtermno value for ports
- vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
- vxlan: trivial indenting fix (bsc#1051510).
- vxlan: use __be32 type for the param vni in __vxlan_fdb_delete
- w1: fix the resume command API (bsc#1051510).
- watchdog: imx2_wdt: Fix set_timeout for big timeout values
- x86/CPU/AMD: Don't force the CPB cap when running under a
- x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
- x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).
- x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).
- x86/amd_nb: Check vendor in AMD-only functions (fate#327735).
- x86/apic: Add Hygon Dhyana support (fate#327735).
- x86/bugs: Add Hygon Dhyana to the respective mitigation
- x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number
- x86/cpu: Create Hygon Dhyana architecture support file
- x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana
- x86/cpufeatures: Carve out CQM features retrieval
- x86/cpufeatures: Combine word 11 and 12 into a new scattered
- x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions
- x86/events: Add Hygon Dhyana support to PMU infrastructure
- x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).
- x86/mce: Add Hygon Dhyana support to the MCA infrastructure
- x86/mce: Don't disable MCA banks when offlining a CPU on AMD
- x86/mce: Fix machine_check_poll() tests for error types
- x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug
- x86/microcode: Fix microcode hotplug state (bsc#1114279).
- x86/microcode: Fix the ancient deprecated microcode loading
- x86/mm/mem_encrypt: Disable all instrumentation for early SME
- x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and
- x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on
- x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
- x86/speculation/mds: Revert CPU buffer clear on double fault
- x86/topology: Add CPUID.1F multi-die/package support
- x86/topology: Create topology_max_die_per_package()
- x86/topology: Define topology_die_id() (jsc#SLE-5454).
- x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- x86/xen: Add Hygon Dhyana support to Xen (fate#327735).
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset
- xfs: do not set the page uptodate in xfs_writepage_map
- xfs: don't clear imap_valid for a non-uptodate buffers
- xfs: don't look at buffer heads in xfs_add_to_ioend
- xfs: don't use XFS_BMAPI_ENTRIRE in xfs_get_blocks
- xfs: don't use XFS_BMAPI_IGSTATE in xfs_map_blocks
- xfs: eof trim writeback mapping as soon as it is cached
- xfs: fix s_maxbytes overflow problems (bsc#1137996).
- xfs: make xfs_writepage_map extent map centric (bsc#1138009).
- xfs: minor cleanup for xfs_get_blocks (bsc#1138000).
- xfs: move all writeback buffer_head manipulation into
- xfs: refactor the tail of xfs_writepage_map (bsc#1138016).
- xfs: remove XFS_IO_INVALID (bsc#1138017).
- xfs: remove the imap_valid flag (bsc#1138012).
- xfs: remove unused parameter from xfs_writepage_map
- xfs: remove xfs_map_cow (bsc#1138007).
- xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).
- xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006).
- xfs: remove xfs_start_page_writeback (bsc#1138015).
- xfs: rename the offset variable in xfs_writepage_map
- xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent
- xfs: skip CoW writes past EOF when writeback races with truncate
- xfs: xfs_reflink_convert_cow() memory allocation deadlock
- xhci: Convert xhci_handshake() to use
- xhci: Use %zu for printing size_t type (bsc#1051510).
- xhci: update bounce buffer with correct sg num (bsc#1051510).
ImportantSUSE bug 1051510SUSE bug 1061840SUSE bug 1065600SUSE bug 1068032SUSE bug 1071995SUSE bug 1088047SUSE bug 1094555SUSE bug 1098633SUSE bug 1106383SUSE bug 1106751SUSE bug 1109137SUSE bug 1112824SUSE bug 1114279SUSE bug 1119532SUSE bug 1120423SUSE bug 1124167SUSE bug 1127155SUSE bug 1128432SUSE bug 1128902SUSE bug 1128910SUSE bug 1131645SUSE bug 1132154SUSE bug 1132390SUSE bug 1133401SUSE bug 1133738SUSE bug 1134303SUSE bug 1134395SUSE bug 1135296SUSE bug 1135556SUSE bug 1135642SUSE bug 1136157SUSE bug 1136598SUSE bug 1136811SUSE bug 1136922SUSE bug 1136935SUSE bug 1137103SUSE bug 1137194SUSE bug 1137221SUSE bug 1137366SUSE bug 1137429SUSE bug 1137586SUSE bug 1137625SUSE bug 1137728SUSE bug 1137884SUSE bug 1137995SUSE bug 1137996SUSE bug 1137998SUSE bug 1137999SUSE bug 1138000SUSE bug 1138002SUSE bug 1138003SUSE bug 1138005SUSE bug 1138006SUSE bug 1138007SUSE bug 1138008SUSE bug 1138009SUSE bug 1138010SUSE bug 1138011SUSE bug 1138012SUSE bug 1138013SUSE bug 1138014SUSE bug 1138015SUSE bug 1138016SUSE bug 1138017SUSE bug 1138018SUSE bug 1138019SUSE bug 1138291SUSE bug 1138293SUSE bug 1138374SUSE bug 1138375SUSE bug 1138589SUSE bug 1138719SUSE bug 1139751SUSE bug 1139771SUSE bug 1139782SUSE bug 1139865SUSE bug 1140133SUSE bug 1140328SUSE bug 1140405SUSE bug 1140424SUSE bug 1140428SUSE bug 1140575SUSE bug 1140577SUSE bug 1140637SUSE bug 1140658SUSE bug 1140715SUSE bug 1140719SUSE bug 1140726SUSE bug 1140727SUSE bug 1140728SUSE bug 1140814CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2018-16871 at SUSECVE-2018-16871 at NVDCVE-2018-20836 at SUSECVE-2018-20836 at NVDCVE-2019-10126 at SUSECVE-2019-10126 at NVDCVE-2019-10638 at SUSECVE-2019-10638 at NVDCVE-2019-10639 at SUSECVE-2019-10639 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11599 at SUSECVE-2019-11599 at NVDCVE-2019-12380 at SUSECVE-2019-12380 at NVDCVE-2019-12456 at SUSECVE-2019-12456 at NVDCVE-2019-12614 at SUSECVE-2019-12614 at NVDCVE-2019-12818 at SUSECVE-2019-12818 at NVDCVE-2019-12819 at SUSECVE-2019-12819 at NVDcpe:/o:suse:sles:12:sp4Security update for glib2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for glib2 fixes the following issues:
Security issue fixed:
- CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).
Non-security issue fixed:
- Added explicit requires between libglib2 and libgio2 (bsc#1140122).
ImportantSUSE bug 1139959SUSE bug 1140122CVE-2019-13012 at SUSECVE-2019-13012 at NVDcpe:/o:suse:sles:12:sp4Security update for expat (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for expat fixes the following issues:
Security issue fixed:
- CVE-2018-20843: Fixed a denial of service triggered by high resource consumption
in the XML parser when XML names contain a large amount of colons (bsc#1139937).
ModerateSUSE bug 1139937CVE-2018-20843 at SUSECVE-2018-20843 at NVDcpe:/o:suse:sles:12:sp4Security update for xrdp (Important)SUSE Linux Enterprise Server 12 SP4
This update for xrdp fixes the following issues:
These security issues were fixed:
- CVE-2013-1430: When successfully logging in using RDP into an xrdp session,
the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent
of the user's cleartext password, DES encrypted with a known key (bsc#1015567).
- CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager
in xrdp through used an untrusted integer as a write length, which could lead to a
local denial of service (bsc#1069591).
- CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead
to to PAM session modules not being properly initialized, with a potential
consequence of incorrect configurations or elevation of privileges, aka a
pam_limits.so bypass (bsc#1029912).
These non-security issues were fixed:
- The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506)
- Fixed an issue with delayed X KeyRelease events (bsc#1100453)
- Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524)
- Avoid use of hard-coded sesman port. (bsc#1060644)
- Fixed a regression connecting from Windows 10. (bsc#1090174)
ImportantSUSE bug 1014524SUSE bug 1015567SUSE bug 1029912SUSE bug 1060644SUSE bug 1069591SUSE bug 1090174SUSE bug 1100453SUSE bug 1101506CVE-2013-1430 at SUSECVE-2013-1430 at NVDCVE-2017-16927 at SUSECVE-2017-16927 at NVDCVE-2017-6967 at SUSECVE-2017-6967 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 to version 2.24.2 fixes the following issues:
Security issues fixed:
- CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586,
CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597,
CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715).
ImportantSUSE bug 1133291SUSE bug 1135715CVE-2019-6237 at SUSECVE-2019-6237 at NVDCVE-2019-8571 at SUSECVE-2019-8571 at NVDCVE-2019-8583 at SUSECVE-2019-8583 at NVDCVE-2019-8584 at SUSECVE-2019-8584 at NVDCVE-2019-8586 at SUSECVE-2019-8586 at NVDCVE-2019-8587 at SUSECVE-2019-8587 at NVDCVE-2019-8594 at SUSECVE-2019-8594 at NVDCVE-2019-8595 at SUSECVE-2019-8595 at NVDCVE-2019-8596 at SUSECVE-2019-8596 at NVDCVE-2019-8597 at SUSECVE-2019-8597 at NVDCVE-2019-8601 at SUSECVE-2019-8601 at NVDCVE-2019-8607 at SUSECVE-2019-8607 at NVDCVE-2019-8608 at SUSECVE-2019-8608 at NVDCVE-2019-8609 at SUSECVE-2019-8609 at NVDCVE-2019-8610 at SUSECVE-2019-8610 at NVDCVE-2019-8611 at SUSECVE-2019-8611 at NVDCVE-2019-8615 at SUSECVE-2019-8615 at NVDCVE-2019-8619 at SUSECVE-2019-8619 at NVDCVE-2019-8622 at SUSECVE-2019-8622 at NVDCVE-2019-8623 at SUSECVE-2019-8623 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575)
- CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577)
- CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395)
- CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738)
- CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194)
- CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291)
- CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293)
The following non-security bugs were fixed:
- 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
- acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510).
- acpi: Add Hygon Dhyana support
- af_key: unconditionally clone on broadcast (bsc#1051510).
- alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).
- alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510).
- alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).
- alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).
- alsa: hda/realtek - Set default power save node to 0 (bsc#1051510).
- alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
- alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).
- alsa: line6: Fix write on zero-sized buffer (bsc#1051510).
- alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
- alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510).
- alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).
- apparmor: enforce nullbyte at end of tag string (bsc#1051510).
- asoc: cs42xx8: Add regcache mask dirty (bsc#1051510).
- asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510).
- asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
- asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510).
- asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510).
- asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510).
- audit: fix a memory leak bug (bsc#1051510).
- ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).
- batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510).
- blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
- blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).
- block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771).
- bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).
- bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556)
- brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510).
- brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510).
- brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510).
- brcmfmac: fix missing checks for kmemdup (bsc#1051510).
- brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510).
- can: af_can: Fix error path of can_init() (bsc#1051510).
- can: flexcan: fix timeout when set small bitrate (bsc#1051510).
- can: purge socket error queue on sock destruct (bsc#1051510).
- ceph: flush dirty inodes before proceeding with remount (bsc#1140405).
- cfg80211: fix memory leak of wiphy device name (bsc#1051510).
- chardev: add additional check for minor range overlap (bsc#1051510).
- clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).
- clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).
- coresight: etb10: Fix handling of perf mode (bsc#1051510).
- coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
- cpu/topology: Export die_id (jsc#SLE-5454).
- cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().
- cpufreq: Add Hygon Dhyana support ().
- crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401).
- crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).
- crypto: user - prevent operating on larval algorithms (bsc#1133401).
- device core: Consolidate locking and unlocking of parent and device (bsc#1106383).
- dm, dax: Fix detection of DAX support (bsc#1139782).
- dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
- doc: Cope with the deprecation of AutoReporter (bsc#1051510).
- docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
- documentation: Correct the possible MDS sysfs values (bsc#1135642).
- drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
- drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510).
- drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
- drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510).
- driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383).
- driver core: Probe devices asynchronously instead of the driver (bsc#1106383).
- drivers/base: Introduce kill_device() (bsc#1139865).
- drivers/base: kABI fixes for struct device_private (bsc#1106383).
- drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510).
- drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510).
- drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510).
- drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510).
- drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510).
- drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
- drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510).
- drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510).
- drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
- drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
- drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510).
- drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510).
- drm/radeon: prefer lower reference dividers (bsc#1051510).
- drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510).
- edac, amd64: Add Hygon Dhyana support ().
- edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
- extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510).
- ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995).
- fuse: fallocate: fix return with locked inode (bsc#1051510).
- fuse: fix writepages on 32bit (bsc#1051510).
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).
- genirq: Prevent use-after-free and work list corruption (bsc#1051510).
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510).
- genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
- gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510).
- gpio: fix gpio-adp5588 build errors (bsc#1051510).
- hid: Wacom: switch Dell canvas into highres mode (bsc#1051510).
- hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429).
- hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510).
- hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510).
- hid: wacom: Add ability to provide explicit battery status info (bsc#1051510).
- hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
- hid: wacom: Add support for Pro Pen slim (bsc#1051510).
- hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510).
- hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510).
- hid: wacom: Do not set tool type until we're in range (bsc#1051510).
- hid: wacom: Mark expected switch fall-through (bsc#1051510).
- hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510).
- hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510).
- hid: wacom: Properly handle AES serial number and tool type (bsc#1051510).
- hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510).
- hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510).
- hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510).
- hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510).
- hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510).
- hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510).
- hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510).
- hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510).
- hid: wacom: fix mistake in printk (bsc#1051510).
- hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
- hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510).
- hid: wacom: generic: Refactor generic battery handling (bsc#1051510).
- hid: wacom: generic: Report AES battery information (bsc#1051510).
- hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510).
- hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510).
- hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510).
- hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510).
- hid: wacom: generic: Support multiple tools per report (bsc#1051510).
- hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510).
- hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510).
- hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
- hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).
- hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs ().
- hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510).
- hwmon: (k10temp) 27C Offset needed for Threadripper2 ().
- hwmon: (k10temp) Add Hygon Dhyana support ().
- hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics ().
- hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs ().
- hwmon: (k10temp) Add support for family 17h ().
- hwmon: (k10temp) Add support for temperature offsets ().
- hwmon: (k10temp) Add temperature offset for Ryzen 1900X ().
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X ().
- hwmon: (k10temp) Correct model name for Ryzen 1600X ().
- hwmon: (k10temp) Display both Tctl and Tdie ().
- hwmon: (k10temp) Fix reading critical temperature register ().
- hwmon: (k10temp) Make function get_raw_temp static ().
- hwmon: (k10temp) Move chip specific code into probe function ().
- hwmon: (k10temp) Only apply temperature offset if result is positive ().
- hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors ().
- hwmon: (k10temp) Use API function to access System Management Network ().
- hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510).
- hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table ().
- hwrng: omap - Set default quality (bsc#1051510).
- i2c-piix4: Add Hygon Dhyana SMBus support ().
- i2c: acorn: fix i2c warning (bsc#1135642).
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510).
- i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331).
- ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510).
- iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510).
- iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).
- input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).
- input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510).
- iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510).
- iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510).
- kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510).
- kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
- kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- kernel-binary: Use -c grep option in klp project detection.
- kernel-binary: fix missing \
- kernel-binary: rpm does not support multiline condition
- kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it.
- kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
- kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137).
- kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840).
- kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840).
- kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840).
- kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840).
- kvm: PPC: Remove redundand permission bits removal (bsc#1061840).
- kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840).
- kvm: PPC: Validate all tces before updating tables (bsc#1061840).
- kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).
- kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).
- leds: avoid flush_work in atomic context (bsc#1051510).
- libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).
- libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).
- libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).
- mISDN: make sure device name is NUL terminated (bsc#1051510).
- mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).
- mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).
- mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).
- mac80211: drop robust management frames from unknown TA (bsc#1051510).
- mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).
- media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510).
- media: au0828: stop video streaming only when last user stops (bsc#1051510).
- media: coda: clear error return value before picture run (bsc#1051510).
- media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
- media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510).
- media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510).
- media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510).
- media: saa7146: avoid high stack usage with clang (bsc#1051510).
- media: smsusb: better handle optional alignment (bsc#1051510).
- media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510).
- media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).
- media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
- mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510).
- mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
- mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510).
- mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
- mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
- mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811)
- mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).
- mmc: core: Verify SD bus width (bsc#1051510).
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510).
- mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510).
- mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).
- mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
- mmc_spi: add a status check for spi_sync_locked (bsc#1051510).
- module: Fix livepatch/ftrace module text permissions race (bsc#1071995).
- net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
- net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
- net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
- nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).
- nfit/ars: Avoid stale ARS results (jsc#SLE-5433).
- nfit/ars: Introduce scrub_flags (jsc#SLE-5433).
- ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
- nvme-rdma: fix double freeing of async event data (bsc#1120423).
- nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).
- nvme: copy MTFA field from identify controller (bsc#1140715).
- nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432).
- nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510).
- nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
- nvmem: core: fix read buffer in place (bsc#1051510).
- nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
- nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510).
- nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
- nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
- nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510).
- nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
- nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
- nvmem: imx-ocotp: Update module description (bsc#1051510).
- nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
- ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).
- parport: Fix mem leak in parport_register_dev_model (bsc#1051510).
- pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
- pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
- pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).
- perf tools: Add Hygon Dhyana support ().
- perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454).
- perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454).
- perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
- platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510).
- platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510).
- pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510).
- power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
- power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
- powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
- powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
- powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454).
- powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199).
- powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106).
- powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).
- powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199).
- powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199).
- powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204).
- powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).
- ppp: mppe: Add softdep to arc4 (bsc#1088047).
- qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
- qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
- qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).
- qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
- qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).
- qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
- rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).
- ras/cec: Convert the timer callback to a workqueue (bsc#1114279).
- ras/cec: Fix binary search function (bsc#1114279).
- rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that.
- rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels.
- rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853).
- rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167).
- rpm/kernel-subpackage-build: handle arm kernel zImage.
- rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage.
- rpm/package-descriptions: fix typo in kernel-azure
- rpm/post.sh: correct typo in err msg (bsc#1137625)
- rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/.
- rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/.
- rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).
- rtc: do not reference bogus function pointer in kdoc (bsc#1051510).
- rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
- s390: fix booting problem (bsc#1140948).
- s390/dasd: fix using offset into zero size array error (bsc#1051510).
- s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).
- s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).
- s390/qeth: fix race when initializing the IP address table (bsc#1051510).
- s390/setup: fix early warning messages (bsc#1051510).
- s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
- sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).
- sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
- scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.
- scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes
- scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
- scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
- scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
- scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727).
- scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).
- scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
- scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
- scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510).
- scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).
- scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510).
- scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).
- serial: sh-sci: disable DMA for uart_console (bsc#1051510).
- smb3: Fix endian warning (bsc#1137884).
- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510).
- soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
- spi: Fix zero length xfer bug (bsc#1051510).
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510).
- spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331).
- spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
- spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510).
- spi: tegra114: reset controller on probe (bsc#1051510).
- staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510).
- staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510).
- staging: wlan-ng: fix adapter initialization failure (bsc#1051510).
- svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
- svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
- sysctl: handle overflow in proc_get_long (bsc#1051510).
- test_firmware: Use correct snprintf() limit (bsc#1135642).
- thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).
- thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
- thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
- thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
- tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
- tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
- tools/cpupower: Add Hygon Dhyana support ().
- topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
- topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
- tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).
- tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
- tty: max310x: Fix external crystal register setup (bsc#1051510).
- tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
- usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
- usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).
- usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510).
- usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510).
- usb: core: Do not unbind interfaces following device reset failure (bsc#1051510).
- usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
- usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).
- usb: rio500: fix memory leak in close after disconnect (bsc#1051510).
- usb: rio500: refuse more than one device at a time (bsc#1051510).
- usb: serial: fix initial-termios handling (bsc#1135642).
- usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).
- usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).
- usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
- usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
- usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).
- usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).
- usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
- usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510).
- usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510).
- usbnet: fix kernel crash after disconnect (bsc#1051510).
- usbnet: ipheth: fix racing condition (bsc#1051510).
- vfio: ccw: only free cp on final interrupt (bsc#1051510).
- video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
- video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
- virtio_console: initialize vtermno value for ports (bsc#1051510).
- vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
- vxlan: trivial indenting fix (bsc#1051510).
- vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510).
- w1: fix the resume command API (bsc#1051510).
- watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
- x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279).
- x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors ().
- x86/alternative: Init ideal_nops for Hygon Dhyana ().
- x86/amd_nb: Add support for Raven Ridge CPUs ().
- x86/amd_nb: Check vendor in AMD-only functions ().
- x86/apic: Add Hygon Dhyana support ().
- x86/bugs: Add Hygon Dhyana to the respective mitigation machinery ().
- x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().
- x86/cpu: Create Hygon Dhyana architecture support file ().
- x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().
- x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions.
- x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).
- x86/events: Add Hygon Dhyana support to PMU infrastructure ().
- x86/kvm: Add Hygon Dhyana support to KVM ().
- x86/mce: Add Hygon Dhyana support to the MCA infrastructure ().
- x86/mce: Do not disable MCA banks when offlining a CPU on AMD ().
- x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
- x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).
- x86/microcode: Fix microcode hotplug state (bsc#1114279).
- x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).
- x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).
- x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge ().
- x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana ().
- x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
- x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).
- x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
- x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
- x86/topology: Define topology_die_id() (jsc#SLE-5454).
- x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- x86/xen: Add Hygon Dhyana support to Xen ().
- xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600).
- xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018).
- xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013).
- xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003).
- xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999).
- xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005).
- xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019).
- xfs: fix s_maxbytes overflow problems (bsc#1137996).
- xfs: make xfs_writepage_map extent map centric (bsc#1138009).
- xfs: minor cleanup for xfs_get_blocks (bsc#1138000).
- xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014).
- xfs: refactor the tail of xfs_writepage_map (bsc#1138016).
- xfs: remove XFS_IO_INVALID (bsc#1138017).
- xfs: remove the imap_valid flag (bsc#1138012).
- xfs: remove unused parameter from xfs_writepage_map (bsc#1137995).
- xfs: remove xfs_map_cow (bsc#1138007).
- xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).
- xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006).
- xfs: remove xfs_start_page_writeback (bsc#1138015).
- xfs: rename the offset variable in xfs_writepage_map (bsc#1138008).
- xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011).
- xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998).
- xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002).
- xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510).
- xhci: Use %zu for printing size_t type (bsc#1051510).
- xhci: update bounce buffer with correct sg num (bsc#1051510).
ImportantSUSE bug 1051510SUSE bug 1061840SUSE bug 1065600SUSE bug 1071995SUSE bug 1088047SUSE bug 1094555SUSE bug 1098633SUSE bug 1106383SUSE bug 1106751SUSE bug 1109137SUSE bug 1114279SUSE bug 1119532SUSE bug 1120423SUSE bug 1124167SUSE bug 1127155SUSE bug 1128432SUSE bug 1128902SUSE bug 1128910SUSE bug 1132154SUSE bug 1132390SUSE bug 1133401SUSE bug 1133738SUSE bug 1134303SUSE bug 1134395SUSE bug 1135296SUSE bug 1135556SUSE bug 1135642SUSE bug 1136157SUSE bug 1136811SUSE bug 1136922SUSE bug 1137103SUSE bug 1137194SUSE bug 1137221SUSE bug 1137366SUSE bug 1137429SUSE bug 1137625SUSE bug 1137728SUSE bug 1137884SUSE bug 1137995SUSE bug 1137996SUSE bug 1137998SUSE bug 1137999SUSE bug 1138000SUSE bug 1138002SUSE bug 1138003SUSE bug 1138005SUSE bug 1138006SUSE bug 1138007SUSE bug 1138008SUSE bug 1138009SUSE bug 1138010SUSE bug 1138011SUSE bug 1138012SUSE bug 1138013SUSE bug 1138014SUSE bug 1138015SUSE bug 1138016SUSE bug 1138017SUSE bug 1138018SUSE bug 1138019SUSE bug 1138291SUSE bug 1138293SUSE bug 1138374SUSE bug 1138375SUSE bug 1138589SUSE bug 1138719SUSE bug 1139751SUSE bug 1139771SUSE bug 1139782SUSE bug 1139865SUSE bug 1140133SUSE bug 1140328SUSE bug 1140405SUSE bug 1140424SUSE bug 1140428SUSE bug 1140575SUSE bug 1140577SUSE bug 1140637SUSE bug 1140658SUSE bug 1140715SUSE bug 1140719SUSE bug 1140726SUSE bug 1140727SUSE bug 1140728SUSE bug 1140814SUSE bug 1140948SUSE bug 821419SUSE bug 945811CVE-2018-16871 at SUSECVE-2018-16871 at NVDCVE-2018-20836 at SUSECVE-2018-20836 at NVDCVE-2019-10126 at SUSECVE-2019-10126 at NVDCVE-2019-10638 at SUSECVE-2019-10638 at NVDCVE-2019-10639 at SUSECVE-2019-10639 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11599 at SUSECVE-2019-11599 at NVDCVE-2019-12456 at SUSECVE-2019-12456 at NVDCVE-2019-12614 at SUSECVE-2019-12614 at NVDCVE-2019-12818 at SUSECVE-2019-12818 at NVDCVE-2019-12819 at SUSECVE-2019-12819 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:
- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).
- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).
- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).
- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).
- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).
- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).
- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).
- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).
- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).
mozilla-nss to version 3.44.1:
* Added IPSEC IKE support to softoken
* Many new FIPS test cases
ImportantSUSE bug 1140868CVE-2019-11709 at SUSECVE-2019-11709 at NVDCVE-2019-11711 at SUSECVE-2019-11711 at NVDCVE-2019-11712 at SUSECVE-2019-11712 at NVDCVE-2019-11713 at SUSECVE-2019-11713 at NVDCVE-2019-11715 at SUSECVE-2019-11715 at NVDCVE-2019-11717 at SUSECVE-2019-11717 at NVDCVE-2019-11719 at SUSECVE-2019-11719 at NVDCVE-2019-11729 at SUSECVE-2019-11729 at NVDCVE-2019-11730 at SUSECVE-2019-11730 at NVDCVE-2019-9811 at SUSECVE-2019-9811 at NVDcpe:/o:suse:sles:12:sp4Security update for tomcat (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for tomcat to version 9.0.21 fixes the following issues:
Security issues fixed:
- CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to
streams with excessive numbers of SETTINGS frames (bsc#1131055).
- CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085).
- CVE-2019-10072: Fixed incomplete patch for CVE-2019-0199 (bsc#1139924).
Please also see
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.21_(markt)
and
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)
ModerateSUSE bug 1131055SUSE bug 1136085SUSE bug 1139924CVE-2019-0199 at SUSECVE-2019-0199 at NVDCVE-2019-0221 at SUSECVE-2019-0221 at NVDCVE-2019-10072 at SUSECVE-2019-10072 at NVDcpe:/o:suse:sles:12:sp4Security update for libxslt (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libxslt fixes the following issues:
Security issues fixed:
- CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).
- CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).
ModerateSUSE bug 1140095SUSE bug 1140101CVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDcpe:/o:suse:sles:12:sp4Security update for libxml2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libxml2 fixes the following issues:
Issue fixed:
- Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access
the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have
incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146).
ModerateSUSE bug 1010675SUSE bug 1110146SUSE bug 1126613CVE-2016-9318 at SUSECVE-2016-9318 at NVDcpe:/o:suse:sles:12:sp4Security update for polkit (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for polkit fixes the following issues:
Security issue fixed:
- CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277)
ModerateSUSE bug 1118277CVE-2018-19788 at SUSECVE-2018-19788 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
These updates contain the CPU Microcode adjustments for the software mitigations.
For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736
Release notes:
---- updated platforms ------------------------------------
SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X
SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X
ImportantSUSE bug 1111331CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDcpe:/o:suse:sles:12:sp4Security update for bzip2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for bzip2 fixes the following issues:
Security issue fixed:
- CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).
- CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657).
ImportantSUSE bug 1139083SUSE bug 985657CVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).
- CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
The following non-security bugs were fixed:
- acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).
- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).
- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: trident: Suppress gcc string warning (bsc#1051510).
- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- b43: Fix error in cordic routine (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block/swim: Fix array bounds check (Git-fixes).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: use per htab salt for bucket hash (git-fixes).
- btrfs: Always try all copies when reading extent buffers (git-fixes).
- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- btrfs: stop creating orphan items for truncate (bsc#1111469).
- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- drivers/tty: add missing of_node_put() (bsc#1051510).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: iio: update STM32 timers clock names (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787).
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- Fix tracing sample code warning (git-fixes).
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- hid: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- Include modules.fips in kernel-binary as well as kernel-binary-base ().
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- Input: add official Raspberry Pi's touchscreen driver ().
- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).
- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- kabi protect hnae_ae_ops (bsc#1104353).
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kdb: use memmove instead of overlapping memcpy (bsc#1120954).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- md: fix raid10 hang issue caused by barrier (git-fixes).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).
- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).
- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).
- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).
- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- Move dell_rbu fix to sorted section (bsc#1087978).
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- pci: Add ACS quirk for Ampere root ports (bsc#1120058).
- pci: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- pci: Export pcie_has_flr() (bsc#1120058).
- pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).
- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- Tools: hv: Fix a bug in the key delete code (git-fixes).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype.
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/pci: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/pci: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
ImportantSUSE bug 1024718SUSE bug 1046299SUSE bug 1050242SUSE bug 1050244SUSE bug 1051510SUSE bug 1055121SUSE bug 1055186SUSE bug 1058115SUSE bug 1060463SUSE bug 1065729SUSE bug 1078248SUSE bug 1079935SUSE bug 1082387SUSE bug 1083647SUSE bug 1086282SUSE bug 1086283SUSE bug 1086423SUSE bug 1087084SUSE bug 1087978SUSE bug 1088386SUSE bug 1090888SUSE bug 1091405SUSE bug 1094244SUSE bug 1097593SUSE bug 1102875SUSE bug 1102877SUSE bug 1102879SUSE bug 1102882SUSE bug 1102896SUSE bug 1103257SUSE bug 1104353SUSE bug 1104427SUSE bug 1104967SUSE bug 1105168SUSE bug 1106105SUSE bug 1106110SUSE bug 1106615SUSE bug 1106913SUSE bug 1108270SUSE bug 1109272SUSE bug 1110558SUSE bug 1111188SUSE bug 1111469SUSE bug 1111696SUSE bug 1111795SUSE bug 1112128SUSE bug 1113722SUSE bug 1114648SUSE bug 1114871SUSE bug 1116040SUSE bug 1116336SUSE bug 1116803SUSE bug 1116841SUSE bug 1117115SUSE bug 1117162SUSE bug 1117165SUSE bug 1117186SUSE bug 1117561SUSE bug 1117656SUSE bug 1117953SUSE bug 1118215SUSE bug 1118319SUSE bug 1118428SUSE bug 1118484SUSE bug 1118505SUSE bug 1118752SUSE bug 1118760SUSE bug 1118761SUSE bug 1118762SUSE bug 1118766SUSE bug 1118767SUSE bug 1118768SUSE bug 1118769SUSE bug 1118771SUSE bug 1118772SUSE bug 1118773SUSE bug 1118774SUSE bug 1118775SUSE bug 1118787SUSE bug 1118788SUSE bug 1118798SUSE bug 1118809SUSE bug 1118962SUSE bug 1119017SUSE bug 1119086SUSE bug 1119212SUSE bug 1119322SUSE bug 1119410SUSE bug 1119714SUSE bug 1119749SUSE bug 1119804SUSE bug 1119946SUSE bug 1119962SUSE bug 1119968SUSE bug 1120036SUSE bug 1120046SUSE bug 1120053SUSE bug 1120054SUSE bug 1120055SUSE bug 1120058SUSE bug 1120088SUSE bug 1120092SUSE bug 1120094SUSE bug 1120096SUSE bug 1120097SUSE bug 1120173SUSE bug 1120214SUSE bug 1120223SUSE bug 1120228SUSE bug 1120230SUSE bug 1120232SUSE bug 1120234SUSE bug 1120235SUSE bug 1120238SUSE bug 1120594SUSE bug 1120598SUSE bug 1120600SUSE bug 1120601SUSE bug 1120602SUSE bug 1120603SUSE bug 1120604SUSE bug 1120606SUSE bug 1120612SUSE bug 1120613SUSE bug 1120614SUSE bug 1120615SUSE bug 1120616SUSE bug 1120617SUSE bug 1120618SUSE bug 1120620SUSE bug 1120621SUSE bug 1120632SUSE bug 1120633SUSE bug 1120743SUSE bug 1120954SUSE bug 1121017SUSE bug 1121058SUSE bug 1121263SUSE bug 1121273SUSE bug 1121477SUSE bug 1121483SUSE bug 1121599SUSE bug 1121621SUSE bug 1121714SUSE bug 1121715SUSE bug 1121973CVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-14625 at SUSECVE-2018-14625 at NVDCVE-2018-16862 at SUSECVE-2018-16862 at NVDCVE-2018-16884 at SUSECVE-2018-16884 at NVDCVE-2018-18397 at SUSECVE-2018-18397 at NVDCVE-2018-19407 at SUSECVE-2018-19407 at NVDCVE-2018-19854 at SUSECVE-2018-19854 at NVDCVE-2018-19985 at SUSECVE-2018-19985 at NVDCVE-2018-20169 at SUSECVE-2018-20169 at NVDCVE-2018-9568 at SUSECVE-2018-9568 at NVDcpe:/o:suse:sles:12:sp4Security update for spamassassin (Important)SUSE Linux Enterprise Server 12 SP4
This update for spamassassin to version 3.4.2 fixes the following issues:
Security issues fixed:
- CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745).
- CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748).
- CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750).
Non-security issues fixed:
- Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing
- sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules
- GeoIP2 support has been added to RelayCountry and URILocalBL plugins
- Several new or enhanced configuration options
ImportantSUSE bug 1108745SUSE bug 1108748SUSE bug 1108750CVE-2016-1238 at SUSECVE-2016-1238 at NVDCVE-2017-15705 at SUSECVE-2017-15705 at NVDCVE-2018-11780 at SUSECVE-2018-11780 at NVDCVE-2018-11781 at SUSECVE-2018-11781 at NVDcpe:/o:suse:sles:12:sp4Security update for openexr (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openexr fixes the following issues:
Security issue fixed:
- CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109).
- CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113).
- CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115).
- CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455).
- CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112).
ModerateSUSE bug 1040109SUSE bug 1040112SUSE bug 1040113SUSE bug 1040115SUSE bug 1113455CVE-2017-9111 at SUSECVE-2017-9111 at NVDCVE-2017-9112 at SUSECVE-2017-9112 at NVDCVE-2017-9113 at SUSECVE-2017-9113 at NVDCVE-2017-9115 at SUSECVE-2017-9115 at NVDCVE-2018-18444 at SUSECVE-2018-18444 at NVDcpe:/o:suse:sles:12:sp4Security update for libsolv, libzypp, zypper (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libsolv, libzypp and zypper fixes the following issues:
libsolv was updated to version 0.6.36 fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
libzypp received following fixes:
- Fixes a bug where locking the kernel was not possible (bsc#1113296)
zypper received following fixes:
- Fixes a bug where the wrong exit code was set when refreshing
repos if --root was used (bsc#1134226)
- Improved the displaying of locks (bsc#1112911)
- Fixes an issue where `https` repository urls caused an error prompt to
appear twice (bsc#1110542)
- zypper will now always warn when no repositories are defined (bsc#1109893)
ModerateSUSE bug 1109893SUSE bug 1110542SUSE bug 1111319SUSE bug 1112911SUSE bug 1113296SUSE bug 1120629SUSE bug 1120630SUSE bug 1120631SUSE bug 1127155SUSE bug 1131823SUSE bug 1134226SUSE bug 1137977CVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sles:12:sp4Security update for cronie (Low)SUSE Linux Enterprise Server 12 SP4
This update for cronie fixes the following issues:
Security issues fixed:
- CVE-2019-9704: Fixed an insufficient check in the return value of calloc which
could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937).
- CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to
exhaust the memory resulting in Denial of Service (bsc#1128935).
Bug fixes:
- Manual start of cron is possible even when it's already started using systemd (bsc#1133100).
- Cron schedules only one job of crontab (bsc#1130746).
LowSUSE bug 1128935SUSE bug 1128937SUSE bug 1130746SUSE bug 1133100CVE-2019-9704 at SUSECVE-2019-9704 at NVDCVE-2019-9705 at SUSECVE-2019-9705 at NVDcpe:/o:suse:sles:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170).
ImportantSUSE bug 1135170CVE-2019-5436 at SUSECVE-2019-5436 at NVDcpe:/o:suse:sles:12:sp4Security update for ImageMagick (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ImageMagick fixes the following issues:
- CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554).
- CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501).
- CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513).
- CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171).
- CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664).
- CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666).
- CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886).
- CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673).
- CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534).
- CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669).
- CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538).
- CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106).
- CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103).
- CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885).
- CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111).
- CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).
- CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).
- CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110).
ModerateSUSE bug 1139885SUSE bug 1139886SUSE bug 1140100SUSE bug 1140102SUSE bug 1140103SUSE bug 1140106SUSE bug 1140110SUSE bug 1140111SUSE bug 1140501SUSE bug 1140513SUSE bug 1140534SUSE bug 1140538SUSE bug 1140554SUSE bug 1140664SUSE bug 1140666SUSE bug 1140669SUSE bug 1140673SUSE bug 1141171CVE-2019-12974 at SUSECVE-2019-12974 at NVDCVE-2019-12975 at SUSECVE-2019-12975 at NVDCVE-2019-12976 at SUSECVE-2019-12976 at NVDCVE-2019-12978 at SUSECVE-2019-12978 at NVDCVE-2019-12979 at SUSECVE-2019-12979 at NVDCVE-2019-13133 at SUSECVE-2019-13133 at NVDCVE-2019-13134 at SUSECVE-2019-13134 at NVDCVE-2019-13135 at SUSECVE-2019-13135 at NVDCVE-2019-13295 at SUSECVE-2019-13295 at NVDCVE-2019-13297 at SUSECVE-2019-13297 at NVDCVE-2019-13300 at SUSECVE-2019-13300 at NVDCVE-2019-13301 at SUSECVE-2019-13301 at NVDCVE-2019-13307 at SUSECVE-2019-13307 at NVDCVE-2019-13308 at SUSECVE-2019-13308 at NVDCVE-2019-13310 at SUSECVE-2019-13310 at NVDCVE-2019-13311 at SUSECVE-2019-13311 at NVDCVE-2019-13391 at SUSECVE-2019-13391 at NVDCVE-2019-13454 at SUSECVE-2019-13454 at NVDcpe:/o:suse:sles:12:sp4Security update for bzip2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for bzip2 fixes the following issues:
- Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities
with files that used many selectors (bsc#1139083).
ImportantSUSE bug 1139083CVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sles:12:sp4Security update for openexr (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openexr fixes the following issues:
- CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305).
ModerateSUSE bug 1061305CVE-2017-14988 at SUSECVE-2017-14988 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_0-openjdk to version 7u231 fixes the following issues:
Security issues fixed:
- CVE_2019-2426: Improve web server connections (bsc#1134297).
- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
- CVE-2019-2762: Exceptional throw cases (bsc#1141782).
- CVE-2019-2766: Improve file protocol handling (bsc#1141789).
- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
- CVE-2019-2786: More limited privilege usage (bsc#1141787).
- CVE-2019-2816: Normalize normalization (bsc#1141785).
- CVE-2019-2842: Extended AES support (bsc#1141786).
- CVE-2019-7317: Improve PNG support (bsc#1141780).
- CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082).
- Certificate validation improvements
ImportantSUSE bug 1087082SUSE bug 1134297SUSE bug 1141780SUSE bug 1141782SUSE bug 1141783SUSE bug 1141784SUSE bug 1141785SUSE bug 1141786SUSE bug 1141787SUSE bug 1141789CVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2019-2426 at SUSECVE-2019-2426 at NVDCVE-2019-2745 at SUSECVE-2019-2745 at NVDCVE-2019-2762 at SUSECVE-2019-2762 at NVDCVE-2019-2766 at SUSECVE-2019-2766 at NVDCVE-2019-2769 at SUSECVE-2019-2769 at NVDCVE-2019-2786 at SUSECVE-2019-2786 at NVDCVE-2019-2816 at SUSECVE-2019-2816 at NVDCVE-2019-2842 at SUSECVE-2019-2842 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sles:12:sp4Security update for polkit (Important)SUSE Linux Enterprise Server 12 SP4
This update for polkit fixes the following issues:
Security issue fixed:
- CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass
uid checking in the interactive backend (bsc#1121826).
ImportantSUSE bug 1121826CVE-2019-6133 at SUSECVE-2019-6133 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-openjdk to version 8u222 fixes the following issues:
Security issues fixed:
- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
- CVE-2019-2762: Exceptional throw cases (bsc#1141782).
- CVE-2019-2766: Improve file protocol handling (bsc#1141789).
- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
- CVE-2019-2786: More limited privilege usage (bsc#1141787).
- CVE-2019-2816: Normalize normalization (bsc#1141785).
- CVE-2019-2842: Extended AES support (bsc#1141786).
- CVE-2019-7317: Improve PNG support (bsc#1141780).
- Certificate validation improvements
Non-security issue fixed:
- Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)
ImportantSUSE bug 1115375SUSE bug 1141780SUSE bug 1141782SUSE bug 1141783SUSE bug 1141784SUSE bug 1141785SUSE bug 1141786SUSE bug 1141787SUSE bug 1141789CVE-2019-2745 at SUSECVE-2019-2745 at NVDCVE-2019-2762 at SUSECVE-2019-2762 at NVDCVE-2019-2766 at SUSECVE-2019-2766 at NVDCVE-2019-2769 at SUSECVE-2019-2769 at NVDCVE-2019-2786 at SUSECVE-2019-2786 at NVDCVE-2019-2816 at SUSECVE-2019-2816 at NVDCVE-2019-2842 at SUSECVE-2019-2842 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sles:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for python3 fixes the following issues:
- CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459).
- CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847).
- CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663).
ImportantSUSE bug 1109663SUSE bug 1109847SUSE bug 1138459CVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).
- CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).
- CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191)
- CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).
- CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254)
- CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)
The following non-security bugs were fixed:
- Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned
- acpi/nfit: Always dump _DSM output payload (bsc#1142351).
- Add back sibling paca poiter to paca (bsc#1055117).
- Add support for crct10dif-vpmsum ().
- af_unix: remove redundant lockdep class (git-fixes).
- alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510).
- alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510).
- alsa: compress: Fix regression on compressed capture streams (bsc#1051510).
- alsa: compress: Prevent bypasses of set_params (bsc#1051510).
- alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510).
- alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666).
- alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666).
- alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666).
- alsa: hda/hdmi - Remove duplicated define (bsc#1111666).
- alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666).
- alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510).
- alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510).
- alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510).
- alsa: line6: Fix a typo (bsc#1051510).
- alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510).
- alsa: seq: Break too long mutex context in the write loop (bsc#1051510).
- alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510).
- alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510).
- alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510).
- alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510).
- alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666).
- alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510).
- arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150).
- asoc : cs4265 : readable register too low (bsc#1051510).
- asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510).
- asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510).
- ath10k: add missing error handling (bsc#1111666).
- ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666).
- ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666).
- ath10k: Do not send probe response template for mesh (bsc#1111666).
- ath10k: Fix encoding for protected management frames (bsc#1111666).
- ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666).
- ath10k: fix PCIE device wake up failed (bsc#1111666).
- ath6kl: add some bounds checking (bsc#1051510).
- ath9k: Check for errors when reading SREV register (bsc#1111666).
- ath9k: correctly handle short radar pulses (bsc#1111666).
- ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666).
- batman-adv: fix for leaked TVLV handler (bsc#1051510).
- bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652).
- bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652).
- bcache: add code comments for journal_read_bucket() (bsc#1140652).
- bcache: Add comments for blkdev_put() in registration code path (bsc#1140652).
- bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652).
- bcache: add comments for kobj release callback routine (bsc#1140652).
- bcache: add comments for mutex_lock(b->write_lock) (bsc#1140652).
- bcache: add error check for calling register_bdev() (bsc#1140652).
- bcache: add failure check to run_cache_set() for journal replay (bsc#1140652).
- bcache: add io error counting in write_bdev_super_endio() (bsc#1140652).
- bcache: add more error message in bch_cached_dev_attach() (bsc#1140652).
- bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652).
- bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652).
- bcache: add return value check to bch_cached_dev_run() (bsc#1140652).
- bcache: avoid a deadlock in bcache_reboot() (bsc#1140652).
- bcache: avoid clang -Wunintialized warning (bsc#1140652).
- bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652).
- bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652).
- bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652).
- bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652).
- bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652).
- bcache: Clean up bch_get_congested() (bsc#1140652).
- bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652).
- bcache: do not assign in if condition in bcache_device_init() (bsc#1140652).
- bcache: do not set max writeback rate if gc is running (bsc#1140652).
- bcache: fix a race between cache register and cacheset unregister (bsc#1140652).
- bcache: fix crashes stopping bcache device before read miss done (bsc#1140652).
- bcache: fix failure in journal relplay (bsc#1140652).
- bcache: fix inaccurate result of unused buckets (bsc#1140652).
- bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652).
- bcache: fix potential deadlock in cached_def_free() (bsc#1140652).
- bcache: fix race in btree_flush_write() (bsc#1140652).
- bcache: fix return value error in bch_journal_read() (bsc#1140652).
- bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652).
- bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652).
- bcache: ignore read-ahead request failure on backing device (bsc#1140652).
- bcache: improve bcache_reboot() (bsc#1140652).
- bcache: improve error message in bch_cached_dev_run() (bsc#1140652).
- bcache: make bset_search_tree() be more understandable (bsc#1140652).
- bcache: make is_discard_enabled() static (bsc#1140652).
- bcache: more detailed error message to bcache_device_link() (bsc#1140652).
- bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652).
- bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652).
- bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652).
- bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652).
- bcache: performance improvement for btree_flush_write() (bsc#1140652).
bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).
- bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).
- bcache: remove retry_flush_write from struct cache_set (bsc#1140652).
- bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652).
- bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652).
- bcache: return error immediately in bch_journal_replay() (bsc#1140652).
- bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652).
- bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652).
- bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652).
- bcache: shrink btree node cache after bch_btree_check() (bsc#1140652).
- bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652).
- bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652).
- be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18).
- be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315).
- be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315).
- block, bfq: NULL out the bic when it's no longer valid (bsc#1142359).
- bnx2x: Prevent load reordering in tx completion processing (bsc#1142868).
- bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954).
- bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745).
- bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31).
- bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745).
- bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745).
- bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14).
- bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584).
- bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647).
- bpf: fix callees pruning callers (bsc#1109837).
- bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647).
- bpf, x64: fix stack layout of JITed bpf code (bsc#1083647).
- bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647).
- bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14).
- btrfs: fix race between block group removal and block group allocation (bsc#1143003).
- carl9170: fix misuse of device driver API (bsc#1111666).
- cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478).
- clk: qcom: Fix -Wunused-const-variable (bsc#1051510).
- clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510).
- clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510).
- Correct iwlwifi 22000 series ucode file name (bsc#1142673)
- Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623)
- cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510).
- cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510).
- cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510).
- cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510).
- cpufreq: kirkwood: fix possible object reference leak (bsc#1051510).
- cpufreq/pasemi: fix possible object reference leak (bsc#1051510).
- cpufreq: pmac32: fix possible object reference leak (bsc#1051510).
- cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510).
- cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510).
- crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510).
- crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510).
- crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510).
- crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510).
- crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510).
- crypto: ccp/gcm - use const time tag comparison (bsc#1051510).
- crypto: ccp - memset structure fields to zero before reuse (bsc#1051510).
- crypto: ccp - Validate the the error value used to index error messages (bsc#1051510).
- crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510).
- crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510).
- crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510).
- crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510).
- crypto: talitos - check data blocksize in ablkcipher (bsc#1051510).
- crypto: talitos - fix CTR alg blocksize (bsc#1051510).
- crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510).
- crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510).
- crypto: talitos - properly handle split ICV (bsc#1051510).
- crypto: talitos - reduce max key size for SEC1 (bsc#1051510).
- crypto: talitos - rename alternative AEAD algos (bsc#1051510).
- dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080).
- Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948).
- dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666).
- dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150).
- dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150).
- dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150).
- dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510).
- dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150).
- dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150).
- dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150).
- dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14).
- drm/amd/display: Make some functions static (bsc#1111666).
- drm/atmel-hlcdc: revert shift by 8 (bsc#1111666).
- drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681).
- drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666).
- drm/meson: Add support for XBGR8888 + ABGR8888 formats (bsc#1051510).
- drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510).
- drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666).
- drm/nouveau/i2c: Enable i2c pads + busses during preinit (bsc#1051510).
- drm: return -EFAULT if copy_to_user() fails (bsc#1111666).
- drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510).
- drm/udl: introduce a macro to convert dev to udl (bsc#1111666).
- drm/udl: move to embedding drm device inside udl device (bsc#1111666).
- drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666).
- drm/vc4: fix fb references in async update (bsc#1141312).
- drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666).
- e1000e: start network tx queue only when link is up (bsc#1051510).
- Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364)
- ethtool: check the return value of get_regs_len (git-fixes).
- ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09).
- Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510).
- Fix memory leak in sctp_process_init (networking-stable-19_06_09).
- fork, memcg: fix cached_stacks case (bsc#1134097).
- fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097).
- fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057).
- fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057).
- fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057).
- gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666).
- hid: wacom: correct touch resolution x/y typo (bsc#1051510).
- hid: wacom: generic: Correct pad syncing (bsc#1051510).
- hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510).
- hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510).
- ib/ipoib: Add child to parent list only if device initialized (bsc#1103992).
- ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991).
- idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837).
- input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510).
- input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510).
- input: psmouse - fix build error of multiple definition (bsc#1051510).
- input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510).
- input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770).
- intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510).
- iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150).
- ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14).
- ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31).
- ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31).
- ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes).
- ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31).
- ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09).
- ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18).
- ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09).
- iwlwifi: correct one of the PCI struct names (bsc#1111666).
- iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666).
- iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666).
- iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666).
- iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666).
- iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666).
- iwlwifi: mvm: Drop large non sta frames (bsc#1111666).
- iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666).
- iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666).
- kabi fix for hda_codec.relaxed_resume flag (bsc#1111666).
- kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150).
- kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150).
- kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150).
- kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150).
- kabi: remove unused hcall definition (bsc#1140322 LTC#176270).
- kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995).
- kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059).
- kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021).
- kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021).
- kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335).
- kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335).
- kvm: polling: add architecture backend to disable polling (bsc#1119222).
- kvm: s390: change default halt poll time to 50us (bsc#1119222).
- kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222
- kvm: s390: fix typo in parameter description (bsc#1119222).
- kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker.
- kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222).
- kvm: s390: provide kvm_arch_no_poll function (bsc#1119222).
- kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133).
- kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354).
- lapb: fixed leak of control-blocks (networking-stable-19_06_18).
- lib: fix stall in __bitmap_parselist() (bsc#1051510).
- lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507).
- libnvdimm/namespace: Fix label tracking error (bsc#1142350).
- libnvdimm/region: Register badblocks before namespaces (bsc#1143209).
- lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510).
- livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995).
- livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995).
- llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31).
- mac80211: do not start any work during reconfigure flow (bsc#1111666).
- mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666).
- mac80211: free peer keys before vif down in mesh (bsc#1111666).
- mac80211: mesh: fix RCU warning (bsc#1111666).
- mac80211: only warn once on chanctx_conf being NULL (bsc#1111666).
- media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642).
- media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510).
- media: s5p-mfc: Make additional clocks optional (bsc#1051510).
- media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510).
- media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510).
- mei: bus: need to unlink client before freeing (bsc#1051510).
- mei: me: add denverton innovation engine device IDs (bsc#1051510).
- mei: me: add gemini lake devices id (bsc#1051510).
- memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510).
- memstick: Fix error cleanup path of memstick_init (bsc#1051510).
- mfd: intel-lpss: Release IDA resources (bsc#1051510).
- mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150).
- mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374).
- mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510).
- mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609).
- mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270).
- mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034).
- mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270).
- mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666).
- mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666).
- neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18).
- net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332).
- net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332).
- net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332).
- net: avoid weird emergency message (networking-stable-19_05_21).
- net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31).
- netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes).
- net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31).
- net: hns3: Fix inconsistent indenting (bsc#1140676).
- net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676).
- net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676).
- net: hns: Fix loopback test failed at copper ports (bsc#1140676).
- net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676).
- net: hns: fix unsigned comparison to less than zero (bsc#1140676).
- net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676).
- net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676).
- net/mlx4_core: Change the error print to info print (networking-stable-19_05_21).
- net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09).
- net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31).
- net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31).
- net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611).
- net: mvneta: Fix err code path of probe (networking-stable-19_05_31).
- net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31).
- net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18).
- net/packet: fix memory leak in packet_set_ring() (git-fixes).
- net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09).
- net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14).
- net: stmmac: fix reset gpio free missing (networking-stable-19_05_31).
- net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837).
- net/tls: make sure offload also gets the keys wiped (bsc#1109837).
- net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21).
- nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185).
- ocfs2: add first lock wait time in locking_state (bsc#1134390).
- ocfs2: add last unlock times in locking_state (bsc#1134390).
- ocfs2: add locking filter debugfs file (bsc#1134390).
- p54usb: Fix race between disconnect and firmware loading (bsc#1111666).
- packet: Fix error path in packet_init (networking-stable-19_05_14).
- packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes).
- pci/aer: Use cached AER Capability offset (bsc#1142623).
- pci: Always allow probing with driver_override (bsc#1051510).
- pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701).
- pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701).
- pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701).
- pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701).
- pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701).
- pci: hv: Remove unused reason for refcount handler (bsc#1142701).
- pci: hv: support reporting serial number as slot information (bsc#1142701).
- pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666).
- pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623).
- pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623).
- pci/portdrv: Consolidate comments (bsc#1142623).
- pci/portdrv: Disable port driver in compat mode (bsc#1142623).
- pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623).
- pci: portdrv: Restore PCI config state on slot reset (bsc#1142623).
- pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623).
- pci/portdrv: Use conventional Device ID table formatting (bsc#1142623).
- pci: Return error if cannot probe VF (bsc#1051510).
- pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090).
- pktgen: do not sleep with the thread lock held (git-fixes).
- platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510).
- platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).
- platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439).
- platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364).
- platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364).
- platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (jsc#SLE-5364).
- platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364).
- platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364).
- platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364).
- platform/x86: ISST: Restore state on resume (jsc#SLE-5364).
- platform/x86: ISST: Store per CPU information (jsc#SLE-5364).
- platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510).
- powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes).
- powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test ().
- powerpc/mm: Change function prototype (bsc#1055117).
- powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270).
- powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270).
- powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270).
- powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117).
- powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117).
- powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117).
- powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270).
- powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270).
- powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270).
- powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
- ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538).
- ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21).
- qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462).
- rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992).
- rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992).
- rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ).
- rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992).
- rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes).
- Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652).
- Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510).
- Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995).
- Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510).
- rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666).
- rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21).
- s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887).
- s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150).
- s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150).
- s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150).
- s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ).
- s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904).
- s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ).
- s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ).
- s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904).
- s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904).
- s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904).
- s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904).
- s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904).
- s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904).
- s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320).
- s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904).
- s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ).
- s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904).
- s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904).
- s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150).
- s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150).
- s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331).
- s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337).
- s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335).
- s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150).
- s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887).
- s390/vtime: steal time exponential moving average (bsc#1119222).
- s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088).
- scripts/git_sort/git_sort.py: Add mmots tree.
- scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342).
- scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342).
- scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342).
- scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722).
- scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722).
- scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093).
- scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722).
- scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722).
- scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694).
- scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694).
- scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Fix spelling mistake 'OUSTANDING' -> 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462).
- scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462).
- scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874).
- scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722).
- scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722).
- sctp: Free cookie before we memdup a new one (networking-stable-19_06_18).
- sctp: silence warns on sctp_stream_init allocations (bsc#1083710).
- serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510).
- serial: uartps: Fix long line over 80 chars (bsc#1051510).
- serial: uartps: Fix multiple line dereference (bsc#1051510).
- serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510).
- staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510).
- staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510).
- staging: rtl8712: reduce stack usage, again (bsc#1051510).
- sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18).
- tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837).
- tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes).
- team: Always enable vlan tx offload (bsc#1051510).
- tools: bpftool: Fix json dump crash on powerpc (bsc#1109837).
- tools: bpftool: use correct argument in cgroup errors (bsc#1109837).
- tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364).
- tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510).
- tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510).
- tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510).
- tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14).
- usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510).
- usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510).
- usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510).
- usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510).
- usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510).
- usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510).
- virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150).
- virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150).
- virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150).
- virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150).
- virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150).
- virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150).
- vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510).
- vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14).
- vsock/virtio: free packets during the socket release (networking-stable-19_05_21).
- vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18).
- wil6210: drop old event after wmi_call timeout (bsc#1111666).
- wil6210: fix potential out-of-bounds read (bsc#1051510).
- wil6210: fix spurious interrupts in 3-msi (bsc#1111666).
- x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903).
- xdp: fix possible cq entry leak (bsc#1109837).
- xdp: fix race on generic receive path (bsc#1109837).
- xdp: hold device for umem regardless of zero-copy mode (bsc#1109837).
- xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300).
- xfs: do not overflow xattr listent buffer (bsc#1143105).
- xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ).
- xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837).
ImportantSUSE bug 1051510SUSE bug 1055117SUSE bug 1071995SUSE bug 1083647SUSE bug 1083710SUSE bug 1102247SUSE bug 1103991SUSE bug 1103992SUSE bug 1104745SUSE bug 1109837SUSE bug 1111666SUSE bug 1112374SUSE bug 1119222SUSE bug 1123080SUSE bug 1127034SUSE bug 1127315SUSE bug 1127611SUSE bug 1129770SUSE bug 1130972SUSE bug 1133021SUSE bug 1134090SUSE bug 1134097SUSE bug 1134390SUSE bug 1134399SUSE bug 1135335SUSE bug 1135642SUSE bug 1136217SUSE bug 1136342SUSE bug 1136460SUSE bug 1136461SUSE bug 1136462SUSE bug 1136467SUSE bug 1136896SUSE bug 1137458SUSE bug 1137534SUSE bug 1137535SUSE bug 1137584SUSE bug 1137609SUSE bug 1137811SUSE bug 1137827SUSE bug 1138874SUSE bug 1139358SUSE bug 1139619SUSE bug 1140133SUSE bug 1140139SUSE bug 1140322SUSE bug 1140559SUSE bug 1140652SUSE bug 1140676SUSE bug 1140887SUSE bug 1140888SUSE bug 1140889SUSE bug 1140891SUSE bug 1140893SUSE bug 1140903SUSE bug 1140945SUSE bug 1140948SUSE bug 1140954SUSE bug 1140955SUSE bug 1140956SUSE bug 1140957SUSE bug 1140958SUSE bug 1140959SUSE bug 1140960SUSE bug 1140961SUSE bug 1140962SUSE bug 1140964SUSE bug 1140971SUSE bug 1140972SUSE bug 1140992SUSE bug 1141312SUSE bug 1141401SUSE bug 1141402SUSE bug 1141452SUSE bug 1141453SUSE bug 1141454SUSE bug 1141478SUSE bug 1142023SUSE bug 1142052SUSE bug 1142112SUSE bug 1142115SUSE bug 1142119SUSE bug 1142220SUSE bug 1142221SUSE bug 1142254SUSE bug 1142350SUSE bug 1142351SUSE bug 1142354SUSE bug 1142359SUSE bug 1142450SUSE bug 1142623SUSE bug 1142673SUSE bug 1142701SUSE bug 1142868SUSE bug 1143003SUSE bug 1143045SUSE bug 1143105SUSE bug 1143185SUSE bug 1143189SUSE bug 1143191SUSE bug 1143209SUSE bug 1143507CVE-2018-20855 at SUSECVE-2018-20855 at NVDCVE-2019-1125 at SUSECVE-2019-1125 at NVDCVE-2019-11810 at SUSECVE-2019-11810 at NVDCVE-2019-13631 at SUSECVE-2019-13631 at NVDCVE-2019-13648 at SUSECVE-2019-13648 at NVDCVE-2019-14283 at SUSECVE-2019-14283 at NVDCVE-2019-14284 at SUSECVE-2019-14284 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).
- CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).
- CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191)
- CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).
- CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254)
- CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)
The following non-security bugs were fixed:
- Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned
- acpi/nfit: Always dump _DSM output payload (bsc#1142351).
- Add back sibling paca poiter to paca (bsc#1055117).
- Add support for crct10dif-vpmsum ().
- af_unix: remove redundant lockdep class (git-fixes).
- alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510).
- alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510).
- alsa: compress: Fix regression on compressed capture streams (bsc#1051510).
- alsa: compress: Prevent bypasses of set_params (bsc#1051510).
- alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510).
- alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510).
- alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510).
- alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510).
- alsa: line6: Fix a typo (bsc#1051510).
- alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510).
- alsa: seq: Break too long mutex context in the write loop (bsc#1051510).
- alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510).
- alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510).
- alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510).
- alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510).
- alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510).
- asoc : cs4265 : readable register too low (bsc#1051510).
- asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510).
- asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510).
- ath6kl: add some bounds checking (bsc#1051510).
- batman-adv: fix for leaked TVLV handler (bsc#1051510).
- bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652).
- bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652).
- bcache: add code comments for journal_read_bucket() (bsc#1140652).
- bcache: Add comments for blkdev_put() in registration code path (bsc#1140652).
- bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652).
- bcache: add comments for kobj release callback routine (bsc#1140652).
- bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652).
- bcache: add error check for calling register_bdev() (bsc#1140652).
- bcache: add failure check to run_cache_set() for journal replay (bsc#1140652).
- bcache: add io error counting in write_bdev_super_endio() (bsc#1140652).
- bcache: add more error message in bch_cached_dev_attach() (bsc#1140652).
- bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652).
- bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652).
- bcache: add return value check to bch_cached_dev_run() (bsc#1140652).
- bcache: avoid a deadlock in bcache_reboot() (bsc#1140652).
- bcache: avoid clang -Wunintialized warning (bsc#1140652).
- bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652).
- bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652).
- bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652).
- bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652).
- bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652).
- bcache: Clean up bch_get_congested() (bsc#1140652).
- bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652).
- bcache: do not assign in if condition in bcache_device_init() (bsc#1140652).
- bcache: do not set max writeback rate if gc is running (bsc#1140652).
- bcache: fix a race between cache register and cacheset unregister (bsc#1140652).
- bcache: fix crashes stopping bcache device before read miss done (bsc#1140652).
- bcache: fix failure in journal relplay (bsc#1140652).
- bcache: fix inaccurate result of unused buckets (bsc#1140652).
- bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652).
- bcache: fix potential deadlock in cached_def_free() (bsc#1140652).
- bcache: fix race in btree_flush_write() (bsc#1140652).
- bcache: fix return value error in bch_journal_read() (bsc#1140652).
- bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652).
- bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652).
- bcache: ignore read-ahead request failure on backing device (bsc#1140652).
- bcache: improve bcache_reboot() (bsc#1140652).
- bcache: improve error message in bch_cached_dev_run() (bsc#1140652).
- bcache: make bset_search_tree() be more understandable (bsc#1140652).
- bcache: make is_discard_enabled() static (bsc#1140652).
- bcache: more detailed error message to bcache_device_link() (bsc#1140652).
- bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652).
- bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652).
- bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652).
- bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652).
- bcache: performance improvement for btree_flush_write() (bsc#1140652).
- bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).
- bcache: remove retry_flush_write from struct cache_set (bsc#1140652).
- bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652).
- bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652).
- bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652).
- bcache: return error immediately in bch_journal_replay() (bsc#1140652).
- bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652).
- bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652).
- bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652).
- bcache: shrink btree node cache after bch_btree_check() (bsc#1140652).
- bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652).
- bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652).
- be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18).
- be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315).
- be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315).
- block, bfq: NULL out the bic when it's no longer valid (bsc#1142359).
- bnx2x: Prevent load reordering in tx completion processing (bsc#1142868).
- bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31).
- bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14).
- bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584).
- bpf, x64: fix stack layout of JITed bpf code (bsc#1083647).
- bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647).
- bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14).
- btrfs: fix race between block group removal and block group allocation (bsc#1143003).
- cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478).
- clk: qcom: Fix -Wunused-const-variable (bsc#1051510).
- clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510).
- clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510).
- cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510).
- cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510).
- cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510).
- cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510).
- cpufreq: kirkwood: fix possible object reference leak (bsc#1051510).
- cpufreq/pasemi: fix possible object reference leak (bsc#1051510).
- cpufreq: pmac32: fix possible object reference leak (bsc#1051510).
- cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510).
- cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510).
- crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510).
- crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510).
- crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510).
- crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510).
- crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510).
- crypto: ccp/gcm - use const time tag comparison (bsc#1051510).
- crypto: ccp - memset structure fields to zero before reuse (bsc#1051510).
- crypto: ccp - Validate the the error value used to index error messages (bsc#1051510).
- crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510).
- crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510).
- crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510).
- crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510).
- crypto: talitos - check data blocksize in ablkcipher (bsc#1051510).
- crypto: talitos - fix CTR alg blocksize (bsc#1051510).
- crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510).
- crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510).
- crypto: talitos - properly handle split ICV (bsc#1051510).
- crypto: talitos - reduce max key size for SEC1 (bsc#1051510).
- crypto: talitos - rename alternative AEAD algos (bsc#1051510).
- dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080).
- dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510).
- dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14).
- drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510).
- drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510).
- drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510).
- drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510).
- e1000e: start network tx queue only when link is up (bsc#1051510).
- ethtool: check the return value of get_regs_len (git-fixes).
- ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09).
- Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510).
- Fix memory leak in sctp_process_init (networking-stable-19_06_09).
- fork, memcg: fix cached_stacks case (bsc#1134097).
- fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097).
- hid: wacom: correct touch resolution x/y typo (bsc#1051510).
- hid: wacom: generic: Correct pad syncing (bsc#1051510).
- hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510).
- hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510).
- input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510).
- input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510).
- input: psmouse - fix build error of multiple definition (bsc#1051510).
- input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510).
- input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770).
- intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510).
- ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14).
- ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31).
- ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31).
- ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes).
- ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31).
- ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09).
- ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18).
- ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09).
- kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995).
- kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059).
- kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021).
- kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021).
- kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507)
- kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335).
- kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335).
- kvm: polling: add architecture backend to disable polling (bsc#1119222).
- kvm: s390: change default halt poll time to 50us (bsc#1119222).
- kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222
- kvm: s390: fix typo in parameter description (bsc#1119222).
- kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker.
- kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222).
- kvm: s390: provide kvm_arch_no_poll function (bsc#1119222).
- kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133).
- kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354).
- lapb: fixed leak of control-blocks (networking-stable-19_06_18).
- lib: fix stall in __bitmap_parselist() (bsc#1051510).
- libnvdimm/namespace: Fix label tracking error (bsc#1142350).
- lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510).
- livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995).
- livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995).
- llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31).
- media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642).
- media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510).
- media: s5p-mfc: Make additional clocks optional (bsc#1051510).
- media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510).
- media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510).
- mei: bus: need to unlink client before freeing (bsc#1051510).
- mei: me: add denverton innovation engine device IDs (bsc#1051510).
- mei: me: add gemini lake devices id (bsc#1051510).
- memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510).
- memstick: Fix error cleanup path of memstick_init (bsc#1051510).
- mfd: intel-lpss: Release IDA resources (bsc#1051510).
- mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510).
- mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609).
- mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270).
- mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034).
- mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270).
- neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18).
- net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332).
- net: avoid weird emergency message (networking-stable-19_05_21).
- net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31).
- netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes).
- net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31).
- net/mlx4_core: Change the error print to info print (networking-stable-19_05_21).
- net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09).
- net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31).
- net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31).
- net: mvneta: Fix err code path of probe (networking-stable-19_05_31).
- net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31).
- net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18).
- net/packet: fix memory leak in packet_set_ring() (git-fixes).
- net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09).
- net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14).
- net: stmmac: fix reset gpio free missing (networking-stable-19_05_31).
- net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21).
- nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185).
- ocfs2: add first lock wait time in locking_state (bsc#1134390).
- ocfs2: add last unlock times in locking_state (bsc#1134390).
- ocfs2: add locking filter debugfs file (bsc#1134390).
- packet: Fix error path in packet_init (networking-stable-19_05_14).
- packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes).
- pci: Always allow probing with driver_override (bsc#1051510).
- pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701).
- pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701).
- pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701).
- pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701).
- pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701).
- pci: hv: Remove unused reason for refcount handler (bsc#1142701).
- pci: hv: support reporting serial number as slot information (bsc#1142701).
- pci: Return error if cannot probe VF (bsc#1051510).
- pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090).
- pktgen: do not sleep with the thread lock held (git-fixes).
- platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510).
- platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).
- platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439).
- platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510).
- powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes).
- powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test ().
- powerpc/mm: Change function prototype (bsc#1055117).
- powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270).
- powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270).
- powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270).
- powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117).
- powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117).
- powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117).
- powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
- ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21).
- rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes).
- Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652).
- Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510).
- Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995).
- Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510).
- rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21).
- s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335).
- s390/vtime: steal time exponential moving average (bsc#1119222).
- scripts/git_sort/git_sort.py: Add mmots tree.
- scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093).
- sctp: Free cookie before we memdup a new one (networking-stable-19_06_18).
- sctp: silence warns on sctp_stream_init allocations (bsc#1083710).
- serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510).
- serial: uartps: Fix long line over 80 chars (bsc#1051510).
- serial: uartps: Fix multiple line dereference (bsc#1051510).
- serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510).
- staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510).
- staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510).
- staging: rtl8712: reduce stack usage, again (bsc#1051510).
- sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18).
- tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes).
- team: Always enable vlan tx offload (bsc#1051510).
- tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510).
- tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510).
- tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510).
- tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14).
- usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510).
- usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510).
- usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510).
- usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510).
- usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510).
- usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510).
- vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510).
- vsock/virtio: free packets during the socket release (networking-stable-19_05_21).
- vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18).
- wil6210: fix potential out-of-bounds read (bsc#1051510).
- x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903).
- xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300).
- xfs: do not overflow xattr listent buffer (bsc#1143105).
ImportantSUSE bug 1051510SUSE bug 1055117SUSE bug 1071995SUSE bug 1083647SUSE bug 1083710SUSE bug 1102247SUSE bug 1111666SUSE bug 1119222SUSE bug 1123080SUSE bug 1127034SUSE bug 1127315SUSE bug 1129770SUSE bug 1130972SUSE bug 1133021SUSE bug 1134097SUSE bug 1134390SUSE bug 1134399SUSE bug 1135335SUSE bug 1135642SUSE bug 1136896SUSE bug 1137458SUSE bug 1137534SUSE bug 1137535SUSE bug 1137584SUSE bug 1137609SUSE bug 1137811SUSE bug 1137827SUSE bug 1139358SUSE bug 1140133SUSE bug 1140139SUSE bug 1140322SUSE bug 1140652SUSE bug 1140887SUSE bug 1140888SUSE bug 1140889SUSE bug 1140891SUSE bug 1140893SUSE bug 1140903SUSE bug 1140945SUSE bug 1140954SUSE bug 1140955SUSE bug 1140956SUSE bug 1140957SUSE bug 1140958SUSE bug 1140959SUSE bug 1140960SUSE bug 1140961SUSE bug 1140962SUSE bug 1140964SUSE bug 1140971SUSE bug 1140972SUSE bug 1140992SUSE bug 1141401SUSE bug 1141402SUSE bug 1141452SUSE bug 1141453SUSE bug 1141454SUSE bug 1141478SUSE bug 1142023SUSE bug 1142112SUSE bug 1142220SUSE bug 1142221SUSE bug 1142254SUSE bug 1142350SUSE bug 1142351SUSE bug 1142354SUSE bug 1142359SUSE bug 1142450SUSE bug 1142701SUSE bug 1142868SUSE bug 1143003SUSE bug 1143045SUSE bug 1143105SUSE bug 1143185SUSE bug 1143189SUSE bug 1143191SUSE bug 1143507CVE-2018-20855 at SUSECVE-2018-20855 at NVDCVE-2019-1125 at SUSECVE-2019-1125 at NVDCVE-2019-11810 at SUSECVE-2019-11810 at NVDCVE-2019-13631 at SUSECVE-2019-13631 at NVDCVE-2019-13648 at SUSECVE-2019-13648 at NVDCVE-2019-14283 at SUSECVE-2019-14283 at NVDCVE-2019-14284 at SUSECVE-2019-14284 at NVDcpe:/o:suse:sles:12:sp4Security update for evince (Important)SUSE Linux Enterprise Server 12 SP4
This update for evince fixes the following issues:
Security issues fixed:
- CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037).
- CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619).
ImportantSUSE bug 1133037SUSE bug 1141619CVE-2019-1010006 at SUSECVE-2019-1010006 at NVDCVE-2019-11459 at SUSECVE-2019-11459 at NVDcpe:/o:suse:sles:12:sp4Security update for tcpdump (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for tcpdump fixes the following issues:
Security issues fixed:
- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).
ModerateSUSE bug 1068716SUSE bug 1142439CVE-2017-16808 at SUSECVE-2017-16808 at NVDCVE-2019-1010220 at SUSECVE-2019-1010220 at NVDcpe:/o:suse:sles:12:sp4Security update for squid (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for squid fixes the following issues:
Security issue fixed:
- CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329).
- CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332).
- CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738).
ModerateSUSE bug 1140738SUSE bug 1141329SUSE bug 1141332CVE-2019-12525 at SUSECVE-2019-12525 at NVDCVE-2019-12529 at SUSECVE-2019-12529 at NVDCVE-2019-13345 at SUSECVE-2019-13345 at NVDcpe:/o:suse:sles:12:sp4Security update for rsyslog (Important)SUSE Linux Enterprise Server 12 SP4
This update for rsyslog fixes the following issues:
Security issue fixed:
- CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164).
ImportantSUSE bug 1123164CVE-2018-16881 at SUSECVE-2018-16881 at NVDcpe:/o:suse:sles:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4
This update for python fixes the following issues:
- CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459).
- CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853).
ImportantSUSE bug 1138459SUSE bug 1141853CVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wireshark to version 2.4.16 fixes the following issues:
Security issue fixed:
- CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980).
ModerateSUSE bug 1141980CVE-2019-13619 at SUSECVE-2019-13619 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb-100 (Important)SUSE Linux Enterprise Server 12 SP4
This update for mariadb-100 to version 10.0.38 fixes the following issues:
- CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037).
- CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037).
ImportantSUSE bug 1136037CVE-2019-2529 at SUSECVE-2019-2529 at NVDCVE-2019-2537 at SUSECVE-2019-2537 at NVDcpe:/o:suse:sles:12:sp4Security update for openjpeg2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openjpeg2 fixes the following issues:
Security issue fixed:
- CVE-2016-1923: Fixed anout of bounds read int opj_j2k_update_image_data() and opj_tgt_reset () (bsc#962522).
ModerateSUSE bug 962522CVE-2016-1923 at SUSECVE-2016-1923 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).
- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).
- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
- CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578)
The following non-security bugs were fixed:
- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
- ACPICA: Tables: Add WSMT support (bsc#1089350).
- ACPI/CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- ACPI/CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).
- ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).
- ACPI/NFTI: Fix ARS overflow continuation (bsc#1116895).
- ACPI/NFIT: x86/mce: Handle only uncorrectable machine checks (bsc#1114279).
- ACPI/NFIT: x86/mce: Validate a MCE's address before using it (bsc#1114279).
- ACPI/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
- ACPI/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).
- act_ife: fix a potential use-after-free (networking-stable-18_09_11).
- Add the cherry-picked dup id for PCI dwc fix
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
- ALSA: control: Fix race between adding and removing a user element (bsc#1051510).
- ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510).
- ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
- ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
- ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).
- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).
- ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).
- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).
- ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).
- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
- ALSA: hda/realtek - Support ALC300 (bsc#1051510).
- ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- ALSA: hda/tegra: clear pending irq handlers (bsc#1051510).
- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
- ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: trident: Suppress gcc string warning (bsc#1051510).
- ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).
- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).
- arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).
- arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)
- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).
- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ata: Fix racy link clearance (bsc#1107866).
- ataflop: fix error handling during setup (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- b43: Fix error in cordic routine (bsc#1051510).
- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
- bitops: protect variables in set_mask_bits() macro (bsc#1051510).
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- block/swim: Fix array bounds check (Git-fixes).
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bonding: avoid possible dead-lock (networking-stable-18_10_16).
- bonding: fix length of actor system (networking-stable-18_11_02).
- bonding: fix warning message (networking-stable-18_10_16).
- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
- bpf: use per htab salt for bucket hash (git-fixes).
- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).
- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).
- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).
- Btrfs: Always try all copies when reading extent buffers (git-fixes).
- Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
- Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).
- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
- Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).
- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).
- Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- Btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- Btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).
- Btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).
- Btrfs: fix use-after-free during inode eviction (bsc#1116701).
- Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- Btrfs: fix use-after-free when dumping free space (bsc#1116862).
- Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).
- Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).
- Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- Btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- Btrfs: make sure we create all new block groups (bsc#1116699).
- Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
- Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).
- Btrfs: stop creating orphan items for truncate (bsc#1111469).
- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- Btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).
- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).
- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).
- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- can: hi311x: Use level-triggered interrupt (bsc#1051510).
- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
- can: rcar_can: Fix erroneous registration (bsc#1051510).
- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).
- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).
- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).
- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- configfs: replace strncpy with memcpy (bsc#1051510).
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable INFINIBAND_USNIC
- disable SERIAL_NONSTANDARD
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- Documentation/l1tf: Fix typos (bsc#1051510).
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).
- Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207).
- Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207).
- Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207).
- Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207).
- Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207).
- Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207).
- Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207).
- Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207).
- Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207).
- Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207).
- Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207).
- Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207).
- Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207).
- Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207).
- Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207).
- Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207).
- Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207).
- Drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- Drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- Drivers/tty: add missing of_node_put() (bsc#1051510).
- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/ast: change resolution may cause screen blurred (boo#1112963).
- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
- drm/ast: Fix incorrect free on ioregs (bsc#1051510).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/dp_mst: Check if primary mstb is null (bsc#1051510).
- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)
- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).
- drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).
- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
- drm/i915/glk: Remove 99% limitation (bsc#1051510).
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
- drm/i915: Mark pin flags as u64 (bsc#1051510).
- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).
- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/meson: add support for 1080p25 mode (bsc#1051510).
- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).
- drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: iio: update STM32 timers clock names (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207)
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).
- ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).
- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).
- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
- ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).
- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fanotify: fix handling of events on child sub-directory (bsc#1122019).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- fbdev: fix broken menu dependencies (bsc#1113722)
- filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787).
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
- firmware: dcdbas: include linux/io.h (bsc#1089350).
- Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).
- Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream.
- Fix tracing sample code warning (git-fixes).
- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).
- fscache: fix race between enablement and dropping of object (bsc#1107385).
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs: Make extension of struct super_block transparent (bsc#1117822).
- fsnotify: Fix busy inodes during unmount (bsc#1117822).
- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).
- ftrace: Remove incorrect setting of glob search field (bsc#1117184).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- genirq: Fix race on spurious interrupt detection (bsc#1051510).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- git_sort.py: Remove non-existent remote tj/libata
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
- gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).
- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- HID: hiddev: fix potential Spectre v1 (bsc#1051510).
- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).
- hv: add SPDX license id to Kconfig (bsc#1107207).
- hv: add SPDX license to trace (bsc#1107207).
- hv_balloon: trace post_status (bsc#1107207).
- hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207).
- hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207).
- hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207).
- hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207).
- hv_netvsc: add trace points (bsc#1107207).
- hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207).
- hv_netvsc: fix bogus ifalias on network device (bsc#1107207).
- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).
- hv_netvsc: Fix the return status in RX path (bsc#1107207).
- hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207).
- hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207).
- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).
- hv_netvsc: pair VF based on serial number (bsc#1107207).
- hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207).
- hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207).
- hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207).
- hv_netvsc: select needed ucs2_string routine (bsc#1107207).
- hv_netvsc: simplify receive side calling arguments (bsc#1107207).
- hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207).
- hv: Synthetic typo correction (bsc#1107207).
- hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207).
- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ibmvnic: remove ndo_poll_controller ().
- ibmvnic: Update driver queues after change in ring size support ().
- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).
- iio: ad5064: Fix regulator handling (bsc#1051510).
- iio:st_magn: Fix enable device after trigger (bsc#1051510).
- ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).
- include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).
- include modules.fips in kernel-binary as well as kernel-binary-base ().
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- Input: add official Raspberry Pi's touchscreen driver ().
- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).
- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).
- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
- Input: xpad - fix some coding style issues (bsc#1051510).
- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).
- ipmi: Fix timer race with module unload (bsc#1051510).
- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).
- ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21).
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).
- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).
- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).
- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).
- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).
- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).
- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).
- KABI: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- KABI: mask raw in struct bpf_reg_state (bsc#1083647).
- KABI: powerpc: Revert npu callback signature change (bsc#1055120).
- KABI protect hnae_ae_ops (bsc#1104353).
- KABI: protect struct fib_nh_exception (kabi).
- KABI: protect struct rtable (kabi).
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kdb: use memmove instead of overlapping memcpy (bsc#1120954).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
- KVM: hyperv: idr_find needs RCU protection (bsc#1107207).
- KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207).
- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).
- KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).
- KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).
- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bsc#1107207).
- KVM: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207).
- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).
- KVM: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207).
- KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207).
- KVM: x86: hyperv: guest->host event signaling via eventfd (bsc#1107207).
- KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207).
- KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207).
- KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207).
- KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libceph: fall back to sendmsg for slab pages (bsc#1118316).
- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788).
- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Always report TX status (bsc#1051510).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
- mach64: fix display corruption on big endian machines (bsc#1113722)
- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)
- mailbox: PCC: handle parse error (bsc#1051510).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- md: allow metadata updates while suspending an array - fix (git-fixes).
- MD: fix invalid stored role for a disk - try2 (git-fixes).
- md: fix raid10 hang issue caused by barrier (git-fixes).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).
- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).
- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).
- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).
- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: rework memcg kernel stack accounting (bnc#1113677).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
- Move dell_rbu fix to sorted section (bsc#1087978).
- Move USB-audio UAF fix patch to sorted section
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).
- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).
- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).
- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).
- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).
- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).
- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).
- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).
- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).
- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).
- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).
- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).
- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).
- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).
- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).
- net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).
- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).
- net: ibm: fix return type of ndo_start_xmit function ().
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).
- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).
- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).
- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).
- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).
- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).
- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).
- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).
- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).
- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).
- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).
- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).
- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).
- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).
- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).
- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).
- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).
- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
- net: socket: fix a missing-check bug (networking-stable-18_11_02).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).
- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).
- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).
- net: systemport: Protect stop from timeout (networking-stable-18_11_21).
- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).
- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).
- nfs: Avoid RCU usage in tracepoints (git-fixes).
- nfs: commit direct writes even if they fail partially (git-fixes).
- nfsd4: permit layoutget of executable-only files (git-fixes).
- nfsd: check for use of the closed special stateid (git-fixes).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).
- nfsd: deal with revoked delegations appropriately (git-fixes).
- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).
- nfsd: Fix another OPEN stateid race (git-fixes).
- nfsd: fix corrupted reply to badly ordered compound (git-fixes).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).
- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).
- nfs: Ensure we commit after writeback is complete (bsc#1111809).
- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).
- nfs: Fix a typo in nfs_rename() (git-fixes).
- nfs: Fix typo in nomigration mount option (git-fixes).
- nfs: Fix unstable write completion (git-fixes).
- nfsv4.0 fix client reference leak in callback (git-fixes).
- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
- nfsv4.1 fix infinite loop on I/O (git-fixes).
- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
- nfsv4.1: Fix up replays of interrupted requests (git-fixes).
- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Include <asm/barrier.h> dependency (bsc#1114279).
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme: Free ctrl device name on init failure ().
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).
- ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).
- ocfs2: fix ocfs2 read block panic (bsc#1117815).
- ocfs2: free up write context when direct IO failed (bsc#1117821).
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).
- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).
- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).
- PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).
- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)
- PCI: Export pcie_has_flr() (bsc#1120058).
- PCI: hv: Convert remove_lock to refcount (bsc#1107207).
- PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207).
- PCI: hv: Remove unused reason for refcount handler (bsc#1107207).
- PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207).
- PCI: hv: support reporting serial number as slot information (bsc#1107207).
- PCI: hv: Use effective affinity mask (bsc#1109772).
- PCI: hv: Use list_for_each_entry() (bsc#1107207).
- PCI: imx6: Fix link training status detection in link up check (bsc#1109806).
- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).
- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).
- perf: fix invalid bit in diagnostic entry (git-fixes).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).
- pinctrl: meson: fix pinconf bias disable (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).
- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
- pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).
- pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes).
- pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
- powerpc/mm: Fix typo in comments (bsc#1065729).
- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).
- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).
- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).
- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).
- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).
- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).
- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).
- provide linux/set_memory.h (bsc#1113295).
- ptp: fix Spectre v1 vulnerability (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).
- pxa168fb: prepare the clock (bsc#1051510).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).
- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- r8169: fix NAPI handling under high load (networking-stable-18_11_02).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- RDMA/RXE: make rxe work over 802.1q VLAN devices (bsc#1082387).
- rds: fix two RCU related problems (networking-stable-18_09_18).
- README: Clean-up trailing whitespace
- Reenable support for KVM guest Earlier trimming of config-azure disabled also KVM. But since parts of QA are done within KVM guests, this flavor must be able to run within such guest type.
- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
- reset: imx7: Fix always writing bits as 0 (bsc#1051510).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729).
- Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' This reverts commit 0d585a8c2d17de86869cc695fc7a5d10c6b96abb.
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510).
- Revert wlcore patch to follow stable tree develpment
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.
- rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig: remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).
- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).
- s390/qeth: handle failure on workqueue creation (git-fixes).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).
- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).
- sched/isolcpus: Fix 'isolcpus=' boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scripts/git-pre-commit: make executable.
- scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue
- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.
- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).
- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
- scsi: lpfc: add Trunking support (bsc#1114015).
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).
- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).
- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).
- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix errors in log messages (bsc#1114015).
- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).
- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).
- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).
- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207).
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).
- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
- scsi: sg: fix minor memory leak in error path (bsc#1114584).
- scsi: storsvc: do not set a bounce limit (bsc#1107207).
- scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207).
- scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207).
- scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).
- scsi: target: tcmu: add read length support (bsc#1097755).
- scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).
- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).
- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).
- sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).
- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).
- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).
- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- skip LAYOUTRETURN if layout is invalid (git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).
- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging:iio:ad7606: fix voltage scales (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).
- sunrpc: Do not use stack buffer with scatterlist (git-fixes).
- sunrpc: Fix rpc_task_begin trace point (git-fixes).
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_firmware: fix error return getting clobbered (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).
- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).
- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).
- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).
- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (bsc#1107207).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- tools: hv: Fix a bug in the key delete code (bsc#1107207).
- tools: hv: Fix a bug in the key delete code (git-fixes).
- tools: hv: fix compiler warnings about major/target_fname (bsc#1107207).
- tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207).
- tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207).
- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
- tpm: add retry logic (bsc#1082555).
- tpm: consolidate the TPM startup code (bsc#1082555).
- tpm: do not suspend/resume if power stays on (bsc#1082555).
- tpm: fix intermittent failure with self tests (bsc#1082555).
- tpm: fix response size validation in tpm_get_random() (bsc#1082555).
- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).
- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).
- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).
- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).
- tpm: Restore functionality to xen vtpm driver (bsc#1082555).
- tpm: self test failure should not cause suspend to fail (bsc#1082555).
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).
- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Erase irqsoff trace with empty write (bsc#1117189).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: check name length in tty_find_polling_driver() (bsc#1051510).
- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- tty: wipe buffer (bsc#1051510).
- tty: wipe buffer if not echoing data (bsc#1051510).
- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).
- tuntap: fix multiqueue rx (networking-stable-18_11_21).
- ubifs: Fixup compilation failure due to different ubifs_assert() prototype.
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).
- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).
- udp6: fix encap return code for resubmitting (git-fixes).
- uio: ensure class is registered before devices (bsc#1051510).
- uio: Fix an Oops on load (bsc#1051510).
- uio_hv_generic: fix subchannel ring mmap (bsc#1107207).
- uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207).
- uio_hv_generic: set size of ring buffer attribute (bsc#1107207).
- uio_hv_generic: support sub-channels (bsc#1107207).
- uio_hv_generic: use correct channel in isr (bsc#1107207).
- uio: make symbol 'uio_class_registered' static (bsc#1051510).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
- usb: core: Fix hub port connection events lost (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).
- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: dwc3: core: Clean up ULPI device (bsc#1051510).
- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).
- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).
- usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).
- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).
- usb: serial: option: drop redundant interface-class test (bsc#1051510).
- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
- vhost: Fix Spectre V1 vulnerability (bsc#1051510).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).
- VMCI: Resource wildcard match fixed (bsc#1051510).
- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).
- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86/headers/UAPI: Use __u64 instead of u64 in <uapi/asm/hyperv.h> (bsc#1107207).
- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
- x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207).
- x86/hyper-v: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207).
- x86/hyper-v: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207).
- x86/hyperv: Add interrupt handler annotations (bsc#1107207).
- x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207).
- x86/hyper-v: Allocate the IDT entry early in boot (bsc#1107207).
- x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207).
- x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207).
- x86/hyper-v: Consolidate code for converting cpumask to vpset (bsc#1107207).
- x86/hyper-v: Consolidate the allocation of the hypercall input page (bsc#1107207).
- x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207).
- x86/hyper-v: detect nested features (bsc#1107207).
- x86/hyper-v: Enable IPI enlightenments (bsc#1107207).
- x86/hyper-v: Enhanced IPI enlightenment (bsc#1107207).
- x86/hyper-v: Enlighten APIC access (bsc#1107207).
- x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207).
- x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207).
- x86/hyper-v/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207).
- x86/hyper-v/hv_apic: Include asm/apic.h (bsc#1107207).
- x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207).
- x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207).
- x86/hyper-v: move hyperv.h out of uapi (bsc#1107207).
- x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207).
- x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207).
- x86/hyperv: Reenlightenment notifications support (bsc#1107207).
- x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207).
- x86/hyper-v: Trace PV IPI send (bsc#1107207).
- x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207).
- x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207).
- x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bsc#1107207).
- x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207).
- x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207).
- x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207).
- x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).
- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Support Enhanced IBRS on future CPUs ().
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
- xen/balloon: Support xend-based toolstack (bnc#1065600).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).
- xen: fix race in xen_qlock_wait() (bnc#1107256).
- xen: fix xen_qlock_wait() (bnc#1107256).
- xen: make xen_qlock_wait() nestable (bnc#1107256).
- xen/netfront: do not bug in case of too many frags (bnc#1104824).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xen/pvh: do not try to unplug emulated devices (bnc#1065600).
- xen/pvh: increase early stack size (bnc#1065600).
- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).
- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
- xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).
ImportantSUSE bug 1024718SUSE bug 1046299SUSE bug 1050242SUSE bug 1050244SUSE bug 1051510SUSE bug 1055120SUSE bug 1055121SUSE bug 1055186SUSE bug 1058115SUSE bug 1060463SUSE bug 1065600SUSE bug 1065729SUSE bug 1068032SUSE bug 1068273SUSE bug 1074562SUSE bug 1074578SUSE bug 1074701SUSE bug 1075006SUSE bug 1075419SUSE bug 1075748SUSE bug 1078248SUSE bug 1079935SUSE bug 1080039SUSE bug 1082387SUSE bug 1082555SUSE bug 1082653SUSE bug 1083647SUSE bug 1085535SUSE bug 1086282SUSE bug 1086283SUSE bug 1086423SUSE bug 1087082SUSE bug 1087084SUSE bug 1087939SUSE bug 1087978SUSE bug 1088386SUSE bug 1089350SUSE bug 1090888SUSE bug 1091405SUSE bug 1094244SUSE bug 1097593SUSE bug 1097755SUSE bug 1102055SUSE bug 1102875SUSE bug 1102877SUSE bug 1102879SUSE bug 1102882SUSE bug 1102896SUSE bug 1103257SUSE bug 1104353SUSE bug 1104427SUSE bug 1104824SUSE bug 1104967SUSE bug 1105168SUSE bug 1106105SUSE bug 1106110SUSE bug 1106237SUSE bug 1106240SUSE bug 1106615SUSE bug 1106913SUSE bug 1107207SUSE bug 1107256SUSE bug 1107385SUSE bug 1107866SUSE bug 1108270SUSE bug 1108468SUSE bug 1109272SUSE bug 1109772SUSE bug 1109806SUSE bug 1110006SUSE bug 1110558SUSE bug 1110998SUSE bug 1111062SUSE bug 1111174SUSE bug 1111188SUSE bug 1111469SUSE bug 1111696SUSE bug 1111795SUSE bug 1111809SUSE bug 1112128SUSE bug 1112963SUSE bug 1113295SUSE bug 1113412SUSE bug 1113501SUSE bug 1113677SUSE bug 1113722SUSE bug 1113769SUSE bug 1114015SUSE bug 1114178SUSE bug 1114279SUSE bug 1114385SUSE bug 1114576SUSE bug 1114577SUSE bug 1114578SUSE bug 1114579SUSE bug 1114580SUSE bug 1114581SUSE bug 1114582SUSE bug 1114583SUSE bug 1114584SUSE bug 1114585SUSE bug 1114648SUSE bug 1114839SUSE bug 1114871SUSE bug 1115074SUSE bug 1115269SUSE bug 1115431SUSE bug 1115433SUSE bug 1115440SUSE bug 1115567SUSE bug 1115709SUSE bug 1115976SUSE bug 1116040SUSE bug 1116183SUSE bug 1116336SUSE bug 1116692SUSE bug 1116693SUSE bug 1116698SUSE bug 1116699SUSE bug 1116700SUSE bug 1116701SUSE bug 1116803SUSE bug 1116841SUSE bug 1116862SUSE bug 1116863SUSE bug 1116876SUSE bug 1116877SUSE bug 1116878SUSE bug 1116891SUSE bug 1116895SUSE bug 1116899SUSE bug 1116950SUSE bug 1117115SUSE bug 1117162SUSE bug 1117165SUSE bug 1117168SUSE bug 1117172SUSE bug 1117174SUSE bug 1117181SUSE bug 1117184SUSE bug 1117186SUSE bug 1117188SUSE bug 1117189SUSE bug 1117349SUSE bug 1117561SUSE bug 1117656SUSE bug 1117788SUSE bug 1117789SUSE bug 1117790SUSE bug 1117791SUSE bug 1117792SUSE bug 1117794SUSE bug 1117795SUSE bug 1117796SUSE bug 1117798SUSE bug 1117799SUSE bug 1117801SUSE bug 1117802SUSE bug 1117803SUSE bug 1117804SUSE bug 1117805SUSE bug 1117806SUSE bug 1117807SUSE bug 1117808SUSE bug 1117815SUSE bug 1117816SUSE bug 1117817SUSE bug 1117818SUSE bug 1117819SUSE bug 1117820SUSE bug 1117821SUSE bug 1117822SUSE bug 1117953SUSE bug 1118102SUSE bug 1118136SUSE bug 1118137SUSE bug 1118138SUSE bug 1118140SUSE bug 1118152SUSE bug 1118215SUSE bug 1118316SUSE bug 1118319SUSE bug 1118320SUSE bug 1118428SUSE bug 1118484SUSE bug 1118505SUSE bug 1118752SUSE bug 1118760SUSE bug 1118761SUSE bug 1118762SUSE bug 1118766SUSE bug 1118767SUSE bug 1118768SUSE bug 1118769SUSE bug 1118771SUSE bug 1118772SUSE bug 1118773SUSE bug 1118774SUSE bug 1118775SUSE bug 1118787SUSE bug 1118788SUSE bug 1118798SUSE bug 1118809SUSE bug 1118962SUSE bug 1119017SUSE bug 1119086SUSE bug 1119212SUSE bug 1119322SUSE bug 1119410SUSE bug 1119714SUSE bug 1119749SUSE bug 1119804SUSE bug 1119946SUSE bug 1119947SUSE bug 1119962SUSE bug 1119968SUSE bug 1119974SUSE bug 1120036SUSE bug 1120046SUSE bug 1120053SUSE bug 1120054SUSE bug 1120055SUSE bug 1120058SUSE bug 1120088SUSE bug 1120092SUSE bug 1120094SUSE bug 1120096SUSE bug 1120097SUSE bug 1120173SUSE bug 1120214SUSE bug 1120223SUSE bug 1120228SUSE bug 1120230SUSE bug 1120232SUSE bug 1120234SUSE bug 1120235SUSE bug 1120238SUSE bug 1120594SUSE bug 1120598SUSE bug 1120600SUSE bug 1120601SUSE bug 1120602SUSE bug 1120603SUSE bug 1120604SUSE bug 1120606SUSE bug 1120612SUSE bug 1120613SUSE bug 1120614SUSE bug 1120615SUSE bug 1120616SUSE bug 1120617SUSE bug 1120618SUSE bug 1120620SUSE bug 1120621SUSE bug 1120632SUSE bug 1120633SUSE bug 1120743SUSE bug 1120954SUSE bug 1121017SUSE bug 1121058SUSE bug 1121263SUSE bug 1121273SUSE bug 1121477SUSE bug 1121483SUSE bug 1121599SUSE bug 1121621SUSE bug 1121714SUSE bug 1121715SUSE bug 1121973SUSE bug 1122019SUSE bug 1122292CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-14625 at SUSECVE-2018-14625 at NVDCVE-2018-16862 at SUSECVE-2018-16862 at NVDCVE-2018-16884 at SUSECVE-2018-16884 at NVDCVE-2018-18281 at SUSECVE-2018-18281 at NVDCVE-2018-18397 at SUSECVE-2018-18397 at NVDCVE-2018-19407 at SUSECVE-2018-19407 at NVDCVE-2018-19824 at SUSECVE-2018-19824 at NVDCVE-2018-19854 at SUSECVE-2018-19854 at NVDCVE-2018-19985 at SUSECVE-2018-19985 at NVDCVE-2018-20169 at SUSECVE-2018-20169 at NVDCVE-2018-9568 at SUSECVE-2018-9568 at NVDcpe:/o:suse:sles:12:sp4Security update for apache-commons-beanutils (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache-commons-beanutils fixes the following issues:
Security issue fixed:
- CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657).
ImportantSUSE bug 1146657CVE-2019-10086 at SUSECVE-2019-10086 at NVDcpe:/o:suse:sles:12:sp4Recommended update for NetworkManager (Low)SUSE Linux Enterprise Server 12 SP4
This update for NetworkManager fixes the following issues:
Security issue fixed:
- Fixed that passwords are not echoed on terminal when asking for them (bsc#990204).
LowSUSE bug 990204cpe:/o:suse:sles:12:sp4Security update for perl (Important)SUSE Linux Enterprise Server 12 SP4
This update for perl fixes the following issues:
Security issue fixed:
- CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).
ImportantSUSE bug 1114674CVE-2018-18311 at SUSECVE-2018-18311 at NVDcpe:/o:suse:sles:12:sp4Security update for libsolv, libzypp, zypper (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libsolv, libzypp and zypper fixes the following issues:
libsolv was updated to version 0.6.36 and fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
Fixes for libzypp:
- Fixes a bug where locking the kernel was not possible (bsc#1113296)
- Fixes a file descriptor leak (bsc#1116995)
- Will now run file conflict check on dry-run (best with download-only) (bsc#1140039)
Fixes for zypper:
- Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226)
- Improved the displaying of locks (bsc#1112911)
- Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542)
- zypper will now always warn when no repositories are defined (bsc#1109893)
- Fixes bash completion option detection (bsc#1049825)
ModerateSUSE bug 1049825SUSE bug 1109893SUSE bug 1110542SUSE bug 1111319SUSE bug 1112911SUSE bug 1113296SUSE bug 1116995SUSE bug 1120629SUSE bug 1120630SUSE bug 1120631SUSE bug 1127155SUSE bug 1131823SUSE bug 1134226SUSE bug 1137977SUSE bug 1140039SUSE bug 1145521CVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sles:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4
This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).
ImportantSUSE bug 1145092CVE-2019-10208 at SUSECVE-2019-10208 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575).
- CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742).
- CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741).
- CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740).
- CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738).
ImportantSUSE bug 1145575SUSE bug 1145738SUSE bug 1145740SUSE bug 1145741SUSE bug 1145742CVE-2019-10081 at SUSECVE-2019-10081 at NVDCVE-2019-10082 at SUSECVE-2019-10082 at NVDCVE-2019-10092 at SUSECVE-2019-10092 at NVDCVE-2019-10098 at SUSECVE-2019-10098 at NVDCVE-2019-9517 at SUSECVE-2019-9517 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb, mariadb-connector-c (Important)SUSE Linux Enterprise Server 12 SP4
This update for mariadb and mariadb-connector-c fixes the following issues:
mariadb:
- Update to version 10.2.25 (bsc#1136035)
- CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035).
- CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035).
- CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035).
- Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666).
- Adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response
and the pid in a process list as it can take some time till the process is terminated. Otherwise
it can lead to 'found left-over process' situation when regular mariadb is started (bsc#1143215).
mariadb-connector-c:
- Update to version 3.1.2 (bsc#1136035)
- Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088)
ImportantSUSE bug 1126088SUSE bug 1132666SUSE bug 1136035SUSE bug 1143215CVE-2019-2614 at SUSECVE-2019-2614 at NVDCVE-2019-2627 at SUSECVE-2019-2627 at NVDCVE-2019-2628 at SUSECVE-2019-2628 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_1-ibm fixes the following issues:
Update to Java 7.1 Service Refresh 4 Fix Pack 50.
Security issues fixed:
- CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780).
- CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783).
- CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782).
- CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785).
- CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789).
ImportantSUSE bug 1141780SUSE bug 1141782SUSE bug 1141783SUSE bug 1141785SUSE bug 1141789SUSE bug 1147021CVE-2019-11771 at SUSECVE-2019-11771 at NVDCVE-2019-11775 at SUSECVE-2019-11775 at NVDCVE-2019-2762 at SUSECVE-2019-2762 at NVDCVE-2019-2766 at SUSECVE-2019-2766 at NVDCVE-2019-2769 at SUSECVE-2019-2769 at NVDCVE-2019-2816 at SUSECVE-2019-2816 at NVDCVE-2019-4473 at SUSECVE-2019-4473 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.24.4 (bsc#1148931).
Security issues fixed:
- CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678,
CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595,
CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658,
CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673,
CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680,
CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687,
CVE-2019-8688, CVE-2019-8689, CVE-2019-8690
Non-security issues fixed:
- Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching.
- Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported.
ImportantSUSE bug 1135715SUSE bug 1148931CVE-2019-8595 at SUSECVE-2019-8595 at NVDCVE-2019-8607 at SUSECVE-2019-8607 at NVDCVE-2019-8615 at SUSECVE-2019-8615 at NVDCVE-2019-8644 at SUSECVE-2019-8644 at NVDCVE-2019-8649 at SUSECVE-2019-8649 at NVDCVE-2019-8658 at SUSECVE-2019-8658 at NVDCVE-2019-8666 at SUSECVE-2019-8666 at NVDCVE-2019-8669 at SUSECVE-2019-8669 at NVDCVE-2019-8671 at SUSECVE-2019-8671 at NVDCVE-2019-8672 at SUSECVE-2019-8672 at NVDCVE-2019-8673 at SUSECVE-2019-8673 at NVDCVE-2019-8676 at SUSECVE-2019-8676 at NVDCVE-2019-8677 at SUSECVE-2019-8677 at NVDCVE-2019-8678 at SUSECVE-2019-8678 at NVDCVE-2019-8679 at SUSECVE-2019-8679 at NVDCVE-2019-8680 at SUSECVE-2019-8680 at NVDCVE-2019-8681 at SUSECVE-2019-8681 at NVDCVE-2019-8683 at SUSECVE-2019-8683 at NVDCVE-2019-8684 at SUSECVE-2019-8684 at NVDCVE-2019-8686 at SUSECVE-2019-8686 at NVDCVE-2019-8687 at SUSECVE-2019-8687 at NVDCVE-2019-8688 at SUSECVE-2019-8688 at NVDCVE-2019-8689 at SUSECVE-2019-8689 at NVDCVE-2019-8690 at SUSECVE-2019-8690 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript fixes the following issues:
Security issue fixed:
- CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).
ModerateSUSE bug 1144621CVE-2019-10216 at SUSECVE-2019-10216 at NVDcpe:/o:suse:sles:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).
- CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902).
- CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).
Bug fixes and enhancements:
- Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational
arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764).
- Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795).
- Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The
issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was
removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025).
- Ignore csske for expanding the cpu model (bsc#1136528).
- Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130).
- Fixed virsh migrate-setspeed (bsc#1127077, bsc#1141043).
ImportantSUSE bug 1079730SUSE bug 1098403SUSE bug 1111025SUSE bug 1127077SUSE bug 1134880SUSE bug 1135902SUSE bug 1136528SUSE bug 1136777SUSE bug 1139926SUSE bug 1140402SUSE bug 1141043SUSE bug 1143794CVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDcpe:/o:suse:sles:12:sp4Security update for ceph (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues:
Security issues fixed:
- CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. (bsc#1121567)
ModerateSUSE bug 1121567SUSE bug 1149961CVE-2018-16889 at SUSECVE-2018-16889 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 5 Fix Pack 40.
Security issues fixed:
- CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021)
- CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780).
- CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783).
- CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782).
- CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785).
- CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789).
- CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787).
ImportantSUSE bug 1122292SUSE bug 1122299SUSE bug 1141780SUSE bug 1141782SUSE bug 1141783SUSE bug 1141785SUSE bug 1141787SUSE bug 1141789SUSE bug 1147021CVE-2018-11212 at SUSECVE-2018-11212 at NVDCVE-2019-11771 at SUSECVE-2019-11771 at NVDCVE-2019-11772 at SUSECVE-2019-11772 at NVDCVE-2019-11775 at SUSECVE-2019-11775 at NVDCVE-2019-2449 at SUSECVE-2019-2449 at NVDCVE-2019-2762 at SUSECVE-2019-2762 at NVDCVE-2019-2766 at SUSECVE-2019-2766 at NVDCVE-2019-2769 at SUSECVE-2019-2769 at NVDCVE-2019-2786 at SUSECVE-2019-2786 at NVDCVE-2019-2816 at SUSECVE-2019-2816 at NVDCVE-2019-4473 at SUSECVE-2019-4473 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sles:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495)
- CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496).
ImportantSUSE bug 1149495SUSE bug 1149496CVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDcpe:/o:suse:sles:12:sp4Security update for ibus (Important)SUSE Linux Enterprise Server 12 SP4
This update for ibus fixes the following issues:
Security issue fixed:
- CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011)
ImportantSUSE bug 1150011CVE-2019-14822 at SUSECVE-2019-14822 at NVDcpe:/o:suse:sles:12:sp4Security update for openldap2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194).
- CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273).
ModerateSUSE bug 1143194SUSE bug 1143273CVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDcpe:/o:suse:sles:12:sp4Security update for spice (Important)SUSE Linux Enterprise Server 12 SP4
This update for spice fixes the following issues:
Security issue fixed:
- CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706).
ImportantSUSE bug 1122706CVE-2019-3813 at SUSECVE-2019-3813 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following new features were implemented:
- jsc#SLE-4875: [CML] New device IDs for CML
- jsc#SLE-7294: Add cpufreq driver for Raspberry Pi
- fate#322438: Integrate P9 XIVE support (on PowerVM only)
- fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only)
- fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only)
- fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump
- fate#326869: perf: pmu mem_load/store event support
The following security bugs were fixed:
- CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163).
- CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285)
- CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591).
- CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456).
- CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959).
- CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516)
- CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112).
- CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713)
- CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399)
- CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378).
- CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368)
- CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920).
- CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922).
- CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519).
- CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391).
- CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550)
- CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425)
- CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).
- CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547).
- CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413)
- CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524)
- CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526)
- CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531)
- CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589)
- CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543).
- CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678)
- CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093)
- CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394).
- CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376)
- CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)
- CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552)
- CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626)
- CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602)
- CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612).
- CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527)
- CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522)
The following non-security bugs were fixed:
- 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510).
- 9p/rdma: remove useless check in cm_event_handler (bsc#1051510).
- 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510).
- 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510).
- 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510).
- 9p: acl: fix uninitialized iattr access (bsc#1051510).
- 9p: p9dirent_read: check network-provided name length (bsc#1051510).
- 9p: pass the correct prototype to read_cache_page (bsc#1051510).
- acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510).
- acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510).
- acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510).
- acpi: fix false-positive -Wuninitialized warning (bsc#1051510).
- acpica: Increase total number of possible Owner IDs (bsc#1148859).
- acpica: Increase total number of possible Owner IDs (bsc#1148859).
- add some missing definitions (bsc#1144333).
- address lock imbalance warnings in smbdirect.c (bsc#1144333).
- af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510).
- af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02).
- alsa: firewire: fix a memory leak bug (bsc#1051510).
- alsa: hda - Add a generic reboot_notify (bsc#1051510).
- alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510).
- alsa: hda - Do not override global PCM hw info flag (bsc#1051510).
- alsa: hda - Fix a memory leak bug (bsc#1051510).
- alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510).
- alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510).
- alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510).
- alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510).
- alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510).
- alsa: hda: kabi workaround for generic parser flag (bsc#1051510).
- alsa: hiface: fix multiple memory leak bugs (bsc#1051510).
- alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510).
- alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510).
- alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510).
- alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510).
- arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021).
- arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021).
- arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021).
- asoc: Fail card instantiation if DAI format setup fails (bsc#1051510).
- asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510).
- ata: libahci: do not complain in case of deferred probe (bsc#1051510).
- batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510).
- batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510).
- batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510).
- bcache: fix possible memory leak in bch_cached_dev_run() (git fixes).
- bio: fix improper use of smp_mb__before_atomic() (git fixes).
- blk-mq: Fix spelling in a source code comment (git fixes).
- blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661).
- blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661).
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).
- block, documentation: Fix wbt_lat_usec documentation (git fixes).
- bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510).
- bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510).
- bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510).
- bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510).
- bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510).
- bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510).
- bluetooth: validate BLE connection interval updates (bsc#1051510).
- bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25).
- bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013).
- bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013).
- bonding: Always enable vlan tx offload (networking-stable-19_07_02).
- bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013).
- bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013).
- bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25).
- btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911).
- btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911).
- btrfs: add a helper to retrive extent inline ref type (bsc#1149325).
- btrfs: add cleanup_ref_head_accounting helper (bsc#1050911).
- btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487).
- btrfs: add one more sanity check for shared ref type (bsc#1149325).
- btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911).
- btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325).
- btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933).
- btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562).
- btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941).
- btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942).
- btrfs: fix incremental send failure after deduplication (bsc#1145940).
- btrfs: fix pinned underflow after transaction aborted (bsc#1050911).
- btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059).
- btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937).
- btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911).
- btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059).
- btrfs: remove BUG() in add_data_reference (bsc#1149325).
- btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325).
- btrfs: remove BUG() in print_extent_item (bsc#1149325).
- btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).
- btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103).
- btrfs: start readahead also in seed devices (bsc#1144886).
- btrfs: track running balance in a simpler way (bsc#1145059).
- btrfs: use GFP_KERNEL in init_ipath (bsc#1086103).
- caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25).
- can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510).
- can: mcp251x: add support for mcp25625 (bsc#1051510).
- can: peak_usb: fix potential double kfree_skb() (bsc#1051510).
- can: peak_usb: force the string buffer NULL-terminated (bsc#1051510).
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510).
- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510).
- can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510).
- can: sja1000: force the string buffer NULL-terminated (bsc#1051510).
- carl9170: fix misuse of device driver API (bsc#1142635).
- ceph: always get rstat from auth mds (bsc#1146346).
- ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346).
- ceph: decode feature bits in session message (bsc#1146346).
- ceph: do not blindly unregister session that is in opening state (bsc#1148133).
- ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133).
- ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219).
- ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133).
- ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133).
- ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133).
- ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133).
- ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450).
- ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133).
- ceph: remove request from waiting list before unregister (bsc#1148133).
- ceph: silence a checker warning in mdsc_show() (bsc#1148133).
- ceph: support cephfs' own feature bits (bsc#1146346).
- ceph: support getting ceph.dir.pin vxattr (bsc#1146346).
- ceph: support versioned reply (bsc#1146346).
- ceph: use bit flags to define vxattr attributes (bsc#1146346).
- cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510).
- cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333).
- cifs: Add DFS cache routines (bsc#1144333).
- cifs: Add direct I/O functions to file_operations (bsc#1144333).
- cifs: Add minor debug message during negprot (bsc#1144333).
- cifs: Add smb2_send_recv (bsc#1144333).
- cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333).
- cifs: Add support for direct I/O read (bsc#1144333).
- cifs: Add support for direct I/O write (bsc#1144333).
- cifs: Add support for direct pages in rdata (bsc#1144333).
- cifs: Add support for direct pages in wdata (bsc#1144333).
- cifs: Add support for failover in cifs_mount() (bsc#1144333).
- cifs: Add support for failover in cifs_reconnect() (bsc#1144333).
- cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333).
- cifs: Add support for failover in smb2_reconnect() (bsc#1144333).
- cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333).
- cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333).
- cifs: Adds information-level logging function (bsc#1144333).
- cifs: Adjust MTU credits before reopening a file (bsc#1144333).
- cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333).
- cifs: Allocate validate negotiation request through kmalloc (bsc#1144333).
- cifs: Always reset read error to -EIO if no response (bsc#1144333).
- cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333).
- cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333).
- cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333).
- cifs: Call MID callback before destroying transport (bsc#1144333).
- cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333).
- cifs: Check for reconnects before sending async requests (bsc#1144333).
- cifs: Check for reconnects before sending compound requests (bsc#1144333).
- cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333).
- cifs: Count SMB3 credits for malformed pending responses (bsc#1144333).
- cifs: Display SMB2 error codes in the hex format (bsc#1144333).
- cifs: Do not assume one credit for async responses (bsc#1144333).
- cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333).
- cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333).
- cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333).
- cifs: Do not log credits when unmounting a share (bsc#1144333).
- cifs: Do not match port on SMBDirect transport (bsc#1144333).
- cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333).
- cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333).
- cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333).
- cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333).
- cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333).
- cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333).
- cifs: Fix DFS cache refresher for DFS links (bsc#1144333).
- cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333).
- cifs: Fix NULL pointer dereference of devname (bnc#1129519).
- cifs: Fix NULL ptr deref (bsc#1144333).
- cifs: Fix a debug message (bsc#1144333).
- cifs: Fix a race condition with cifs_echo_request (bsc#1144333).
- cifs: Fix a tiny potential memory leak (bsc#1144333).
- cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333).
- cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333).
- cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333).
- cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333).
- cifs: Fix check for matching with existing mount (bsc#1144333).
- cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333).
- cifs: Fix credit calculations in compound mid callback (bsc#1144333).
- cifs: Fix credit computation for compounded requests (bsc#1144333).
- cifs: Fix credits calculation for cancelled requests (bsc#1144333).
- cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333).
- cifs: Fix encryption/signing (bsc#1144333).
- cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333).
- cifs: Fix error paths in writeback code (bsc#1144333).
- cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333).
- cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333).
- cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333).
- cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333).
- cifs: Fix lease buffer length error (bsc#1144333).
- cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333).
- cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333).
- cifs: Fix module dependency (bsc#1144333).
- cifs: Fix mounts if the client is low on credits (bsc#1144333).
- cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333).
- cifs: Fix possible oops and memory leaks in async IO (bsc#1144333).
- cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333).
- cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333).
- cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333).
- cifs: Fix signing for SMB2/3 (bsc#1144333).
- cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333).
- cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333).
- cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333).
- cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333).
- cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333).
- cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333).
- cifs: Fix use-after-free in SMB2_read (bsc#1144333).
- cifs: Fix use-after-free in SMB2_write (bsc#1144333).
- cifs: Fix validation of signed data in smb2 (bsc#1144333).
- cifs: Fix validation of signed data in smb3+ (bsc#1144333).
- cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333).
- cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333).
- cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333).
- cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333).
- cifs: Limit memory used by lock request calls to a page (bsc#1144333).
- cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333).
- cifs: Make sure all data pages are signed correctly (bsc#1144333).
- cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333).
- cifs: Mask off signals when sending SMB packets (bsc#1144333).
- cifs: Minor Kconfig clarification (bsc#1144333).
- cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333).
- cifs: Move open file handling to writepages (bsc#1144333).
- cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333).
- cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333).
- cifs: Only free DFS target list if we actually got one (bsc#1144333).
- cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333).
- cifs: Pass page offset for calculating signature (bsc#1144333).
- cifs: Pass page offset for encrypting (bsc#1144333).
- cifs: Print message when attempting a mount (bsc#1144333).
- cifs: Properly handle auto disabling of serverino option (bsc#1144333).
- cifs: Reconnect expired SMB sessions (bnc#1060662).
- cifs: Refactor out cifs_mount() (bsc#1144333).
- cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333).
- cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333).
- cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333).
- cifs: Respect reconnect in MTU credits calculations (bsc#1144333).
- cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333).
- cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).
- cifs: Return error code when getting file handle for writeback (bsc#1144333).
- cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).
- cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333).
- cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333).
- cifs: SMBD: Add rdma mount option (bsc#1144333).
- cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333).
- cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333).
- cifs: SMBD: Establish SMB Direct connection (bsc#1144333).
- cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).
- cifs: SMBD: Implement RDMA memory registration (bsc#1144333).
- cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333).
- cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333).
- cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333).
- cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333).
- cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333).
- cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333).
- cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333).
- cifs: SMBD: Support page offset in RDMA recv (bsc#1144333).
- cifs: SMBD: Support page offset in RDMA send (bsc#1144333).
- cifs: SMBD: Support page offset in memory registration (bsc#1144333).
- cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333).
- cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333).
- cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333).
- cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333).
- cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333).
- cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333).
- cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333).
- cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333).
- cifs: SMBD: export protocol initial values (bsc#1144333).
- cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333).
- cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333).
- cifs: Save TTL value when parsing DFS referrals (bsc#1144333).
- cifs: Select all required crypto modules (bsc#1085536, bsc#1144333).
- cifs: Set reconnect instance to one initially (bsc#1144333).
- cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333).
- cifs: Silence uninitialized variable warning (bsc#1144333).
- cifs: Skip any trailing backslashes from UNC (bsc#1144333).
- cifs: Try to acquire credits at once for compound requests (bsc#1144333).
- cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333).
- cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333).
- cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333).
- cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).
- cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333).
- cifs: Use kzfree() to free password (bsc#1144333).
- cifs: Use offset when reading pages (bsc#1144333).
- cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333).
- cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333).
- cifs: When sending data on socket, pass the correct page offset (bsc#1144333).
- cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333).
- cifs: add .splice_write (bsc#1144333).
- cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333).
- cifs: add ONCE flag for cifs_dbg type (bsc#1144333).
- cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).
- cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333).
- cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333).
- cifs: add SMB2_query_info_[init|free]() (bsc#1144333).
- cifs: add a new SMB2_close_flags function (bsc#1144333).
- cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333).
- cifs: add a timeout argument to wait_for_free_credits (bsc#1144333).
- cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333).
- cifs: add compound_send_recv() (bsc#1144333).
- cifs: add credits from unmatched responses/messages (bsc#1144333).
- cifs: add debug output to show nocase mount option (bsc#1144333).
- cifs: add fiemap support (bsc#1144333).
- cifs: add iface info to struct cifs_ses (bsc#1144333).
- cifs: add lease tracking to the cached root fid (bsc#1144333).
- cifs: add missing GCM module dependency (bsc#1144333).
- cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333).
- cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333).
- cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333).
- cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333).
- cifs: add server argument to the dump_detail method (bsc#1144333).
- cifs: add server->vals->header_preamble_size (bsc#1144333).
- cifs: add sha512 secmech (bsc#1051510, bsc#1144333).
- cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333).
- cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333).
- cifs: add support for ioctl on directories (bsc#1144333).
- cifs: address trivial coverity warning (bsc#1144333).
- cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).
- cifs: allow disabling less secure legacy dialects (bsc#1144333).
- cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333).
- cifs: always add credits back for unsolicited PDUs (bsc#1144333).
- cifs: auto disable 'serverino' in dfs mounts (bsc#1144333).
- cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333).
- cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333).
- cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333).
- cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333).
- cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333).
- cifs: change mkdir to use a compound (bsc#1144333).
- cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333).
- cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333).
- cifs: change unlink to use a compound (bsc#1144333).
- cifs: change validate_buf to validate_iov (bsc#1144333).
- cifs: change wait_for_free_request() to take flags as argument (bsc#1144333).
- cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333).
- cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333).
- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333).
- cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333).
- cifs: check kmalloc before use (bsc#1051510, bsc#1144333).
- cifs: check kzalloc return (bsc#1144333).
- cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333).
- cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333).
- cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333).
- cifs: clean up indentation, replace spaces with tab (bsc#1144333).
- cifs: cleanup smb2ops.c and normalize strings (bsc#1144333).
- cifs: complete PDU definitions for interface queries (bsc#1144333).
- cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333).
- cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333).
- cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333).
- cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333).
- cifs: create a helper function for compound query_info (bsc#1144333).
- cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333).
- cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333).
- cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333).
- cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333).
- cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333).
- cifs: do not return atime less than mtime (bsc#1144333).
- cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333).
- cifs: do not show domain= in mount output when domain is empty (bsc#1144333).
- cifs: do not use __constant_cpu_to_le32() (bsc#1144333).
- cifs: document tcon/ses/server refcount dance (bsc#1144333).
- cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333).
- cifs: dump every session iface info (bsc#1144333).
- cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333).
- cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333).
- cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333).
- cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333).
- cifs: fix SMB1 breakage (bsc#1144333).
- cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333).
- cifs: fix a credits leak for compund commands (bsc#1144333).
- cifs: fix bi-directional fsctl passthrough calls (bsc#1144333).
- cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333).
- cifs: fix build errors for SMB_DIRECT (bsc#1144333).
- cifs: fix circular locking dependency (bsc#1064701, bsc#1144333).
- cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333).
- cifs: fix confusing warning message on reconnect (bsc#1144333).
- cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).
- cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333).
- cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333).
- cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333).
- cifs: fix deadlock in cached root handling (bsc#1144333).
- cifs: fix encryption in SMB3.1.1 (bsc#1144333).
- cifs: fix handle leak in smb2_query_symlink() (bsc#1144333).
- cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333).
- cifs: fix kref underflow in close_shroot() (bsc#1144333).
- cifs: fix memory leak and remove dead code (bsc#1144333).
- cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333).
- cifs: fix memory leak in SMB2_read (bsc#1144333).
- cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333).
- cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333).
- cifs: fix page reference leak with readv/writev (bsc#1144333).
- cifs: fix panic in smb2_reconnect (bsc#1144333).
- cifs: fix parsing of symbolic link error response (bsc#1144333).
- cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333).
- cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333).
- cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333).
- cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333).
- cifs: fix smb3_zero_range for Azure (bsc#1144333).
- cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333).
- cifs: fix sparse warning on previous patch in a few printks (bsc#1144333).
- cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333).
- cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333).
- cifs: fix typo in cifs_dbg (bsc#1144333).
- cifs: fix typo in debug message with struct field ia_valid (bsc#1144333).
- cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333).
- cifs: fix use-after-free of the lease keys (bsc#1144333).
- cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333).
- cifs: flush before set-info if we have writeable handles (bsc#1144333).
- cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333).
- cifs: handle netapp error codes (bsc#1136261).
- cifs: hide unused functions (bsc#1051510, bsc#1144333).
- cifs: hide unused functions (bsc#1051510, bsc#1144333).
- cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333).
- cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333).
- cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333).
- cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333).
- cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333).
- cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333).
- cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333).
- cifs: make arrays static const, reduces object code size (bsc#1144333).
- cifs: make minor clarifications to module params for cifs.ko (bsc#1144333).
- cifs: make mknod() an smb_version_op (bsc#1144333).
- cifs: make rmdir() use compounding (bsc#1144333).
- cifs: make smb_send_rqst take an array of requests (bsc#1144333).
- cifs: minor clarification in comments (bsc#1144333).
- cifs: minor updates to module description for cifs.ko (bsc#1144333).
- cifs: move default port definitions to cifsglob.h (bsc#1144333).
- cifs: move large array from stack to heap (bsc#1144333).
- cifs: only wake the thread for the very last PDU in a compound (bsc#1144333).
- cifs: parse and store info on iface queries (bsc#1144333).
- cifs: pass flags down into wait_for_free_credits() (bsc#1144333).
- cifs: pass page offsets on SMB1 read/write (bsc#1144333).
- cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333).
- cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333).
- cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333).
- cifs: protect against server returning invalid file system block size (bsc#1144333).
- cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).
- cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).
- cifs: push rfc1002 generation down the stack (bsc#1144333).
- cifs: read overflow in is_valid_oplock_break() (bsc#1144333).
- cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333).
- cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333).
- cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333).
- cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333).
- cifs: remove coverity warning in calc_lanman_hash (bsc#1144333).
- cifs: remove header_preamble_size where it is always 0 (bsc#1144333).
- cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333).
- cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333).
- cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333).
- cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333).
- cifs: remove rfc1002 header from smb2_close_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_create_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333).
- cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333).
- cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333).
- cifs: remove set but not used variable 'cifs_sb' (bsc#1144333).
- cifs: remove set but not used variable 'sep' (bsc#1144333).
- cifs: remove set but not used variable 'server' (bsc#1144333).
- cifs: remove set but not used variable 'smb_buf' (bsc#1144333).
- cifs: remove small_smb2_init (bsc#1144333).
- cifs: remove smb2_send_recv() (bsc#1144333).
- cifs: remove struct smb2_hdr (bsc#1144333).
- cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).
- cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333).
- cifs: remove unused stats (bsc#1144333).
- cifs: remove unused value pointed out by Coverity (bsc#1144333).
- cifs: remove unused variable from SMB2_read (bsc#1144333).
- cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333).
- cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333).
- cifs: replace snprintf with scnprintf (bsc#1144333).
- cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333).
- cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333).
- cifs: return error on invalid value written to cifsFYI (bsc#1144333).
- cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333).
- cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333).
- cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333).
- cifs: show 'soft' in the mount options for hard mounts (bsc#1144333).
- cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333).
- cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333).
- cifs: simple stats should always be enabled (bsc#1144333).
- cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files.
- cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333).
- cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333).
- cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333).
- cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333).
- cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333).
- cifs: smbd: Avoid allocating iov on the stack (bsc#1144333).
- cifs: smbd: Check for iov length on sending the last iov (bsc#1144333).
- cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333).
- cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333).
- cifs: smbd: Dump SMB packet when configured (bsc#1144333).
- cifs: smbd: Enable signing with smbdirect (bsc#1144333).
- cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333).
- cifs: smbd: Retry on memory registration failure (bsc#1144333).
- cifs: smbd: Return EINTR when interrupted (bsc#1144333).
- cifs: smbd: avoid reconnect lockup (bsc#1144333).
- cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333).
- cifs: smbd: disconnect transport on RDMA errors (bsc#1144333).
- cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333).
- cifs: start DFS cache refresher in cifs_mount() (bsc#1144333).
- cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333).
- cifs: suppress some implicit-fallthrough warnings (bsc#1144333).
- cifs: track writepages in vfs operation counters (bsc#1144333).
- cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333).
- cifs: update calc_size to take a server argument (bsc#1144333).
- cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333).
- cifs: update internal module number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).
- cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).
- cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333).
- cifs: update module internal version number (bsc#1144333).
- cifs: update multiplex loop to handle compounded responses (bsc#1144333).
- cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333).
- cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333).
- cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333).
- cifs: update smb2_queryfs() to use compounding (bsc#1144333).
- cifs: use a compound for setting an xattr (bsc#1144333).
- cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333).
- cifs: use correct format characters (bsc#1144333).
- cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333).
- cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333).
- cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333).
- cifs: we can not use small padding iovs together with encryption (bsc#1144333).
- cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333).
- cifs: zero-range does not require the file is sparse (bsc#1144333).
- cifs:smbd Use the correct DMA direction when sending data (bsc#1144333).
- cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333).
- cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333).
- cifs_lookup(): switch to d_splice_alias() (bsc#1144333).
- clk: Export clk_bulk_prepare() (bsc#1144813).
- clk: add clk_bulk_get accessories (bsc#1144813).
- clk: bcm2835: remove pllb (jsc#SLE-7294).
- clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294).
- clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813).
- clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294).
- clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510).
- clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813).
- clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813).
- compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510).
- coredump: split pipe command whitespace before expanding template (bsc#1051510).
- cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279).
- cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294).
- crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510).
- crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510).
- crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510).
- crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934).
- crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510).
- crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510).
- cx82310_eth: fix a memory leak bug (bsc#1051510).
- dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698).
- devres: always use dev_name() in devm_ioremap_resource() (git fixes).
- dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333).
- dm btree: fix order of block initialization in btree_split_beneath (git fixes).
- dm bufio: fix deadlock with loop device (git fixes).
- dm cache metadata: Fix loading discard bitset (git fixes).
- dm crypt: do not overallocate the integrity tag space (git fixes).
- dm crypt: fix parsing of extended IV arguments (git fixes).
- dm delay: fix a crash when invalid device is specified (git fixes).
- dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes).
- dm integrity: limit the rate of error messages (git fixes).
- dm kcopyd: always complete failed jobs (git fixes).
- dm raid: add missing cleanup in raid_ctr() (git fixes).
- dm space map metadata: fix missing store of apply_bops() return value (git fixes).
- dm table: fix invalid memory accesses with too high sector number (git fixes).
- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes).
- dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes).
- dm thin: fix passdown_double_checking_shared_status() (git fixes).
- dm zoned: Fix zone report handling (git fixes).
- dm zoned: Silence a static checker warning (git fixes).
- dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes).
- dm zoned: fix zone state management race (git fixes).
- dm zoned: improve error handling in i/o map code (git fixes).
- dm zoned: improve error handling in reclaim (git fixes).
- dm zoned: properly handle backing device failure (git fixes).
- dm: bufio: revert: 'fix deadlock with loop device' (git fixes).
- dm: fix to_sector() for 32bit (git fixes).
- dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes).
- dma-buf: balance refcount inbalance (bsc#1051510).
- dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510).
- documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510).
- documentation: Add nospectre_v1 parameter (bsc#1051510).
- driver core: Fix use-after-free and double free on glue directory (bsc#1131281).
- drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510).
- drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510).
- drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642)
- drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510).
- drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510).
- drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510).
- drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642)
- drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635)
- drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510).
- drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635)
- drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635)
- drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)
- drm/imx: notify drm core before sending event during crtc disable (bsc#1135642)
- drm/imx: only send event on crtc disable if kept disabled (bsc#1135642)
- drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642)
- drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642)
- drm/mediatek: clear num_pipes when unbind driver (bsc#1135642)
- drm/mediatek: fix unbind functions (bsc#1135642)
- drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635)
- drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642)
- drm/mediatek: use correct device to import PRIME buffers (bsc#1142635)
- drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635)
- drm/msm: Depopulate platform on probe failure (bsc#1051510).
- drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635)
- drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510).
- drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510).
- drm/rockchip: Suspend DP late (bsc#1142635)
- drm/udl: introduce a macro to convert dev to udl. (bsc#1113722)
- drm/udl: move to embedding drm device inside udl device. (bsc#1113722)
- drm/virtio: Add memory barriers for capset cache (bsc#1051510).
- drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642)
- drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642)
- drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510).
- drm: msm: Fix add_gpu_components (bsc#1051510).
- drm: silence variable 'conn' set but not used (bsc#1051510).
- ecryptfs: fix a couple type promotion bugs (bsc#1051510).
- edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178).
- edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178).
- edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279).
- efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510).
- ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510).
- ext4: use jbd2_inode dirty range scoping (bsc#1148616).
- firmware: raspberrypi: register clk device (jsc#SLE-7294).
- firmware: ti_sci: Always request response from firmware (bsc#1051510).
- fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333).
- fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333).
- fix struct ufs_req removal of unused field (git-fixes).
- fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333).
- fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333).
- fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).
- fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333).
- fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333).
- fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333).
- fs/cifs: fix uninitialised variable warnings (bsc#1144333).
- fs/cifs: require sha512 (bsc#1051510, bsc#1144333).
- fs/cifs: suppress a string overflow warning (bsc#1144333).
- fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031).
- fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333).
- fs: cifs: Kconfig: pedantic formatting (bsc#1144333).
- fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333).
- fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333).
- fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033).
- fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510).
- ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418).
- ftrace: Check for successful allocation of hash (bsc#1149424).
- ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413).
- gpio: Fix build error of function redefinition (bsc#1051510).
- gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510).
- gpio: mxs: Get rid of external API call (bsc#1051510).
- gpio: omap: ensure irq is enabled before wakeup (bsc#1051510).
- gpio: pxa: handle corner case of unprobed device (bsc#1051510).
- gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510).
- gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510).
- gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635)
- hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510).
- hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510).
- hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510).
- hid: hiddev: avoid opening a disconnected device (bsc#1051510).
- hid: hiddev: do cleanup in failure of opening a device (bsc#1051510).
- hid: holtek: test for sanity of intfdata (bsc#1051510).
- hid: sony: Fix race condition between rumble and device remove (bsc#1051510).
- hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635).
- hid: wacom: correct misreported EKR ring values (bsc#1142635).
- hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510).
- hpet: Fix division by zero in hpet_time_div() (bsc#1051510).
- hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510).
- hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510).
- i2c: emev2: avoid race when unregistering slave client (bsc#1051510).
- i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510).
- i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510).
- ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678).
- ibmveth: Convert multicast list size for little-endian system (bsc#1061843).
- ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635).
- ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726).
- igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25).
- iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510).
- iio: adc: max9611: Fix temperature reading in probe (bsc#1051510).
- iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510).
- include/linux/bitops.h: sanitize rotate primitives (git fixes).
- input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510).
- input: alps - fix a mismatch between a condition check and its comment (bsc#1051510).
- input: iforce - add sanity checks (bsc#1051510).
- input: kbtab - sanity check for endpoint type (bsc#1051510).
- input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510).
- input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510).
- input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510).
- intel_th: pci: Add Ice Lake NNPI support (bsc#1051510).
- intel_th: pci: Add Tiger Lake support (bsc#1051510).
- intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510).
- iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010).
- iommu/amd: Fix race in increase_address_space() (bsc#1150860).
- iommu/amd: Flush old domains in kdump kernel (bsc#1150861).
- iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105).
- iommu/dma: Handle SG length overflow better (bsc#1146084).
- iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024).
- iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024).
- ipip: validate header length in ipip_tunnel_xmit (git-fixes).
- ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25).
- irqchip/gic-v3-its: fix build warnings (bsc#1144880).
- isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510).
- isdn: hfcsusb: checking idx of ep configuration (bsc#1051510).
- isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510).
- iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086).
- iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510).
- iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902).
- iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635).
- iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).
- iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635).
- iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635).
- iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635).
- jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843).
- jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616).
- kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010).
- kasan: remove redundant initialization of variable 'real_size' (git fixes).
- kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510).
- keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510).
- kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021).
- kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882).
- kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021).
- kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388).
- kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408).
- kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840).
- kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021).
- kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393).
- kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395).
- kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394).
- kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083).
- kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083).
- kvm: arm/arm64: Close VMID generation race (bsc#1133021).
- kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021).
- kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021).
- kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021).
- kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021).
- kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021).
- kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021).
- kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021).
- kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021).
- kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021).
- kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021).
- kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021).
- kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021).
- kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021).
- kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021).
- kvm: mmu: Fix overlap between public and private memslots (bsc#1133021).
- kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391).
- kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392).
- kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389).
- kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390).
- kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397).
- kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104).
- kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396).
- kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409).
- kvm: x86: fix backward migration with async_PF (bsc#1146074).
- lan78xx: Fix memory leaks (bsc#1051510).
- libata: add SG safety checks in SFF pio transfers (bsc#1051510).
- libata: do not request sense data on !ZAC ATA devices (bsc#1051510).
- libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510).
- libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510).
- libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).
- libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897).
- libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450).
- libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450).
- libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133).
- libceph: assign cookies in linger_submit() (bsc#1135897).
- libceph: check reply num_data_items in setup_request_data() (bsc#1135897).
- libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).
- libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).
- libceph: fix PG split vs OSD (re)connect race (bsc#1148133).
- libceph: handle zero-length data items (bsc#1141450).
- libceph: introduce BVECS data type (bsc#1141450).
- libceph: introduce alloc_watch_request() (bsc#1135897).
- libceph: introduce ceph_pagelist_alloc() (bsc#1135897).
- libceph: preallocate message data items (bsc#1135897).
- libceph: use single request data item for cmp/setxattr (bsc#1139101).
- libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720).
- liquidio: add cleanup in octeon_setup_iq() (bsc#1051510).
- loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes).
- mac80211: do not WARN on short WMM parameters from AP (bsc#1051510).
- mac80211: do not warn about CW params when not using them (bsc#1051510).
- mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635).
- mac80211: fix possible sta leak (bsc#1051510).
- macsec: fix checksumming after decryption (bsc#1051510).
- macsec: fix use-after-free of skb during RX (bsc#1051510).
- macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510).
- macsec: update operstate when lower device changes (bsc#1051510).
- mailbox: handle failed named mailbox channel request (bsc#1051510).
- md/raid: raid5 preserve the writeback action after the parity check (git fixes).
- md: add mddev->pers to avoid potential NULL pointer dereference (git fixes).
- media: au0828: fix null dereference in error path (bsc#1051510).
- media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510).
- media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510).
- media: coda: fix mpeg2 sequence number handling (bsc#1051510).
- media: coda: increment sequence offset for the last returned frame (bsc#1051510).
- media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510).
- media: hdpvr: fix locking and a missing msleep (bsc#1051510).
- media: media_device_enum_links32: clean a reserved field (bsc#1051510).
- media: pvrusb2: use a different format for warnings (bsc#1051510).
- media: spi: IR LED: add missing of table registration (bsc#1051510).
- media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510).
- media: vpss: fix a potential NULL pointer dereference (bsc#1051510).
- media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510).
- mfd: arizona: Fix undefined behavior (bsc#1051510).
- mfd: core: Set fwnode for created devices (bsc#1051510).
- mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510).
- mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875).
- mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality).
- mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality).
- mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality).
- mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality).
- mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality).
- mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality).
- mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality).
- mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality).
- mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality).
- mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality).
- mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689).
- mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality).
- mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616).
- mm: do not stall register_shrinker() (bsc#1104902, VM Performance).
- mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality).
- mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510).
- mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510).
- mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510).
- mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510).
- mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510).
- mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875).
- mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875).
- move a few externs to smbdirect.h to eliminate warning (bsc#1144333).
- move core networking kabi patches to the end of the section
- move irq_data_get_effective_affinity_mask prior the sorted section
- mpls: fix warning with multi-label encap (bsc#1051510).
- nbd: replace kill_bdev() with __invalidate_device() again (git fixes).
- net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510).
- net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635).
- net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635).
- net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678).
- net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25).
- net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963).
- net/smc: original socket family in inet_sock_diag (bsc#1149959).
- net: Fix netdev_WARN_ONCE macro (git-fixes).
- net: Introduce netdev_*_once functions (networking-stable-19_07_25).
- net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25).
- net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25).
- net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25).
- net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25).
- net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25).
- net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021).
- net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021).
- net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021).
- net: ena: add good checksum counter (bsc#1139020 bsc#1139021).
- net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021).
- net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021).
- net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021).
- net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021).
- net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021).
- net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021).
- net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021).
- net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021).
- net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021).
- net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021).
- net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021).
- net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021).
- net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021).
- net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021).
- net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021).
- net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021).
- net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021).
- net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021).
- net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021).
- net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021).
- net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021).
- net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021).
- net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25).
- net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25).
- net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02).
- net: sched: verify that q!=NULL before setting q->flags (git-fixes).
- net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02).
- net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02).
- net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510).
- net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25).
- netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25).
- netrom: hold sock when setting skb->destructor (networking-stable-19_07_25).
- nfc: fix potential illegal memory access (bsc#1051510).
- nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291).
- nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291).
- nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012).
- nfs: make nfs_match_client killable (bsc#1134291).
- nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).
- nvme-core: Fix extra device_put() call on error path (bsc#1142541).
- nvme-fc: fix module unloads while lports still pending (bsc#1150033).
- nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554).
- nvme-multipath: relax ANA state check (bsc#1123105).
- nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876).
- nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076).
- nvme: cancel request synchronously (bsc#1145661).
- nvme: change locking for the per-subsystem controller list (bsc#1142541).
- nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426)
- nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938).
- objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302).
- objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300).
- octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510).
- pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106).
- pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841).
- pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701).
- pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635).
- pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635).
- phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510).
- phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510).
- pinctrl: pistachio: fix leaked of_node references (bsc#1051510).
- pinctrl: rockchip: fix leaked of_node references (bsc#1051510).
- pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813).
- pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813).
- pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813).
- pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813).
- pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813).
- pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813).
- pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294).
- powerpc/64s: Include cpu header (bsc#1065729).
- powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107).
- powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes).
- powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937).
- powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937).
- powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937).
- powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376).
- powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352).
- powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107).
- powerpc/fsl: Update Spectre v2 reporting (bsc#1131107).
- powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600).
- powerpc/lib: Fix feature fixup test of external branch (bsc#1065729).
- powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509).
- powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509).
- powerpc/mm: Handle page table allocation failures (bsc#1065729).
- powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686).
- powerpc/perf: Add mem access events to sysfs (bsc#1124370).
- powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686).
- powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686).
- powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686).
- powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686).
- powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729).
- powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958).
- powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes).
- powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958).
- powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958).
- powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes).
- powerpc/pseries: add missing cpumask.h include file (bsc#1065729).
- powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925).
- powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840).
- powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107).
- powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019).
- powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762).
- powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019).
- powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019).
- powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764).
- powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958).
- qede: fix write to free'd pointer error and double free of ptp (bsc#1051510).
- qlge: Deduplicate lbq_buf_size (bsc#1106061).
- qlge: Deduplicate rx buffer queue management (bsc#1106061).
- qlge: Factor out duplicated expression (bsc#1106061).
- qlge: Fix dma_sync_single calls (bsc#1106061).
- qlge: Fix irq masking in INTx mode (bsc#1106061).
- qlge: Refill empty buffer queues from wq (bsc#1106061).
- qlge: Refill rx buffers up to multiple of 16 (bsc#1106061).
- qlge: Remove bq_desc.maplen (bsc#1106061).
- qlge: Remove irq_cnt (bsc#1106061).
- qlge: Remove page_chunk.last_flag (bsc#1106061).
- qlge: Remove qlge_bq.len & size (bsc#1106061).
- qlge: Remove rx_ring.sbq_buf_size (bsc#1106061).
- qlge: Remove rx_ring.type (bsc#1106061).
- qlge: Remove useless dma synchronization calls (bsc#1106061).
- qlge: Remove useless memset (bsc#1106061).
- qlge: Replace memset with assignment (bsc#1106061).
- qlge: Update buffer queue prod index despite oom (bsc#1106061).
- rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450).
- rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450).
- rbd: get rid of img_req->copyup_pages (bsc#1141450).
- rbd: move from raw pages to bvec data descriptors (bsc#1141450).
- rbd: remove bio cloning helpers (bsc#1141450).
- rbd: start enums at 1 instead of 0 (bsc#1141450).
- rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450).
- regmap: fix bulk writes on paged registers (bsc#1051510).
- regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510).
- rename patches according to their names in SLE15-SP1.
- rpm/kernel-binary.spec.in: Enable missing modules check.
- rpm/kernel-binary.spec.in: Enable missing modules check.
- rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510).
- rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510).
- rpmsg: smd: fix memory leak on channel create (bsc#1051510).
- rsi: improve kernel thread handling to fix kernel panic (bsc#1051510).
- rslib: Fix decoding of shortened codes (bsc#1051510).
- rslib: Fix handling of of caller provided syndrome (bsc#1051510).
- rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510).
- rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25).
- s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339).
- s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907).
- s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331).
- s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339).
- s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339).
- s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339).
- s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339).
- s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339).
- samples, bpf: fix to change the buffer size for read() (bsc#1051510).
- samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510).
- sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920).
- sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920).
- scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510).
- scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510).
- scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510).
- scripts/gdb: fix lx-version string output (bsc#1051510).
- scripts/git_sort/git_sort.py:
- scsi: NCR5380: Always re-enable reselection interrupt (git-fixes).
- scsi: aacraid: Fix missing break in switch statement (git-fixes).
- scsi: aacraid: Fix performance issue on logical drives (git-fixes).
- scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes).
- scsi: aic94xx: fix module loading (git-fixes).
- scsi: bfa: convert to strlcpy/strlcat (git-fixes).
- scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes).
- scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes).
- scsi: core: Fix race on creating sense cache (git-fixes).
- scsi: core: Synchronize request queue PM status only on successful resume (git-fixes).
- scsi: core: set result when the command cannot be dispatched (git-fixes).
- scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868).
- scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes).
- scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes.
- scsi: fas216: fix sense buffer initialization (git-fixes).
- scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes).
- scsi: libfc: fix null pointer dereference on a null lport (git-fixes).
- scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes).
- scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes).
- scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes).
- scsi: megaraid: fix out-of-bound array accesses (git-fixes).
- scsi: megaraid_sas: Fix calculation of target ID (git-fixes).
- scsi: ncr5380: revert 'Increase register polling limit' (git-fixes).
- scsi: qedf: Add debug information for unsolicited processing (bsc#1149976).
- scsi: qedf: Add shutdown callback handler (bsc#1149976).
- scsi: qedf: Add support for 20 Gbps speed (bsc#1149976).
- scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976).
- scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976).
- scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976).
- scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976).
- scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976).
- scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976).
- scsi: qedf: Print message during bailout conditions (bsc#1149976).
- scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976).
- scsi: qedf: Update module description string (bsc#1149976).
- scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976).
- scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976).
- scsi: qedf: Use discovery list to traverse rports (bsc#1149976).
- scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes).
- scsi: qedf: remove set but not used variables (bsc#1149976).
- scsi: qedi: remove declaration of nvm_image from stack (git-fixes).
- scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424).
- scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes).
- scsi: qla2xxx: Fix a format specifier (git-fixes).
- scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes).
- scsi: qla2xxx: Fix device staying in blocked state (git-fixes).
- scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes).
- scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes).
- scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes).
- scsi: raid_attrs: fix unused variable warning (git-fixes).
- scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes).
- scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes).
- scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes).
- scsi: sd: Fix cache_type_store() (git-fixes).
- scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes).
- scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes).
- scsi: sd: use mempool for discard special page (git-fixes).
- scsi: sd_zbc: Fix potential memory leak (git-fixes).
- scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes).
- scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes).
- scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes).
- scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes).
- scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes).
- scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes).
- scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes).
- scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes).
- scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes).
- scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes).
- sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02).
- serial: 8250: Fix TX interrupt handling condition (bsc#1051510).
- signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333).
- sis900: fix TX completion (bsc#1051510).
- sky2: Disable MSI on ASUS P6T (bsc#1142496).
- smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333).
- smb2: fix typo in definition of a few error flags (bsc#1144333).
- smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333).
- smb3 - clean up debug output displaying network interfaces (bsc#1144333).
- smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333).
- smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333).
- smb311: Fix reconnect (bsc#1051510, bsc#1144333).
- smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333).
- smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333).
- smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333).
- smb3: Add defines for new negotiate contexts (bsc#1144333).
- smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333).
- smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333).
- smb3: Add handling for different FSCTL access flags (bsc#1144333).
- smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333).
- smb3: Add protocol structs for change notify support (bsc#1144333).
- smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333).
- smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333).
- smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333).
- smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333).
- smb3: Allow query of symlinks stored as reparse points (bsc#1144333).
- smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333).
- smb3: Backup intent flag missing from compounded ops (bsc#1144333).
- smb3: Clean up query symlink when reparse point (bsc#1144333).
- smb3: Cleanup license mess (bsc#1144333).
- smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333).
- smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333).
- smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333).
- smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333).
- smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333).
- smb3: Fix endian warning (bsc#1144333, bsc#1137884).
- smb3: Fix enumerating snapshots to Azure (bsc#1144333).
- smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333).
- smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333).
- smb3: Fix potential memory leak when processing compound chain (bsc#1144333).
- smb3: Fix rmdir compounding regression to strict servers (bsc#1144333).
- smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333).
- smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333).
- smb3: Log at least once if tree connect fails during reconnect (bsc#1144333).
- smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333).
- smb3: Send netname context during negotiate protocol (bsc#1144333).
- smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333).
- smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333).
- smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333).
- smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333).
- smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333).
- smb3: add credits we receive from oplock/break PDUs (bsc#1144333).
- smb3: add debug for unexpected mid cancellation (bsc#1144333).
- smb3: add define for id for posix create context and corresponding struct (bsc#1144333).
- smb3: add dynamic trace point for query_info_enter/done (bsc#1144333).
- smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333).
- smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333).
- smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333).
- smb3: add missing read completion trace point (bsc#1144333).
- smb3: add module alias for smb3 to cifs.ko (bsc#1144333).
- smb3: add new mount option to retrieve mode from special ACE (bsc#1144333).
- smb3: add reconnect tracepoints (bsc#1144333).
- smb3: add smb3.1.1 to default dialect list (bsc#1144333).
- smb3: add support for posix negotiate context (bsc#1144333).
- smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333).
- smb3: add trace point for tree connection (bsc#1144333).
- smb3: add tracepoint for sending lease break responses to server (bsc#1144333).
- smb3: add tracepoint for session expired or deleted (bsc#1144333).
- smb3: add tracepoint for slow responses (bsc#1144333).
- smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333).
- smb3: add tracepoints for query dir (bsc#1144333).
- smb3: add tracepoints for smb2/smb3 open (bsc#1144333).
- smb3: add way to control slow response threshold for logging and stats (bsc#1144333).
- smb3: allow more detailed protocol info on open files for debugging (bsc#1144333).
- smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333).
- smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333).
- smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333).
- smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333).
- smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333).
- smb3: directory sync should not return an error (bsc#1051510, bsc#1144333).
- smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333).
- smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333).
- smb3: display session id in debug data (bsc#1144333).
- smb3: display stats counters for number of slow commands (bsc#1144333).
- smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333).
- smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333).
- smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333).
- smb3: do not display confusing message on mount to Azure servers (bsc#1144333).
- smb3: do not display empty interface list (bsc#1144333).
- smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333).
- smb3: do not send compression info by default (bsc#1144333).
- smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333).
- smb3: fix bytes_read statistics (bsc#1144333).
- smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333).
- smb3: fix large reads on encrypted connections (bsc#1144333).
- smb3: fix lease break problem introduced by compounding (bsc#1144333).
- smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333).
- smb3: fix redundant opens on root (bsc#1144333).
- smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333).
- smb3: fix various xid leaks (bsc#1051510, bsc#1144333).
- smb3: for kerberos mounts display the credential uid used (bsc#1144333).
- smb3: handle new statx fields (bsc#1085536, bsc#1144333).
- smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333).
- smb3: if server does not support posix do not allow posix mount option (bsc#1144333).
- smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333).
- smb3: increase initial number of credits requested to allow write (bsc#1144333).
- smb3: make default i/o size for smb3 mounts larger (bsc#1144333).
- smb3: minor cleanup of compound_send_recv (bsc#1144333).
- smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333).
- smb3: minor missing defines relating to reparse points (bsc#1144333).
- smb3: missing defines and structs for reparse point handling (bsc#1144333).
- smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333).
- smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333).
- smb3: optimize open to not send query file internal info (bsc#1144333).
- smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333).
- smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333).
- smb3: query inode number on open via create context (bsc#1144333).
- smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333).
- smb3: remove per-session operations from per-tree connection stats (bsc#1144333).
- smb3: rename encryption_required to smb3_encryption_required (bsc#1144333).
- smb3: request more credits on normal (non-large read/write) ops (bsc#1144333).
- smb3: request more credits on tree connect (bsc#1144333).
- smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333).
- smb3: send CAP_DFS capability during session setup (bsc#1144333).
- smb3: send backup intent on compounded query info (bsc#1144333).
- smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333).
- smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333).
- smb3: smbdirect no longer experimental (bsc#1144333).
- smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333).
- smb3: track the instance of each session for debugging (bsc#1144333).
- smb3: trivial cleanup to smb2ops.c (bsc#1144333).
- smb3: update comment to clarify enumerating snapshots (bsc#1144333).
- smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333).
- smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333).
- smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333).
- smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333).
- smbd: Make upper layer decide when to destroy the transport (bsc#1144333).
- smpboot: Place the __percpu annotation correctly (git fixes).
- soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813).
- soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813).
- soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813).
- sound: fix a memory leak bug (bsc#1051510).
- spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510).
- spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510).
- spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510).
- st21nfca_connectivity_event_received: null check the allocation (bsc#1051510).
- st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510).
- staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510).
- staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510).
- supported.conf: Add missing modules (bsc#1066369).
- supported.conf: Add missing modules (bsc#1066369).
- supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294).
- supported.conf: Remove duplicate drivers/ata/libahci_platform
- supported.conf: Sort alphabetically, align comments.
- supported.conf: Sort alphabetically, align comments.
- tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25).
- test_firmware: fix a memory leak bug (bsc#1051510).
- tipc: change to use register_pernet_device (networking-stable-19_07_02).
- tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555).
- tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555).
- tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555).
- tpm: Unify the send callback behaviour (bsc#1082555).
- tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555).
- tracing: Fix header include guards in trace event headers (bsc#1144474).
- treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333).
- tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510).
- tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510).
- tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510).
- tty: serial: msm_serial: avoid system lockup condition (bsc#1051510).
- tua6100: Avoid build warnings (bsc#1051510).
- tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02).
- udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617).
- update internal version number for cifs.ko (bsc#1144333).
- usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510).
- usb: CDC: fix sanity checks in CDC union parser (bsc#1142635).
- usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510).
- usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635).
- usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510).
- usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510).
- usb: core: Fix races in character device registration and deregistraion (bsc#1051510).
- usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510).
- usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510).
- usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635).
- usb: host: fotg2: restart hcd after port reset (bsc#1051510).
- usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510).
- usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510).
- usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510).
- usb: iowarrior: fix deadlock on disconnect (bsc#1051510).
- usb: serial: option: Add Motorola modem UARTs (bsc#1051510).
- usb: serial: option: Add support for ZTE MF871A (bsc#1051510).
- usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510).
- usb: serial: option: add the BroadMobi BM818 card (bsc#1051510).
- usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510).
- usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510).
- usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510).
- usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510).
- usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510).
- vfs: fix page locking deadlocks when deduping files (bsc#1148619).
- vmci: Release resource if the work is already queued (bsc#1051510).
- vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25).
- watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510).
- watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510).
- watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510).
- watchdog: fix compile time error of pretimeout governors (bsc#1051510).
- wimax/i2400m: fix a memory leak bug (bsc#1051510).
- x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279).
- x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382).
- x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279).
- x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689).
- x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689).
- x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279).
- x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279).
- x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279).
- x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279).
- xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600).
- xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300).
- xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300).
- xfrm: Fix bucket count reported to userspace (bsc#1143300).
- xfrm: Fix error return code in xfrm_output_one() (bsc#1143300).
- xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035).
- xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053).
- xfs: dump transaction usage details on log reservation overrun (bsc#1145235).
- xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235).
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032).
- xfs: fix semicolon.cocci warnings (bsc#1145235).
- xfs: fix up agi unlinked list reservations (bsc#1145235).
- xfs: include an allocfree res for inobt modifications (bsc#1145235).
- xfs: include inobt buffers in ifree tx log reservation (bsc#1145235).
- xfs: print transaction log reservation on overrun (bsc#1145235).
- xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235).
- xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235).
- xfs: remove more ondisk directory corruption asserts (bsc#1148034).
- xfs: separate shutdown from ticket reservation print helper (bsc#1145235).
- xfs: truncate transaction does not modify the inobt (bsc#1145235).
ImportantSUSE bug 1047238SUSE bug 1050911SUSE bug 1051510SUSE bug 1054914SUSE bug 1055117SUSE bug 1056686SUSE bug 1060662SUSE bug 1061840SUSE bug 1061843SUSE bug 1064597SUSE bug 1064701SUSE bug 1065600SUSE bug 1065729SUSE bug 1066369SUSE bug 1071009SUSE bug 1071306SUSE bug 1078248SUSE bug 1082555SUSE bug 1085030SUSE bug 1085536SUSE bug 1085539SUSE bug 1086103SUSE bug 1087092SUSE bug 1090734SUSE bug 1091171SUSE bug 1093205SUSE bug 1102097SUSE bug 1104902SUSE bug 1106061SUSE bug 1106284SUSE bug 1106434SUSE bug 1108382SUSE bug 1112178SUSE bug 1112894SUSE bug 1112899SUSE bug 1112902SUSE bug 1112903SUSE bug 1112905SUSE bug 1112906SUSE bug 1112907SUSE bug 1113722SUSE bug 1114279SUSE bug 1114542SUSE bug 1118689SUSE bug 1119086SUSE bug 1120876SUSE bug 1120902SUSE bug 1120937SUSE bug 1123105SUSE bug 1123959SUSE bug 1124370SUSE bug 1129424SUSE bug 1129519SUSE bug 1129664SUSE bug 1131107SUSE bug 1131281SUSE bug 1131565SUSE bug 1133021SUSE bug 1134291SUSE bug 1134881SUSE bug 1134882SUSE bug 1135219SUSE bug 1135642SUSE bug 1135897SUSE bug 1136261SUSE bug 1137069SUSE bug 1137884SUSE bug 1138539SUSE bug 1139020SUSE bug 1139021SUSE bug 1139101SUSE bug 1139500SUSE bug 1140012SUSE bug 1140426SUSE bug 1140487SUSE bug 1141013SUSE bug 1141450SUSE bug 1141543SUSE bug 1141554SUSE bug 1142019SUSE bug 1142076SUSE bug 1142109SUSE bug 1142117SUSE bug 1142118SUSE bug 1142119SUSE bug 1142496SUSE bug 1142541SUSE bug 1142635SUSE bug 1142685SUSE bug 1142701SUSE bug 1142857SUSE bug 1143300SUSE bug 1143466SUSE bug 1143765SUSE bug 1143841SUSE bug 1143843SUSE bug 1144123SUSE bug 1144333SUSE bug 1144474SUSE bug 1144518SUSE bug 1144718SUSE bug 1144813SUSE bug 1144880SUSE bug 1144886SUSE bug 1144912SUSE bug 1144920SUSE bug 1144979SUSE bug 1145010SUSE bug 1145024SUSE bug 1145051SUSE bug 1145059SUSE bug 1145189SUSE bug 1145235SUSE bug 1145300SUSE bug 1145302SUSE bug 1145388SUSE bug 1145389SUSE bug 1145390SUSE bug 1145391SUSE bug 1145392SUSE bug 1145393SUSE bug 1145394SUSE bug 1145395SUSE bug 1145396SUSE bug 1145397SUSE bug 1145408SUSE bug 1145409SUSE bug 1145661SUSE bug 1145678SUSE bug 1145687SUSE bug 1145920SUSE bug 1145922SUSE bug 1145934SUSE bug 1145937SUSE bug 1145940SUSE bug 1145941SUSE bug 1145942SUSE bug 1146074SUSE bug 1146084SUSE bug 1146163SUSE bug 1146285SUSE bug 1146346SUSE bug 1146351SUSE bug 1146352SUSE bug 1146361SUSE bug 1146368SUSE bug 1146376SUSE bug 1146378SUSE bug 1146381SUSE bug 1146391SUSE bug 1146399SUSE bug 1146413SUSE bug 1146425SUSE bug 1146516SUSE bug 1146519SUSE bug 1146524SUSE bug 1146526SUSE bug 1146529SUSE bug 1146531SUSE bug 1146543SUSE bug 1146547SUSE bug 1146550SUSE bug 1146575SUSE bug 1146589SUSE bug 1146678SUSE bug 1146938SUSE bug 1148031SUSE bug 1148032SUSE bug 1148033SUSE bug 1148034SUSE bug 1148035SUSE bug 1148093SUSE bug 1148133SUSE bug 1148192SUSE bug 1148196SUSE bug 1148198SUSE bug 1148202SUSE bug 1148303SUSE bug 1148363SUSE bug 1148379SUSE bug 1148394SUSE bug 1148527SUSE bug 1148574SUSE bug 1148616SUSE bug 1148617SUSE bug 1148619SUSE bug 1148698SUSE bug 1148859SUSE bug 1148868SUSE bug 1149053SUSE bug 1149083SUSE bug 1149104SUSE bug 1149105SUSE bug 1149106SUSE bug 1149197SUSE bug 1149214SUSE bug 1149224SUSE bug 1149325SUSE bug 1149376SUSE bug 1149413SUSE bug 1149418SUSE bug 1149424SUSE bug 1149522SUSE bug 1149527SUSE bug 1149539SUSE bug 1149552SUSE bug 1149591SUSE bug 1149602SUSE bug 1149612SUSE bug 1149626SUSE bug 1149652SUSE bug 1149713SUSE bug 1149940SUSE bug 1149959SUSE bug 1149963SUSE bug 1149976SUSE bug 1150025SUSE bug 1150033SUSE bug 1150112SUSE bug 1150562SUSE bug 1150727SUSE bug 1150860SUSE bug 1150861SUSE bug 1150933CVE-2017-18551 at SUSECVE-2017-18551 at NVDCVE-2018-20976 at SUSECVE-2018-20976 at NVDCVE-2018-21008 at SUSECVE-2018-21008 at NVDCVE-2019-10207 at SUSECVE-2019-10207 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14835 at SUSECVE-2019-14835 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15090 at SUSECVE-2019-15090 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15117 at SUSECVE-2019-15117 at NVDCVE-2019-15118 at SUSECVE-2019-15118 at NVDCVE-2019-15211 at SUSECVE-2019-15211 at NVDCVE-2019-15212 at SUSECVE-2019-15212 at NVDCVE-2019-15214 at SUSECVE-2019-15214 at NVDCVE-2019-15215 at SUSECVE-2019-15215 at NVDCVE-2019-15216 at SUSECVE-2019-15216 at NVDCVE-2019-15217 at SUSECVE-2019-15217 at NVDCVE-2019-15218 at SUSECVE-2019-15218 at NVDCVE-2019-15219 at SUSECVE-2019-15219 at NVDCVE-2019-15220 at SUSECVE-2019-15220 at NVDCVE-2019-15221 at SUSECVE-2019-15221 at NVDCVE-2019-15222 at SUSECVE-2019-15222 at NVDCVE-2019-15239 at SUSECVE-2019-15239 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15292 at SUSECVE-2019-15292 at NVDCVE-2019-15538 at SUSECVE-2019-15538 at NVDCVE-2019-15666 at SUSECVE-2019-15666 at NVDCVE-2019-15902 at SUSECVE-2019-15902 at NVDCVE-2019-15917 at SUSECVE-2019-15917 at NVDCVE-2019-15919 at SUSECVE-2019-15919 at NVDCVE-2019-15920 at SUSECVE-2019-15920 at NVDCVE-2019-15921 at SUSECVE-2019-15921 at NVDCVE-2019-15924 at SUSECVE-2019-15924 at NVDCVE-2019-15926 at SUSECVE-2019-15926 at NVDCVE-2019-15927 at SUSECVE-2019-15927 at NVDCVE-2019-9456 at SUSECVE-2019-9456 at NVDcpe:/o:suse:sles:12:sp4Security update for nmap (Important)SUSE Linux Enterprise Server 12 SP4
This update for nmap fixes the following issues:
- Fixed a regression in the version scanner, caused by the fix for CVE-2018-15173. (bsc#1135350)
ImportantSUSE bug 1135350CVE-2018-15173 at SUSECVE-2018-15173 at NVDcpe:/o:suse:sles:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for python3 fixes the following issues:
Security issue fixed:
- CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
- CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644)
ImportantSUSE bug 1120644SUSE bug 1122191CVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox to ESR 60.9 fixes the following issues:
Security issues fixed:
- CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303)
- CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297)
- CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304)
- CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295)
- CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296)
- CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298)
- CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299)
ImportantSUSE bug 1149294SUSE bug 1149295SUSE bug 1149296SUSE bug 1149297SUSE bug 1149298SUSE bug 1149299SUSE bug 1149303SUSE bug 1149304SUSE bug 1149324CVE-2019-11740 at SUSECVE-2019-11740 at NVDCVE-2019-11742 at SUSECVE-2019-11742 at NVDCVE-2019-11743 at SUSECVE-2019-11743 at NVDCVE-2019-11744 at SUSECVE-2019-11744 at NVDCVE-2019-11746 at SUSECVE-2019-11746 at NVDCVE-2019-11752 at SUSECVE-2019-11752 at NVDCVE-2019-11753 at SUSECVE-2019-11753 at NVDCVE-2019-9812 at SUSECVE-2019-9812 at NVDcpe:/o:suse:sles:12:sp4Security update for expat (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for expat fixes the following issues:
Security issue fixed:
- CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429)
ModerateSUSE bug 1149429CVE-2019-15903 at SUSECVE-2019-15903 at NVDcpe:/o:suse:sles:12:sp4Security update for djvulibre (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702).
- CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569).
- CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571).
- CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572).
- Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295).
ModerateSUSE bug 1146569SUSE bug 1146571SUSE bug 1146572SUSE bug 1146702CVE-2019-15142 at SUSECVE-2019-15142 at NVDCVE-2019-15143 at SUSECVE-2019-15143 at NVDCVE-2019-15144 at SUSECVE-2019-15144 at NVDCVE-2019-15145 at SUSECVE-2019-15145 at NVDcpe:/o:suse:sles:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4
This update for dovecot22 fixes the following issues:
- CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559).
ImportantSUSE bug 1145559CVE-2019-11500 at SUSECVE-2019-11500 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript to 9.27 fixes the following issues:
Security issues fixed:
- CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)
- CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)
ImportantSUSE bug 1129180SUSE bug 1131863SUSE bug 1134156SUSE bug 1140359SUSE bug 1146882SUSE bug 1146884CVE-2019-12973 at SUSECVE-2019-12973 at NVDCVE-2019-14811 at SUSECVE-2019-14811 at NVDCVE-2019-14812 at SUSECVE-2019-14812 at NVDCVE-2019-14813 at SUSECVE-2019-14813 at NVDCVE-2019-14817 at SUSECVE-2019-14817 at NVDCVE-2019-3835 at SUSECVE-2019-3835 at NVDCVE-2019-3839 at SUSECVE-2019-3839 at NVDcpe:/o:suse:sles:12:sp4Security update for gpg2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gpg2 fixes the following issues:
Security issue fixed:
- CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093)
Non-security issue fixed:
- Allow coredumps in X11 desktop sessions (bsc#1124847).
ModerateSUSE bug 1124847SUSE bug 1141093CVE-2019-13050 at SUSECVE-2019-13050 at NVDcpe:/o:suse:sles:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4
This update for bind fixes the following issues:
Security issues fixed:
- CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).
- CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)
- CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).
- CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).
- CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).
Non-security issues fixed:
- Don't rely on /etc/insserv.conf anymore for proper dependencies against
nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368).
- Fix FIPS related regression (bsc#1128220).
ImportantSUSE bug 1104129SUSE bug 1118367SUSE bug 1118368SUSE bug 1126068SUSE bug 1126069SUSE bug 1128220SUSE bug 1133185SUSE bug 1138687CVE-2018-5740 at SUSECVE-2018-5740 at NVDCVE-2018-5743 at SUSECVE-2018-5743 at NVDCVE-2018-5745 at SUSECVE-2018-5745 at NVDCVE-2019-6465 at SUSECVE-2019-6465 at NVDCVE-2019-6471 at SUSECVE-2019-6471 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_0_0 fixes the following issues:
OpenSSL Security Advisory [10 September 2019]
* CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003)
* CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250)
In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291).
ModerateSUSE bug 1131291SUSE bug 1150003SUSE bug 1150250CVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDcpe:/o:suse:sles:12:sp4Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner fixes the following issues:
python-pip was updated to 10.0.1 (fate#324191, bsc#1065275)
Enable python3 build for:
- python-jmespath
- python-jsonschema
- python-paramiko
- python-pexpect
- python-pip
- python-ply
- python-pretend
- python-process-tests
- python-pycodestyle
- python-pyflakes
- python-pyxdg
- python-tabulate
- python-vcversioner
ModerateSUSE bug 1065275CVE-2013-5123 at SUSECVE-2013-5123 at NVDCVE-2014-8991 at SUSECVE-2014-8991 at NVDCVE-2015-2296 at SUSECVE-2015-2296 at NVDcpe:/o:suse:sles:12:sp4Security update for libgcrypt (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libgcrypt fixes the following issues:
Security issues fixed:
- CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)
ModerateSUSE bug 1148987CVE-2019-13627 at SUSECVE-2019-13627 at NVDcpe:/o:suse:sles:12:sp4Security update for jasper (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for jasper fixes the following issues:
Security issues fixed:
- CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508).
- CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507).
- CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505).
- CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511).
- CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783).
ModerateSUSE bug 1010783SUSE bug 1117505SUSE bug 1117507SUSE bug 1117508SUSE bug 1117511CVE-2016-9396 at SUSECVE-2016-9396 at NVDCVE-2018-19539 at SUSECVE-2018-19539 at NVDCVE-2018-19540 at SUSECVE-2018-19540 at NVDCVE-2018-19541 at SUSECVE-2018-19541 at NVDCVE-2018-19542 at SUSECVE-2018-19542 at NVDcpe:/o:suse:sles:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).
ModerateSUSE bug 1150137CVE-2019-16168 at SUSECVE-2019-16168 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Updated to new ESR version 68.1 (bsc#1149323).
In addition to the already fixed vulnerabilities released in previous ESR updates,
the following were also fixed:
CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749,
CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735.
Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810).
The version displayed in Help > About is now correct (bsc#1087200).
ImportantSUSE bug 1087200SUSE bug 1109465SUSE bug 1117473SUSE bug 1123482SUSE bug 1124525SUSE bug 1133810SUSE bug 1140868SUSE bug 1145665SUSE bug 1149323CVE-2019-11709 at SUSECVE-2019-11709 at NVDCVE-2019-11710 at SUSECVE-2019-11710 at NVDCVE-2019-11711 at SUSECVE-2019-11711 at NVDCVE-2019-11712 at SUSECVE-2019-11712 at NVDCVE-2019-11713 at SUSECVE-2019-11713 at NVDCVE-2019-11714 at SUSECVE-2019-11714 at NVDCVE-2019-11715 at SUSECVE-2019-11715 at NVDCVE-2019-11716 at SUSECVE-2019-11716 at NVDCVE-2019-11717 at SUSECVE-2019-11717 at NVDCVE-2019-11718 at SUSECVE-2019-11718 at NVDCVE-2019-11719 at SUSECVE-2019-11719 at NVDCVE-2019-11720 at SUSECVE-2019-11720 at NVDCVE-2019-11721 at SUSECVE-2019-11721 at NVDCVE-2019-11723 at SUSECVE-2019-11723 at NVDCVE-2019-11724 at SUSECVE-2019-11724 at NVDCVE-2019-11725 at SUSECVE-2019-11725 at NVDCVE-2019-11727 at SUSECVE-2019-11727 at NVDCVE-2019-11728 at SUSECVE-2019-11728 at NVDCVE-2019-11729 at SUSECVE-2019-11729 at NVDCVE-2019-11730 at SUSECVE-2019-11730 at NVDCVE-2019-11733 at SUSECVE-2019-11733 at NVDCVE-2019-11735 at SUSECVE-2019-11735 at NVDCVE-2019-11736 at SUSECVE-2019-11736 at NVDCVE-2019-11738 at SUSECVE-2019-11738 at NVDCVE-2019-11740 at SUSECVE-2019-11740 at NVDCVE-2019-11742 at SUSECVE-2019-11742 at NVDCVE-2019-11743 at SUSECVE-2019-11743 at NVDCVE-2019-11744 at SUSECVE-2019-11744 at NVDCVE-2019-11746 at SUSECVE-2019-11746 at NVDCVE-2019-11747 at SUSECVE-2019-11747 at NVDCVE-2019-11748 at SUSECVE-2019-11748 at NVDCVE-2019-11749 at SUSECVE-2019-11749 at NVDCVE-2019-11750 at SUSECVE-2019-11750 at NVDCVE-2019-11751 at SUSECVE-2019-11751 at NVDCVE-2019-11752 at SUSECVE-2019-11752 at NVDCVE-2019-11753 at SUSECVE-2019-11753 at NVDCVE-2019-9811 at SUSECVE-2019-9811 at NVDCVE-2019-9812 at SUSECVE-2019-9812 at NVDcpe:/o:suse:sles:12:sp4Recommended update for python-setuptools and dependend packages (Moderate)SUSE Linux Enterprise Server 12 SP4
All changes necessary for upgrade of python-setuptools to 40.6.2 (bsc#1075812)
New packages:
- python-cachetools
- python-google-auth
- python-packaging
Rebuilt without source changes:
- python-cffi
- python-cliff
- python-mock
- python-oauthlib
- python-pbr
- python-PyJWT
- python-pytest
Added python3 packages:
- python-hgtools
- python-pyasn1-modules
- python-rsa
Updated:
- python-kubernetes
Updated to version 6.0
- python-pyparsing
Was updated to version 2.2.0.
- python-setuptools
Was upgraded to version 40.6.2.
ModerateSUSE bug 1024540SUSE bug 1054413SUSE bug 1074247SUSE bug 1075812SUSE bug 1088358SUSE bug 1091826SUSE bug 1110422CVE-2016-9015 at SUSECVE-2016-9015 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).
- CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).
- CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).
- CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).
- CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112).
- CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361).
- CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612).
- CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025).
- CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713).
- CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713).
- CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626).
- CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602).
- CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).
- CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552).
- CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539).
- CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).
- CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522).
- CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).
- CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394).
- CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524).
- CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).
- CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514)
- CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).
- CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526).
- CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093).
- CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543).
- CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378).
- CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589)
- CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391).
- CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678).
- CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547).
- CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519).
- CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550).
- CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529).
- CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531).
- CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413).
- CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425).
- CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399).
- CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285).
- CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).
- CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922).
- CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920).
- CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959).
The following non-security bugs were fixed:
- 9p: acl: fix uninitialized iattr access (bsc#1051510).
- 9p: p9dirent_read: check network-provided name length (bsc#1051510).
- 9p: pass the correct prototype to read_cache_page (bsc#1051510).
- 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510).
- 9p/rdma: remove useless check in cm_event_handler (bsc#1051510).
- 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510).
- 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510).
- 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510).
- acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510).
- ACPICA: Increase total number of possible Owner IDs (bsc#1148859).
- ACPICA: Increase total number of possible Owner IDs (bsc#1148859).
- ACPI: custom_method: fix memory leaks (bsc#1051510).
- ACPI: fix false-positive -Wuninitialized warning (bsc#1051510).
- ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510).
- ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510).
- ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510).
- ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510).
- Add 3 not-needeed commits to blacklist.conf from git-fixes.
- Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333).
- Add new flag on SMB3.1.1 read (bsc#1144333).
- address lock imbalance warnings in smbdirect.c (bsc#1144333).
- Add some missing debug fields in server and tcon structs (bsc#1144333).
- add some missing definitions (bsc#1144333).
- Add some qedf commits to blacklist file (bsc#1149976)
- Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333).
- af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510).
- af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02).
- ALSA: aoa: onyx: always initialize register read value (bsc#1051510).
- ALSA: firewire: fix a memory leak bug (bsc#1051510).
- ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510).
- ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510).
- ALSA: hda - Add a generic reboot_notify (bsc#1051510).
- ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510).
- ALSA: hda - Do not override global PCM hw info flag (bsc#1051510).
- ALSA: hda - Fix a memory leak bug (bsc#1051510).
- ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510).
- ALSA: hda: kabi workaround for generic parser flag (bsc#1051510).
- ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510).
- ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510).
- ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510).
- ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510).
- ALSA: hiface: fix multiple memory leak bugs (bsc#1051510).
- ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510).
- ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510).
- ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510).
- ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510).
- arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021).
- ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021).
- ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021).
- ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510).
- ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510).
- ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510).
- ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510).
- ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510).
- ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510).
- ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510).
- ata: libahci: do not complain in case of deferred probe (bsc#1051510).
- ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510).
- atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08).
- batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510).
- batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510).
- batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510).
- bcache: fix possible memory leak in bch_cached_dev_run() (git fixes).
- bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510).
- bio: fix improper use of smp_mb__before_atomic() (git fixes).
- blk-flush: do not run queue for requests bypassing flush (bsc#1137959).
- blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959).
- blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661).
- blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959).
- blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610).
- blk-mq: Fix spelling in a source code comment (git fixes).
- blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959).
- blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661).
- blk-mq: kABI fixes for blk-mq.h (bsc#1137959).
- blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959).
- blk-mq: punt failed direct issue to dispatch list (bsc#1137959).
- blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959).
- blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959).
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).
- block, documentation: Fix wbt_lat_usec documentation (git fixes).
- block: fix timeout changes for legacy request drivers (bsc#1149446).
- block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076).
- block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076).
- Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510).
- Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510).
- Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510).
- Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510).
- Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510).
- Bluetooth: validate BLE connection interval updates (bsc#1051510).
- bnx2x: Disable multi-cos feature (networking-stable-19_08_08).
- bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25).
- bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013).
- bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013).
- bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).
- bonding: Always enable vlan tx offload (networking-stable-19_07_02).
- bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013).
- bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013).
- bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25).
- btrfs: add a helper to retrive extent inline ref type (bsc#1149325).
- btrfs: add cleanup_ref_head_accounting helper (bsc#1050911).
- btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487).
- btrfs: add one more sanity check for shared ref type (bsc#1149325).
- btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911).
- btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325).
- btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933).
- btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562).
- btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941).
- btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911).
- btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942).
- btrfs: fix incremental send failure after deduplication (bsc#1145940).
- btrfs: fix pinned underflow after transaction aborted (bsc#1050911).
- btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059).
- btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937).
- btrfs: fix use-after-free when using the tree modification log (bsc#1151891).
- btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911).
- btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059).
- btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975).
- btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974).
- btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972).
- btrfs: remove BUG() in add_data_reference (bsc#1149325).
- btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325).
- btrfs: remove BUG() in print_extent_item (bsc#1149325).
- btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).
- btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103).
- btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911).
- btrfs: start readahead also in seed devices (bsc#1144886).
- btrfs: track running balance in a simpler way (bsc#1145059).
- btrfs: use GFP_KERNEL in init_ipath (bsc#1086103).
- caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25).
- can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510).
- can: mcp251x: add support for mcp25625 (bsc#1051510).
- can: peak_usb: fix potential double kfree_skb() (bsc#1051510).
- can: peak_usb: force the string buffer NULL-terminated (bsc#1051510).
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510).
- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510).
- can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510).
- can: sja1000: force the string buffer NULL-terminated (bsc#1051510).
- carl9170: fix misuse of device driver API (bsc#1142635).
- ceph: always get rstat from auth mds (bsc#1146346).
- ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346).
- ceph: decode feature bits in session message (bsc#1146346).
- ceph: do not blindly unregister session that is in opening state (bsc#1148133).
- ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133).
- ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133).
- ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133).
- ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133).
- ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219).
- ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133).
- ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450).
- ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133).
- ceph: remove request from waiting list before unregister (bsc#1148133).
- ceph: silence a checker warning in mdsc_show() (bsc#1148133).
- ceph: support cephfs' own feature bits (bsc#1146346).
- ceph: support getting ceph.dir.pin vxattr (bsc#1146346).
- ceph: support versioned reply (bsc#1146346).
- ceph: use bit flags to define vxattr attributes (bsc#1146346).
- ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133).
- cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333).
- cifs: add a new SMB2_close_flags function (bsc#1144333).
- cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333).
- cifs: add a timeout argument to wait_for_free_credits (bsc#1144333).
- cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333).
- cifs: add compound_send_recv() (bsc#1144333).
- cifs: add credits from unmatched responses/messages (bsc#1144333).
- cifs: add debug output to show nocase mount option (bsc#1144333).
- cifs: Add DFS cache routines (bsc#1144333).
- cifs: Add direct I/O functions to file_operations (bsc#1144333).
- cifs: add fiemap support (bsc#1144333).
- cifs: add iface info to struct cifs_ses (bsc#1144333).
- cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333).
- cifs: add lease tracking to the cached root fid (bsc#1144333).
- cifs: Add minor debug message during negprot (bsc#1144333).
- cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333).
- cifs: add missing GCM module dependency (bsc#1144333).
- cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333).
- cifs: add ONCE flag for cifs_dbg type (bsc#1144333).
- cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333).
- cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333).
- cifs: address trivial coverity warning (bsc#1144333).
- cifs: add server argument to the dump_detail method (bsc#1144333).
- cifs: add server->vals->header_preamble_size (bsc#1144333).
- cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).
- cifs: add sha512 secmech (bsc#1051510, bsc#1144333).
- cifs: Adds information-level logging function (bsc#1144333).
- cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333).
- cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333).
- cifs: add SMB2_query_info_[init|free]() (bsc#1144333).
- cifs: Add smb2_send_recv (bsc#1144333).
- cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333).
- cifs: add .splice_write (bsc#1144333).
- cifs: Add support for direct I/O read (bsc#1144333).
- cifs: Add support for direct I/O write (bsc#1144333).
- cifs: Add support for direct pages in rdata (bsc#1144333).
- cifs: Add support for direct pages in wdata (bsc#1144333).
- cifs: Add support for failover in cifs_mount() (bsc#1144333).
- cifs: Add support for failover in cifs_reconnect() (bsc#1144333).
- cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333).
- cifs: Add support for failover in smb2_reconnect() (bsc#1144333).
- cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333).
- cifs: add support for ioctl on directories (bsc#1144333).
- cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333).
- cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333).
- cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333).
- cifs: Adjust MTU credits before reopening a file (bsc#1144333).
- cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333).
- cifs: Allocate validate negotiation request through kmalloc (bsc#1144333).
- cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).
- cifs: allow disabling less secure legacy dialects (bsc#1144333).
- cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333).
- cifs: always add credits back for unsolicited PDUs (bsc#1144333).
- cifs: Always reset read error to -EIO if no response (bsc#1144333).
- cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333).
- cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333).
- cifs: auto disable 'serverino' in dfs mounts (bsc#1144333).
- cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333).
- cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333).
- cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333).
- cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333).
- cifs: Call MID callback before destroying transport (bsc#1144333).
- cifs: change mkdir to use a compound (bsc#1144333).
- cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333).
- cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333).
- cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333).
- cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333).
- cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333).
- cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333).
- cifs: change unlink to use a compound (bsc#1144333).
- cifs: change validate_buf to validate_iov (bsc#1144333).
- cifs: change wait_for_free_request() to take flags as argument (bsc#1144333).
- cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333).
- cifs: Check for reconnects before sending async requests (bsc#1144333).
- cifs: Check for reconnects before sending compound requests (bsc#1144333).
- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333).
- cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333).
- cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333).
- cifs: check kmalloc before use (bsc#1051510, bsc#1144333).
- cifs: check kzalloc return (bsc#1144333).
- cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333).
- cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333).
- cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333).
- cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333).
- cifs: clean up indentation, replace spaces with tab (bsc#1144333).
- cifs: cleanup smb2ops.c and normalize strings (bsc#1144333).
- cifs: complete PDU definitions for interface queries (bsc#1144333).
- cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333).
- cifs: Count SMB3 credits for malformed pending responses (bsc#1144333).
- cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333).
- cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333).
- cifs: create a helper function for compound query_info (bsc#1144333).
- cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333).
- cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333).
- cifs: Display SMB2 error codes in the hex format (bsc#1144333).
- cifs: document tcon/ses/server refcount dance (bsc#1144333).
- cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333).
- cifs: Do not assume one credit for async responses (bsc#1144333).
- cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333).
- cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333).
- cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333).
- cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333).
- cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333).
- cifs: Do not log credits when unmounting a share (bsc#1144333).
- cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333).
- cifs: Do not match port on SMBDirect transport (bsc#1144333).
- cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333).
- cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333).
- cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333).
- cifs: do not return atime less than mtime (bsc#1144333).
- cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333).
- cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333).
- cifs: do not show domain= in mount output when domain is empty (bsc#1144333).
- cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333).
- cifs: do not use __constant_cpu_to_le32() (bsc#1144333).
- cifs: dump every session iface info (bsc#1144333).
- cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333).
- cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333).
- cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333).
- cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333).
- cifs: fix a credits leak for compund commands (bsc#1144333).
- cifs: Fix a debug message (bsc#1144333).
- cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333).
- cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333).
- cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333).
- cifs: Fix a race condition with cifs_echo_request (bsc#1144333).
- cifs: Fix a tiny potential memory leak (bsc#1144333).
- cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333).
- cifs: fix bi-directional fsctl passthrough calls (bsc#1144333).
- cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333).
- cifs: fix build errors for SMB_DIRECT (bsc#1144333).
- cifs: Fix check for matching with existing mount (bsc#1144333).
- cifs: fix circular locking dependency (bsc#1064701, bsc#1144333).
- cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333).
- cifs: fix confusing warning message on reconnect (bsc#1144333).
- cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).
- cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333).
- cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333).
- cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333).
- cifs: Fix credit calculations in compound mid callback (bsc#1144333).
- cifs: Fix credit computation for compounded requests (bsc#1144333).
- cifs: Fix credits calculation for cancelled requests (bsc#1144333).
- cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333).
- cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333).
- cifs: fix deadlock in cached root handling (bsc#1144333).
- cifs: Fix DFS cache refresher for DFS links (bsc#1144333).
- cifs: fix encryption in SMB3.1.1 (bsc#1144333).
- cifs: Fix encryption/signing (bsc#1144333).
- cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333).
- cifs: Fix error paths in writeback code (bsc#1144333).
- cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333).
- cifs: fix handle leak in smb2_query_symlink() (bsc#1144333).
- cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333).
- cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333).
- cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333).
- cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333).
- cifs: fix kref underflow in close_shroot() (bsc#1144333).
- cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333).
- cifs: Fix lease buffer length error (bsc#1144333).
- cifs: fix memory leak and remove dead code (bsc#1144333).
- cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333).
- cifs: fix memory leak in SMB2_read (bsc#1144333).
- cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333).
- cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333).
- cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333).
- cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333).
- cifs: Fix module dependency (bsc#1144333).
- cifs: Fix mounts if the client is low on credits (bsc#1144333).
- cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333).
- cifs: Fix NULL pointer dereference of devname (bnc#1129519).
- cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333).
- cifs: Fix NULL ptr deref (bsc#1144333).
- cifs: fix page reference leak with readv/writev (bsc#1144333).
- cifs: fix panic in smb2_reconnect (bsc#1144333).
- cifs: fix parsing of symbolic link error response (bsc#1144333).
- cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333).
- cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333).
- cifs: Fix possible oops and memory leaks in async IO (bsc#1144333).
- cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333).
- cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333).
- cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333).
- cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333).
- cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333).
- cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333).
- cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333).
- cifs: Fix signing for SMB2/3 (bsc#1144333).
- cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333).
- cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333).
- cifs: fix SMB1 breakage (bsc#1144333).
- cifs: fix smb3_zero_range for Azure (bsc#1144333).
- cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333).
- cifs: fix sparse warning on previous patch in a few printks (bsc#1144333).
- cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333).
- cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333).
- cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333).
- cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333).
- cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333).
- cifs: fix typo in cifs_dbg (bsc#1144333).
- cifs: fix typo in debug message with struct field ia_valid (bsc#1144333).
- cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333).
- cifs: Fix use-after-free in SMB2_read (bsc#1144333).
- cifs: Fix use-after-free in SMB2_write (bsc#1144333).
- cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333).
- cifs: fix use-after-free of the lease keys (bsc#1144333).
- cifs: Fix validation of signed data in smb2 (bsc#1144333).
- cifs: Fix validation of signed data in smb3+ (bsc#1144333).
- cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333).
- cifs: flush before set-info if we have writeable handles (bsc#1144333).
- cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333).
- cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333).
- cifs: handle netapp error codes (bsc#1136261).
- cifs: hide unused functions (bsc#1051510, bsc#1144333).
- cifs: hide unused functions (bsc#1051510, bsc#1144333).
- cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333).
- cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333).
- cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333).
- cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333).
- cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333).
- cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333).
- cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333).
- cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333).
- cifs: Limit memory used by lock request calls to a page (bsc#1144333).
- cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333).
- cifs_lookup(): switch to d_splice_alias() (bsc#1144333).
- cifs: make arrays static const, reduces object code size (bsc#1144333).
- cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333).
- cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333).
- cifs: make minor clarifications to module params for cifs.ko (bsc#1144333).
- cifs: make mknod() an smb_version_op (bsc#1144333).
- cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333).
- cifs: make rmdir() use compounding (bsc#1144333).
- cifs: make smb_send_rqst take an array of requests (bsc#1144333).
- cifs: Make sure all data pages are signed correctly (bsc#1144333).
- cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333).
- cifs: Mask off signals when sending SMB packets (bsc#1144333).
- cifs: minor clarification in comments (bsc#1144333).
- cifs: Minor Kconfig clarification (bsc#1144333).
- cifs: minor updates to module description for cifs.ko (bsc#1144333).
- cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333).
- cifs: move default port definitions to cifsglob.h (bsc#1144333).
- cifs: move large array from stack to heap (bsc#1144333).
- cifs: Move open file handling to writepages (bsc#1144333).
- cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333).
- cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333).
- cifs: Only free DFS target list if we actually got one (bsc#1144333).
- cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333).
- cifs: only wake the thread for the very last PDU in a compound (bsc#1144333).
- cifs: parse and store info on iface queries (bsc#1144333).
- cifs: pass flags down into wait_for_free_credits() (bsc#1144333).
- cifs: Pass page offset for calculating signature (bsc#1144333).
- cifs: Pass page offset for encrypting (bsc#1144333).
- cifs: pass page offsets on SMB1 read/write (bsc#1144333).
- cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333).
- cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333).
- cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333).
- cifs: Print message when attempting a mount (bsc#1144333).
- cifs: Properly handle auto disabling of serverino option (bsc#1144333).
- cifs: protect against server returning invalid file system block size (bsc#1144333).
- cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).
- cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).
- cifs: push rfc1002 generation down the stack (bsc#1144333).
- cifs: read overflow in is_valid_oplock_break() (bsc#1144333).
- cifs: Reconnect expired SMB sessions (bnc#1060662).
- cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333).
- cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333).
- cifs: Refactor out cifs_mount() (bsc#1144333).
- cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333).
- cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333).
- cifs: remove coverity warning in calc_lanman_hash (bsc#1144333).
- cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333).
- cifs: remove header_preamble_size where it is always 0 (bsc#1144333).
- cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333).
- cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333).
- cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333).
- cifs: remove rfc1002 header from smb2_close_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_create_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333).
- cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333).
- cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333).
- cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333).
- cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333).
- cifs: remove set but not used variable 'cifs_sb' (bsc#1144333).
- cifs: remove set but not used variable 'sep' (bsc#1144333).
- cifs: remove set but not used variable 'server' (bsc#1144333).
- cifs: remove set but not used variable 'smb_buf' (bsc#1144333).
- cifs: remove small_smb2_init (bsc#1144333).
- cifs: remove smb2_send_recv() (bsc#1144333).
- cifs: remove struct smb2_hdr (bsc#1144333).
- cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).
- cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333).
- cifs: remove unused stats (bsc#1144333).
- cifs: remove unused value pointed out by Coverity (bsc#1144333).
- cifs: remove unused variable from SMB2_read (bsc#1144333).
- cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333).
- cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333).
- cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333).
- cifs: replace snprintf with scnprintf (bsc#1144333).
- cifs: Respect reconnect in MTU credits calculations (bsc#1144333).
- cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333).
- cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333).
- cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333).
- cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).
- cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333).
- cifs: Return error code when getting file handle for writeback (bsc#1144333).
- cifs: return error on invalid value written to cifsFYI (bsc#1144333).
- cifs: Save TTL value when parsing DFS referrals (bsc#1144333).
- cifs: Select all required crypto modules (bsc#1085536, bsc#1144333).
- cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333).
- cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333).
- cifs: Set reconnect instance to one initially (bsc#1144333).
- cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333).
- cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333).
- cifs: show 'soft' in the mount options for hard mounts (bsc#1144333).
- cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333).
- cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333).
- cifs: Silence uninitialized variable warning (bsc#1144333).
- cifs: simple stats should always be enabled (bsc#1144333).
- cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files.
- cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333).
- cifs: Skip any trailing backslashes from UNC (bsc#1144333).
- cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333).
- cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333).
- cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333).
- cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333).
- cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333).
- cifs: SMBD: Add rdma mount option (bsc#1144333).
- cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).
- cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333).
- cifs: smbd: Avoid allocating iov on the stack (bsc#1144333).
- cifs: smbd: avoid reconnect lockup (bsc#1144333).
- cifs: smbd: Check for iov length on sending the last iov (bsc#1144333).
- cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333).
- cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333).
- cifs: smbd: disconnect transport on RDMA errors (bsc#1144333).
- cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333).
- cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333).
- cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333).
- cifs: smbd: Dump SMB packet when configured (bsc#1144333).
- cifs: smbd: Enable signing with smbdirect (bsc#1144333).
- cifs: SMBD: Establish SMB Direct connection (bsc#1144333).
- cifs: SMBD: export protocol initial values (bsc#1144333).
- cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333).
- cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).
- cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333).
- cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333).
- cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333).
- cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333).
- cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333).
- cifs: SMBD: Implement RDMA memory registration (bsc#1144333).
- cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333).
- cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333).
- cifs: smbd: Retry on memory registration failure (bsc#1144333).
- cifs: smbd: Return EINTR when interrupted (bsc#1144333).
- cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333).
- cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333).
- cifs: SMBD: Support page offset in memory registration (bsc#1144333).
- cifs: SMBD: Support page offset in RDMA recv (bsc#1144333).
- cifs: SMBD: Support page offset in RDMA send (bsc#1144333).
- cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333).
- cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333).
- cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333).
- cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333).
- cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333).
- cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333).
- cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333).
- cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333).
- cifs:smbd Use the correct DMA direction when sending data (bsc#1144333).
- cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333).
- cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333).
- cifs: start DFS cache refresher in cifs_mount() (bsc#1144333).
- cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333).
- cifs: suppress some implicit-fallthrough warnings (bsc#1144333).
- cifs: track writepages in vfs operation counters (bsc#1144333).
- cifs: Try to acquire credits at once for compound requests (bsc#1144333).
- cifs: update calc_size to take a server argument (bsc#1144333).
- cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333).
- cifs: update internal module number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number (bsc#1144333).
- cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).
- cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).
- cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333).
- cifs: update module internal version number (bsc#1144333).
- cifs: update multiplex loop to handle compounded responses (bsc#1144333).
- cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333).
- cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333).
- cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333).
- cifs: update smb2_queryfs() to use compounding (bsc#1144333).
- cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333).
- cifs: use a compound for setting an xattr (bsc#1144333).
- cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333).
- cifs: use correct format characters (bsc#1144333).
- cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333).
- cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333).
- cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).
- cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333).
- cifs: Use kzfree() to free password (bsc#1144333).
- cifs: Use offset when reading pages (bsc#1144333).
- cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333).
- cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333).
- cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333).
- cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333).
- cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333).
- cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333).
- cifs: we can not use small padding iovs together with encryption (bsc#1144333).
- cifs: When sending data on socket, pass the correct page offset (bsc#1144333).
- cifs: zero-range does not require the file is sparse (bsc#1144333).
- cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333).
- Cleanup some minor endian issues in smb3 rdma (bsc#1144333).
- clk: add clk_bulk_get accessories (bsc#1144813).
- clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510).
- clk: bcm2835: remove pllb (jsc#SLE-7294).
- clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294).
- clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813).
- clk: Export clk_bulk_prepare() (bsc#1144813).
- clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294).
- clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510).
- clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813).
- clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813).
- clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510).
- clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510).
- compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510).
- coredump: split pipe command whitespace before expanding template (bsc#1051510).
- cpufreq: add driver for Raspberry Pi (jsc#SLE-7294).
- cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294).
- cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279).
- crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510).
- crypto: caam - free resources in case caam_rng registration failed (bsc#1051510).
- crypto: cavium/zip - Add missing single_release() (bsc#1051510).
- crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510).
- crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510).
- crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510).
- crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934).
- crypto: ccp - Reduce maximum stack usage (bsc#1051510).
- crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510).
- crypto: qat - Silence smp_processor_id() warning (bsc#1051510).
- crypto: skcipher - Unmap pages after an external error (bsc#1051510).
- crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510).
- cx82310_eth: fix a memory leak bug (bsc#1051510).
- dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698).
- devres: always use dev_name() in devm_ioremap_resource() (git fixes).
- dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333).
- dma-buf: balance refcount inbalance (bsc#1051510).
- dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510).
- dmaengine: iop-adma.c: fix printk format warning (bsc#1051510).
- dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510).
- dm btree: fix order of block initialization in btree_split_beneath (git fixes).
- dm bufio: fix deadlock with loop device (git fixes).
- dm cache metadata: Fix loading discard bitset (git fixes).
- dm crypt: do not overallocate the integrity tag space (git fixes).
- dm crypt: fix parsing of extended IV arguments (git fixes).
- dm delay: fix a crash when invalid device is specified (git fixes).
- dm: fix to_sector() for 32bit (git fixes).
- dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes).
- dm integrity: limit the rate of error messages (git fixes).
- dm kcopyd: always complete failed jobs (git fixes).
- dm log writes: make sure super sector log updates are written in order (git fixes).
- dm raid: add missing cleanup in raid_ctr() (git fixes).
- dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes).
- dm space map metadata: fix missing store of apply_bops() return value (git fixes).
- dm table: fix invalid memory accesses with too high sector number (git fixes).
- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes).
- dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes).
- dm thin: fix passdown_double_checking_shared_status() (git fixes).
- dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes).
- dm zoned: Fix zone report handling (git fixes).
- dm zoned: fix zone state management race (git fixes).
- dm zoned: improve error handling in i/o map code (git fixes).
- dm zoned: improve error handling in reclaim (git fixes).
- dm zoned: properly handle backing device failure (git fixes).
- dm zoned: Silence a static checker warning (git fixes).
- Documentation: Add nospectre_v1 parameter (bsc#1051510).
- Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510).
- Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333).
- Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333).
- driver core: Fix use-after-free and double free on glue directory (bsc#1131281).
- drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510).
- drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510).
- drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510).
- drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642)
- drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510).
- drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510).
- drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510).
- drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642)
- drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635)
- drm/i915: Fix various tracepoints for gen2 (bsc#1113722)
- drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635)
- drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635)
- drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)
- drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510).
- drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722)
- drm/imx: notify drm core before sending event during crtc disable (bsc#1135642)
- drm/imx: only send event on crtc disable if kept disabled (bsc#1135642)
- drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642)
- drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642)
- drm/mediatek: clear num_pipes when unbind driver (bsc#1135642)
- drm/mediatek: fix unbind functions (bsc#1135642)
- drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635)
- drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642)
- drm/mediatek: use correct device to import PRIME buffers (bsc#1142635)
- drm/msm: Depopulate platform on probe failure (bsc#1051510).
- drm: msm: Fix add_gpu_components (bsc#1051510).
- drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635)
- drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635)
- drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510).
- drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510).
- drm/rockchip: Suspend DP late (bsc#1142635)
- drm: silence variable 'conn' set but not used (bsc#1051510).
- drm/udl: introduce a macro to convert dev to udl. (bsc#1113722)
- drm/udl: move to embedding drm device inside udl device. (bsc#1113722)
- drm/virtio: Add memory barriers for capset cache (bsc#1051510).
- drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642)
- drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510).
- drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642)
- Drop an ASoC fix that was reverted in 4.14.y stable
- eCryptfs: fix a couple type promotion bugs (bsc#1051510).
- EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178).
- EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178).
- EDAC/amd64: Decode syndrome before translating address (bsc#1114279).
- EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279).
- eeprom: at24: make spd world-readable again (git-fixes).
- efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510).
- ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510).
- ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025).
- ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024).
- ext4: use jbd2_inode dirty range scoping (bsc#1148616).
- firmware: raspberrypi: register clk device (jsc#SLE-7294).
- firmware: ti_sci: Always request response from firmware (bsc#1051510).
- Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333).
- Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333).
- fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333).
- Fix kABI after KVM fixes
- Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).
- Fix match_server check to allow for auto dialect negotiate (bsc#1144333).
- Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333).
- fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333).
- fix struct ufs_req removal of unused field (git-fixes).
- Fix warning messages when mounting to older servers (bsc#1144333).
- fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).
- fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333).
- fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333).
- fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333).
- fs/cifs: fix uninitialised variable warnings (bsc#1144333).
- fs: cifs: Kconfig: pedantic formatting (bsc#1144333).
- fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333).
- fs/cifs: require sha512 (bsc#1051510, bsc#1144333).
- fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333).
- fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333).
- fs/cifs: suppress a string overflow warning (bsc#1144333).
- fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333).
- fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510).
- fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031).
- fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033).
- ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418).
- ftrace: Check for successful allocation of hash (bsc#1149424).
- ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413).
- gpio: Fix build error of function redefinition (bsc#1051510).
- gpio: fix line flag validation in lineevent_create (bsc#1051510).
- gpio: fix line flag validation in linehandle_create (bsc#1051510).
- gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510).
- gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510).
- gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510).
- gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510).
- gpiolib: only check line handle flags once (bsc#1051510).
- gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510).
- gpio: mxs: Get rid of external API call (bsc#1051510).
- gpio: omap: ensure irq is enabled before wakeup (bsc#1051510).
- gpio: pxa: handle corner case of unprobed device (bsc#1051510).
- gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635)
- HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510).
- HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510).
- HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510).
- HID: hiddev: avoid opening a disconnected device (bsc#1051510).
- HID: hiddev: do cleanup in failure of opening a device (bsc#1051510).
- HID: holtek: test for sanity of intfdata (bsc#1051510).
- HID: sony: Fix race condition between rumble and device remove (bsc#1051510).
- HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635).
- HID: wacom: correct misreported EKR ring values (bsc#1142635).
- HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510).
- hpet: Fix division by zero in hpet_time_div() (bsc#1051510).
- hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510).
- hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510).
- hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510).
- hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510).
- i2c: emev2: avoid race when unregistering slave client (bsc#1051510).
- i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510).
- i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510).
- IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678).
- ibmveth: Convert multicast list size for little-endian system (bsc#1061843).
- ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635).
- ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726).
- ife: error out when nla attributes are empty (networking-stable-19_08_08).
- igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25).
- iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510).
- iio: adc: max9611: Fix temperature reading in probe (bsc#1051510).
- iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510).
- iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510).
- Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333).
- include/linux/bitops.h: sanitize rotate primitives (git fixes).
- Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510).
- Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510).
- Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510).
- Input: iforce - add sanity checks (bsc#1051510).
- Input: kbtab - sanity check for endpoint type (bsc#1051510).
- Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510).
- Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510).
- Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510).
- intel_th: pci: Add Ice Lake NNPI support (bsc#1051510).
- intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510).
- intel_th: pci: Add Tiger Lake support (bsc#1051510).
- iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010).
- iommu/amd: Fix race in increase_address_space() (bsc#1150860).
- iommu/amd: Flush old domains in kdump kernel (bsc#1150861).
- iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105).
- iommu/dma: Fix for dereferencing before null checking (bsc#1151667).
- iommu/dma: Handle SG length overflow better (bsc#1146084).
- iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671).
- iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024).
- iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024).
- ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08).
- ipip: validate header length in ipip_tunnel_xmit (git-fixes).
- ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25).
- ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).
- irqchip/gic-v3-its: fix build warnings (bsc#1144880).
- isdn/capi: check message length in capi_write() (bsc#1051510).
- isdn: hfcsusb: checking idx of ep configuration (bsc#1051510).
- isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510).
- isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510).
- iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086).
- iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510).
- iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902).
- iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635).
- iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).
- iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635).
- iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635).
- iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635).
- jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843).
- jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616).
- kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010).
- kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI
- kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI
- kabi/severities: Whitelist a couple of xive functions xive_cleanup_irq_data and xive_native_populate_irq_data are exported by the xive interupt controller driver and used by KVM. I do not expect any out-of-tree driver can sanely use these.
- kasan: remove redundant initialization of variable 'real_size' (git fixes).
- kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510).
- keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510).
- kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021).
- kvm: arm/arm64: Close VMID generation race (bsc#1133021).
- kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021).
- kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021).
- kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021).
- kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021).
- kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021).
- kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021).
- kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021).
- kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021).
- kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021).
- kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021).
- kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021).
- kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021).
- kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021).
- kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021).
- kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021).
- kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388).
- kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408).
- kvm: mmu: Fix overlap between public and private memslots (bsc#1133021).
- kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389).
- kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390).
- kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391).
- kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392).
- kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840).
- kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840).
- kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840).
- kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840).
- kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840).
- kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840).
- kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840).
- kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840).
- kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840).
- kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021).
- kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393).
- kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394).
- kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395).
- kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409).
- kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104).
- kvm: x86: fix backward migration with async_PF (bsc#1146074).
- kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882).
- kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083).
- kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083).
- kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396).
- kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397).
- lan78xx: Fix memory leaks (bsc#1051510).
- leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510).
- leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).
- libata: add SG safety checks in SFF pio transfers (bsc#1051510).
- libata: do not request sense data on !ZAC ATA devices (bsc#1051510).
- libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510).
- libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510).
- libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450).
- libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133).
- libceph: assign cookies in linger_submit() (bsc#1135897).
- libceph: check reply num_data_items in setup_request_data() (bsc#1135897).
- libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).
- libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).
- libceph: fix PG split vs OSD (re)connect race (bsc#1148133).
- libceph: handle zero-length data items (bsc#1141450).
- libceph: introduce alloc_watch_request() (bsc#1135897).
- libceph: introduce BVECS data type (bsc#1141450).
- libceph: introduce ceph_pagelist_alloc() (bsc#1135897).
- libceph: preallocate message data items (bsc#1135897).
- libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897).
- libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).
- libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450).
- libceph: use single request data item for cmp/setxattr (bsc#1139101).
- libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510).
- libiscsi: do not try to bypass SCSI EH (bsc#1142076).
- libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720).
- liquidio: add cleanup in octeon_setup_iq() (bsc#1051510).
- livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995).
- loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes).
- mac80211: do not warn about CW params when not using them (bsc#1051510).
- mac80211: do not WARN on short WMM parameters from AP (bsc#1051510).
- mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635).
- mac80211: fix possible sta leak (bsc#1051510).
- mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510).
- macsec: fix checksumming after decryption (bsc#1051510).
- macsec: fix use-after-free of skb during RX (bsc#1051510).
- macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510).
- macsec: update operstate when lower device changes (bsc#1051510).
- mailbox: handle failed named mailbox channel request (bsc#1051510).
- md: add mddev->pers to avoid potential NULL pointer dereference (git fixes).
- md: do not report active array_state until after revalidate_disk() completes (git-fixes).
- md: only call set_in_sync() when it is expected to succeed (git-fixes).
- md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes).
- md/raid: raid5 preserve the writeback action after the parity check (git fixes).
- media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510).
- media: au0828: fix null dereference in error path (bsc#1051510).
- media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510).
- media: coda: fix mpeg2 sequence number handling (bsc#1051510).
- media: coda: increment sequence offset for the last returned frame (bsc#1051510).
- media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510).
- media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510).
- media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510).
- media: em28xx: fix handler for vidioc_s_input() (bsc#1051510).
- media: em28xx: stop rewriting device's struct (bsc#1051510).
- media: fdp1: Reduce FCP not found message level to debug (bsc#1051510).
- media: hdpvr: fix locking and a missing msleep (bsc#1051510).
- media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510).
- media: mc-device.c: do not memset __user pointer contents (bsc#1051510).
- media: media_device_enum_links32: clean a reserved field (bsc#1051510).
- media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510).
- media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510).
- media: pvrusb2: use a different format for warnings (bsc#1051510).
- media: replace strcpy() by strscpy() (bsc#1051510).
- media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510).
- media: spi: IR LED: add missing of table registration (bsc#1051510).
- media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510).
- media: technisat-usb2: break out of loop at end of buffer (bsc#1051510).
- media: tm6000: double free if usb disconnect while streaming (bsc#1051510).
- media: vb2: Fix videobuf2 to map correct area (bsc#1051510).
- media: vpss: fix a potential NULL pointer dereference (bsc#1051510).
- media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510).
- mfd: arizona: Fix undefined behavior (bsc#1051510).
- mfd: core: Set fwnode for created devices (bsc#1051510).
- mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510).
- mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875).
- mic: avoid statically declaring a 'struct device' (bsc#1051510).
- mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616).
- mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510).
- mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510).
- mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510).
- mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510).
- mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635).
- mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086).
- mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510).
- mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875).
- mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875).
- mm: do not stall register_shrinker() (bsc#1104902, VM Performance).
- mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality).
- mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality).
- mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality).
- mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality).
- mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality).
- mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality).
- mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality).
- mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality).
- mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality).
- mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality).
- mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality).
- mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689).
- mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality).
- move a few externs to smbdirect.h to eliminate warning (bsc#1144333).
- move irq_data_get_effective_affinity_mask prior the sorted section
- Move upstreamed BT fix into sorted section
- Move upstreamed nvme fix into sorted section
- mpls: fix warning with multi-label encap (bsc#1051510).
- mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510).
- mvpp2: refactor MTU change code (networking-stable-19_08_08).
- nbd: replace kill_bdev() with __invalidate_device() again (git fixes).
- Negotiate and save preferred compression algorithms (bsc#1144333).
- net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510).
- net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25).
- net: bridge: delete local fdb on device init failure (networking-stable-19_08_08).
- net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08).
- net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25).
- net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25).
- net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25).
- net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25).
- net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021).
- net: ena: add good checksum counter (bsc#1139020 bsc#1139021).
- net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021).
- net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021).
- net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021).
- net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021).
- net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021).
- net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021).
- net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021).
- net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021).
- net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021).
- net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021).
- net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021).
- net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021).
- net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021).
- net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021).
- net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021).
- net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021).
- net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021).
- net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021).
- net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021).
- net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021).
- net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021).
- net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021).
- net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021).
- net: fix ifindex collision during namespace removal (networking-stable-19_08_08).
- net: Fix netdev_WARN_ONCE macro (git-fixes).
- net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635).
- net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635).
- net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432).
- net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432).
- net: Introduce netdev_*_once functions (networking-stable-19_07_25).
- net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25).
- net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678).
- net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25).
- net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21).
- net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08).
- net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21).
- net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08).
- net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25).
- net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25).
- net/packet: fix race in tpacket_snd() (networking-stable-19_08_21).
- net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02).
- netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25).
- netrom: hold sock when setting skb->destructor (networking-stable-19_07_25).
- net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08).
- net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25).
- net: sched: verify that q!=NULL before setting q->flags (git-fixes).
- net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963).
- net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28).
- net/smc: original socket family in inet_sock_diag (bsc#1149959).
- net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02).
- net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02).
- net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510).
- nfc: fix potential illegal memory access (bsc#1051510).
- NFS4: Fix v4.0 client state corruption when mount (git-fixes).
- NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291).
- nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381).
- nfsd: Do not release the callback slot unless it was actually held (git-fixes).
- nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381).
- nfsd: fix performance-limiting session calculation (bsc#1150381).
- nfsd: give out fewer session slots as limit approaches (bsc#1150381).
- nfsd: handle drc over-allocation gracefully (bsc#1150381).
- nfsd: increase DRC cache limit (bsc#1150381).
- NFS: Do not interrupt file writeout due to fatal errors (git-fixes).
- NFS: Do not open code clearing of delegation state (git-fixes).
- NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes).
- NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291).
- NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes).
- NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012).
- NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes).
- NFS: make nfs_match_client killable (bsc#1134291).
- NFS: Refactor nfs_lookup_revalidate() (git-fixes).
- NFS: Remove redundant semicolon (git-fixes).
- NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes).
- NFSv4.1: Fix open stateid recovery (git-fixes).
- NFSv4.1: Only reap expired delegations (git-fixes).
- NFSv4: Check the return value of update_open_stateid() (git-fixes).
- NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).
- NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes).
- NFSv4: Fix delegation state recovery (git-fixes).
- NFSv4: Fix lookup revalidate of regular files (git-fixes).
- NFSv4: Fix OPEN / CLOSE race (git-fixes).
- NFSv4: Handle the special Linux file open access mode (git-fixes).
- NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes).
- NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes).
- nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- null_blk: complete requests from ->timeout (bsc#1149446).
- null_blk: wire up timeouts (bsc#1149446).
- nvme: cancel request synchronously (bsc#1145661).
- nvme: change locking for the per-subsystem controller list (bsc#1142541).
- nvme-core: Fix extra device_put() call on error path (bsc#1142541).
- nvme-fc: fix module unloads while lports still pending (bsc#1150033).
- nvme: fix multipath crash when ANA is deactivated (bsc#1149446).
- nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426)
- nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938).
- nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554).
- nvme-multipath: relax ANA state check (bsc#1123105).
- nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876).
- nvmem: Use the same permissions for eeprom as for nvmem (git-fixes).
- nvme-rdma: Allow DELETING state change failure in (bsc#1104967,).
- nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076).
- nvme-rdma: centralize controller setup sequence (bsc#1142076).
- nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).
- nvme-rdma: fix timeout handler (bsc#1149446).
- nvme-rdma: stop admin queue before freeing it (bsc#1140155).
- nvme-rdma: support up to 4 segments of inline data (bsc#1142076).
- nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076).
- nvme: remove ns sibling before clearing path (bsc#1140155).
- nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).
- nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076).
- objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302).
- objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300).
- octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510).
- PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423).
- PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701).
- PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106).
- PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635).
- PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841).
- PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635).
- phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510).
- phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510).
- phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510).
- pinctrl: pistachio: fix leaked of_node references (bsc#1051510).
- pinctrl: rockchip: fix leaked of_node references (bsc#1051510).
- platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510).
- PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813).
- PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813).
- PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813).
- PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813).
- PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813).
- PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813).
- PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294).
- PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510).
- pnfs fallback to MDS if no deviceid found (git-fixes).
- pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes).
- pnfs/flexfiles: Turn off soft RPC calls (git-fixes).
- powerpc/64: Make sys_switch_endian() traceable (bsc#1065729).
- powerpc/64s: Include cpu header (bsc#1065729).
- powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729).
- powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729).
- powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664).
- powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664).
- powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107).
- powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764).
- powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes).
- powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664).
- powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664).
- powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729).
- powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729).
- powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729).
- powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958).
- powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937).
- powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937).
- powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937).
- powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376).
- powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352).
- powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107).
- powerpc/fsl: Update Spectre v2 reporting (bsc#1131107).
- powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729).
- powerpc/irq: drop arch_early_irq_init() (bsc#1065729).
- powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600).
- powerpc/lib: Fix feature fixup test of external branch (bsc#1065729).
- powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664).
- powerpc/mm: Handle page table allocation failures (bsc#1065729).
- powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509).
- powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664).
- powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664).
- powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509).
- powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729).
- powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729).
- powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729).
- powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686).
- powerpc/perf: Add mem access events to sysfs (bsc#1124370).
- powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686).
- powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686).
- powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686).
- powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686).
- powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729).
- powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958).
- powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840).
- powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840).
- powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729).
- powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729).
- powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729).
- powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes).
- powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958).
- powerpc/pseries: add missing cpumask.h include file (bsc#1065729).
- powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158).
- powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925).
- powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729).
- powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes).
- powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729).
- powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958).
- powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158).
- powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868).
- powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840).
- powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107).
- powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729).
- powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019).
- powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762).
- powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729).
- powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019).
- powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019).
- powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729).
- power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510).
- power: supply: Init device wakeup after device_add() (bsc#1051510).
- ppp: Fix memory leak in ppp_write (git-fixes).
- printk: Do not lose last line in kmsg buffer dump (bsc#1152460).
- printk: fix printk_time race (bsc#1152466).
- printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712).
- qede: fix write to free'd pointer error and double free of ptp (bsc#1051510).
- qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).
- qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988).
- qlge: Deduplicate lbq_buf_size (bsc#1106061).
- qlge: Deduplicate rx buffer queue management (bsc#1106061).
- qlge: Factor out duplicated expression (bsc#1106061).
- qlge: Fix dma_sync_single calls (bsc#1106061).
- qlge: Fix irq masking in INTx mode (bsc#1106061).
- qlge: Refill empty buffer queues from wq (bsc#1106061).
- qlge: Refill rx buffers up to multiple of 16 (bsc#1106061).
- qlge: Remove bq_desc.maplen (bsc#1106061).
- qlge: Remove irq_cnt (bsc#1106061).
- qlge: Remove page_chunk.last_flag (bsc#1106061).
- qlge: Remove qlge_bq.len & size (bsc#1106061).
- qlge: Remove rx_ring.sbq_buf_size (bsc#1106061).
- qlge: Remove rx_ring.type (bsc#1106061).
- qlge: Remove useless dma synchronization calls (bsc#1106061).
- qlge: Remove useless memset (bsc#1106061).
- qlge: Replace memset with assignment (bsc#1106061).
- qlge: Update buffer queue prod index despite oom (bsc#1106061).
- quota: fix wrong condition in is_quota_modification() (bsc#1152026).
- r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510).
- rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450).
- rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450).
- rbd: get rid of img_req->copyup_pages (bsc#1141450).
- rbd: move from raw pages to bvec data descriptors (bsc#1141450).
- rbd: remove bio cloning helpers (bsc#1141450).
- rbd: start enums at 1 instead of 0 (bsc#1141450).
- rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450).
- regmap: fix bulk writes on paged registers (bsc#1051510).
- regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510).
- regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510).
- Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333).
- Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510).
- Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510).
- Revert 'dm bufio: fix deadlock with loop device' (git fixes).
- Revert i915 userptr page lock patch (bsc#1145051)
- Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510).
- Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021).
- Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes).
- Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes).
- rpm/kernel-binary.spec.in: Enable missing modules check.
- rpm/kernel-binary.spec.in: Enable missing modules check.
- rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510).
- rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510).
- rpmsg: smd: fix memory leak on channel create (bsc#1051510).
- rsi: improve kernel thread handling to fix kernel panic (bsc#1051510).
- rslib: Fix decoding of shortened codes (bsc#1051510).
- rslib: Fix handling of of caller provided syndrome (bsc#1051510).
- rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510).
- rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25).
- s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339).
- s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907).
- s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331).
- s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339).
- s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339).
- s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339).
- s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339).
- s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339).
- samples, bpf: fix to change the buffer size for read() (bsc#1051510).
- samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510).
- sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920).
- sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920).
- scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510).
- scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510).
- scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510).
- scripts/gdb: fix lx-version string output (bsc#1051510).
- scripts/git_sort/git_sort.py:
- scsi: aacraid: Fix missing break in switch statement (git-fixes).
- scsi: aacraid: Fix performance issue on logical drives (git-fixes).
- scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes).
- scsi: aic94xx: fix module loading (git-fixes).
- scsi: bfa: convert to strlcpy/strlcat (git-fixes).
- scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes).
- scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes).
- scsi: core: Fix race on creating sense cache (git-fixes).
- scsi: core: set result when the command cannot be dispatched (git-fixes).
- scsi: core: Synchronize request queue PM status only on successful resume (git-fixes).
- scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868).
- scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes).
- scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes.
- scsi: fas216: fix sense buffer initialization (git-fixes).
- scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes).
- scsi: libfc: fix null pointer dereference on a null lport (git-fixes).
- scsi: libsas: delete sas port if expander discover failed (git-fixes).
- scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes).
- scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes).
- scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes).
- scsi: megaraid: fix out-of-bound array accesses (git-fixes).
- scsi: megaraid_sas: Fix calculation of target ID (git-fixes).
- scsi: NCR5380: Always re-enable reselection interrupt (git-fixes).
- scsi: qedf: Add debug information for unsolicited processing (bsc#1149976).
- scsi: qedf: Add shutdown callback handler (bsc#1149976).
- scsi: qedf: Add support for 20 Gbps speed (bsc#1149976).
- scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976).
- scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976).
- scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976).
- scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976).
- scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976).
- scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976).
- scsi: qedf: Print message during bailout conditions (bsc#1149976).
- scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes).
- scsi: qedf: remove set but not used variables (bsc#1149976).
- scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976).
- scsi: qedf: Update module description string (bsc#1149976).
- scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976).
- scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976).
- scsi: qedf: Use discovery list to traverse rports (bsc#1149976).
- scsi: qedi: remove declaration of nvm_image from stack (git-fixes).
- scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424).
- scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes).
- scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs.
- scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a format specifier (git-fixes).
- scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes).
- scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix device staying in blocked state (git-fixes).
- scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes).
- scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes).
- scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update two source code comments (git-fixes).
- scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes).
- scsi: raid_attrs: fix unused variable warning (git-fixes).
- scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes).
- scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313).
- scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes).
- scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes).
- scsi: sd: Fix cache_type_store() (git-fixes).
- scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes).
- scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes).
- scsi: sd: use mempool for discard special page (git-fixes).
- scsi: sd_zbc: Fix potential memory leak (git-fixes).
- scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes).
- scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes).
- scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi_transport_fc: complete requests from ->timeout (bsc#1142076).
- scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes).
- scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes).
- scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes).
- scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes).
- scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes).
- scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes).
- scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes).
- sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02).
- sctp: fix the transport error_count check (networking-stable-19_08_21).
- secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned.
- serial: 8250: Fix TX interrupt handling condition (bsc#1051510).
- set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134)
- signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333).
- sis900: fix TX completion (bsc#1051510).
- sky2: Disable MSI on ASUS P6T (bsc#1142496).
- sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510).
- slip: make slhc_free() silently accept an error pointer (bsc#1051510).
- slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510).
- smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333).
- smb2: fix typo in definition of a few error flags (bsc#1144333).
- smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333).
- smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333).
- smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333).
- smb311: Fix reconnect (bsc#1051510, bsc#1144333).
- smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333).
- smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333).
- smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333).
- smb3: add credits we receive from oplock/break PDUs (bsc#1144333).
- smb3: add debug for unexpected mid cancellation (bsc#1144333).
- smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333).
- smb3: add define for id for posix create context and corresponding struct (bsc#1144333).
- smb3: Add defines for new negotiate contexts (bsc#1144333).
- smb3: add dynamic trace point for query_info_enter/done (bsc#1144333).
- smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333).
- smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333).
- smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333).
- smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333).
- smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333).
- smb3: Add handling for different FSCTL access flags (bsc#1144333).
- smb3: add missing read completion trace point (bsc#1144333).
- smb3: add module alias for smb3 to cifs.ko (bsc#1144333).
- smb3: add new mount option to retrieve mode from special ACE (bsc#1144333).
- smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333).
- smb3: Add protocol structs for change notify support (bsc#1144333).
- smb3: add reconnect tracepoints (bsc#1144333).
- smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333).
- smb3: add smb3.1.1 to default dialect list (bsc#1144333).
- smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333).
- smb3: add support for posix negotiate context (bsc#1144333).
- smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333).
- smb3: add tracepoint for sending lease break responses to server (bsc#1144333).
- smb3: add tracepoint for session expired or deleted (bsc#1144333).
- smb3: add tracepoint for slow responses (bsc#1144333).
- smb3: add trace point for tree connection (bsc#1144333).
- smb3: add tracepoints for query dir (bsc#1144333).
- smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333).
- smb3: add tracepoints for smb2/smb3 open (bsc#1144333).
- smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333).
- smb3: add way to control slow response threshold for logging and stats (bsc#1144333).
- smb3: allow more detailed protocol info on open files for debugging (bsc#1144333).
- smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333).
- smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333).
- smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333).
- smb3: Allow query of symlinks stored as reparse points (bsc#1144333).
- smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333).
- smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333).
- smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333).
- smb3: Backup intent flag missing from compounded ops (bsc#1144333).
- smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333).
- smb3 - clean up debug output displaying network interfaces (bsc#1144333).
- smb3: Cleanup license mess (bsc#1144333).
- smb3: Clean up query symlink when reparse point (bsc#1144333).
- smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333).
- smb3: directory sync should not return an error (bsc#1051510, bsc#1144333).
- smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333).
- smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333).
- smb3: display session id in debug data (bsc#1144333).
- smb3: display stats counters for number of slow commands (bsc#1144333).
- smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333).
- smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333).
- smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333).
- smb3: do not display confusing message on mount to Azure servers (bsc#1144333).
- smb3: do not display empty interface list (bsc#1144333).
- smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333).
- smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333).
- smb3: do not send compression info by default (bsc#1144333).
- smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333).
- smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333).
- smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333).
- smb3: fix bytes_read statistics (bsc#1144333).
- smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333).
- smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333).
- smb3: Fix endian warning (bsc#1144333, bsc#1137884).
- smb3: Fix enumerating snapshots to Azure (bsc#1144333).
- smb3: fix large reads on encrypted connections (bsc#1144333).
- smb3: fix lease break problem introduced by compounding (bsc#1144333).
- smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333).
- smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333).
- smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333).
- smb3: Fix potential memory leak when processing compound chain (bsc#1144333).
- smb3: fix redundant opens on root (bsc#1144333).
- smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333).
- smb3: Fix rmdir compounding regression to strict servers (bsc#1144333).
- smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333).
- smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333).
- smb3: fix various xid leaks (bsc#1051510, bsc#1144333).
- smb3: for kerberos mounts display the credential uid used (bsc#1144333).
- smb3: handle new statx fields (bsc#1085536, bsc#1144333).
- smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333).
- smb3: if server does not support posix do not allow posix mount option (bsc#1144333).
- smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333).
- smb3: increase initial number of credits requested to allow write (bsc#1144333).
- smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333).
- smb3: Log at least once if tree connect fails during reconnect (bsc#1144333).
- smb3: make default i/o size for smb3 mounts larger (bsc#1144333).
- smb3: minor cleanup of compound_send_recv (bsc#1144333).
- smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333).
- smb3: minor missing defines relating to reparse points (bsc#1144333).
- smb3: missing defines and structs for reparse point handling (bsc#1144333).
- smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333).
- smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333).
- smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333).
- smb3: optimize open to not send query file internal info (bsc#1144333).
- smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333).
- smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333).
- smb3: query inode number on open via create context (bsc#1144333).
- smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333).
- smb3: remove per-session operations from per-tree connection stats (bsc#1144333).
- smb3: rename encryption_required to smb3_encryption_required (bsc#1144333).
- smb3: request more credits on normal (non-large read/write) ops (bsc#1144333).
- smb3: request more credits on tree connect (bsc#1144333).
- smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333).
- smb3: send backup intent on compounded query info (bsc#1144333).
- smb3: send CAP_DFS capability during session setup (bsc#1144333).
- smb3: Send netname context during negotiate protocol (bsc#1144333).
- smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333).
- smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333).
- smb3: smbdirect no longer experimental (bsc#1144333).
- smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333).
- smb3: track the instance of each session for debugging (bsc#1144333).
- smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333).
- smb3: trivial cleanup to smb2ops.c (bsc#1144333).
- smb3: update comment to clarify enumerating snapshots (bsc#1144333).
- smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333).
- smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333).
- smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333).
- smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333).
- smbd: Make upper layer decide when to destroy the transport (bsc#1144333).
- smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333).
- smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333).
- smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333).
- smpboot: Place the __percpu annotation correctly (git fixes).
- soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813).
- soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813).
- soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813).
- sound: fix a memory leak bug (bsc#1051510).
- spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510).
- spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510).
- spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510).
- st21nfca_connectivity_event_received: null check the allocation (bsc#1051510).
- staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510).
- staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510).
- st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510).
- SUNRPC fix regression in umount of a secure mount (git-fixes).
- SUNRPC: Handle connection breakages correctly in call_status() (git-fixes).
- SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes).
- supported.conf: Add missing modules (bsc#1066369).
- supported.conf: Add missing modules (bsc#1066369).
- supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294).
- supported.conf: Remove duplicate drivers/ata/libahci_platform
- supported.conf: Sort alphabetically, align comments.
- supported.conf: Sort alphabetically, align comments.
- tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28).
- tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25).
- team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).
- test_firmware: fix a memory leak bug (bsc#1051510).
- tipc: change to use register_pernet_device (networking-stable-19_07_02).
- tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555).
- tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555).
- tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555).
- tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555).
- tpm: Unify the send callback behaviour (bsc#1082555).
- tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555).
- tracing: Fix header include guards in trace event headers (bsc#1144474).
- Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333).
- treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333).
- tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510).
- tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510).
- tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510).
- tty: serial: msm_serial: avoid system lockup condition (bsc#1051510).
- tua6100: Avoid build warnings (bsc#1051510).
- tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02).
- udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617).
- Update azure config, enable *NVME* (bsc#1143478)
- Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y
- Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333).
- Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333).
- Update config files. - cifs: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333).
- update internal version number for cifs.ko (bsc#1144333).
- Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333).
- Update version of cifs module (bsc#1144333).
- usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635).
- usb: CDC: fix sanity checks in CDC union parser (bsc#1142635).
- usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510).
- usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510).
- usb: core: Fix races in character device registration and deregistraion (bsc#1051510).
- usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510).
- usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510).
- usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635).
- usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510).
- usb: host: fotg2: restart hcd after port reset (bsc#1051510).
- usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510).
- usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510).
- usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510).
- usb: iowarrior: fix deadlock on disconnect (bsc#1051510).
- usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510).
- usb: serial: option: Add Motorola modem UARTs (bsc#1051510).
- usb: serial: option: Add support for ZTE MF871A (bsc#1051510).
- usb: serial: option: add the BroadMobi BM818 card (bsc#1051510).
- usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510).
- usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510).
- usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510).
- usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510).
- usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510).
- usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510).
- usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510).
- vfs: fix page locking deadlocks when deduping files (bsc#1148619).
- video: ssd1307fb: Start page range at page_offset (bsc#1113722)
- VMCI: Release resource if the work is already queued (bsc#1051510).
- vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25).
- watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510).
- watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510).
- watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510).
- watchdog: fix compile time error of pretimeout governors (bsc#1051510).
- wimax/i2400m: fix a memory leak bug (bsc#1051510).
- x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279).
- x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279).
- x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382).
- x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955).
- x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279).
- x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689).
- x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689).
- x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279).
- x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279).
- x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279).
- x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279).
- x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279).
- xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21).
- xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600).
- xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600).
- xfrm: Fix bucket count reported to userspace (bsc#1143300).
- xfrm: Fix error return code in xfrm_output_one() (bsc#1143300).
- xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300).
- xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300).
- xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035).
- xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053).
- xfs: dump transaction usage details on log reservation overrun (bsc#1145235).
- xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235).
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032).
- xfs: fix semicolon.cocci warnings (bsc#1145235).
- xfs: fix up agi unlinked list reservations (bsc#1145235).
- xfs: include an allocfree res for inobt modifications (bsc#1145235).
- xfs: include inobt buffers in ifree tx log reservation (bsc#1145235).
- xfs: print transaction log reservation on overrun (bsc#1145235).
- xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235).
- xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235).
- xfs: remove more ondisk directory corruption asserts (bsc#1148034).
- xfs: separate shutdown from ticket reservation print helper (bsc#1145235).
- xfs: truncate transaction does not modify the inobt (bsc#1145235).
ImportantSUSE bug 1047238SUSE bug 1050911SUSE bug 1051510SUSE bug 1054914SUSE bug 1055117SUSE bug 1056686SUSE bug 1060662SUSE bug 1061840SUSE bug 1061843SUSE bug 1064597SUSE bug 1064701SUSE bug 1065600SUSE bug 1065729SUSE bug 1066369SUSE bug 1071009SUSE bug 1071306SUSE bug 1071995SUSE bug 1078248SUSE bug 1082555SUSE bug 1085030SUSE bug 1085536SUSE bug 1085539SUSE bug 1086103SUSE bug 1087092SUSE bug 1090734SUSE bug 1091171SUSE bug 1093205SUSE bug 1102097SUSE bug 1104902SUSE bug 1104967SUSE bug 1106061SUSE bug 1106284SUSE bug 1106434SUSE bug 1108382SUSE bug 1109158SUSE bug 1112178SUSE bug 1112894SUSE bug 1112899SUSE bug 1112902SUSE bug 1112903SUSE bug 1112905SUSE bug 1112906SUSE bug 1112907SUSE bug 1113722SUSE bug 1114279SUSE bug 1114542SUSE bug 1118689SUSE bug 1119086SUSE bug 1120876SUSE bug 1120902SUSE bug 1120937SUSE bug 1123034SUSE bug 1123105SUSE bug 1123959SUSE bug 1124370SUSE bug 1127988SUSE bug 1129424SUSE bug 1129519SUSE bug 1129664SUSE bug 1131107SUSE bug 1131281SUSE bug 1131304SUSE bug 1131565SUSE bug 1133021SUSE bug 1134291SUSE bug 1134881SUSE bug 1134882SUSE bug 1135219SUSE bug 1135642SUSE bug 1135897SUSE bug 1136261SUSE bug 1137069SUSE bug 1137865SUSE bug 1137884SUSE bug 1137959SUSE bug 1138539SUSE bug 1139020SUSE bug 1139021SUSE bug 1139101SUSE bug 1139500SUSE bug 1140012SUSE bug 1140155SUSE bug 1140426SUSE bug 1140487SUSE bug 1141013SUSE bug 1141450SUSE bug 1141543SUSE bug 1141554SUSE bug 1142019SUSE bug 1142076SUSE bug 1142109SUSE bug 1142117SUSE bug 1142118SUSE bug 1142119SUSE bug 1142496SUSE bug 1142541SUSE bug 1142635SUSE bug 1142685SUSE bug 1142701SUSE bug 1142857SUSE bug 1143300SUSE bug 1143466SUSE bug 1143478SUSE bug 1143765SUSE bug 1143841SUSE bug 1143843SUSE bug 1144123SUSE bug 1144333SUSE bug 1144474SUSE bug 1144518SUSE bug 1144718SUSE bug 1144813SUSE bug 1144880SUSE bug 1144886SUSE bug 1144912SUSE bug 1144920SUSE bug 1144979SUSE bug 1145010SUSE bug 1145024SUSE bug 1145051SUSE bug 1145059SUSE bug 1145134SUSE bug 1145189SUSE bug 1145235SUSE bug 1145300SUSE bug 1145302SUSE bug 1145388SUSE bug 1145389SUSE bug 1145390SUSE bug 1145391SUSE bug 1145392SUSE bug 1145393SUSE bug 1145394SUSE bug 1145395SUSE bug 1145396SUSE bug 1145397SUSE bug 1145408SUSE bug 1145409SUSE bug 1145661SUSE bug 1145678SUSE bug 1145687SUSE bug 1145920SUSE bug 1145922SUSE bug 1145934SUSE bug 1145937SUSE bug 1145940SUSE bug 1145941SUSE bug 1145942SUSE bug 1146042SUSE bug 1146074SUSE bug 1146084SUSE bug 1146163SUSE bug 1146285SUSE bug 1146346SUSE bug 1146351SUSE bug 1146352SUSE bug 1146361SUSE bug 1146376SUSE bug 1146378SUSE bug 1146381SUSE bug 1146391SUSE bug 1146399SUSE bug 1146413SUSE bug 1146425SUSE bug 1146512SUSE bug 1146514SUSE bug 1146516SUSE bug 1146519SUSE bug 1146524SUSE bug 1146526SUSE bug 1146529SUSE bug 1146531SUSE bug 1146540SUSE bug 1146543SUSE bug 1146547SUSE bug 1146550SUSE bug 1146575SUSE bug 1146589SUSE bug 1146664SUSE bug 1146678SUSE bug 1146938SUSE bug 1148031SUSE bug 1148032SUSE bug 1148033SUSE bug 1148034SUSE bug 1148035SUSE bug 1148093SUSE bug 1148133SUSE bug 1148192SUSE bug 1148196SUSE bug 1148198SUSE bug 1148202SUSE bug 1148303SUSE bug 1148363SUSE bug 1148379SUSE bug 1148394SUSE bug 1148527SUSE bug 1148574SUSE bug 1148616SUSE bug 1148617SUSE bug 1148619SUSE bug 1148698SUSE bug 1148712SUSE bug 1148859SUSE bug 1148868SUSE bug 1149053SUSE bug 1149083SUSE bug 1149104SUSE bug 1149105SUSE bug 1149106SUSE bug 1149197SUSE bug 1149214SUSE bug 1149224SUSE bug 1149313SUSE bug 1149325SUSE bug 1149376SUSE bug 1149413SUSE bug 1149418SUSE bug 1149424SUSE bug 1149446SUSE bug 1149522SUSE bug 1149527SUSE bug 1149539SUSE bug 1149552SUSE bug 1149555SUSE bug 1149591SUSE bug 1149602SUSE bug 1149612SUSE bug 1149626SUSE bug 1149651SUSE bug 1149652SUSE bug 1149713SUSE bug 1149940SUSE bug 1149959SUSE bug 1149963SUSE bug 1149976SUSE bug 1150025SUSE bug 1150033SUSE bug 1150112SUSE bug 1150381SUSE bug 1150423SUSE bug 1150562SUSE bug 1150727SUSE bug 1150860SUSE bug 1150861SUSE bug 1150933SUSE bug 1151350SUSE bug 1151610SUSE bug 1151667SUSE bug 1151671SUSE bug 1151891SUSE bug 1151955SUSE bug 1152024SUSE bug 1152025SUSE bug 1152026SUSE bug 1152161SUSE bug 1152325SUSE bug 1152457SUSE bug 1152460SUSE bug 1152466SUSE bug 1152972SUSE bug 1152974SUSE bug 1152975CVE-2017-18551 at SUSECVE-2017-18551 at NVDCVE-2017-18595 at SUSECVE-2017-18595 at NVDCVE-2018-20976 at SUSECVE-2018-20976 at NVDCVE-2018-21008 at SUSECVE-2018-21008 at NVDCVE-2019-10207 at SUSECVE-2019-10207 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14821 at SUSECVE-2019-14821 at NVDCVE-2019-14835 at SUSECVE-2019-14835 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15090 at SUSECVE-2019-15090 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15117 at SUSECVE-2019-15117 at NVDCVE-2019-15118 at SUSECVE-2019-15118 at NVDCVE-2019-15211 at SUSECVE-2019-15211 at NVDCVE-2019-15212 at SUSECVE-2019-15212 at NVDCVE-2019-15214 at SUSECVE-2019-15214 at NVDCVE-2019-15215 at SUSECVE-2019-15215 at NVDCVE-2019-15216 at SUSECVE-2019-15216 at NVDCVE-2019-15217 at SUSECVE-2019-15217 at NVDCVE-2019-15218 at SUSECVE-2019-15218 at NVDCVE-2019-15219 at SUSECVE-2019-15219 at NVDCVE-2019-15220 at SUSECVE-2019-15220 at NVDCVE-2019-15221 at SUSECVE-2019-15221 at NVDCVE-2019-15222 at SUSECVE-2019-15222 at NVDCVE-2019-15239 at SUSECVE-2019-15239 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15292 at SUSECVE-2019-15292 at NVDCVE-2019-15538 at SUSECVE-2019-15538 at NVDCVE-2019-15666 at SUSECVE-2019-15666 at NVDCVE-2019-15902 at SUSECVE-2019-15902 at NVDCVE-2019-15917 at SUSECVE-2019-15917 at NVDCVE-2019-15919 at SUSECVE-2019-15919 at NVDCVE-2019-15920 at SUSECVE-2019-15920 at NVDCVE-2019-15921 at SUSECVE-2019-15921 at NVDCVE-2019-15924 at SUSECVE-2019-15924 at NVDCVE-2019-15926 at SUSECVE-2019-15926 at NVDCVE-2019-15927 at SUSECVE-2019-15927 at NVDCVE-2019-9456 at SUSECVE-2019-9456 at NVDCVE-2019-9506 at SUSECVE-2019-9506 at NVDcpe:/o:suse:sles:12:sp4Security update for binutils (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for binutils fixes the following issues:
binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]:
Includes the following security fixes:
- CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)
- CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413)
- CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414)
- CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827)
- CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996)
- CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535)
- CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534)
- CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255)
- CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252)
- CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247)
- CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)
- CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830)
- CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035)
- CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)
- CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056)
- CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640)
- CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772)
- Enable xtensa architecture (Tensilica lc6 and related)
- Use -ffat-lto-objects in order to provide assembly for static libs
(bsc#1141913).
- Fixed some LTO problems (bsc#1133131 bsc#1133232).
- riscv: Don't check ABI flags if no code section
Update to binutils 2.32:
* The binutils now support for the C-SKY processor series.
* The x86 assembler now supports a -mvexwig=[0|1] option to control
encoding of VEX.W-ignored (WIG) VEX instructions.
It also has a new -mx86-used-note=[yes|no] option to generate (or
not) x86 GNU property notes.
* The MIPS assembler now supports the Loongson EXTensions R2 (EXT2),
the Loongson EXTensions (EXT) instructions, the Loongson Content
Address Memory (CAM) ASE and the Loongson MultiMedia extensions
Instructions (MMI) ASE.
* The addr2line, c++filt, nm and objdump tools now have a default
limit on the maximum amount of recursion that is allowed whilst
demangling strings. This limit can be disabled if necessary.
* Objdump's --disassemble option can now take a parameter,
specifying the starting symbol for disassembly. Disassembly will
continue from this symbol up to the next symbol or the end of the
function.
* The BFD linker will now report property change in linker map file
when merging GNU properties.
* The BFD linker's -t option now doesn't report members within
archives, unless -t is given twice. This makes it more useful
when generating a list of files that should be packaged for a
linker bug report.
* The GOLD linker has improved warning messages for relocations that
refer to discarded sections.
- Improve relro support on s390 [fate#326356]
- Handle ELF compressed header alignment correctly.
ModerateSUSE bug 1109412SUSE bug 1109413SUSE bug 1109414SUSE bug 1111996SUSE bug 1112534SUSE bug 1112535SUSE bug 1113247SUSE bug 1113252SUSE bug 1113255SUSE bug 1116827SUSE bug 1118830SUSE bug 1118831SUSE bug 1120640SUSE bug 1121034SUSE bug 1121035SUSE bug 1121056SUSE bug 1133131SUSE bug 1133232SUSE bug 1141913SUSE bug 1142772CVE-2018-1000876 at SUSECVE-2018-1000876 at NVDCVE-2018-17358 at SUSECVE-2018-17358 at NVDCVE-2018-17359 at SUSECVE-2018-17359 at NVDCVE-2018-17360 at SUSECVE-2018-17360 at NVDCVE-2018-17985 at SUSECVE-2018-17985 at NVDCVE-2018-18309 at SUSECVE-2018-18309 at NVDCVE-2018-18483 at SUSECVE-2018-18483 at NVDCVE-2018-18484 at SUSECVE-2018-18484 at NVDCVE-2018-18605 at SUSECVE-2018-18605 at NVDCVE-2018-18606 at SUSECVE-2018-18606 at NVDCVE-2018-18607 at SUSECVE-2018-18607 at NVDCVE-2018-19931 at SUSECVE-2018-19931 at NVDCVE-2018-19932 at SUSECVE-2018-19932 at NVDCVE-2018-20623 at SUSECVE-2018-20623 at NVDCVE-2018-20651 at SUSECVE-2018-20651 at NVDCVE-2018-20671 at SUSECVE-2018-20671 at NVDCVE-2019-1010180 at SUSECVE-2019-1010180 at NVDcpe:/o:suse:sles:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4
This update for sudo fixes the following issues:
Security issue fixed:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
ImportantSUSE bug 1153674CVE-2019-14287 at SUSECVE-2019-14287 at NVDcpe:/o:suse:sles:12:sp4Security update for libpcap (Important)SUSE Linux Enterprise Server 12 SP4
This update for libpcap fixes the following issues:
- CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332).
ImportantSUSE bug 1153332CVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:sles:12:sp4Recommended update for e2fsprogs (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for e2fsprogs fixes the following issues:
Security issue fixed:
- CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101)
Non-security issue fixed:
- libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716)
ModerateSUSE bug 1145716SUSE bug 1152101CVE-2019-5094 at SUSECVE-2019-5094 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb-100 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb-100 fixes the following issues:
Updated to MariaDB 10.0.40-1.
Security issues fixed:
- CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737,
CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798).
ModerateSUSE bug 1132826SUSE bug 1141798CVE-2019-2614 at SUSECVE-2019-2614 at NVDCVE-2019-2627 at SUSECVE-2019-2627 at NVDCVE-2019-2737 at SUSECVE-2019-2737 at NVDCVE-2019-2739 at SUSECVE-2019-2739 at NVDCVE-2019-2740 at SUSECVE-2019-2740 at NVDCVE-2019-2805 at SUSECVE-2019-2805 at NVDcpe:/o:suse:sles:12:sp4Security update for python-xdg (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python-xdg fixes the following issues:
Security issue fixed:
- CVE-2014-1624: Fixed a TOCTOU race condition in get_runtime_dir(). (bsc#859835)
ModerateSUSE bug 859835CVE-2014-1624 at SUSECVE-2014-1624 at NVDcpe:/o:suse:sles:12:sp4Security update for dhcp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for dhcp fixes the following issues:
Secuirty issue fixed:
- CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078).
Bug fixes:
- Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524).
- Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572).
ModerateSUSE bug 1089524SUSE bug 1134078SUSE bug 1136572CVE-2019-6470 at SUSECVE-2019-6470 at NVDcpe:/o:suse:sles:12:sp4Security update for libcaca (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libcaca fixes the following issues:
Security issues fixed:
- CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502)
- CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584)
- CVE-2018-20546: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for bpp (bsc#1120503)
- CVE-2018-20547: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for 24bpp (bsc#1120504)
- CVE-2018-20548: Fixed a WRITE memory access in the load_image function at common-image.c for 1bpp (bsc#1120589)
- CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read function at caca/file.c (bsc#1120470)
ModerateSUSE bug 1120470SUSE bug 1120502SUSE bug 1120503SUSE bug 1120504SUSE bug 1120584SUSE bug 1120589CVE-2018-20544 at SUSECVE-2018-20544 at NVDCVE-2018-20545 at SUSECVE-2018-20545 at NVDCVE-2018-20546 at SUSECVE-2018-20546 at NVDCVE-2018-20547 at SUSECVE-2018-20547 at NVDCVE-2018-20548 at SUSECVE-2018-20548 at NVDCVE-2018-20549 at SUSECVE-2018-20549 at NVDcpe:/o:suse:sles:12:sp4Security update for python (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python fixes the following issues:
Security issue fixed:
- CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955).
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
ModerateSUSE bug 1149955SUSE bug 1153238CVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDcpe:/o:suse:sles:12:sp4Security update for sysstat (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sysstat fixes the following issue:
- CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114)
ModerateSUSE bug 1150114CVE-2019-16167 at SUSECVE-2019-16167 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
ImportantSUSE bug 1027519SUSE bug 1111331SUSE bug 1126140SUSE bug 1126141SUSE bug 1126192SUSE bug 1126195SUSE bug 1126196SUSE bug 1126197SUSE bug 1126198SUSE bug 1126201SUSE bug 1127400SUSE bug 1129642SUSE bug 1131811SUSE bug 1137717SUSE bug 1138294SUSE bug 1143797SUSE bug 1145240SUSE bug 1145774SUSE bug 1146874SUSE bug 1149813CVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-17340 at SUSECVE-2019-17340 at NVDCVE-2019-17341 at SUSECVE-2019-17341 at NVDCVE-2019-17342 at SUSECVE-2019-17342 at NVDCVE-2019-17343 at SUSECVE-2019-17343 at NVDCVE-2019-17344 at SUSECVE-2019-17344 at NVDCVE-2019-17345 at SUSECVE-2019-17345 at NVDCVE-2019-17346 at SUSECVE-2019-17346 at NVDCVE-2019-17347 at SUSECVE-2019-17347 at NVDCVE-2019-17348 at SUSECVE-2019-17348 at NVDcpe:/o:suse:sles:12:sp4Security update for accountsservice (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for accountsservice fixes the following issues:
Security issue fixed:
- CVE-2018-14036: Prevent directory traversal caused by an insufficient path
check in user_change_icon_file_authorized_cb() (bsc#1099699).
Non-security issue fixed:
- Improved wtmp io performance (bsc#1139487).
ModerateSUSE bug 1099699SUSE bug 1139487CVE-2018-14036 at SUSECVE-2018-14036 at NVDcpe:/o:suse:sles:12:sp4Security update for nfs-utils (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for nfs-utils fixes the following issues:
- CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733)
ModerateSUSE bug 1150733CVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:sles:12:sp4Security update for ImageMagick (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213)
- CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212)
- CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211)
- CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068)
- CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781).
- CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782).
- CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783).
- CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784).
- CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785).
- CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786).
ModerateSUSE bug 1146068SUSE bug 1146211SUSE bug 1146212SUSE bug 1146213SUSE bug 1151781SUSE bug 1151782SUSE bug 1151783SUSE bug 1151784SUSE bug 1151785SUSE bug 1151786CVE-2019-14980 at SUSECVE-2019-14980 at NVDCVE-2019-15139 at SUSECVE-2019-15139 at NVDCVE-2019-15140 at SUSECVE-2019-15140 at NVDCVE-2019-15141 at SUSECVE-2019-15141 at NVDCVE-2019-16708 at SUSECVE-2019-16708 at NVDCVE-2019-16709 at SUSECVE-2019-16709 at NVDCVE-2019-16710 at SUSECVE-2019-16710 at NVDCVE-2019-16711 at SUSECVE-2019-16711 at NVDCVE-2019-16712 at SUSECVE-2019-16712 at NVDCVE-2019-16713 at SUSECVE-2019-16713 at NVDcpe:/o:suse:sles:12:sp4Security update for python3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python3 fixes the following issues:
- CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)
- CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. (bsc#1141853)
ModerateSUSE bug 1141853SUSE bug 1149955CVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDcpe:/o:suse:sles:12:sp4Recommended update for rsyslog (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for rsyslog fixes the following issues:
Security issues fixed:
- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).
Non-security issue fixed:
- imudp: fix segfault in ratelimit code (bsc#1149094)
ModerateSUSE bug 1149094SUSE bug 1153451SUSE bug 1153459CVE-2019-17041 at SUSECVE-2019-17041 at NVDCVE-2019-17042 at SUSECVE-2019-17042 at NVDcpe:/o:suse:sles:12:sp4Security update for libunwind (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libunwind fixes the following issues:
Security issues fixed:
- CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786)
Non-security issues fixed:
- Fixed a dependency issue with libzmq5 (bsc#1122012)
- Fixed build on armv7 (bsc#976955)
ModerateSUSE bug 1122012SUSE bug 936786SUSE bug 976955CVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox to 68.2.0 ESR fixes the following issues:
Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738).
Security issues fixed:
- CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).
- CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).
- CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).
- CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).
- CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).
- CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).
- CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
- CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
- CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).
Non-security issues fixed:
- Firefox 60.7 ESR changed the user interface language (bsc#1137990).
- Wrong Firefox GUI Language (bsc#1120374).
- Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235).
- Firefox hangs randomly when browsing and scrolling (bsc#1043008).
- Firefox stops loading page until mouse is moved (bsc#1025108).
ImportantSUSE bug 1010399SUSE bug 1010405SUSE bug 1010406SUSE bug 1010408SUSE bug 1010409SUSE bug 1010421SUSE bug 1010423SUSE bug 1010424SUSE bug 1010425SUSE bug 1010426SUSE bug 1025108SUSE bug 1043008SUSE bug 1047281SUSE bug 1074235SUSE bug 1092611SUSE bug 1120374SUSE bug 1137990SUSE bug 1149429SUSE bug 1154738SUSE bug 959933SUSE bug 983922CVE-2016-2830 at SUSECVE-2016-2830 at NVDCVE-2016-5289 at SUSECVE-2016-5289 at NVDCVE-2016-5292 at SUSECVE-2016-5292 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2016-9067 at SUSECVE-2016-9067 at NVDCVE-2016-9068 at SUSECVE-2016-9068 at NVDCVE-2016-9069 at SUSECVE-2016-9069 at NVDCVE-2016-9071 at SUSECVE-2016-9071 at NVDCVE-2016-9073 at SUSECVE-2016-9073 at NVDCVE-2016-9075 at SUSECVE-2016-9075 at NVDCVE-2016-9076 at SUSECVE-2016-9076 at NVDCVE-2016-9077 at SUSECVE-2016-9077 at NVDCVE-2017-7789 at SUSECVE-2017-7789 at NVDCVE-2018-5150 at SUSECVE-2018-5150 at NVDCVE-2018-5151 at SUSECVE-2018-5151 at NVDCVE-2018-5152 at SUSECVE-2018-5152 at NVDCVE-2018-5153 at SUSECVE-2018-5153 at NVDCVE-2018-5154 at SUSECVE-2018-5154 at NVDCVE-2018-5155 at SUSECVE-2018-5155 at NVDCVE-2018-5157 at SUSECVE-2018-5157 at NVDCVE-2018-5158 at SUSECVE-2018-5158 at NVDCVE-2018-5159 at SUSECVE-2018-5159 at NVDCVE-2018-5160 at SUSECVE-2018-5160 at NVDCVE-2018-5163 at SUSECVE-2018-5163 at NVDCVE-2018-5164 at SUSECVE-2018-5164 at NVDCVE-2018-5165 at SUSECVE-2018-5165 at NVDCVE-2018-5166 at SUSECVE-2018-5166 at NVDCVE-2018-5167 at SUSECVE-2018-5167 at NVDCVE-2018-5168 at SUSECVE-2018-5168 at NVDCVE-2018-5169 at SUSECVE-2018-5169 at NVDCVE-2018-5172 at SUSECVE-2018-5172 at NVDCVE-2018-5173 at SUSECVE-2018-5173 at NVDCVE-2018-5174 at SUSECVE-2018-5174 at NVDCVE-2018-5175 at SUSECVE-2018-5175 at NVDCVE-2018-5176 at SUSECVE-2018-5176 at NVDCVE-2018-5177 at SUSECVE-2018-5177 at NVDCVE-2018-5178 at SUSECVE-2018-5178 at NVDCVE-2018-5179 at SUSECVE-2018-5179 at NVDCVE-2018-5180 at SUSECVE-2018-5180 at NVDCVE-2018-5181 at SUSECVE-2018-5181 at NVDCVE-2018-5182 at SUSECVE-2018-5182 at NVDCVE-2018-5183 at SUSECVE-2018-5183 at NVDCVE-2019-11757 at SUSECVE-2019-11757 at NVDCVE-2019-11758 at SUSECVE-2019-11758 at NVDCVE-2019-11759 at SUSECVE-2019-11759 at NVDCVE-2019-11760 at SUSECVE-2019-11760 at NVDCVE-2019-11761 at SUSECVE-2019-11761 at NVDCVE-2019-11762 at SUSECVE-2019-11762 at NVDCVE-2019-11763 at SUSECVE-2019-11763 at NVDCVE-2019-11764 at SUSECVE-2019-11764 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).
- CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).
- CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).
- CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).
- CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465).
- CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452).
- CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788).
- CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).
- CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372).
The following non-security bugs were fixed:
- 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).
- ACPI / CPPC: do not require the _PSD method (bsc#1051510).
- ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).
- ACPI: custom_method: fix memory leaks (bsc#1051510).
- ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510).
- ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).
- ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510).
- act_mirred: Fix mirred_init_module error handling (bsc#1051510).
- Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file.
- alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).
- ALSA: aoa: onyx: always initialize register read value (bsc#1051510).
- ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510).
- ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510).
- ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).
- ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).
- ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).
- ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).
- ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).
- ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).
- ALSA: hda: Flush interrupts on disabling (bsc#1051510).
- ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).
- ALSA: hda - Inform too slow responses (bsc#1051510).
- ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).
- ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).
- ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).
- ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).
- ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).
- ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).
- ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).
- ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510).
- ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).
- ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).
- ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).
- ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).
- appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).
- ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).
- ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510).
- ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510).
- ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).
- ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).
- ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).
- ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510).
- ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510).
- ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510).
- ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510).
- atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08).
- auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).
- ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510).
- blk-flush: do not run queue for requests bypassing flush (bsc#1137959).
- blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959).
- blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959).
- blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610).
- blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959).
- blk-mq: kABI fixes for blk-mq.h (bsc#1137959).
- blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959).
- blk-mq: punt failed direct issue to dispatch list (bsc#1137959).
- blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959).
- blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959).
- blk-wbt: abstract out end IO completion handler (bsc#1135873).
- blk-wbt: fix has-sleeper queueing check (bsc#1135873).
- blk-wbt: improve waking of tasks (bsc#1135873).
- blk-wbt: move disable check into get_limit() (bsc#1135873).
- blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).
- block: add io timeout to sysfs (bsc#1148410).
- block: do not show io_timeout if driver has no timeout handler (bsc#1148410).
- block: fix timeout changes for legacy request drivers (bsc#1149446).
- block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076).
- block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076).
- Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).
- bnx2x: Disable multi-cos feature (networking-stable-19_08_08).
- bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).
- bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).
- bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).
- btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).
- btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).
- btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).
- btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).
- btrfs: fix use-after-free when using the tree modification log (bsc#1151891).
- btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975).
- btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974).
- btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972).
- btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).
- can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510).
- can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510).
- cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15).
- cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510).
- ceph: fix directories inode i_blkbits initialization (bsc#1153717).
- ceph: reconnect connection if session hang in opening state (bsc#1153718).
- ceph: update the mtime when truncating up (bsc#1153719).
- ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133).
- cfg80211: add and use strongly typed element iteration macros (bsc#1051510).
- cfg80211: Purge frame registrations on iftype change (bsc#1051510).
- clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510).
- clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510).
- clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).
- clk: sirf: Do not reference clk_init_data after registration (bsc#1051510).
- clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510).
- clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510).
- clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510).
- crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510).
- crypto: caam - free resources in case caam_rng registration failed (bsc#1051510).
- crypto: cavium/zip - Add missing single_release() (bsc#1051510).
- crypto: ccp - Reduce maximum stack usage (bsc#1051510).
- crypto: qat - Silence smp_processor_id() warning (bsc#1051510).
- crypto: skcipher - Unmap pages after an external error (bsc#1051510).
- crypto: talitos - fix missing break in switch statement (bsc#1142635).
- cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129).
- cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129).
- cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513).
- cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).
- cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129).
- dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080).
- /dev/mem: Bail out upon SIGKILL (git-fixes).
- dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510).
- dmaengine: iop-adma.c: fix printk format warning (bsc#1051510).
- drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510).
- drm/amdgpu: Check for valid number of registers to read (bsc#1051510).
- drm/amdgpu/si: fix ASIC tests (git-fixes).
- drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510).
- drm/ast: Fixed reboot test may cause system hanged (bsc#1051510).
- drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510).
- drm: Flush output polling on shutdown (bsc#1051510).
- drm/i915: Fix various tracepoints for gen2 (bsc#1113722)
- drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722)
- drm/msm/dsi: Implement reset correctly (bsc#1051510).
- drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510).
- drm/radeon: Fix EEH during kexec (bsc#1051510).
- drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510).
- drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510).
- Drop multiversion(kernel) from the KMP template (bsc#1127155).
- e1000e: add workaround for possible stalled packet (bsc#1051510).
- EDAC/amd64: Decode syndrome before translating address (bsc#1114279).
- eeprom: at24: make spd world-readable again (git-fixes).
- ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025).
- ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024).
- firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes).
- Fix AMD IOMMU kABI (bsc#1154610).
- Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).
- Fix KVM kABI after x86 mmu backports (bsc#1117665).
- gpio: fix line flag validation in lineevent_create (bsc#1051510).
- gpio: fix line flag validation in linehandle_create (bsc#1051510).
- gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510).
- gpiolib: only check line handle flags once (bsc#1051510).
- gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510).
- gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510).
- HID: apple: Fix stuck function keys when using FN (bsc#1051510).
- HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510).
- HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510).
- HID: prodikeys: Fix general protection fault during probe (bsc#1051510).
- HID: sony: Fix memory corruption issue on cleanup (bsc#1051510).
- hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510).
- hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510).
- hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510).
- hwrng: core - do not wait on add_early_randomness() (git-fixes).
- i2c: riic: Clear NACK in tend isr (bsc#1051510).
- IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108)
- IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449).
- IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205).
- IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205).
- IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305).
- ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510).
- ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- ife: error out when nla attributes are empty (networking-stable-19_08_08).
- iio: adc: ad799x: fix probe error handling (bsc#1051510).
- iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510).
- iio: light: opt3001: fix mutex unlock race (bsc#1051510).
- ima: always return negative code for error (bsc#1051510).
- Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510).
- Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510).
- iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799).
- iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608).
- iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799).
- iommu/amd: Remove domain->updated (bsc#1154610).
- iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611).
- iommu/dma: Fix for dereferencing before null checking (bsc#1151667).
- iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671).
- ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08).
- ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510).
- ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).
- ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).
- isdn/capi: check message length in capi_write() (bsc#1051510).
- ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674).
- ixgbe: sync the first fragment unconditionally (bsc#1133140).
- kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI
- kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI
- kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).
- kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code.
- kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510).
- kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case.
- kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875).
- KVM: Convert kvm_lock to a mutex (bsc#1117665).
- KVM: MMU: drop vcpu param in gpte_access (bsc#1117665).
- KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840).
- KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840).
- KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840).
- KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840).
- KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840).
- KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840).
- KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840).
- KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840).
- KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840).
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665).
- KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665).
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665).
- KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665).
- KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665).
- KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665).
- KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665).
- leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510).
- leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).
- libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510).
- libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510).
- libiscsi: do not try to bypass SCSI EH (bsc#1142076).
- lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).
- livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995).
- mac80211: accept deauth frames in IBSS mode (bsc#1051510).
- mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510).
- macsec: drop skb sk before calling gro_cells_receive (bsc#1051510).
- md: do not report active array_state until after revalidate_disk() completes (git-fixes).
- md: only call set_in_sync() when it is expected to succeed (git-fixes).
- md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes).
- media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642).
- media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510).
- media: cpia2_usb: fix memory leaks (bsc#1051510).
- media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510).
- media: dvb-core: fix a memory leak bug (bsc#1051510).
- media: em28xx: fix handler for vidioc_s_input() (bsc#1051510).
- media: em28xx: stop rewriting device's struct (bsc#1051510).
- media: exynos4-is: fix leaked of_node references (bsc#1051510).
- media: fdp1: Reduce FCP not found message level to debug (bsc#1051510).
- media: gspca: zero usb_buf on error (bsc#1051510).
- media: hdpvr: Add device num check and handling (bsc#1051510).
- media: hdpvr: add terminating 0 at end of string (bsc#1051510).
- media: i2c: ov5645: Fix power sequence (bsc#1051510).
- media: iguanair: add sanity checks (bsc#1051510).
- media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510).
- media: mc-device.c: do not memset __user pointer contents (bsc#1051510).
- media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510).
- media: omap3isp: Set device on omap3isp subdevs (bsc#1051510).
- media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510).
- media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510).
- media: ov9650: add a sanity check (bsc#1051510).
- media: radio/si470x: kill urb on error (bsc#1051510).
- media: replace strcpy() by strscpy() (bsc#1051510).
- media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510).
- media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).
- media: saa7146: add cleanup in hexium_attach() (bsc#1051510).
- media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510).
- media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510).
- media: technisat-usb2: break out of loop at end of buffer (bsc#1051510).
- media: tm6000: double free if usb disconnect while streaming (bsc#1051510).
- media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510).
- media: vb2: Fix videobuf2 to map correct area (bsc#1051510).
- memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510).
- mfd: intel-lpss: Remove D3cold delay (bsc#1051510).
- mic: avoid statically declaring a 'struct device' (bsc#1051510).
- mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05).
- mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510).
- mmc: sdhci: improve ADMA error reporting (bsc#1051510).
- mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635).
- mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086).
- mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510).
- mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510).
- mvpp2: refactor MTU change code (networking-stable-19_08_08).
- net: bridge: delete local fdb on device init failure (networking-stable-19_08_08).
- net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08).
- net: fix ifindex collision during namespace removal (networking-stable-19_08_08).
- net: Fix null de-reference of device refcount (networking-stable-19_09_15).
- net: fix skb use after free in netpoll (networking-stable-19_09_05).
- net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15).
- net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).
- net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432).
- net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432).
- net/mlx4_en: fix a memory leak bug (bsc#1046299).
- net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ).
- net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21).
- net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08).
- net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21).
- net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ).
- net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08).
- net/packet: fix race in tpacket_snd() (networking-stable-19_08_21).
- net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).
- net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08).
- net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28).
- net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05).
- nfc: fix attrs checks in netlink interface (bsc#1051510).
- nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).
- nfc: pn533: fix use-after-free and memleaks (bsc#1051510).
- NFS4: Fix v4.0 client state corruption when mount (git-fixes).
- nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381).
- nfsd: Do not release the callback slot unless it was actually held (git-fixes).
- nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381).
- nfsd: fix performance-limiting session calculation (bsc#1150381).
- nfsd: give out fewer session slots as limit approaches (bsc#1150381).
- nfsd: handle drc over-allocation gracefully (bsc#1150381).
- nfsd: increase DRC cache limit (bsc#1150381).
- NFS: Do not interrupt file writeout due to fatal errors (git-fixes).
- NFS: Do not open code clearing of delegation state (git-fixes).
- NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes).
- NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes).
- NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes).
- NFS: Refactor nfs_lookup_revalidate() (git-fixes).
- NFS: Remove redundant semicolon (git-fixes).
- NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes).
- NFSv4.1: Fix open stateid recovery (git-fixes).
- NFSv4.1: Only reap expired delegations (git-fixes).
- NFSv4: Check the return value of update_open_stateid() (git-fixes).
- NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).
- NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes).
- NFSv4: Fix delegation state recovery (git-fixes).
- NFSv4: Fix lookup revalidate of regular files (git-fixes).
- NFSv4: Fix OPEN / CLOSE race (git-fixes).
- NFSv4: Handle the special Linux file open access mode (git-fixes).
- NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes).
- NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- null_blk: complete requests from ->timeout (bsc#1149446).
- null_blk: wire up timeouts (bsc#1149446).
- nvme: fix multipath crash when ANA is deactivated (bsc#1149446).
- nvmem: Use the same permissions for eeprom as for nvmem (git-fixes).
- nvme-rdma: Allow DELETING state change failure in (bsc#1104967,).
- nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076).
- nvme-rdma: centralize controller setup sequence (bsc#1142076).
- nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).
- nvme-rdma: fix timeout handler (bsc#1149446).
- nvme-rdma: stop admin queue before freeing it (bsc#1140155).
- nvme-rdma: support up to 4 segments of inline data (bsc#1142076).
- nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076).
- nvme: remove ns sibling before clearing path (bsc#1140155).
- nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).
- objtool: Clobber user CFLAGS variable (bsc#1153236).
- PCI: Correct pci=resource_alignment parameter example (bsc#1051510).
- PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).
- PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423).
- PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263).
- PCI: PM: Fix pci_power_up() (bsc#1051510).
- phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510).
- pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510).
- platform/x86: classmate-laptop: remove unused variable (bsc#1051510).
- platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510).
- platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510).
- PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510).
- PNFS fallback to MDS if no deviceid found (git-fixes).
- pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes).
- pNFS/flexfiles: Turn off soft RPC calls (git-fixes).
- powerpc/64: Make sys_switch_endian() traceable (bsc#1065729).
- powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186).
- powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729).
- powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729).
- powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664).
- powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664).
- powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186).
- powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664).
- powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186).
- powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).
- powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664).
- powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664).
- powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729).
- powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729).
- powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729).
- powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729).
- powerpc/irq: drop arch_early_irq_init() (bsc#1065729).
- powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186).
- powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664).
- powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186).
- powerpc/mm: Properly invalidate when setting process table base (bsc#1055186).
- powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664).
- powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664).
- powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186).
- powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186).
- powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729).
- powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729).
- powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729).
- powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729).
- powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840).
- powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840).
- powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729).
- powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729).
- powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158).
- powerpc/pseries: Export maximum memory value (bsc#1122363).
- powerpc/pseries: Export raw per-CPU VPA data via debugfs ().
- powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729).
- powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729).
- powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778).
- powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158).
- powerpc/pseries: Remove confusing warning message (bsc#1109158).
- powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868).
- powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778).
- powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729).
- powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729).
- powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729).
- power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510).
- power: supply: Init device wakeup after device_add() (bsc#1051510).
- power: supply: sysfs: ratelimit property read error message (bsc#1051510).
- ppp: Fix memory leak in ppp_write (git-fixes).
- printk: Do not lose last line in kmsg buffer dump (bsc#1152460).
- printk: fix printk_time race (bsc#1152466).
- printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712).
- qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545).
- qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545).
- qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545).
- qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545).
- qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).
- qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988).
- quota: fix wrong condition in is_quota_modification() (bsc#1152026).
- r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510).
- RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244).
- RDMA: Fix goto target to release the allocated memory (bsc#1050244).
- regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510).
- Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510).
- Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge.
- rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635).
- s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091).
- sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15).
- scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845).
- scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883).
- scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).
- scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291).
- scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291).
- scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs.
- scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313).
- scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729).
- scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988).
- scsi_transport_fc: complete requests from ->timeout (bsc#1142076).
- sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).
- sctp: fix the transport error_count check (networking-stable-19_08_21).
- sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15).
- secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned.
- Sign non-x86 kernels when possible (boo#1134303)
- sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510).
- slip: make slhc_free() silently accept an error pointer (bsc#1051510).
- slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510).
- sock_diag: fix autoloading of the raw_diag module (bsc#1152791).
- sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791).
- staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510).
- SUNRPC fix regression in umount of a secure mount (git-fixes).
- SUNRPC: Handle connection breakages correctly in call_status() (git-fixes).
- SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes).
- tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes).
- tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).
- tcp: inherit timestamp on mtu probe (networking-stable-19_09_05).
- tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28).
- tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05).
- team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).
- thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510).
- thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).
- tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15).
- tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555).
- tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508).
- tun: fix use-after-free when register netdev failed (networking-stable-19_09_15).
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).
- usb: adutux: fix NULL-derefs on disconnect (bsc#1142635).
- usb: adutux: fix use-after-free on disconnect (bsc#1142635).
- usb: adutux: fix use-after-free on release (bsc#1051510).
- usb: chaoskey: fix use-after-free on release (bsc#1051510).
- usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510).
- usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510).
- usb: iowarrior: fix use-after-free on disconnect (bsc#1051510).
- usb: iowarrior: fix use-after-free on release (bsc#1051510).
- usb: legousbtower: fix deadlock on disconnect (bsc#1142635).
- usb: legousbtower: fix open after failed reset request (bsc#1142635).
- usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635).
- usb: legousbtower: fix slab info leak at probe (bsc#1142635).
- usb: legousbtower: fix use-after-free on release (bsc#1051510).
- usb: microtek: fix info-leak at probe (bsc#1142635).
- usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510).
- usbnet: sanity checking of packet sizes and device mtu (bsc#1051510).
- usb: serial: fix runtime PM after driver unbind (bsc#1051510).
- usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510).
- usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510).
- usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510).
- usb: serial: option: add Telit FN980 compositions (bsc#1051510).
- usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510).
- usb: usblcd: fix I/O after disconnect (bsc#1142635).
- usb: usblp: fix runtime PM after driver unbind (bsc#1051510).
- usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510).
- usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510).
- usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510).
- usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510).
- usb: yurex: Do not retry on unexpected errors (bsc#1051510).
- usb: yurex: fix NULL-derefs on disconnect (bsc#1051510).
- vfio_pci: Restore original state on release (bsc#1051510).
- vhost_net: conditionally enable tx polling (bsc#1145099).
- vhost_net: conditionally enable tx polling (bsc#1145099).
- video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510).
- video: ssd1307fb: Start page range at page_offset (bsc#1113722)
- watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510).
- x86/asm: Fix MWAITX C-state hint value (bsc#1114279).
- x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279).
- x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955).
- x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279).
- x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279).
- xen/netback: fix error path of xenvif_connect_data() (bsc#1065600).
- xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21).
- xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600).
- xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600).
- xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).
- xen/xenbus: fix self-deadlock after killing user process (bsc#1065600).
- xhci: Check all endpoints for LPM timeout (bsc#1051510).
- xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510).
- xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510).
- xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510).
ImportantSUSE bug 1046299SUSE bug 1046303SUSE bug 1046305SUSE bug 1050244SUSE bug 1050536SUSE bug 1050545SUSE bug 1051510SUSE bug 1054914SUSE bug 1055117SUSE bug 1055186SUSE bug 1061840SUSE bug 1064802SUSE bug 1065600SUSE bug 1065729SUSE bug 1066129SUSE bug 1071995SUSE bug 1073513SUSE bug 1082555SUSE bug 1086323SUSE bug 1087092SUSE bug 1089644SUSE bug 1093205SUSE bug 1097583SUSE bug 1097584SUSE bug 1097585SUSE bug 1097586SUSE bug 1097587SUSE bug 1097588SUSE bug 1098291SUSE bug 1101674SUSE bug 1104967SUSE bug 1109158SUSE bug 1113722SUSE bug 1114279SUSE bug 1117665SUSE bug 1119086SUSE bug 1122363SUSE bug 1123034SUSE bug 1123080SUSE bug 1127155SUSE bug 1127988SUSE bug 1131304SUSE bug 1133140SUSE bug 1134303SUSE bug 1135642SUSE bug 1135854SUSE bug 1135873SUSE bug 1137799SUSE bug 1137861SUSE bug 1137865SUSE bug 1137959SUSE bug 1140155SUSE bug 1140729SUSE bug 1140845SUSE bug 1140883SUSE bug 1141600SUSE bug 1142076SUSE bug 1142635SUSE bug 1142667SUSE bug 1144375SUSE bug 1144449SUSE bug 1145099SUSE bug 1146042SUSE bug 1146519SUSE bug 1146540SUSE bug 1146664SUSE bug 1148133SUSE bug 1148410SUSE bug 1148712SUSE bug 1148868SUSE bug 1149313SUSE bug 1149446SUSE bug 1149555SUSE bug 1149651SUSE bug 1150381SUSE bug 1150423SUSE bug 1150452SUSE bug 1150465SUSE bug 1150875SUSE bug 1151350SUSE bug 1151508SUSE bug 1151610SUSE bug 1151667SUSE bug 1151671SUSE bug 1151680SUSE bug 1151891SUSE bug 1151955SUSE bug 1152024SUSE bug 1152025SUSE bug 1152026SUSE bug 1152161SUSE bug 1152325SUSE bug 1152457SUSE bug 1152460SUSE bug 1152466SUSE bug 1152788SUSE bug 1152791SUSE bug 1152972SUSE bug 1152974SUSE bug 1152975SUSE bug 1153112SUSE bug 1153158SUSE bug 1153236SUSE bug 1153263SUSE bug 1153646SUSE bug 1153713SUSE bug 1153717SUSE bug 1153718SUSE bug 1153719SUSE bug 1153811SUSE bug 1154108SUSE bug 1154189SUSE bug 1154354SUSE bug 1154372SUSE bug 1154578SUSE bug 1154607SUSE bug 1154608SUSE bug 1154610SUSE bug 1154611SUSE bug 1154651SUSE bug 1154747CVE-2017-18595 at SUSECVE-2017-18595 at NVDCVE-2019-14821 at SUSECVE-2019-14821 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17056 at SUSECVE-2019-17056 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-9506 at SUSECVE-2019-9506 at NVDcpe:/o:suse:sles:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4
This update for samba fixes the following issues:
- CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902).
ImportantSUSE bug 1144902CVE-2019-10218 at SUSECVE-2019-10218 at NVDcpe:/o:suse:sles:12:sp4Security update for bluez (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for bluez fixes the following issue:
- CVE-2016-9798: Fixed a use-after-free in conf_opt (bsc#1013712).
ModerateSUSE bug 1013712CVE-2016-9798 at SUSECVE-2016-9798 at NVDcpe:/o:suse:sles:12:sp4Security update for gdb (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gdb fixes the following issues:
Update to gdb 8.3.1: (jsc#ECO-368)
Security issues fixed:
- CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772)
Upgrade libipt from v2.0 to v2.0.1.
- Enable librpm for version > librpm.so.3 [bsc#1145692]:
* Allow any librpm.so.x
* Add %build test to check for 'zypper install <rpm-packagename>'
message
- Copy gdbinit from fedora master @ 25caf28. Add
gdbinit.without-python, and use it for --without=python.
Rebase to 8.3 release (as in fedora 30 @ 1e222a3).
* DWARF index cache: GDB can now automatically save indices of DWARF
symbols on disk to speed up further loading of the same binaries.
* Ada task switching is now supported on aarch64-elf targets when
debugging a program using the Ravenscar Profile.
* Terminal styling is now available for the CLI and the TUI.
* Removed support for old demangling styles arm, edg, gnu, hp and
lucid.
* Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*).
- Implemented access to more POWER8 registers. [fate#326120, fate#325178]
- Also handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368]
ModerateSUSE bug 1115034SUSE bug 1142772SUSE bug 1145692CVE-2019-1010180 at SUSECVE-2019-1010180 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2-mod_auth_openidc (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes (bsc#1153666).
ImportantSUSE bug 1153666CVE-2019-14857 at SUSECVE-2019-14857 at NVDcpe:/o:suse:sles:12:sp4Security update for libssh2_org (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libssh2_org fixes the following issue:
- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).
ModerateSUSE bug 1154862CVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:sles:12:sp4Security update for libseccomp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libseccomp fixes the following issues:
Update to new upstream release 2.4.1:
* Fix a BPF generation bug where the optimizer mistakenly
identified duplicate BPF code blocks.
Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):
* Update the syscall table for Linux v5.0-rc5
* Added support for the SCMP_ACT_KILL_PROCESS action
* Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
* Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
* Added support for the parisc and parisc64 architectures
* Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
* Return -EDOM on an endian mismatch when adding an architecture to a filter
* Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
* Fix PFC generation when a syscall is prioritized, but no rule exists
* Numerous fixes to the seccomp-bpf filter generation code
* Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
* Numerous tests added to the included test suite, coverage now at ~92%
* Update our Travis CI configuration to use Ubuntu 16.04
* Numerous documentation fixes and updates
Update to release 2.3.3:
* Updated the syscall table for Linux v4.15-rc7
Update to release 2.3.2:
* Achieved full compliance with the CII Best Practices program
* Added Travis CI builds to the GitHub repository
* Added code coverage reporting with the '--enable-code-coverage' configure
flag and added Coveralls to the GitHub repository
* Updated the syscall tables to match Linux v4.10-rc6+
* Support for building with Python v3.x
* Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
set to true
* Several small documentation fixes
- ignore make check error for ppc64/ppc64le, bypass bsc#1142614
ModerateSUSE bug 1082318SUSE bug 1128828SUSE bug 1142614CVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.
The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed.
More information can be found on https://www.suse.com/support/kb/doc/?id=7023735
CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the previously
described 'Microarchitectural Data Sampling' attack.
The Linux kernel was supplemented with the option to disable TSX operation
altogether (requiring CPU Microcode updates on older systems) and better
flushing of microarchitectural buffers (VERW).
The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251
Other security fixes:
- CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966)
- CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967)
- CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).
- CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).
The following non-security bugs were fixed:
- alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510).
- alsa: hda/realtek - Add support for ALC623 (bsc#1051510).
- alsa: hda/realtek - Add support for ALC711 (bsc#1051510).
- alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510).
- alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510).
- alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).
- alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510).
- arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30).
- asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).
- asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510).
- bpf: fix use after free in prog symbol exposure (bsc#1083647).
- btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178).
- btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179).
- btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).
- btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184).
- crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737).
- crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510).
- crypto: af_alg - consolidation of duplicate code (bsc#1154737).
- crypto: af_alg - fix race accessing cipher request (bsc#1154737).
- crypto: af_alg - remove locking in async callback (bsc#1154737).
- crypto: af_alg - update correct dst SGL entry (bsc#1051510).
- crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737).
- crypto: algif - return error code when no data was processed (bsc#1154737).
- crypto: algif_aead - copy AAD from src to dst (bsc#1154737).
- crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737).
- crypto: algif_aead - overhaul memory management (bsc#1154737).
- crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737).
- crypto: algif_skcipher - overhaul memory management (bsc#1154737).
- cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05).
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510).
- drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
- drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967)
- drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
- drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
- drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967)
- drm/i915/gtt: Disable read-only support under GVT (bsc#1135967)
- drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967)
- drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
- drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
- drm/i915: Allow parsing of unsized batches (bsc#1135967)
- drm/i915: Disable Secure Batches for gen6+
- drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
- drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967)
- drm/i915: Remove Master tables from cmdparser
- drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967)
- efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510).
- efi: cper: print AER info of PCIe fatal error (bsc#1051510).
- efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510).
- hid: fix error message in hid_open_report() (bsc#1051510).
- hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510).
- hso: fix NULL-deref on tty open (bsc#1051510).
- hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905).
- ib/core: Add mitigation for Spectre V1 (bsc#1155671)
- ieee802154: ca8210: prevent memory leak (bsc#1051510).
- input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510).
- integrity: prevent deadlock during digsig verification (bsc#1090631).
- ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05).
- ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05).
- kABI workaround for crypto/af_alg changes (bsc#1154737).
- kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967)
- ksm: cleanup stable_node chain collapse case (bnc#1144338).
- ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338).
- ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338).
- ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338).
- ksm: swap the two output parameters of chain/chain_prune (bnc#1144338).
- kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665).
- kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207).
- mac80211: Reject malformed SSID elements (bsc#1051510).
- mac80211: fix txq null pointer dereference (bsc#1051510).
- md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090).
- md/raid0: fix warning message for parameter default_layout (bsc#1140090).
- net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30).
- net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05).
- net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848).
- net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848).
- net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30).
- net/smc: fix SMCD link group creation with VLAN id (bsc#1154959).
- net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612).
- net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05).
- net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes).
- net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05).
- net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30).
- net_sched: add policy validation for action attributes (networking-stable-19_09_30).
- net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes).
- netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
- nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
- nl80211: fix null pointer dereference (bsc#1051510).
- openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30).
- qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05).
- r8152: Set macpassthru in reset_resume callback (bsc#1051510).
- rds: Fix warning (bsc#1154848).
- reiserfs: fix extended attributes on the root directory (bsc#1151225).
- rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119).
- s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476).
- sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05).
- sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05).
- sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30).
- sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
- scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040).
- scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233).
- scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034).
- skge: fix checksum byte order (networking-stable-19_09_30).
- staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510).
- supporte.conf: add efivarfs to kernel-default-base (bsc#1154858).
- tipc: fix unlimited bundling of small messages (networking-stable-19_10_05).
- usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510).
- usb: ldusb: fix memleak on disconnect (bsc#1051510).
- usb: ldusb: fix read info leaks (bsc#1051510).
- usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510).
- usb: legousbtower: fix memleak on disconnect (bsc#1051510).
- usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510).
- usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510).
- usb: usblp: fix use-after-free on disconnect (bsc#1051510).
- vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220).
- vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05).
- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969).
- x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969).
- x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135).
ImportantSUSE bug 1051510SUSE bug 1082635SUSE bug 1083647SUSE bug 1090631SUSE bug 1096254SUSE bug 1117665SUSE bug 1119461SUSE bug 1119465SUSE bug 1123034SUSE bug 1135966SUSE bug 1135967SUSE bug 1137040SUSE bug 1138190SUSE bug 1139073SUSE bug 1140090SUSE bug 1143706SUSE bug 1144338SUSE bug 1144903SUSE bug 1146612SUSE bug 1149119SUSE bug 1150457SUSE bug 1151225SUSE bug 1152624SUSE bug 1153476SUSE bug 1153509SUSE bug 1153969SUSE bug 1154737SUSE bug 1154848SUSE bug 1154858SUSE bug 1154905SUSE bug 1154959SUSE bug 1155178SUSE bug 1155179SUSE bug 1155184SUSE bug 1155186SUSE bug 1155671CVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race
condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine
Exception during Page Size Change, causing the CPU core to be non-functional.
The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in
executable pages by splitting / merging huge pages into small pages as
More information can be found on https://www.suse.com/support/kb/doc/?id=7023735
(bnc#1117665 1152505 1155812 1155817 1155945)
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack.
The Linux kernel was supplemented with the option to disable TSX operation
altogether (requiring CPU Microcode updates on older systems) and better
flushing of microarchitectural buffers (VERW).
The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251
(bnc#1139073 1152497 1152505 1152506).
- CVE-2019-18805: There was a signed integer overflow in tcp_ack_update_rtt()
when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen,
leading to a denial of service or possibly unspecified other impact,
aka CID-19fad20d15a6 (bnc#1156187).
- CVE-2019-17055: The AF_NFC network module did not enforce CAP_NET_RAW, which
meant that unprivileged users could create a raw socket (bnc#1152782).
- CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port
failed to add a port, which may have caused denial of service (bsc#1152685).
- CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the
alloc_workqueue return value, leading to a NULL pointer dereference.
(bsc#1150457).
- CVE-2019-10220: Added sanity checks on the pathnames passed to the user
space. (bsc#1144903).
- CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).
- CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell
libertas driver (bsc#1150465).
- CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return
value, leading to a NULL pointer dereference. (bsc#1150452).
- CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE,
leading to a Buffer Overflow (bsc#1153158).
- CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which
meant that unprivileged users could create a raw socket (bsc#1152788).
The following non-security bugs were fixed:
- /dev/mem: Bail out upon SIGKILL (git-fixes).
- 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).
- ACPI / CPPC: do not require the _PSD method (bsc#1051510).
- ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).
- ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).
- act_mirred: Fix mirred_init_module error handling (bsc#1051510).
- Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file.
- alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).
- ALSA: bebob: Fix prototype of helper function to return negative value (bsc#1051510).
- ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).
- ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).
- ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).
- ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).
- ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).
- ALSA: hda - Inform too slow responses (bsc#1051510).
- ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).
- ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836).
- ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).
- ALSA: hda/realtek - Add support for ALC623 (bsc#1051510).
- ALSA: hda/realtek - Add support for ALC711 (bsc#1051510).
- ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).
- ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).
- ALSA: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510).
- ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).
- ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).
- ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).
- ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).
- ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).
- ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).
- ALSA: hda: Flush interrupts on disabling (bsc#1051510).
- ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).
- ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510).
- ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).
- ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510).
- ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).
- ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).
- ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).
- appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30).
- ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).
- ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).
- ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).
- ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).
- ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).
- ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510).
- ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).
- auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).
- ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- Blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667)
- blk-wbt: abstract out end IO completion handler (bsc#1135873).
- blk-wbt: fix has-sleeper queueing check (bsc#1135873).
- blk-wbt: improve waking of tasks (bsc#1135873).
- blk-wbt: move disable check into get_limit() (bsc#1135873).
- blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).
- block: add io timeout to sysfs (bsc#1148410).
- block: do not show io_timeout if driver has no timeout handler (bsc#1148410).
- Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).
- bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).
- bpf: fix use after free in prog symbol exposure (bsc#1083647).
- bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).
- Btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).
- btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178).
- Btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).
- btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).
- btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).
- btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179).
- btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).
- btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).
- btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184).
- can: dev: call netif_carrier_off() in register_candev() (bsc#1051510).
- can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510).
- can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510).
- cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15).
- cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510).
- ceph: fix directories inode i_blkbits initialization (bsc#1153717).
- ceph: reconnect connection if session hang in opening state (bsc#1153718).
- ceph: update the mtime when truncating up (bsc#1153719).
- cfg80211: add and use strongly typed element iteration macros (bsc#1051510).
- cfg80211: Purge frame registrations on iftype change (bsc#1051510).
- clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510).
- clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).
- clk: sirf: Do not reference clk_init_data after registration (bsc#1051510).
- clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510).
- crypto: af_alg - consolidation of duplicate code (bsc#1154737).
- crypto: af_alg - fix race accessing cipher request (bsc#1154737).
- crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737).
- crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510).
- crypto: af_alg - remove locking in async callback (bsc#1154737).
- crypto: af_alg - update correct dst SGL entry (bsc#1051510).
- crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737).
- crypto: algif - return error code when no data was processed (bsc#1154737).
- crypto: algif_aead - copy AAD from src to dst (bsc#1154737).
- crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737).
- crypto: algif_aead - overhaul memory management (bsc#1154737).
- crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737).
- crypto: algif_skcipher - overhaul memory management (bsc#1154737).
- crypto: talitos - fix missing break in switch statement (bsc#1142635).
- cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129).
- cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129).
- cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513).
- cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).
- cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129).
- cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05).
- dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510).
- dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510).
- drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510).
- drm/amdgpu/si: fix ASIC tests (git-fixes).
- drm/amdgpu: Check for valid number of registers to read (bsc#1051510).
- drm/ast: Fixed reboot test may cause system hanged (bsc#1051510).
- drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510).
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510).
- drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
- drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967)
- drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
- drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
- drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967)
- drm/i915/gtt: Disable read-only support under GVT (bsc#1135967)
- drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967)
- drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
- drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
- drm/i915: Allow parsing of unsized batches (bsc#1135967)
- drm/i915: Disable Secure Batches for gen6+
- drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
- drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967)
- drm/i915: Remove Master tables from cmdparser
- drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967)
- drm/msm/dsi: Implement reset correctly (bsc#1051510).
- drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510).
- drm/radeon: Fix EEH during kexec (bsc#1051510).
- drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510).
- drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510).
- drm: Flush output polling on shutdown (bsc#1051510).
- e1000e: add workaround for possible stalled packet (bsc#1051510).
- efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510).
- efi: cper: print AER info of PCIe fatal error (bsc#1051510).
- efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510).
- firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes).
- gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510).
- HID: apple: Fix stuck function keys when using FN (bsc#1051510).
- HID: fix error message in hid_open_report() (bsc#1051510).
- HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510).
- HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510).
- HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510).
- HID: prodikeys: Fix general protection fault during probe (bsc#1051510).
- HID: sony: Fix memory corruption issue on cleanup (bsc#1051510).
- hso: fix NULL-deref on tty open (bsc#1051510).
- hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510).
- hwrng: core - do not wait on add_early_randomness() (git-fixes).
- hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905).
- i2c: riic: Clear NACK in tend isr (bsc#1051510).
- IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108)
- IB/core: Add mitigation for Spectre V1 (bsc#1155671)
- IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449).
- IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205).
- IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205).
- IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305).
- ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510).
- ieee802154: ca8210: prevent memory leak (bsc#1051510).
- ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- iio: adc: ad799x: fix probe error handling (bsc#1051510).
- iio: light: opt3001: fix mutex unlock race (bsc#1051510).
- ima: always return negative code for error (bsc#1051510).
- Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510).
- Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510).
- integrity: prevent deadlock during digsig verification (bsc#1090631).
- iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799).
- iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608).
- iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799).
- iommu/amd: Remove domain->updated (bsc#1154610).
- iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611).
- ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510).
- ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05).
- ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).
- ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05).
- iwlwifi: do not panic in error path on non-msix systems (bsc#1155692).
- ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674).
- ixgbe: sync the first fragment unconditionally (bsc#1133140).
- kABI workaround for crypto/af_alg changes (bsc#1154737).
- kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967)
- kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510).
- kabi/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code.
- kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).
- kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578).
- kernel-binary.spec.in: Obsolete kgraft packages only when not building them.
- kernel-binary: check also bzImage on s390/s390x Starting with 4.19-rc1, uncompressed image is no longer built on s390x. If file 'image' is not found in arch/s390/boot after the build, try bzImage instead. For now, install bzImage under the name image-* until we know grub2 and our grub2 scripts can handle correct name.
- kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case.
- kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875).
- ksm: cleanup stable_node chain collapse case (bnc#1144338).
- ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338).
- ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338).
- ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338).
- ksm: swap the two output parameters of chain/chain_prune (bnc#1144338).
- kvm: Convert kvm_lock to a mutex (bsc#1117665).
- KVM: MMU: drop vcpu param in gpte_access (bsc#1117665).
- KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840).
- KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665).
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665).
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665).
- KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665).
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665).
- kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665).
- KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665).
- KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665).
- lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).
- libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510).
- mac80211: accept deauth frames in IBSS mode (bsc#1051510).
- mac80211: fix txq null pointer dereference (bsc#1051510).
- mac80211: Reject malformed SSID elements (bsc#1051510).
- macsec: drop skb sk before calling gro_cells_receive (bsc#1051510).
- md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090).
- md/raid0: fix warning message for parameter default_layout (bsc#1140090).
- media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642).
- media: cpia2_usb: fix memory leaks (bsc#1051510).
- media: dvb-core: fix a memory leak bug (bsc#1051510).
- media: exynos4-is: fix leaked of_node references (bsc#1051510).
- media: gspca: zero usb_buf on error (bsc#1051510).
- media: hdpvr: Add device num check and handling (bsc#1051510).
- media: hdpvr: add terminating 0 at end of string (bsc#1051510).
- media: i2c: ov5645: Fix power sequence (bsc#1051510).
- media: iguanair: add sanity checks (bsc#1051510).
- media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510).
- media: omap3isp: Set device on omap3isp subdevs (bsc#1051510).
- media: ov9650: add a sanity check (bsc#1051510).
- media: radio/si470x: kill urb on error (bsc#1051510).
- media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).
- media: saa7146: add cleanup in hexium_attach() (bsc#1051510).
- media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510).
- media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510).
- media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510).
- memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510).
- mfd: intel-lpss: Remove D3cold delay (bsc#1051510).
- mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
- mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05).
- mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510).
- mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510).
- mmc: sdhci: improve ADMA error reporting (bsc#1051510).
- Move the upstreamed ath6kl fix into the sorted section
- Move the upstreamed cfg80211 fix into the sorted section
- net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).
- net/mlx4_en: fix a memory leak bug (bsc#1046299).
- net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ).
- net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ).
- net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30).
- net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05).
- net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848).
- net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848).
- net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30).
- net/smc: fix SMCD link group creation with VLAN id (bsc#1154959).
- net: Fix null de-reference of device refcount (networking-stable-19_09_15).
- net: fix skb use after free in netpoll (networking-stable-19_09_05).
- net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15).
- net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes).
- net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05).
- net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30).
- net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612).
- net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).
- net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05).
- net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05).
- netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
- net_sched: add policy validation for action attributes (networking-stable-19_09_30).
- net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes).
- NFC: fix attrs checks in netlink interface (bsc#1051510).
- nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).
- NFC: pn533: fix use-after-free and memleaks (bsc#1051510).
- NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
- nl80211: fix null pointer dereference (bsc#1051510).
- objtool: Clobber user CFLAGS variable (bsc#1153236).
- openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30).
- packaging: add support for riscv64
- Parametrize kgraft vs livepatch.
- PCI: Correct pci=resource_alignment parameter example (bsc#1051510).
- PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).
- PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263).
- PCI: PM: Fix pci_power_up() (bsc#1051510).
- pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510).
- platform/x86: classmate-laptop: remove unused variable (bsc#1051510).
- platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510).
- power: supply: sysfs: ratelimit property read error message (bsc#1051510).
- powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186).
- powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186).
- powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186).
- powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).
- powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186).
- powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186).
- powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186).
- powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186).
- powerpc/mm: Properly invalidate when setting process table base (bsc#1055186).
- powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778).
- powerpc/pseries: Export maximum memory value (bsc#1122363).
- powerpc/pseries: Export raw per-CPU VPA data via debugfs ().
- powerpc/pseries: Remove confusing warning message (bsc#1109158).
- powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778).
- Pull packaging cleanup from mkubecek.
- qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545).
- qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545).
- qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545).
- qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545).
- qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05).
- r8152: Set macpassthru in reset_resume callback (bsc#1051510).
- RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244).
- RDMA: Fix goto target to release the allocated memory (bsc#1050244).
- rds: Fix warning (bsc#1154848).
- README.BRANCH: Add Denis as branch maintainer
- reiserfs: fix extended attributes on the root directory (bsc#1151225).
- Revert 'ALSA: hda: Flush interrupts on disabling' (bsc#1051510).
- Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510).
- Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge.
- Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it
- rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB.
- rpm/dtb.spec.in.in: do not make dtb directory inaccessible There is no reason to lock down the dtb directory for ordinary users.
- rpm/kernel-binary.spec.in: build kernel-*-kgraft only for default SLE kernel RT and Azure variants are excluded for the moment. (bsc#1141600)
- rpm/kernel-binary.spec.in: Fix kernel-livepatch description typo.
- rpm/kernel-binary.spec.in: handle modules.builtin.modinfo It was added in 5.2.
- rpm/kernel-binary.spec.in: support partial rt debug config.
- rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119).
- rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE.
- rpm/mkspec: Correct tarball URL for rc kernels.
- rpm/mkspec: Make building DTBs optional.
- rpm/modflist: Simplify compression support.
- rpm: raise required disk space for binary packages Current disk space constraints (10 GB on s390x, 25 GB on other architectures) no longer suffice for 5.3 kernel builds. The statistics show ~30 GB of disk consumption on x86_64 and ~11 GB on s390x so raise the constraints to 35 GB in general and 14 GB on s390x.
- rpm: support compressed modules Some of our scripts and scriptlets in rpm/ do not expect module files not ending with '.ko' which currently leads to failure in preuninstall scriptlet of cluster-md-kmp-default (and probably also other subpackages). Let those which could be run on compressed module files recognize '.ko.xz' in addition to '.ko'.
- rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635).
- s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476).
- s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855).
- s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091).
- sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
- sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05).
- sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05).
- sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15).
- sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30).
- scripts/arch-symbols: add missing link.
- scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040).
- scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845).
- scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883).
- scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).
- scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291).
- scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291).
- scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034).
- scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729).
- scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054).
- sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).
- sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15).
- Sign non-x86 kernels when possible (boo#1134303)
- skge: fix checksum byte order (networking-stable-19_09_30).
- sock_diag: fix autoloading of the raw_diag module (bsc#1152791).
- sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791).
- staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510).
- staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510).
- supporte.conf: add efivarfs to kernel-default-base (bsc#1154858).
- tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes).
- tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).
- tcp: inherit timestamp on mtu probe (networking-stable-19_09_05).
- tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05).
- thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510).
- thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).
- tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15).
- tipc: fix unlimited bundling of small messages (networking-stable-19_10_05).
- tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508).
- tun: fix use-after-free when register netdev failed (networking-stable-19_09_15).
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).
- USB: adutux: fix NULL-derefs on disconnect (bsc#1142635).
- USB: adutux: fix use-after-free on disconnect (bsc#1142635).
- USB: adutux: fix use-after-free on release (bsc#1051510).
- USB: chaoskey: fix use-after-free on release (bsc#1051510).
- USB: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510).
- usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510).
- USB: iowarrior: fix use-after-free after driver unbind (bsc#1051510).
- USB: iowarrior: fix use-after-free on disconnect (bsc#1051510).
- USB: iowarrior: fix use-after-free on release (bsc#1051510).
- USB: ldusb: fix control-message timeout (bsc#1051510).
- USB: ldusb: fix memleak on disconnect (bsc#1051510).
- USB: ldusb: fix NULL-derefs on driver unbind (bsc#1051510).
- USB: ldusb: fix read info leaks (bsc#1051510).
- USB: ldusb: fix ring-buffer locking (bsc#1051510).
- USB: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510).
- USB: legousbtower: fix deadlock on disconnect (bsc#1142635).
- USB: legousbtower: fix memleak on disconnect (bsc#1051510).
- USB: legousbtower: fix open after failed reset request (bsc#1142635).
- USB: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635).
- USB: legousbtower: fix slab info leak at probe (bsc#1142635).
- USB: legousbtower: fix use-after-free on release (bsc#1051510).
- USB: microtek: fix info-leak at probe (bsc#1142635).
- USB: serial: fix runtime PM after driver unbind (bsc#1051510).
- USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510).
- USB: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510).
- USB: serial: option: add support for Cinterion CLS8 devices (bsc#1051510).
- USB: serial: option: add Telit FN980 compositions (bsc#1051510).
- USB: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510).
- USB: serial: whiteheat: fix potential slab corruption (bsc#1051510).
- usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510).
- USB: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510).
- USB: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510).
- USB: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510).
- USB: usblcd: fix I/O after disconnect (bsc#1142635).
- USB: usblp: fix runtime PM after driver unbind (bsc#1051510).
- USB: usblp: fix use-after-free on disconnect (bsc#1051510).
- usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510).
- USB: yurex: Do not retry on unexpected errors (bsc#1051510).
- USB: yurex: fix NULL-derefs on disconnect (bsc#1051510).
- usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510).
- usbnet: sanity checking of packet sizes and device mtu (bsc#1051510).
- vfio_pci: Restore original state on release (bsc#1051510).
- vhost_net: conditionally enable tx polling (bsc#1145099).
- vhost_net: conditionally enable tx polling (bsc#1145099).
- video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510).
- vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05).
- watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510).
- x86/asm: Fix MWAITX C-state hint value (bsc#1114279).
- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969).
- x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969).
- x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279).
- xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600).
- xen/netback: fix error path of xenvif_connect_data() (bsc#1065600).
- xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).
- xen/xenbus: fix self-deadlock after killing user process (bsc#1065600).
- xhci: Check all endpoints for LPM timeout (bsc#1051510).
- xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510).
- xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510).
- xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510).
ImportantSUSE bug 1046299SUSE bug 1046303SUSE bug 1046305SUSE bug 1050244SUSE bug 1050536SUSE bug 1050545SUSE bug 1051510SUSE bug 1055186SUSE bug 1061840SUSE bug 1064802SUSE bug 1065600SUSE bug 1066129SUSE bug 1073513SUSE bug 1082635SUSE bug 1083647SUSE bug 1086323SUSE bug 1087092SUSE bug 1089644SUSE bug 1090631SUSE bug 1093205SUSE bug 1096254SUSE bug 1097583SUSE bug 1097584SUSE bug 1097585SUSE bug 1097586SUSE bug 1097587SUSE bug 1097588SUSE bug 1098291SUSE bug 1101674SUSE bug 1109158SUSE bug 1114279SUSE bug 1117665SUSE bug 1119461SUSE bug 1119465SUSE bug 1122363SUSE bug 1123034SUSE bug 1123080SUSE bug 1127155SUSE bug 1133140SUSE bug 1134303SUSE bug 1135642SUSE bug 1135854SUSE bug 1135873SUSE bug 1135967SUSE bug 1137040SUSE bug 1137799SUSE bug 1137861SUSE bug 1138190SUSE bug 1139073SUSE bug 1140090SUSE bug 1140729SUSE bug 1140845SUSE bug 1140883SUSE bug 1141600SUSE bug 1142635SUSE bug 1142667SUSE bug 1143706SUSE bug 1144338SUSE bug 1144375SUSE bug 1144449SUSE bug 1144903SUSE bug 1145099SUSE bug 1146612SUSE bug 1148410SUSE bug 1149119SUSE bug 1150452SUSE bug 1150457SUSE bug 1150465SUSE bug 1150875SUSE bug 1151225SUSE bug 1151508SUSE bug 1151680SUSE bug 1152497SUSE bug 1152505SUSE bug 1152506SUSE bug 1152624SUSE bug 1152685SUSE bug 1152782SUSE bug 1152788SUSE bug 1152791SUSE bug 1153108SUSE bug 1153112SUSE bug 1153158SUSE bug 1153236SUSE bug 1153263SUSE bug 1153476SUSE bug 1153509SUSE bug 1153646SUSE bug 1153681SUSE bug 1153713SUSE bug 1153717SUSE bug 1153718SUSE bug 1153719SUSE bug 1153811SUSE bug 1153969SUSE bug 1154108SUSE bug 1154189SUSE bug 1154354SUSE bug 1154372SUSE bug 1154578SUSE bug 1154607SUSE bug 1154608SUSE bug 1154610SUSE bug 1154611SUSE bug 1154651SUSE bug 1154737SUSE bug 1154747SUSE bug 1154848SUSE bug 1154858SUSE bug 1154905SUSE bug 1154956SUSE bug 1154959SUSE bug 1155178SUSE bug 1155179SUSE bug 1155184SUSE bug 1155186SUSE bug 1155671SUSE bug 1155692SUSE bug 1155812SUSE bug 1155817SUSE bug 1155836SUSE bug 1155945SUSE bug 1155982SUSE bug 1156187SUSE bug 919448SUSE bug 987367SUSE bug 998153CVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-16995 at SUSECVE-2019-16995 at NVDCVE-2019-17055 at SUSECVE-2019-17055 at NVDCVE-2019-17056 at SUSECVE-2019-17056 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18805 at SUSECVE-2019-18805 at NVDcpe:/o:suse:sles:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4
This update for qemu fixes the following issues:
- Remove a backslash '\' escape character from 80-qemu-ga.rules (bsc#1153358)
Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in
sles 12 sp4 or newer guest only needs one escape character.
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068
bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207
bsc#1155812)
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4
ImportantSUSE bug 1119991SUSE bug 1146873SUSE bug 1152506SUSE bug 1153358SUSE bug 1155812CVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
- Updated to 20191112 security release (bsc#1155988)
- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile
- CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile
- SKX-SP B1 6-55-3/97 01000150 Xeon Scalable
- ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile
- ---- updated platforms ------------------------------------
- SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile
- SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6
- AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile
- AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile
- WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile
- KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8
- KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8
- CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
- requires coreutils for the %post script (bsc#1154043)
ImportantSUSE bug 1139073SUSE bug 1141035SUSE bug 1154043SUSE bug 1155988CVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen fixes the following issues:
- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race
condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine
Exception during Page Size Change, causing the CPU core to be non-functional.
(bsc#1155945)
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497).
- CVE-2019-18424: An untrusted domain with access to a physical device can DMA
into host memory, leading to privilege escalation. (bsc#1154461).
- CVE-2019-18421: A malicious PV guest administrator may have been able to
escalate their privilege to that of the host. (bsc#1154458).
- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that
of the guest kernel. (bsc#1154456).
- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash,
resulting in a Denial of Service (Dos). (bsc#1154448)
ImportantSUSE bug 1152497SUSE bug 1154448SUSE bug 1154456SUSE bug 1154458SUSE bug 1154461SUSE bug 1155945CVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-18420 at SUSECVE-2019-18420 at NVDCVE-2019-18421 at SUSECVE-2019-18421 at NVDCVE-2019-18424 at SUSECVE-2019-18424 at NVDCVE-2019-18425 at SUSECVE-2019-18425 at NVDcpe:/o:suse:sles:12:sp4Security update for libjpeg-turbo (Important)SUSE Linux Enterprise Server 12 SP4
This update for libjpeg-turbo fixes the following issues:
- CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo,
when attempting to compress or decompress gigapixel images. [bsc#1156402]
ImportantSUSE bug 1156402CVE-2019-2201 at SUSECVE-2019-2201 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript fixes the following issue:
- CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed
an attacker to gain high privileges by a specially crafted Postscript
code (bsc#1156275).
ImportantSUSE bug 1156275CVE-2019-14869 at SUSECVE-2019-14869 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
- Updated to 20191112 official security release (bsc#1155988)
- Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)
ImportantSUSE bug 1139073SUSE bug 1141035SUSE bug 1155988CVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen fixes the following issues:
- Update to Xen 4.11.1 bug fix release (bsc#1027519)
- CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which
could occur when a packet with large packet size is processed. A user inside
a guest could have used this flaw to crash the qemu process resulting in a
Denial of Service (DoS). (bsc#1111014)
- CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI
host bus adapter emulation, which allowed a user and/or process to crash the
qemu process resulting in a Denial of Service (DoS). (bsc#1114423)
- CVE-2018-18883: Fixed an issue related to inproper restriction of nested
VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of
Service (DoS). (XSA-278) (bsc#1114405)
- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB
flushing with AMD IOMMUs, which potentially allowed a guest to escalate its
privileges, may cause a Denial of Service (DoS) affecting the entire host, or
may be able to access data it is not supposed to access. (XSA-275)
(bsc#1115040)
- CVE-2018-19963: Fixed the allocation of pages used to communicate with
external emulators, which may have cuased Xen to crash, resulting in a Denial
of Service (DoS). (XSA-276) (bsc#1115043)
- CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case
non-canonical addresses are accessed, which may allow a guest to cause Xen to
crash, resulting in a Denial of Service (DoS) affecting the entire host.
(XSA-279) (bsc#1115045)
- CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which
conflicted with shadow paging and allowed a guest to cause Xen to crash,
resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047)
- CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host,
resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)
- CVE-2018-19964: Fixed the incorrect error handling of p2m page removals,
which allowed a guest to cause a deadlock, resulting in a Denial of Service
(DoS) affecting the entire host. (XSA-277) (bsc#1115044)
- CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in
various Bluetooth functions, allowing this to crash qemu process resulting in
Denial of Service (DoS). (bsc#1117756).
Other bugs fixed:
- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)
ImportantSUSE bug 1027519SUSE bug 1108940SUSE bug 1111014SUSE bug 1114405SUSE bug 1114423SUSE bug 1114988SUSE bug 1115040SUSE bug 1115043SUSE bug 1115044SUSE bug 1115045SUSE bug 1115047SUSE bug 1117756CVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19665 at SUSECVE-2018-19665 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDcpe:/o:suse:sles:12:sp4Security update for dpdk (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for dpdk to version 17.11.7 fixes the following issues:
- CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious
container may lead to to denial of service (bsc#1156146).
ModerateSUSE bug 1156146CVE-2019-14818 at SUSECVE-2019-14818 at NVDcpe:/o:suse:sles:12:sp4Security update for aspell (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for aspell fixes the following issues:
- CVE-2019-17544: Fixed a stack-based buffer over-read in acommon:unescape in common/getdata.cpp via an isolated backslash (bsc#1153892).
ModerateSUSE bug 1153892CVE-2019-17544 at SUSECVE-2019-17544 at NVDcpe:/o:suse:sles:12:sp4Security update for sqlite3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for sqlite3 fixes the following issues:
- CVE-2017-2518: Fixed a use-after-free vulnerability which could have
led to buffer overflow via a crafted SQL statement (bsc#1155787).
ImportantSUSE bug 1155787CVE-2017-2518 at SUSECVE-2017-2518 at NVDcpe:/o:suse:sles:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4
This update for cups fixes the following issues:
- CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358).
- CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359).
ImportantSUSE bug 1146358SUSE bug 1146359CVE-2019-8675 at SUSECVE-2019-8675 at NVDCVE-2019-8696 at SUSECVE-2019-8696 at NVDcpe:/o:suse:sles:12:sp4Security update for tiff (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2019-14973: Fixed an improper check which was depended on the compiler
which could have led to integer overflow (bsc#1146608).
- CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)
- CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
- CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
- CVE-2019-7663: Fixed an invalid address dereference in the
TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)
ModerateSUSE bug 1108606SUSE bug 1121626SUSE bug 1125113SUSE bug 1146608SUSE bug 983268CVE-2016-5102 at SUSECVE-2016-5102 at NVDCVE-2018-17000 at SUSECVE-2018-17000 at NVDCVE-2019-14973 at SUSECVE-2019-14973 at NVDCVE-2019-6128 at SUSECVE-2019-6128 at NVDCVE-2019-7663 at SUSECVE-2019-7663 at NVDcpe:/o:suse:sles:12:sp4Security update for cpio (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for cpio fixes the following issues:
- CVE-2019-14866: Fixed an improper validation of the values written
in the header of a TAR file through the to_oct() function which could
have led to unexpected TAR generation (bsc#1155199).
ModerateSUSE bug 1155199CVE-2019-14866 at SUSECVE-2019-14866 at NVDcpe:/o:suse:sles:12:sp4Security update for clamav (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for clamav fixes the following issues:
Security issue fixed:
- CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504).
- CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458).
Non-security issues fixed:
- Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504).
- Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839).
ModerateSUSE bug 1144504SUSE bug 1149458SUSE bug 1151839CVE-2019-12625 at SUSECVE-2019-12625 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sles:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4
This update for mailman fixes the following issues:
- CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328).
ImportantSUSE bug 1154328CVE-2019-3693 at SUSECVE-2019-3693 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_0-openjdk fixes the following issues:
Security issues fixed (October 2019 CPU bsc#1154212):
- CVE-2019-2933: Windows file handling redux
- CVE-2019-2945: Better socket support
- CVE-2019-2949: Better Kerberos ccache handling
- CVE-2019-2958: Build Better Processes
- CVE-2019-2964: Better support for patterns
- CVE-2019-2962: Better Glyph Images
- CVE-2019-2973: Better pattern compilation
- CVE-2019-2978: Improved handling of jar files
- CVE-2019-2981: Better Path supports
- CVE-2019-2983: Better serial attributes
- CVE-2019-2987: Better rendering of native glyphs
- CVE-2019-2988: Better Graphics2D drawing
- CVE-2019-2989: Improve TLS connection support
- CVE-2019-2992: Enhance font glyph mapping
- CVE-2019-2999: Commentary on Javadoc comments
- CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).
ImportantSUSE bug 1152856SUSE bug 1154212CVE-2019-2894 at SUSECVE-2019-2894 at NVDCVE-2019-2933 at SUSECVE-2019-2933 at NVDCVE-2019-2945 at SUSECVE-2019-2945 at NVDCVE-2019-2949 at SUSECVE-2019-2949 at NVDCVE-2019-2958 at SUSECVE-2019-2958 at NVDCVE-2019-2962 at SUSECVE-2019-2962 at NVDCVE-2019-2964 at SUSECVE-2019-2964 at NVDCVE-2019-2973 at SUSECVE-2019-2973 at NVDCVE-2019-2978 at SUSECVE-2019-2978 at NVDCVE-2019-2981 at SUSECVE-2019-2981 at NVDCVE-2019-2983 at SUSECVE-2019-2983 at NVDCVE-2019-2987 at SUSECVE-2019-2987 at NVDCVE-2019-2988 at SUSECVE-2019-2988 at NVDCVE-2019-2989 at SUSECVE-2019-2989 at NVDCVE-2019-2992 at SUSECVE-2019-2992 at NVDCVE-2019-2999 at SUSECVE-2019-2999 at NVDcpe:/o:suse:sles:12:sp4Security update for libxml2 (Low)SUSE Linux Enterprise Server 12 SP4
This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect
all CVEs that have been fixed over the past.
LowSUSE bug 1123919cpe:/o:suse:sles:12:sp4Security update for libarchive (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libarchive fixes the following issues:
Security issues fixed:
- CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653).
- CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654).
- CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341).
- CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342).
- CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079).
ModerateSUSE bug 1032089SUSE bug 1037008SUSE bug 1037009SUSE bug 1059134SUSE bug 1059139SUSE bug 1120653SUSE bug 1120654SUSE bug 1124341SUSE bug 1124342SUSE bug 1155079CVE-2016-10209 at SUSECVE-2016-10209 at NVDCVE-2016-10349 at SUSECVE-2016-10349 at NVDCVE-2016-10350 at SUSECVE-2016-10350 at NVDCVE-2017-14501 at SUSECVE-2017-14501 at NVDCVE-2017-14502 at SUSECVE-2017-14502 at NVDCVE-2018-1000877 at SUSECVE-2018-1000877 at NVDCVE-2018-1000878 at SUSECVE-2018-1000878 at NVDCVE-2019-1000019 at SUSECVE-2019-1000019 at NVDCVE-2019-1000020 at SUSECVE-2019-1000020 at NVDCVE-2019-18408 at SUSECVE-2019-18408 at NVDcpe:/o:suse:sles:12:sp4Security update for ncurses (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
- CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).
Bug fixes:
- Fixed ppc64le build configuration (bsc#1134550).
ModerateSUSE bug 1131830SUSE bug 1134550SUSE bug 1154036SUSE bug 1154037CVE-2018-10754 at SUSECVE-2018-10754 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDcpe:/o:suse:sles:12:sp4Security update for LibVNCServer (Critical)SUSE Linux Enterprise Server 12 SP4
This update for LibVNCServer fixes the following issues:
Security issues fixed:
- CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828)
- CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832)
- CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823)
CriticalSUSE bug 1123823SUSE bug 1123828SUSE bug 1123832CVE-2018-20748 at SUSECVE-2018-20748 at NVDCVE-2018-20749 at SUSECVE-2018-20749 at NVDCVE-2018-20750 at SUSECVE-2018-20750 at NVDcpe:/o:suse:sles:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4
This update for clamav fixes the following issues:
- CVE-2019-15961: Fixed a denial of service which might occur when
scanning a specially crafted email file as (bsc#1157763).
ImportantSUSE bug 1157763CVE-2019-15961 at SUSECVE-2019-15961 at NVDcpe:/o:suse:sles:12:sp4Security update for permissions (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for permissions fixes the following issues:
Security issues fixed:
- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
which could have allowed a squid user to gain persistence by changing the
binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic
links (bsc#1150734).
Other issue addressed:
- Corrected a badly constracted file which could have allowed treating of the
shell environment as permissions files (bsc#1097665,bsc#1047247).
- Fixed a regression which caused sagmentation fault (bsc#1157198).
ModerateSUSE bug 1047247SUSE bug 1093414SUSE bug 1097665SUSE bug 1150734SUSE bug 1157198CVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2-mod_perl (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for apache2-mod_perl fixes the following issues:
Security issue fixed:
- CVE-2011-2767: Fixed a vulnerability which could have allowed
perl code execution in the context of user account (bsc#1156944).
Other issue addressed:
- Restore process name after sv_setpv_mg() call. (bsc#1091625)
ModerateSUSE bug 1091625SUSE bug 1156944CVE-2011-2767 at SUSECVE-2011-2767 at NVDcpe:/o:suse:sles:12:sp4Security update for strongswan (Important)SUSE Linux Enterprise Server 12 SP4
This update for strongswan provides the following fixes:
Security issues fixed:
- CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker
with local user credentials to resource exhaustion and denial of service while
reading from the socket (bsc#1094462).
- CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if
the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF
(bsc#1093536).
- CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which
might lead to authorization bypass (bsc#1107874).
- CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).
Other issues addressed:
- Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853).
- Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit.
- Handle unexpected informational message from SonicWall. (bsc#1009254)
ImportantSUSE bug 1009254SUSE bug 1071853SUSE bug 1093536SUSE bug 1094462SUSE bug 1107874SUSE bug 1109845CVE-2018-10811 at SUSECVE-2018-10811 at NVDCVE-2018-16151 at SUSECVE-2018-16151 at NVDCVE-2018-16152 at SUSECVE-2018-16152 at NVDCVE-2018-17540 at SUSECVE-2018-17540 at NVDCVE-2018-5388 at SUSECVE-2018-5388 at NVDcpe:/o:suse:sles:12:sp4Security update for libssh (Important)SUSE Linux Enterprise Server 12 SP4
This update for libssh fixes the following issues:
- CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095).
ImportantSUSE bug 1158095CVE-2019-14889 at SUSECVE-2019-14889 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,
resulting in a Denial of Service (DoS). (bsc#1154460).
- CVE-2019-18424: An untrusted domain with access to a physical device can DMA
into host memory, leading to privilege escalation. (bsc#1154461).
- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical
Xen code to run with interrupts erroneously enabled. This could lead to data
corruption, denial of service, or possibly even privilege escalation. However
a precise attack technique has not been identified. (bsc#1154464)
ImportantSUSE bug 1154460SUSE bug 1154461SUSE bug 1154464SUSE bug 1157888SUSE bug 1158003SUSE bug 1158004SUSE bug 1158005SUSE bug 1158006SUSE bug 1158007CVE-2019-18422 at SUSECVE-2019-18422 at NVDCVE-2019-18423 at SUSECVE-2019-18423 at NVDCVE-2019-18424 at SUSECVE-2019-18424 at NVDCVE-2019-19577 at SUSECVE-2019-19577 at NVDCVE-2019-19578 at SUSECVE-2019-19578 at NVDCVE-2019-19579 at SUSECVE-2019-19579 at NVDCVE-2019-19580 at SUSECVE-2019-19580 at NVDCVE-2019-19581 at SUSECVE-2019-19581 at NVDCVE-2019-19582 at SUSECVE-2019-19582 at NVDCVE-2019-19583 at SUSECVE-2019-19583 at NVDcpe:/o:suse:sles:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4
This update for git fixes the following issues:
Security issues fixed:
- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).
- Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023)
ImportantSUSE bug 1082023SUSE bug 1158785SUSE bug 1158787SUSE bug 1158788SUSE bug 1158789SUSE bug 1158790SUSE bug 1158791SUSE bug 1158792SUSE bug 1158793SUSE bug 1158795CVE-2019-1348 at SUSECVE-2019-1348 at NVDCVE-2019-1349 at SUSECVE-2019-1349 at NVDCVE-2019-1350 at SUSECVE-2019-1350 at NVDCVE-2019-1351 at SUSECVE-2019-1351 at NVDCVE-2019-1352 at SUSECVE-2019-1352 at NVDCVE-2019-1353 at SUSECVE-2019-1353 at NVDCVE-2019-1354 at SUSECVE-2019-1354 at NVDCVE-2019-1387 at SUSECVE-2019-1387 at NVDCVE-2019-19604 at SUSECVE-2019-19604 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel-azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024).
- CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954).
- CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827).
- CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904).
- CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).
- CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900).
- CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893).
- CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).
- CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824).
- CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834).
- CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).
- CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).
- CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).
- CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).
- CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).
- CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).
- CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).
- CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407).
- CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).
- CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381).
- CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).
- CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).
- CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).
- CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).
- CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).
- CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).
- CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).
- CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).
- CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).
- CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).
- CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).
- CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).
- CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).
- CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).
- CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).
- CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).
- CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).
- CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).
- CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).
- CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).
- CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070).
- CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).
- CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966).
- CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).
The following non-security bugs were fixed:
- ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510).
- ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510).
- ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510).
- ACPI / SBS: Fix rare oops when removing modules (bsc#1051510).
- ACPI: OSL: only free map once in osl.c (bsc#1051510).
- ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510).
- ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510).
- ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510).
- ALSA: 6fire: Drop the dead code (git-fixes).
- ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes).
- ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes).
- ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes).
- ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes).
- ALSA: hda - Fix pending unsol events at shutdown (git-fixes).
- ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes).
- ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes).
- ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729).
- ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes).
- ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes).
- ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes).
- ALSA: hda: Add Cometlake-S PCI ID (git-fixes).
- ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510).
- ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510).
- ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes).
- ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes).
- ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510).
- ALSA: seq: Do error checks at creating system ports (bsc#1051510).
- ALSA: timer: Fix incorrectly assigned timer instance (git-fixes).
- ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes).
- ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes).
- ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes).
- ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510).
- ASoC: compress: fix unsigned integer overflow check (bsc#1051510).
- ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y).
- ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y).
- ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510).
- ASoC: kirkwood: fix external clock probe defer (git-fixes).
- ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes).
- ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510).
- ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510).
- ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y).
- ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y).
- Bluetooth: Fix invalid-free in bcsp_close() (git-fixes).
- Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510).
- Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510).
- Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510).
- Bluetooth: delete a stray unlock (bsc#1051510).
- Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510).
- Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510).
- Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494).
- CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355).
- CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355).
- CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355).
- CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355).
- CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355).
- CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355).
- CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355).
- CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355).
- CIFS: fix max ea value size (bsc#1144333, bsc#1154355).
- Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes).
- Documentation: x86: convert protection-keys.txt to reST (bsc#1078248).
- EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279).
- EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279).
- HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510).
- HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510).
- HID: Fix assumption that devices have inputs (git-fixes).
- HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510).
- HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510).
- HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510).
- HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes).
- Input: ff-memless - kill timer in destroy() (bsc#1051510).
- Input: silead - try firmware reload after unsuccessful resume (bsc#1051510).
- Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510).
- Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510).
- Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510).
- Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510).
- Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510).
- Input: synaptics-rmi4 - fix video buffer size (git-fixes).
- KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279).
- KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279).
- KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064).
- KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065).
- KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067).
- KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066).
- KVM: x86: Remove a spurious export of a static function (bsc#1158954).
- NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes).
- PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510).
- PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510).
- PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510).
- PCI/PME: Fix possible use-after-free on remove (git-fixes).
- PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510).
- PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510).
- PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510).
- PCI: dwc: Fix find_next_bit() usage (bsc#1051510).
- PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510).
- PCI: sysfs: Ignore lockdep for remove attribute (git-fixes).
- PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes).
- PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510).
- PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510).
- PM / devfreq: Check NULL governor in available_governors_show (git-fixes).
- PM / devfreq: Lock devfreq in trans_stat_show (git-fixes).
- PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510).
- PM / devfreq: passive: Use non-devm notifiers (bsc#1051510).
- PM / devfreq: passive: fix compiler warning (bsc#1051510).
- PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510).
- UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments').
- USB: chaoskey: fix error case of a timeout (git-fixes).
- USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510).
- USB: misc: appledisplay: fix backlight update_status return code (bsc#1051510).
- USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510).
- USB: serial: mos7720: fix remote wakeup (git-fixes).
- USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510).
- USB: serial: mos7840: fix remote wakeup (git-fixes).
- USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510).
- USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510).
- USB: serial: whiteheat: fix line-speed endianness (bsc#1051510).
- USBIP: add config dependency for SGL_ALLOC (git-fixes).
- appledisplay: fix error handling in the scheduled work (git-fixes).
- arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported.
- ata: ep93xx: Use proper enums for directions (bsc#1051510).
- ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510).
- ath10k: fix vdev-start timeout on error (bsc#1051510).
- ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510).
- ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510).
- ath6kl: Fix off by one error in scan completion (bsc#1051510).
- ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510).
- ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510).
- ath9k: fix reporting calculated new FFT upper max (bsc#1051510).
- ath9k: fix tx99 with monitor mode interface (bsc#1051510).
- ath9k_hw: fix uninitialized variable data (bsc#1051510).
- atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510).
- audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094).
- ax88172a: fix information leak on short answers (bsc#1051510).
- backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510).
- bpf: Make use of probe_user_write in probe write helper (bsc#1083647).
- brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510).
- brcmfmac: reduce timeout for action frame scan (bsc#1051510).
- brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510).
- brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510).
- can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510).
- can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes).
- can: mcba_usb: fix use-after-free on disconnect (git-fixes).
- can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes).
- can: peak_usb: fix slab info leak (git-fixes).
- can: peak_usb: report bus recovery as well (bsc#1051510).
- can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510).
- can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510).
- can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes).
- can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510).
- can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510).
- can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes).
- can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes).
- can: usb_8dev: fix use-after-free on disconnect (git-fixes).
- ceph: add missing check in d_revalidate snapdir handling (bsc#1157183).
- ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184).
- ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058).
- ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182).
- cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510).
- cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510).
- cfg80211: call disconnect_wk when AP stops (bsc#1051510).
- cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355).
- cifs: Fix missed free operations (bsc#1144333, bsc#1154355).
- cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355).
- cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355).
- cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355).
- cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355).
- clk: at91: avoid sleeping early (git-fixes).
- clk: pxa: fix one of the pxa RTC clocks (bsc#1051510).
- clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510).
- clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510).
- clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes).
- clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes).
- clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510).
- clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510).
- compat_ioctl: handle SIOCOUTQNSD (bsc#1051510).
- component: fix loop condition to call unbind() if bind() fails (bsc#1051510).
- cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510).
- cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510).
- cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510).
- cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510).
- cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510).
- cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510).
- cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510).
- cpupower: Fix coredump on VMWare (bsc#1051510).
- crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510).
- crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510).
- crypto: ecdh - fix big endian bug in ECC library (bsc#1051510).
- crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510).
- crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510).
- crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510).
- crypto: mxs-dcp - Fix AES issues (bsc#1051510).
- crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510).
- crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510).
- crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510).
- crypto: tgr192 - remove unneeded semicolon (bsc#1051510).
- cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510).
- cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05).
- dccp: do not leak jiffies on the wire (networking-stable-19_11_05).
- dlm: do not leak kernel pointer to userspace (bsc#1051510).
- dlm: fix invalid free (bsc#1051510).
- dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510).
- dmaengine: dma-jz4780: Further residue status fix (bsc#1051510).
- dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510).
- dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510).
- dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510).
- dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510).
- docs: move protection-keys.rst to the core-api book (bsc#1078248).
- drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510).
- drivers/regulator: fix a missing check of return value (bsc#1051510).
- drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279)
- drm/etnaviv: fix dumping of iommuv2 (bsc#1113722)
- drm/omap: fix max fclk divider for omap36xx (bsc#1113722)
- drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes).
- drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722)
- drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279)
- drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279)
- e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049).
- e1000e: Use dev_get_drvdata where possible (bsc#1158049).
- e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049).
- ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646).
- ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647).
- ext4: fix punch hole for inline_data file systems (bsc#1158640).
- ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639).
- extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510).
- fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510).
- fbdev: sbuslib: use checked version of put_user() (bsc#1051510).
- sctp: Fixed regression (bsc#1158082).
- ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853).
- gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510).
- gpio: syscon: Fix possible NULL ptr usage (bsc#1051510).
- gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510).
- gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510).
- hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510).
- hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510).
- hwrng: omap - Fix RNG wait loop timeout (bsc#1051510).
- hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510).
- hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510).
- hypfs: Fix error number left in struct pointer member (bsc#1051510).
- ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
- ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
- ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
- ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
- ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
- ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
- ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047).
- ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047).
- idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510).
- iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510).
- iio: adc: stm32-adc: fix stopping dma (git-fixes).
- iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510).
- iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes).
- iio: imu: adis16480: make sure provided frequency is positive (git-fixes).
- iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes).
- iio: imu: adis: assign value only if return code zero in read funcs (git-fixes).
- include/linux/bitrev.h: fix constant bitrev (bsc#1114279).
- inet: stop leaking jiffies on the wire (networking-stable-19_11_05).
- intel_th: Fix a double put_device() in error path (git-fixes).
- iomap: Fix pipe page leakage during splicing (bsc#1158651).
- iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063).
- ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510).
- ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24).
- iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510).
- iwlwifi: check kasprintf() return value (bsc#1051510).
- iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
- iwlwifi: mvm: avoid sending too many BARs (bsc#1051510).
- iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510).
- kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510).
- kABI workaround for struct mwifiex_power_cfg change (bsc#1051510).
- kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066).
- lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes).
- lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes).
- liquidio: fix race condition in instruction completion processing (bsc#1051510).
- livepatch: Allow to distinguish different version of system state changes (bsc#1071995).
- livepatch: Basic API to track system state changes (bsc#1071995 ).
- livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995).
- livepatch: Selftests of the API for tracking system state changes (bsc#1071995).
- loop: add ioctl for changing logical block size (bsc#1108043).
- loop: fix no-unmap write-zeroes request behavior (bsc#1158637).
- mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510).
- mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510).
- mac80211: fix station inactive_time shortly after boot (bsc#1051510).
- mac80211: minstrel: fix CCK rate group streams value (bsc#1051510).
- mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510).
- macvlan: schedule bc_work even if error (bsc#1051510).
- mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510).
- mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes).
- media: au0828: Fix incorrect error messages (bsc#1051510).
- media: bdisp: fix memleak on release (git-fixes).
- media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510).
- media: davinci: Fix implicit enum conversion warning (bsc#1051510).
- media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes).
- media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510).
- media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes).
- media: imon: invalid dereference in imon_touch_event (bsc#1051510).
- media: isif: fix a NULL pointer dereference bug (bsc#1051510).
- media: ov6650: Fix control handler not freed on init error (git-fixes).
- media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510).
- media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510).
- media: radio: wl1273: fix interrupt masking on release (git-fixes).
- media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes).
- media: usbvision: Fix races among open, close, and disconnect (bsc#1051510).
- media: uvcvideo: Fix error path in control parsing failure (git-fixes).
- media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510).
- media: vim2m: Fix abort issue (git-fixes).
- media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510).
- mei: bus: prefix device names on bus with the bus name (bsc#1051510).
- mei: fix modalias documentation (git-fixes).
- mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510).
- mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510).
- mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510).
- mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510).
- mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes).
- mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510).
- mlx5: add parameter to disable enhanced IPoIB (bsc#1142095)
- mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026).
- mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)).
- mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)).
- mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)).
- mmc: core: fix wl1251 sdio quirks (git-fixes).
- mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes).
- mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510).
- mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes).
- mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes).
- mmc: sdio: fix wl1251 vendor id (git-fixes).
- moduleparam: fix parameter description mismatch (bsc#1051510).
- mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510).
- mtd: nand: mtk: fix incorrect register setting order about ecc irq.
- mtd: spear_smi: Fix Write Burst mode (bsc#1051510).
- mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510).
- mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510).
- mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510).
- mwifiex: fix potential NULL dereference and use after free (bsc#1051510).
- nbd: prevent memory leak (bsc#1158638).
- net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047).
- net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).
- net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05).
- net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05).
- net/smc: Fix error path in smc_init (git-fixes).
- net/smc: avoid fallback in case of non-blocking connect (git-fixes).
- net/smc: fix closing of fallback SMC sockets (git-fixes).
- net/smc: fix ethernet interface refcounting (git-fixes).
- net/smc: fix refcounting for non-blocking connect() (git-fixes).
- net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes).
- net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05).
- net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05).
- net: add skb_queue_empty_lockless() (networking-stable-19_11_05).
- net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05).
- net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05).
- net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24).
- net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24).
- net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24).
- net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05).
- net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05).
- net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05).
- net: dsa: fix switch tree list (networking-stable-19_11_05).
- net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05).
- net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05).
- net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05).
- net: phy: Check against net_device being NULL (bsc#1051510).
- net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510).
- net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510).
- net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510).
- net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510).
- net: phy: dp83867: Set up RGMII TX delay (bsc#1051510).
- net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510).
- net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510).
- net: phy: marvell: clear wol event before setting it (bsc#1051510).
- net: phy: meson-gxl: check phy_write return value (bsc#1051510).
- net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510).
- net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510).
- net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510).
- net: phy: xgene: disable clk on error paths (bsc#1051510).
- net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510).
- net: phy: xgmiitorgmii: Check read_status results (bsc#1051510).
- net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510).
- net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24).
- net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05).
- net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05).
- net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes).
- net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes).
- netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05).
- nfc: netlink: fix double device reference drop (git-fixes).
- nfc: port100: handle command failure cleanly (git-fixes).
- nl80211: Fix a GET_KEY reply attribute (bsc#1051510).
- ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644).
- ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649).
- openvswitch: fix flow command message size (git-fixes).
- padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes).
- phy: phy-twl4030-usb: fix denied runtime access (git-fixes).
- pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes).
- pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes).
- pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes).
- pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510).
- pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510).
- pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510).
- pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510).
- pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510).
- pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510).
- pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510).
- pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510).
- platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510).
- platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510).
- power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510).
- power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510).
- power: supply: max14656: fix potential use-after-free (bsc#1051510).
- power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510).
- power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510).
- powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041).
- powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520).
- powerpc/bpf: Fix tail call implementation (bsc#1157698).
- powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798).
- powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520).
- powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520).
- powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459).
- powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459).
- powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041).
- powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107).
- powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435).
- ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510).
- printk: Export console_printk (bsc#1071995).
- pwm: Clear chip_data in pwm_put() (bsc#1051510).
- pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes).
- pwm: clps711x: Fix period calculation (bsc#1051510).
- pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510).
- r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05).
- regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510).
- regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510).
- regulator: tps65910: fix a missing check of return value (bsc#1051510).
- remoteproc: Check for NULL firmwares in sysfs interface (git-fixes).
- reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510).
- reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510).
- reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510).
- reset: fix reset_control_ops kerneldoc comment (bsc#1051510).
- rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz.
- rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043)
- rt2800: remove errornous duplicate condition (git-fixes).
- rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510).
- rtl818x: fix potential use after free (bsc#1051510).
- rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510).
- rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510).
- rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510).
- rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510).
- s390/bpf: fix lcgr instruction encoding (bsc#1051510).
- s390/bpf: use 32-bit index for tail calls (bsc#1051510).
- s390/cio: avoid calling strlen on null pointer (bsc#1051510).
- s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510).
- s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510).
- s390/idle: fix cpu idle time calculation (bsc#1051510).
- s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510).
- s390/process: avoid potential reading of freed stack (bsc#1051510).
- s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510).
- s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510).
- s390/qeth: return proper errno on IO error (bsc#1051510).
- s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948).
- s390/setup: fix early warning messages (bsc#1051510 bsc#1140948).
- s390/topology: avoid firing events before kobjs are created (bsc#1051510).
- s390: fix stfle zero padding (bsc#1051510).
- sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510).
- sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132).
- scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900).
- scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628).
- scsi: lpfc: Limit xri count for kdump environment (bsc#1154124).
- scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
- scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
- scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
- scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039).
- scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039).
- scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes).
- scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021).
- scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510).
- sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24).
- selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05).
- serial: fix kernel-doc warning in comments (bsc#1051510).
- serial: max310x: Fix tx_empty() callback (bsc#1051510).
- serial: mctrl_gpio: Check for NULL pointer (bsc#1051510).
- serial: mxs-auart: Fix potential infinite loop (bsc#1051510).
- serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510).
- serial: uartlite: fix exit path null pointer (bsc#1051510).
- serial: uartps: Fix suspend functionality (bsc#1051510).
- signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463).
- slcan: Fix memory leak in error path (bsc#1051510).
- slip: Fix memory leak in slip_open error path (bsc#1051510).
- slip: Fix use-after-free Read in slip_open (bsc#1051510).
- smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355).
- smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355).
- smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355).
- smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355).
- smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355).
- soc: imx: gpc: fix PDN delay (bsc#1051510).
- soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510).
- spi: atmel: Fix CS high support (bsc#1051510).
- spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510).
- spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510).
- spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510).
- spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510).
- spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510).
- spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510).
- spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510).
- spi: rockchip: initialize dma_slave_config properly (bsc#1051510).
- spi: spidev: Fix OF tree warning logic (bsc#1051510).
- staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510).
- staging: rtl8192e: fix potential use after free (bsc#1051510).
- staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510).
- staging: rtl8723bs: Drop ACPI device ids (bsc#1051510).
- stm class: Fix a double free of stm_source_device (bsc#1051510).
- supported.conf:
- synclink_gt(): fix compat_ioctl() (bsc#1051510).
- tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510).
- thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510).
- thunderbolt: Fix lockdep circular locking depedency warning (git-fixes).
- tipc: Avoid copying bytes beyond the supplied data (bsc#1051510).
- tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510).
- tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510).
- tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510).
- tipc: compat: allow tipc commands without arguments (bsc#1051510).
- tipc: fix a missing check of genlmsg_put (bsc#1051510).
- tipc: fix link name length check (bsc#1051510).
- tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510).
- tipc: fix skb may be leaky in tipc_link_input (bsc#1051510).
- tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510).
- tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510).
- tipc: handle the err returned from cmd header function (bsc#1051510).
- tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510).
- tipc: tipc clang warning (bsc#1051510).
- tpm: add check after commands attribs tab allocation (bsc#1051510).
- tracing: Get trace_array reference for available_tracers files (bsc#1156429).
- tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510).
- tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510).
- tty: serial: msm_serial: Fix flow control (bsc#1051510).
- tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510).
- uaccess: Add non-pagefault user-space write function (bsc#1083647).
- ubifs: Correctly initialize c->min_log_bytes (bsc#1158641).
- ubifs: Limit the number of pages in shrink_liability (bsc#1158643).
- udp: use skb_queue_empty_lockless() (networking-stable-19_11_05).
- usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510).
- usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510).
- usb: chipidea: Fix otg event handler (bsc#1051510).
- usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510).
- usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510).
- usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510).
- usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510).
- usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510).
- usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510).
- usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510).
- usb: handle warm-reset port requests on hub resume (bsc#1051510).
- usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510).
- usbip: Fix free of unallocated memory in vhci tx (git-fixes).
- usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes).
- usbip: Implement SG support to vhci-hcd and stub driver (git-fixes).
- usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes).
- vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510).
- vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510).
- vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362).
- vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510).
- video/hdmi: Fix AVI bar unpack (git-fixes).
- video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5.
- video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5.
- virtio/s390: fix race on airq_areas (bsc#1051510).
- virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes).
- virtio_ring: fix return code on DMA mapping fails (git-fixes).
- vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499).
- vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes).
- watchdog: meson: Fix the wrong value of left time (bsc#1051510).
- watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510).
- x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811).
- x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811).
- x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248).
- x86/pkeys: Update documentation about availability (bsc#1078248).
- x86/resctrl: Fix potential lockdep warning (bsc#1114279).
- x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279).
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068).
- x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279).
- x86/speculation: Fix redundant MDS mitigation message (bsc#1114279).
- xfrm: Fix xfrm sel prefix length validation (git-fixes).
- xfrm: fix sa selector validation (bsc#1156609).
- xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652).
ImportantSUSE bug 1048942SUSE bug 1051510SUSE bug 1071995SUSE bug 1078248SUSE bug 1082635SUSE bug 1083647SUSE bug 1089644SUSE bug 1090888SUSE bug 1091041SUSE bug 1108043SUSE bug 1113722SUSE bug 1114279SUSE bug 1115026SUSE bug 1117169SUSE bug 1120853SUSE bug 1131107SUSE bug 1135966SUSE bug 1138039SUSE bug 1140948SUSE bug 1142095SUSE bug 1143706SUSE bug 1144333SUSE bug 1146519SUSE bug 1146544SUSE bug 1149448SUSE bug 1150466SUSE bug 1151548SUSE bug 1151900SUSE bug 1152631SUSE bug 1153628SUSE bug 1153811SUSE bug 1154043SUSE bug 1154058SUSE bug 1154124SUSE bug 1154355SUSE bug 1154526SUSE bug 1155021SUSE bug 1155689SUSE bug 1155897SUSE bug 1155921SUSE bug 1156258SUSE bug 1156429SUSE bug 1156466SUSE bug 1156471SUSE bug 1156494SUSE bug 1156609SUSE bug 1156700SUSE bug 1156729SUSE bug 1156882SUSE bug 1157038SUSE bug 1157042SUSE bug 1157070SUSE bug 1157143SUSE bug 1157145SUSE bug 1157158SUSE bug 1157162SUSE bug 1157169SUSE bug 1157171SUSE bug 1157173SUSE bug 1157178SUSE bug 1157180SUSE bug 1157182SUSE bug 1157183SUSE bug 1157184SUSE bug 1157191SUSE bug 1157193SUSE bug 1157197SUSE bug 1157298SUSE bug 1157307SUSE bug 1157324SUSE bug 1157333SUSE bug 1157424SUSE bug 1157463SUSE bug 1157499SUSE bug 1157678SUSE bug 1157698SUSE bug 1157778SUSE bug 1157908SUSE bug 1158049SUSE bug 1158063SUSE bug 1158064SUSE bug 1158065SUSE bug 1158066SUSE bug 1158067SUSE bug 1158068SUSE bug 1158082SUSE bug 1158094SUSE bug 1158132SUSE bug 1158381SUSE bug 1158394SUSE bug 1158398SUSE bug 1158407SUSE bug 1158410SUSE bug 1158413SUSE bug 1158417SUSE bug 1158427SUSE bug 1158445SUSE bug 1158637SUSE bug 1158638SUSE bug 1158639SUSE bug 1158640SUSE bug 1158641SUSE bug 1158643SUSE bug 1158644SUSE bug 1158645SUSE bug 1158646SUSE bug 1158647SUSE bug 1158649SUSE bug 1158651SUSE bug 1158652SUSE bug 1158823SUSE bug 1158824SUSE bug 1158827SUSE bug 1158834SUSE bug 1158893SUSE bug 1158900SUSE bug 1158903SUSE bug 1158904SUSE bug 1158954SUSE bug 1159024CVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15213 at SUSECVE-2019-15213 at NVDCVE-2019-15916 at SUSECVE-2019-15916 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19227 at SUSECVE-2019-19227 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19527 at SUSECVE-2019-19527 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19530 at SUSECVE-2019-19530 at NVDCVE-2019-19531 at SUSECVE-2019-19531 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19535 at SUSECVE-2019-19535 at NVDCVE-2019-19536 at SUSECVE-2019-19536 at NVDCVE-2019-19537 at SUSECVE-2019-19537 at NVDCVE-2019-19543 at SUSECVE-2019-19543 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)
Security issues fixed:
- CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)
- CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments
in WebRTC code (bmo#1580156)
- CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a
block cipher (bmo#1586176)
- CVE-2019-17009: Fixed an issue where updater temporary files accessible to
unprivileged processes (bmo#1510494)
- CVE-2019-17010: Fixed a use-after-free when performing device orientation
checks (bmo#1581084)
- CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)
- CVE-2019-17011: Fixed a use-after-free when retrieving a document
in antitracking (bmo#1591334)
- CVE-2019-17012: Fixed multiple memmory issues
(bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760,
bmo#1592502)
ImportantSUSE bug 1158328CVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-13722 at SUSECVE-2019-13722 at NVDCVE-2019-17005 at SUSECVE-2019-17005 at NVDCVE-2019-17008 at SUSECVE-2019-17008 at NVDCVE-2019-17009 at SUSECVE-2019-17009 at NVDCVE-2019-17010 at SUSECVE-2019-17010 at NVDCVE-2019-17011 at SUSECVE-2019-17011 at NVDCVE-2019-17012 at SUSECVE-2019-17012 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Security issues fixed:
CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983).
CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983).
CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983).
ImportantSUSE bug 1120374SUSE bug 1122983CVE-2018-18500 at SUSECVE-2018-18500 at NVDCVE-2018-18501 at SUSECVE-2018-18501 at NVDCVE-2018-18505 at SUSECVE-2018-18505 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb to version 10.2.29 fixes the following issues:
MariaDB was updated to 10.2.29 (bsc#1156669)
Security issues fixed:
- CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service
- CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service
- CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service
- CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service
or data corruption
- CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service
or data corruption
ModerateSUSE bug 1156669CVE-2019-2737 at SUSECVE-2019-2737 at NVDCVE-2019-2739 at SUSECVE-2019-2739 at NVDCVE-2019-2740 at SUSECVE-2019-2740 at NVDCVE-2019-2758 at SUSECVE-2019-2758 at NVDCVE-2019-2805 at SUSECVE-2019-2805 at NVDCVE-2019-2938 at SUSECVE-2019-2938 at NVDCVE-2019-2974 at SUSECVE-2019-2974 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb-100 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb-100 fixes the following issues:
Security issue fixed:
- CVE-2019-2974: Fixed Server Optimizer (bsc#1154162).
ModerateSUSE bug 1154162CVE-2019-2974 at SUSECVE-2019-2974 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158).
- CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038).
- CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897).
- CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258).
- CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333).
- CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).
- CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197).
- CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307).
- CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298).
- CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678).
- CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191).
- CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).
- CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324).
- CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180).
- CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178).
- CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173).
- CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162).
- CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145).
- CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143).
- CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070).
- CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448).
- CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466).
- CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187).
- CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782).
The following non-security bugs were fixed:
- ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510).
- ACPI / SBS: Fix rare oops when removing modules (bsc#1051510).
- ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510).
- ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510).
- ALSA: 6fire: Drop the dead code (git-fixes).
- ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes).
- ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes).
- ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes).
- ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes).
- ALSA: hda - Fix pending unsol events at shutdown (git-fixes).
- ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836).
- ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729).
- ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes).
- ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes).
- ALSA: hda: Add Cometlake-S PCI ID (git-fixes).
- ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510).
- ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510).
- ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes).
- ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510).
- ALSA: seq: Do error checks at creating system ports (bsc#1051510).
- ALSA: timer: Fix incorrectly assigned timer instance (git-fixes).
- ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes).
- ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes).
- ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes).
- ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510).
- ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y).
- ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y).
- ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510).
- ASoC: kirkwood: fix external clock probe defer (git-fixes).
- ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes).
- ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510).
- ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510).
- ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y).
- ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y).
- Bluetooth: Fix invalid-free in bcsp_close() (git-fixes).
- Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510).
- Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510).
- Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510).
- Bluetooth: delete a stray unlock (bsc#1051510).
- Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510).
- Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494).
- CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355).
- CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355).
- CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355).
- CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355).
- CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355).
- CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355).
- CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355).
- CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355).
- CIFS: fix max ea value size (bsc#1144333, bsc#1154355).
- Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes).
- Documentation: x86: convert protection-keys.txt to reST (bsc#1078248).
- EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279).
- HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510).
- HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510).
- HID: Fix assumption that devices have inputs (git-fixes).
- HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510).
- HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes).
- Input: ff-memless - kill timer in destroy() (bsc#1051510).
- Input: silead - try firmware reload after unsuccessful resume (bsc#1051510).
- Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510).
- Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510).
- Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510).
- Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510).
- Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510).
- Input: synaptics-rmi4 - fix video buffer size (git-fixes).
- KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064).
- KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065).
- KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067).
- KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066).
- NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes).
- PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510).
- PCI/PME: Fix possible use-after-free on remove (git-fixes).
- PCI: sysfs: Ignore lockdep for remove attribute (git-fixes).
- PM / devfreq: Check NULL governor in available_governors_show (git-fixes).
- PM / devfreq: Lock devfreq in trans_stat_show (git-fixes).
- PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510).
- PM / devfreq: passive: Use non-devm notifiers (bsc#1051510).
- PM / devfreq: passive: fix compiler warning (bsc#1051510).
- PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510).
- README.BRANCH: Add Denis as branch maintainer
- Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it
- UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments').
- USB: chaoskey: fix error case of a timeout (git-fixes).
- USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510).
- USB: ldusb: fix control-message timeout (bsc#1051510).
- USB: ldusb: fix ring-buffer locking (bsc#1051510).
- USB: serial: mos7720: fix remote wakeup (git-fixes).
- USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510).
- USB: serial: mos7840: fix remote wakeup (git-fixes).
- USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510).
- USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510).
- USB: serial: whiteheat: fix line-speed endianness (bsc#1051510).
- USB: serial: whiteheat: fix potential slab corruption (bsc#1051510).
- USBIP: add config dependency for SGL_ALLOC (git-fixes).
- appledisplay: fix error handling in the scheduled work (git-fixes).
- arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported.
- ata: ep93xx: Use proper enums for directions (bsc#1051510).
- ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510).
- ath10k: fix vdev-start timeout on error (bsc#1051510).
- ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510).
- ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510).
- ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510).
- ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510).
- ath9k: fix reporting calculated new FFT upper max (bsc#1051510).
- ath9k: fix tx99 with monitor mode interface (bsc#1051510).
- ath9k_hw: fix uninitialized variable data (bsc#1051510).
- ax88172a: fix information leak on short answers (bsc#1051510).
- backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510).
- brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510).
- brcmfmac: reduce timeout for action frame scan (bsc#1051510).
- brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510).
- brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510).
- can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes).
- can: dev: call netif_carrier_off() in register_candev() (bsc#1051510).
- can: mcba_usb: fix use-after-free on disconnect (git-fixes).
- can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes).
- can: peak_usb: fix slab info leak (git-fixes).
- can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes).
- can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes).
- can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes).
- can: usb_8dev: fix use-after-free on disconnect (git-fixes).
- ceph: add missing check in d_revalidate snapdir handling (bsc#1157183).
- ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184).
- ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058).
- ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182).
- cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510).
- cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510).
- cfg80211: call disconnect_wk when AP stops (bsc#1051510).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355).
- cifs: Fix missed free operations (bsc#1144333, bsc#1154355).
- cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355).
- cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355).
- cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355).
- cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355).
- clk: at91: avoid sleeping early (git-fixes).
- clk: pxa: fix one of the pxa RTC clocks (bsc#1051510).
- clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510).
- clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510).
- clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes).
- clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes).
- clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510).
- clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510).
- component: fix loop condition to call unbind() if bind() fails (bsc#1051510).
- cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510).
- cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510).
- cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510).
- cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510).
- cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510).
- cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510).
- cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510).
- cpupower: Fix coredump on VMWare (bsc#1051510).
- crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510).
- crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510).
- crypto: ecdh - fix big endian bug in ECC library (bsc#1051510).
- crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510).
- crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510).
- crypto: mxs-dcp - Fix AES issues (bsc#1051510).
- crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510).
- crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510).
- crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510).
- crypto: tgr192 - remove unneeded semicolon (bsc#1051510).
- cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510).
- cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05).
- dccp: do not leak jiffies on the wire (networking-stable-19_11_05).
- dlm: do not leak kernel pointer to userspace (bsc#1051510).
- dlm: fix invalid free (bsc#1051510).
- dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510).
- dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510).
- dmaengine: dma-jz4780: Further residue status fix (bsc#1051510).
- dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510).
- dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510).
- dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510).
- dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510).
- dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510).
- docs: move protection-keys.rst to the core-api book (bsc#1078248).
- drm/etnaviv: fix dumping of iommuv2 (bsc#1113722)
- drm/omap: fix max fclk divider for omap36xx (bsc#1113722)
- drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes).
- drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722)
- e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049).
- e1000e: Use dev_get_drvdata where possible (bsc#1158049).
- e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049).
- extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510).
- fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510).
- fbdev: sbuslib: use checked version of put_user() (bsc#1051510).
- gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510).
- gpio: syscon: Fix possible NULL ptr usage (bsc#1051510).
- gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510).
- gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510).
- hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510).
- hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510).
- hwrng: omap - Fix RNG wait loop timeout (bsc#1051510).
- hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510).
- hypfs: Fix error number left in struct pointer member (bsc#1051510).
- ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
- ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
- ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
- ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047).
- iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510).
- iio: adc: stm32-adc: fix stopping dma (git-fixes).
- iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510).
- iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes).
- iio: imu: adis16480: make sure provided frequency is positive (git-fixes).
- iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes).
- iio: imu: adis: assign value only if return code zero in read funcs (git-fixes).
- include/linux/bitrev.h: fix constant bitrev (bsc#1114279).
- inet: stop leaking jiffies on the wire (networking-stable-19_11_05).
- intel_th: Fix a double put_device() in error path (git-fixes).
- iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063).
- ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510).
- ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24).
- iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510).
- iwlwifi: check kasprintf() return value (bsc#1051510).
- iwlwifi: do not panic in error path on non-msix systems (bsc#1155692).
- iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
- iwlwifi: mvm: avoid sending too many BARs (bsc#1051510).
- iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510).
- kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510).
- kABI workaround for struct mwifiex_power_cfg change (bsc#1051510).
- kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066).
- lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes).
- lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes).
- liquidio: fix race condition in instruction completion processing (bsc#1051510).
- loop: add ioctl for changing logical block size (bsc#1108043).
- mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510).
- mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510).
- mac80211: minstrel: fix CCK rate group streams value (bsc#1051510).
- mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510).
- macvlan: schedule bc_work even if error (bsc#1051510).
- mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes).
- media: au0828: Fix incorrect error messages (bsc#1051510).
- media: bdisp: fix memleak on release (git-fixes).
- media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510).
- media: davinci: Fix implicit enum conversion warning (bsc#1051510).
- media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes).
- media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510).
- media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes).
- media: imon: invalid dereference in imon_touch_event (bsc#1051510).
- media: isif: fix a NULL pointer dereference bug (bsc#1051510).
- media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510).
- media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510).
- media: radio: wl1273: fix interrupt masking on release (git-fixes).
- media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes).
- media: usbvision: Fix races among open, close, and disconnect (bsc#1051510).
- media: vim2m: Fix abort issue (git-fixes).
- media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510).
- mei: fix modalias documentation (git-fixes).
- mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510).
- mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510).
- mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510).
- mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510).
- mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes).
- mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510).
- mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)).
- mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)).
- mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)).
- mmc: core: fix wl1251 sdio quirks (git-fixes).
- mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes).
- mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510).
- mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes).
- mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes).
- mmc: sdio: fix wl1251 vendor id (git-fixes).
- mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510).
- mtd: nand: mtk: fix incorrect register setting order about ecc irq.
- mtd: spear_smi: Fix Write Burst mode (bsc#1051510).
- mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510).
- mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510).
- net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).
- net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05).
- net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05).
- net/smc: Fix error path in smc_init (git-fixes).
- net/smc: avoid fallback in case of non-blocking connect (git-fixes).
- net/smc: fix closing of fallback SMC sockets (git-fixes).
- net/smc: fix ethernet interface refcounting (git-fixes).
- net/smc: fix refcounting for non-blocking connect() (git-fixes).
- net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes).
- net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05).
- net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05).
- net: add skb_queue_empty_lockless() (networking-stable-19_11_05).
- net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05).
- net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05).
- net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24).
- net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24).
- net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24).
- net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05).
- net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05).
- net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05).
- net: dsa: fix switch tree list (networking-stable-19_11_05).
- net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05).
- net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05).
- net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05).
- net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24).
- net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05).
- net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05).
- net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes).
- net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes).
- netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05).
- nfc: netlink: fix double device reference drop (git-fixes).
- nfc: port100: handle command failure cleanly (git-fixes).
- nl80211: Fix a GET_KEY reply attribute (bsc#1051510).
- openvswitch: fix flow command message size (git-fixes).
- padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes).
- phy: phy-twl4030-usb: fix denied runtime access (git-fixes).
- pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes).
- pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes).
- pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes).
- pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510).
- pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510).
- pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510).
- pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510).
- pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510).
- pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510).
- pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510).
- power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510).
- power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510).
- power: supply: max14656: fix potential use-after-free (bsc#1051510).
- power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510).
- power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510).
- powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041).
- powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520).
- powerpc/bpf: Fix tail call implementation (bsc#1157698).
- powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520).
- powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520).
- powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459).
- powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459).
- powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041).
- powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107).
- powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435).
- ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510).
- pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes).
- pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510).
- r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05).
- regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510).
- regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510).
- remoteproc: Check for NULL firmwares in sysfs interface (git-fixes).
- reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510).
- reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510).
- reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510).
- rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz.
- rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043)
- rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510).
- rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510).
- rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510).
- rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510).
- rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510).
- s390/bpf: fix lcgr instruction encoding (bsc#1051510).
- s390/bpf: use 32-bit index for tail calls (bsc#1051510).
- s390/cio: avoid calling strlen on null pointer (bsc#1051510).
- s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510).
- s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510).
- s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855).
- s390/idle: fix cpu idle time calculation (bsc#1051510).
- s390/process: avoid potential reading of freed stack (bsc#1051510).
- s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510).
- s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510).
- s390/qeth: return proper errno on IO error (bsc#1051510).
- s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948).
- s390/setup: fix early warning messages (bsc#1051510 bsc#1140948).
- s390/topology: avoid firing events before kobjs are created (bsc#1051510).
- s390: fix stfle zero padding (bsc#1051510).
- sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510).
- scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900).
- scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628).
- scsi: lpfc: Limit xri count for kdump environment (bsc#1154124).
- scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
- scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039).
- scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
- scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039).
- scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes).
- scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021).
- scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054).
- scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510).
- sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24).
- sctp: Fixed a regression (bsc#1158082).
- selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05).
- serial: fix kernel-doc warning in comments (bsc#1051510).
- serial: mctrl_gpio: Check for NULL pointer (bsc#1051510).
- serial: mxs-auart: Fix potential infinite loop (bsc#1051510).
- serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510).
- serial: uartlite: fix exit path null pointer (bsc#1051510).
- serial: uartps: Fix suspend functionality (bsc#1051510).
- signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463).
- slcan: Fix memory leak in error path (bsc#1051510).
- slip: Fix memory leak in slip_open error path (bsc#1051510).
- slip: Fix use-after-free Read in slip_open (bsc#1051510).
- smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355).
- smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355).
- smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355).
- smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355).
- smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355).
- soc: imx: gpc: fix PDN delay (bsc#1051510).
- soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510).
- spi: atmel: Fix CS high support (bsc#1051510).
- spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510).
- spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510).
- spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510).
- spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510).
- spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510).
- spi: rockchip: initialize dma_slave_config properly (bsc#1051510).
- spi: spidev: Fix OF tree warning logic (bsc#1051510).
- staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510).
- thunderbolt: Fix lockdep circular locking depedency warning (git-fixes).
- tpm: add check after commands attribs tab allocation (bsc#1051510).
- tracing: Get trace_array reference for available_tracers files (bsc#1156429).
- udp: use skb_queue_empty_lockless() (networking-stable-19_11_05).
- usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510).
- usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510).
- usb: chipidea: Fix otg event handler (bsc#1051510).
- usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510).
- usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510).
- usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510).
- usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510).
- usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510).
- usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510).
- usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510).
- usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510).
- usb: handle warm-reset port requests on hub resume (bsc#1051510).
- usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510).
- usbip: Fix free of unallocated memory in vhci tx (git-fixes).
- usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes).
- usbip: Implement SG support to vhci-hcd and stub driver (git-fixes).
- usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes).
- vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510).
- vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510).
- vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362).
- video/hdmi: Fix AVI bar unpack (git-fixes).
- virtio/s390: fix race on airq_areas (bsc#1051510).
- virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes).
- virtio_ring: fix return code on DMA mapping fails (git-fixes).
- vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499).
- watchdog: meson: Fix the wrong value of left time (bsc#1051510).
- x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811).
- x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811).
- x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248).
- x86/pkeys: Update documentation about availability (bsc#1078248).
- x86/resctrl: Fix potential lockdep warning (bsc#1114279).
- x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279).
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068).
- xfrm: Fix xfrm sel prefix length validation (git-fixes).
- xfrm: fix sa selector validation (bsc#1156609).
ImportantSUSE bug 1048942SUSE bug 1051510SUSE bug 1078248SUSE bug 1082635SUSE bug 1089644SUSE bug 1091041SUSE bug 1108043SUSE bug 1113722SUSE bug 1114279SUSE bug 1117169SUSE bug 1131107SUSE bug 1138039SUSE bug 1140948SUSE bug 1143706SUSE bug 1144333SUSE bug 1149448SUSE bug 1150466SUSE bug 1151548SUSE bug 1151900SUSE bug 1152782SUSE bug 1153628SUSE bug 1153681SUSE bug 1153811SUSE bug 1154043SUSE bug 1154058SUSE bug 1154124SUSE bug 1154355SUSE bug 1154526SUSE bug 1154956SUSE bug 1155021SUSE bug 1155689SUSE bug 1155692SUSE bug 1155836SUSE bug 1155897SUSE bug 1155921SUSE bug 1155982SUSE bug 1156187SUSE bug 1156258SUSE bug 1156429SUSE bug 1156466SUSE bug 1156471SUSE bug 1156494SUSE bug 1156609SUSE bug 1156700SUSE bug 1156729SUSE bug 1156882SUSE bug 1157038SUSE bug 1157042SUSE bug 1157070SUSE bug 1157143SUSE bug 1157145SUSE bug 1157158SUSE bug 1157162SUSE bug 1157171SUSE bug 1157173SUSE bug 1157178SUSE bug 1157180SUSE bug 1157182SUSE bug 1157183SUSE bug 1157184SUSE bug 1157191SUSE bug 1157193SUSE bug 1157197SUSE bug 1157298SUSE bug 1157307SUSE bug 1157324SUSE bug 1157333SUSE bug 1157424SUSE bug 1157463SUSE bug 1157499SUSE bug 1157678SUSE bug 1157698SUSE bug 1157778SUSE bug 1157908SUSE bug 1158049SUSE bug 1158063SUSE bug 1158064SUSE bug 1158065SUSE bug 1158066SUSE bug 1158067SUSE bug 1158068SUSE bug 1158082CVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-15916 at SUSECVE-2019-15916 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-17055 at SUSECVE-2019-17055 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18805 at SUSECVE-2019-18805 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19227 at SUSECVE-2019-19227 at NVDcpe:/o:suse:sles:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377).
- CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).
- CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371).
- CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).
- CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).
- CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).
ImportantSUSE bug 1112758SUSE bug 1113029SUSE bug 1113660SUSE bug 1123371SUSE bug 1123377SUSE bug 1123378CVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDcpe:/o:suse:sles:12:sp4Security update for python-numpy (Important)SUSE Linux Enterprise Server 12 SP4
This update for python-numpy fixes the following issue:
Security issue fixed:
- CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208).
With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by
misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set.
NOTE: By applying this update the behavior of python-numpy changes, which might break your application.
In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware
that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code
execution.
ImportantSUSE bug 1122208CVE-2019-6446 at SUSECVE-2019-6446 at NVDcpe:/o:suse:sles:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4
This update for systemd fixes the following issues:
Security vulnerability fixed:
- CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS
message on the system bus by an unprivileged user (bsc#1125352)
Other bug fixes and changes:
- journal-remote: set a limit on the number of fields in a message
- journal-remote: verify entry length from header
- journald: set a limit on the number of fields (1k)
- journald: do not store the iovec entry for process commandline on stack
- core: include Found state in device dumps
- device: fix serialization and deserialization of DeviceFound
- fix path in btrfs rule (#6844)
- assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)
- Update systemd-system.conf.xml (bsc#1122000)
- units: inform user that the default target is started after exiting from rescue or emergency mode
- manager: don't skip sigchld handler for main and control pid for services (#3738)
- core: Add helper functions unit_{main, control}_pid
- manager: Fixing a debug printf formatting mistake (#3640)
- manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382)
- core: update invoke_sigchld_event() to handle NULL ->sigchld_event()
- sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631)
- unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344)
- core: when restarting services, don't close fds
- cryptsetup: Add dependency on loopback setup to generated units
- journal-gateway: use localStorage['cursor'] only when it has valid value
- journal-gateway: explicitly declare local variables
- analyze: actually select longest activated-time of services
- sd-bus: fix implicit downcast of bitfield reported by LGTM
- core: free lines after reading them (bsc#1123892)
- pam_systemd: reword message about not creating a session (bsc#1111498)
- pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498)
- main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed
- automount: don't pass non-blocking pipe to kernel.
- units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
- units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333)
ImportantSUSE bug 1111498SUSE bug 1117025SUSE bug 1117382SUSE bug 1120658SUSE bug 1122000SUSE bug 1122344SUSE bug 1123333SUSE bug 1123892SUSE bug 1125352CVE-2019-6454 at SUSECVE-2019-6454 at NVDcpe:/o:suse:sles:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
- CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957).
Non-security issues fixed:
- Improved disk performance for qemu on xen (bsc#1100408).
- Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993).
- Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600).
- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646).
- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179).
ImportantSUSE bug 1063993SUSE bug 1079730SUSE bug 1100408SUSE bug 1101982SUSE bug 1112646SUSE bug 1114957SUSE bug 1116717SUSE bug 1117275SUSE bug 1119493SUSE bug 1121600SUSE bug 1123156SUSE bug 1123179CVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-18954 at SUSECVE-2018-18954 at NVDCVE-2018-19364 at SUSECVE-2018-19364 at NVDCVE-2018-19489 at SUSECVE-2018-19489 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDcpe:/o:suse:sles:12:sp4Security update for procps (Important)SUSE Linux Enterprise Server 12 SP4
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)
Also the following non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
ImportantSUSE bug 1092100SUSE bug 1121753CVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:sles:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4
This update for python fixes the following issues:
Security issues fixed:
- CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191).
- CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847).
Non-security issue fixed:
- Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748).
ImportantSUSE bug 1073748SUSE bug 1109847SUSE bug 1122191CVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_0-openjdk to version 7u201 fixes the following issues:
Security issues fixed:
- CVE-2018-3136: Manifest better support (bsc#1112142)
- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
- CVE-2018-3169: Improve field accesses (bsc#1112146)
- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
- CVE-2018-3214: Better RIFF reading support (bsc#1112152)
- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
- CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile
- CVE-2018-2938: Support Derby connections (bsc#1101644)
- CVE-2018-2940: Better stack walking (bsc#1101645)
- CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651)
- CVE-2018-2973: Improve LDAP support (bsc#1101656)
- CVE-2018-3639 cpu speculative store bypass mitigation
ImportantSUSE bug 1101644SUSE bug 1101645SUSE bug 1101651SUSE bug 1101656SUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112147SUSE bug 1112152SUSE bug 1112153CVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2018-16435 at SUSECVE-2018-16435 at NVDCVE-2018-2938 at SUSECVE-2018-2938 at NVDCVE-2018-2940 at SUSECVE-2018-2940 at NVDCVE-2018-2952 at SUSECVE-2018-2952 at NVDCVE-2018-2973 at SUSECVE-2018-2973 at NVDCVE-2018-3136 at SUSECVE-2018-3136 at NVDCVE-2018-3139 at SUSECVE-2018-3139 at NVDCVE-2018-3149 at SUSECVE-2018-3149 at NVDCVE-2018-3169 at SUSECVE-2018-3169 at NVDCVE-2018-3180 at SUSECVE-2018-3180 at NVDCVE-2018-3214 at SUSECVE-2018-3214 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838)
- CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839)
Non-security issue fixed:
- sysconfig.d is not created anymore if it already exists (bsc#1121086)
ModerateSUSE bug 1121086SUSE bug 1122838SUSE bug 1122839CVE-2018-17189 at SUSECVE-2018-17189 at NVDCVE-2018-17199 at SUSECVE-2018-17199 at NVDcpe:/o:suse:sles:12:sp4Security update for ceph (Important)SUSE Linux Enterprise Server 12 SP4
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177)
- CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710)
- CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)
Non-security issue fixed:
- os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246)
ImportantSUSE bug 1111177SUSE bug 1113246SUSE bug 1114710SUSE bug 1121567CVE-2018-14662 at SUSECVE-2018-14662 at NVDCVE-2018-16846 at SUSECVE-2018-16846 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 to version 2.22.6 fixes the following issues:
Security issues fixed:
- CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing
of special crafted web-content.
Other issues addressed:
- Update to version 2.22.6 (bsc#1124937).
- Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.
- Fixed Web inspector magnifier under Wayland.
- Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11.
- Fixed several crashes, race conditions, and rendering issues.
ImportantSUSE bug 1124937CVE-2019-6212 at SUSECVE-2019-6212 at NVDCVE-2019-6215 at SUSECVE-2019-6215 at NVDCVE-2019-6216 at SUSECVE-2019-6216 at NVDCVE-2019-6217 at SUSECVE-2019-6217 at NVDCVE-2019-6226 at SUSECVE-2019-6226 at NVDCVE-2019-6227 at SUSECVE-2019-6227 at NVDCVE-2019-6229 at SUSECVE-2019-6229 at NVDCVE-2019-6233 at SUSECVE-2019-6233 at NVDCVE-2019-6234 at SUSECVE-2019-6234 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_1 fixes the following issues:
- The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951)
ModerateSUSE bug 1117951cpe:/o:suse:sles:12:sp4Security update for sssd (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sssd fixes the following issues:
Security vulnerabilities addressed:
- Fix fallback_homedir returning '/' for empty home directories
(CVE-2019-3811) (bsc#1121759)
- Create sockets with right permissions (bsc#1098377, CVE-2018-10852)
Other bug fixes and changes:
- Install logrotate configuration (bsc#1004220)
- Strip whitespaces in netgroup triples (bsc#1087320)
- Align systemd service file with upstream
* Run interactive and change service type to notify (bsc#1120852)
* Replace deprecated '-f' and use '--logger'
ModerateSUSE bug 1004220SUSE bug 1087320SUSE bug 1098377SUSE bug 1120852SUSE bug 1121759CVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDcpe:/o:suse:sles:12:sp4Security update for audit (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for audit fixes the following issues:
Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring
new features and bugfixes. (bsc#1125535 FATE#326346)
* Many features were added to auparse_normalize
* cli option added to auditd and audispd for setting config dir
* In auditd, restore the umask after creating a log file
* Option added to auditd for skipping email verification
The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog
- Change openldap dependency to client only (bsc#1085003)
Minor security issue fixed:
- CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922)
ModerateSUSE bug 1042781SUSE bug 1085003SUSE bug 1125535SUSE bug 941922CVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-openjdk to version 8u191 fixes the following issues:
Security issues fixed:
- CVE-2018-3136: Manifest better support (bsc#1112142)
- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
- CVE-2018-3169: Improve field accesses (bsc#1112146)
- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
- CVE-2018-3214: Better RIFF reading support (bsc#1112152)
- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
- CVE-2018-3183: Improve script engine support (bsc#1112148)
- CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile
ImportantSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112147SUSE bug 1112148SUSE bug 1112152SUSE bug 1112153CVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2018-16435 at SUSECVE-2018-16435 at NVDCVE-2018-3136 at SUSECVE-2018-3136 at NVDCVE-2018-3139 at SUSECVE-2018-3139 at NVDCVE-2018-3149 at SUSECVE-2018-3149 at NVDCVE-2018-3169 at SUSECVE-2018-3169 at NVDCVE-2018-3180 at SUSECVE-2018-3180 at NVDCVE-2018-3183 at SUSECVE-2018-3183 at NVDCVE-2018-3214 at SUSECVE-2018-3214 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
ModerateSUSE bug 1117951SUSE bug 1127080CVE-2019-1559 at SUSECVE-2019-1559 at NVDcpe:/o:suse:sles:12:sp4Security update for ovmf (Important)SUSE Linux Enterprise Server 12 SP4
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead
to memory read/write overrun (bsc#1127820).
- CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821).
- CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to
bypass the chain of trust checks (bsc#1127822).
ImportantSUSE bug 1127820SUSE bug 1127821SUSE bug 1127822CVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 to version 2.22.4 fixes the following issues:
Security issues fixed:
CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392,
CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,
CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361,
CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,
CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998).
ImportantSUSE bug 1110279SUSE bug 1116998CVE-2018-4191 at SUSECVE-2018-4191 at NVDCVE-2018-4197 at SUSECVE-2018-4197 at NVDCVE-2018-4207 at SUSECVE-2018-4207 at NVDCVE-2018-4208 at SUSECVE-2018-4208 at NVDCVE-2018-4209 at SUSECVE-2018-4209 at NVDCVE-2018-4210 at SUSECVE-2018-4210 at NVDCVE-2018-4212 at SUSECVE-2018-4212 at NVDCVE-2018-4213 at SUSECVE-2018-4213 at NVDCVE-2018-4261 at SUSECVE-2018-4261 at NVDCVE-2018-4262 at SUSECVE-2018-4262 at NVDCVE-2018-4263 at SUSECVE-2018-4263 at NVDCVE-2018-4264 at SUSECVE-2018-4264 at NVDCVE-2018-4265 at SUSECVE-2018-4265 at NVDCVE-2018-4266 at SUSECVE-2018-4266 at NVDCVE-2018-4267 at SUSECVE-2018-4267 at NVDCVE-2018-4270 at SUSECVE-2018-4270 at NVDCVE-2018-4272 at SUSECVE-2018-4272 at NVDCVE-2018-4273 at SUSECVE-2018-4273 at NVDCVE-2018-4278 at SUSECVE-2018-4278 at NVDCVE-2018-4284 at SUSECVE-2018-4284 at NVDCVE-2018-4299 at SUSECVE-2018-4299 at NVDCVE-2018-4306 at SUSECVE-2018-4306 at NVDCVE-2018-4309 at SUSECVE-2018-4309 at NVDCVE-2018-4312 at SUSECVE-2018-4312 at NVDCVE-2018-4314 at SUSECVE-2018-4314 at NVDCVE-2018-4315 at SUSECVE-2018-4315 at NVDCVE-2018-4316 at SUSECVE-2018-4316 at NVDCVE-2018-4317 at SUSECVE-2018-4317 at NVDCVE-2018-4318 at SUSECVE-2018-4318 at NVDCVE-2018-4319 at SUSECVE-2018-4319 at NVDCVE-2018-4323 at SUSECVE-2018-4323 at NVDCVE-2018-4328 at SUSECVE-2018-4328 at NVDCVE-2018-4345 at SUSECVE-2018-4345 at NVDCVE-2018-4358 at SUSECVE-2018-4358 at NVDCVE-2018-4359 at SUSECVE-2018-4359 at NVDCVE-2018-4361 at SUSECVE-2018-4361 at NVDCVE-2018-4372 at SUSECVE-2018-4372 at NVDCVE-2018-4373 at SUSECVE-2018-4373 at NVDCVE-2018-4375 at SUSECVE-2018-4375 at NVDCVE-2018-4376 at SUSECVE-2018-4376 at NVDCVE-2018-4378 at SUSECVE-2018-4378 at NVDCVE-2018-4382 at SUSECVE-2018-4382 at NVDCVE-2018-4386 at SUSECVE-2018-4386 at NVDCVE-2018-4392 at SUSECVE-2018-4392 at NVDCVE-2018-4416 at SUSECVE-2018-4416 at NVDcpe:/o:suse:sles:12:sp4Security update for LibVNCServer (Important)SUSE Linux Enterprise Server 12 SP4
This update for LibVNCServer fixes the following issues:
Security issues fixed:
- CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114)
- CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115)
- CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116)
- CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117)
- CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118)
- CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119)
- CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120)
- CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121)
- CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)
ImportantSUSE bug 1120114SUSE bug 1120115SUSE bug 1120116SUSE bug 1120117SUSE bug 1120118SUSE bug 1120119SUSE bug 1120120SUSE bug 1120121SUSE bug 1120122CVE-2018-15126 at SUSECVE-2018-15126 at NVDCVE-2018-15127 at SUSECVE-2018-15127 at NVDCVE-2018-20019 at SUSECVE-2018-20019 at NVDCVE-2018-20020 at SUSECVE-2018-20020 at NVDCVE-2018-20021 at SUSECVE-2018-20021 at NVDCVE-2018-20022 at SUSECVE-2018-20022 at NVDCVE-2018-20023 at SUSECVE-2018-20023 at NVDCVE-2018-20024 at SUSECVE-2018-20024 at NVDCVE-2018-6307 at SUSECVE-2018-6307 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues:
Security issues fixed:
- CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
- CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).
More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019
ImportantSUSE bug 1122293SUSE bug 1122299CVE-2018-11212 at SUSECVE-2018-11212 at NVDCVE-2019-2422 at SUSECVE-2019-2422 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb to version 10.2.22 fixes the following issues:
Security issues fixed (bsc#1122198):
- CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service.
- CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service.
Other issues fixed:
- Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027).
- Fixed an issue where the lograte was not working (bsc#1112767).
- Backport Information Schema CHECK_CONSTRAINTS Table.
- Maximum value of table_definition_cache is now 2097152.
- InnoDB ALTER TABLE fixes.
- Galera crash recovery fixes.
- Encryption fixes.
- Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475).
The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/
ModerateSUSE bug 1112767SUSE bug 1122198SUSE bug 1122475SUSE bug 1127027CVE-2019-2510 at SUSECVE-2019-2510 at NVDCVE-2019-2537 at SUSECVE-2019-2537 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues:
Security issues fixed:
- CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
- CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).
- CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158).
- CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292).
More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332
ImportantSUSE bug 1122292SUSE bug 1122293SUSE bug 1122299SUSE bug 1128158CVE-2018-11212 at SUSECVE-2018-11212 at NVDCVE-2018-1890 at SUSECVE-2018-1890 at NVDCVE-2019-2422 at SUSECVE-2019-2422 at NVDCVE-2019-2449 at SUSECVE-2019-2449 at NVDcpe:/o:suse:sles:12:sp4Security update for lftp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for lftp fixes the following issues:
Security issue fixed:
- CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of
the local system (bsc#1103367).
Other issue addressed:
- The SSH login handling code detects password prompts more reliably (bsc#1120946).
ModerateSUSE bug 1103367SUSE bug 1120946CVE-2018-10916 at SUSECVE-2018-10916 at NVDcpe:/o:suse:sles:12:sp4Security update for libssh2_org (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libssh2_org fixes the following issues:
Security issues fixed:
- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
- CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes
with specially crafted keyboard responses (bsc#1128493).
- CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write
with specially crafted payload (bsc#1128472).
- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require
and _libssh2_packet_requirev (bsc#1128480).
- CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially
crafted payload (bsc#1128471).
- CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted
SFTP packet (bsc#1128476).
- CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially
crafted message channel request SSH packet (bsc#1128474).
Other issue addressed:
- Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236).
ModerateSUSE bug 1091236SUSE bug 1128471SUSE bug 1128472SUSE bug 1128474SUSE bug 1128476SUSE bug 1128480SUSE bug 1128481SUSE bug 1128490SUSE bug 1128492SUSE bug 1128493CVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:sles:12:sp4Security update for openwsman (Important)SUSE Linux Enterprise Server 12 SP4
This update for openwsman fixes the following issues:
Security issues fixed:
- CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623).
- CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite
loop which leads to Denial of Service (bsc#1122623).
ImportantSUSE bug 1122623CVE-2019-3816 at SUSECVE-2019-3816 at NVDCVE-2019-3833 at SUSECVE-2019-3833 at NVDcpe:/o:suse:sles:12:sp4Security update for wireshark (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for wireshark to version 2.4.13 fixes the following issues:
Security issues fixed:
- CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP
dissector crash (bsc#1127367).
- CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER
and related dissectors crash (bsc#1127369).
- CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector
crash (bsc#1127370).
Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html
ModerateSUSE bug 1127367SUSE bug 1127369SUSE bug 1127370CVE-2019-9208 at SUSECVE-2019-9208 at NVDCVE-2019-9209 at SUSECVE-2019-9209 at NVDCVE-2019-9214 at SUSECVE-2019-9214 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript fixes the following issue:
Security issue fixed:
- CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible
which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).
ImportantSUSE bug 1129186CVE-2019-3838 at SUSECVE-2019-3838 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
Updated to the 20190312 bundle release (bsc#1129231)
New Platforms:
- AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile
- WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile
- CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop
- CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile
Updated Platforms:
- HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3
- HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3
- SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable
- SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx
- BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40
- BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
- BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87
- BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53
- APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
- APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx
- GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx
- KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile
- KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E
- CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8
ModerateSUSE bug 1129231cpe:/o:suse:sles:12:sp4Security update for gd (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gd fixes the following issues:
Security issues fixed:
- CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361).
- CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
ModerateSUSE bug 1123361SUSE bug 1123522CVE-2019-6977 at SUSECVE-2019-6977 at NVDCVE-2019-6978 at SUSECVE-2019-6978 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971).
- CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
- CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161).
- CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ).
- CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
- CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
- CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).
- CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907).
- CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).
- CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
- CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
The following non-security bugs were fixed:
- 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).
- 9p: clear dangling pointers in p9stat_free (bsc#1051510).
- 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).
- 9p/net: fix memory leak in p9_client_create (bsc#1051510).
- 9p/net: put a lower bound on msize (bsc#1051510).
- 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510).
- acpi/APEI: Clear GHES block_status before panic() (bsc#1051510).
- acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510).
- acpi/nfit: Block function zero DSMs (bsc#1051510).
- acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).
- acpi/nfit: Fix bus command validation (bsc#1051510).
- acpi/nfit: Fix command-supported detection (bsc#1051510).
- acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662).
- acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969).
- acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510).
- acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510).
- acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510).
- acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510).
- add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705
- Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).
- af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510).
- alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).
- alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510).
- alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510).
- alsa: compress: prevent potential divide by zero bugs (bsc#1051510).
- alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510).
- alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).
- alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510).
- alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).
- alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510).
- alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).
- alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).
- alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510).
- alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510).
- alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131).
- alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510).
- alsa: hda - Serialize codec registrations (bsc#1122944).
- alsa: hda - Use standard device registration for beep (bsc#1122944).
- alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).
- alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510).
- alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).
- alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510).
- altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510).
- amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927).
- apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510).
- applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510).
- arm64: fault: avoid send SIGBUS two times (bsc#1126393).
- arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510).
- arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510).
- arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510).
- arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510).
- arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393).
- arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510).
- arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510).
- arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510).
- arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510).
- arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510).
- arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510).
- arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510).
- arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510).
- arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510).
- arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510).
- arm: pxa: avoid section mismatch warning (bsc#1051510).
- arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510).
- ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510).
- ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510).
- ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).
- ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510).
- ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510).
- ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510).
- ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510).
- ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510).
- ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510).
- ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510).
- ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510).
- ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510).
- assoc_array: Fix shortcut creation (bsc#1051510).
- ata: ahci: mvebu: remove stale comment (bsc#1051510).
- ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510).
- ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510).
- ath9k: dynack: make ewma estimation faster (bsc#1051510).
- ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510).
- atm: he: fix sign-extension overflow on large shift (bsc#1051510).
- ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04).
- ax25: fix possible use-after-free (bsc#1051510).
- backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722)
- batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510).
- batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510).
- batman-adv: Force mac header to start of data on xmit (bsc#1051510).
- be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252).
- bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094).
- blkdev: avoid migration stalls for blkdev pages (bsc#1084216).
- blk-mq: fix a hung issue when fsync (bsc#1125252).
- blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510).
- block: break discard submissions into the user defined size (git-fixes).
- block: cleanup __blkdev_issue_discard() (git-fixes).
- block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094).
- blockdev: Fix livelocks on loop device (bsc#1124984).
- block: do not deal with discard limit in blkdev_issue_discard() (git-fixes).
- block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895).
- block: do not warn when doing fsync on read-only devices (bsc#1125252).
- block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes).
- block: fix infinite loop if the device loses discard capability (git-fixes).
- block/loop: Use global lock for ioctl() operation (bsc#1124974).
- block: make sure discard bio is aligned with logical block size (git-fixes).
- block: make sure writesame bio is aligned with logical block size (git-fixes).
- block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585).
- block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes).
- bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510).
- bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510).
- bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323).
- bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323).
- bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323).
- bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323).
- bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323).
- bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ).
- bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282).
- bonding: update nest level on unlink (git-fixes).
- bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647).
- bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647).
- bpf: fix lockdep false positive in percpu_freelist (bsc#1083647).
- bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647).
- bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647).
- bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647).
- bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647).
- bpf/verifier: fix verifier instability (bsc#1056787).
- bsg: allocate sense buffer if requested (bsc#1106811).
- bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555).
- btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494).
- btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802).
- btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451).
- btrfs: fix clone vs chattr NODATASUM race (bsc#1127497).
- btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476).
- btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806).
- btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804).
- btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488).
- btrfs: fix fsync after succession of renames of different files (bsc#1126481).
- btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498).
- btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803).
- btrfs: fix use-after-free of cmp workspace pages (bsc#1127603).
- btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802).
- btrfs: Improve btrfs_search_slot description (bsc#1126802).
- btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802).
- btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638).
- btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638).
- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327).
- btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324).
- btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638).
- btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638).
- btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638).
- btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency).
- btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042).
- btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638).
- btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638).
- btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326).
- btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638).
- btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638).
- btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327).
- btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638).
- btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497).
- btrfs: remove always true check in unlock_up (bsc#1126802).
- btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802).
- btrfs: remove unnecessary level check in balance_level (bsc#1126802).
- btrfs: remove unused check of skip_locking (bsc#1126802).
- btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495).
- btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802).
- btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481).
- btrfs: split btrfs_extent_same (bsc#1127493).
- btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496).
- btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802).
- can: bcm: check timer values before ktime conversion (bsc#1051510).
- can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510).
- can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510).
- cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510).
- cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510).
- ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790).
- ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799).
- cfg80211: extend range deviation for DMG (bsc#1051510).
- ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235).
- char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510).
- checkstack.pl: fix for aarch64 (bsc#1051510).
- ch: fixup refcounting imbalance for SCSI devices (bsc#1124235).
- cifs: add missing debug entries for kconfig options (bsc#1051510).
- cifs: add missing support for ACLs in smb 3.11 (bsc#1051510).
- cifs: add sha512 secmech (bsc#1051510).
- cifs: Add support for reading attributes on smb2+ (bsc#1051510).
- cifs: Add support for writing attributes on smb2+ (bsc#1051510).
- cifs: Always resolve hostname before reconnecting (bsc#1051510).
- cifs: connect to servername instead of IP for IPC$ share (bsc#1051510).
- cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510).
- cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510).
- cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510).
- cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).
- cifs: Fix NULL pointer dereference of devname (bnc#1129519).
- cifs: fix return value for cifs_listxattr (bsc#1051510).
- cifs: Fix separator when building path from dentry (bsc#1051510).
- cifs: fix set info (bsc#1051510).
- cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510).
- cifs: fix wrapping bugs in num_entries() (bsc#1051510).
- cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510).
- cifs: hide unused functions (bsc#1051510).
- cifs: hide unused functions (bsc#1051510).
- cifs: implement v3.11 preauth integrity (bsc#1051510).
- cifs: invalidate cache when we truncate a file (bsc#1051510).
- cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510).
- cifs: OFD locks do not conflict with eachothers (bsc#1051510).
- cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510).
- cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510).
- cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510).
- cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510).
- cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510).
- cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510).
- cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510).
- cifs: Use ULL suffix for 64-bit constant (bsc#1051510).
- clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510).
- clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510).
- clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510).
- clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510).
- clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510).
- clk: imx6q: reset exclusive gates on init (bsc#1051510).
- clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510).
- clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510).
- clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510).
- clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510).
- clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510).
- clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510).
- clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510).
- clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510).
- clk: socfpga: fix refcount leak (bsc#1051510).
- clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510).
- clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510).
- clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510).
- clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).
- clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510).
- clk: uniphier: Fix update register for CPU-gear (bsc#1051510).
- clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510).
- clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510).
- clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510).
- clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510).
- configfs: fix registered group removal (bsc#1051510).
- copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
- cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042).
- cpufreq: conservative: Take limits changes into account properly (bsc#1051510).
- cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510).
- cpufreq: governor: Drop min_sampling_rate (bsc#1127042).
- cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042).
- cpufreq: imx6q: add return value check for voltage scale (bsc#1051510).
- cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042).
- cpuidle: big.LITTLE: fix refcount leak (bsc#1051510).
- cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510).
- crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510).
- crypto: ahash - fix another early termination in hash walk (bsc#1051510).
- crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510).
- crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510).
- crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510).
- crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510).
- crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510).
- crypto: brcm - Fix some set-but-not-used warning (bsc#1051510).
- crypto: caam - fixed handling of sg list (bsc#1051510).
- crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510).
- crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510).
- crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510).
- crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510).
- crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510).
- crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510).
- crypto: tgr192 - fix unaligned memory access (bsc#1051510).
- crypto: user - support incremental algorithm dumps (bsc#1120902).
- crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510).
- crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510).
- cw1200: drop useless LIST_HEAD (bsc#1051510).
- cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510).
- cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510).
- dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510).
- debugfs: fix debugfs_rename parameter checking (bsc#1051510).
- dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510).
- dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510).
- dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510).
- dlm: memory leaks on error path in dlm_user_request() (bsc#1051510).
- dlm: possible memory leak on error path in create_lkb() (bsc#1051510).
- dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510).
- dmaengine: at_hdmac: fix module unloading (bsc#1051510).
- dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510).
- dmaengine: bcm2835: Fix abort of transactions (bsc#1051510).
- dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510).
- dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510).
- dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510).
- dmaengine: dw: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510).
- dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510).
- dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510).
- dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510).
- dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510).
- dma: Introduce dma_max_mapping_size() (bsc#1120008).
- dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes).
- dm: call blk_queue_split() to impose device limits on bios (git-fixes).
- dm: do not allow readahead to limit IO size (git-fixes).
- dm thin: send event about thin-pool state change _after_ making it (git-fixes).
- dm zoned: Fix target BIO completion handling (git-fixes).
- doc: rcu: Suspicious RCU usage is a warning (bsc#1051510).
- doc/README.SUSE: Correct description for building a kernel (bsc#1123348)
- Do not log confusing message on reconnect by default (bsc#1129664).
- Do not log expected error on DFS referral request (bsc#1051510).
- driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510).
- driver core: Move async_synchronize_full call (bsc#1051510).
- drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510).
- drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579).
- drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579).
- drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579).
- drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510).
- drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ).
- drivers/sbus/char: add of_node_put() (bsc#1051510).
- drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510).
- drm/ast: Fix connector leak during driver unload (bsc#1051510).
- drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510).
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510).
- drm: Block fb changes for async plane updates (bsc#1051510).
- drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510).
- drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510).
- drm/bridge: tc358767: fix output H/V syncs (bsc#1051510).
- drm/bridge: tc358767: fix single lane configuration (bsc#1051510).
- drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510).
- drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510).
- drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510).
- drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510).
- drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722)
- drm/etnaviv: potential NULL dereference (bsc#1113722)
- drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722)
- drm: Fix error handling in drm_legacy_addctx (bsc#1113722)
- drm/i915: Block fbdev HPD processing during suspend (bsc#1113722)
- drm/i915/fbdev: Actually configure untiled displays (bsc#1113722)
- drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722)
- drm/i915/gvt: Fix mmap range check (bsc#1120902)
- drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722)
- drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510).
- drm/i915/opregion: fix version check (bsc#1113722)
- drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722)
- drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722)
- drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510).
- drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722)
- drm/meson: add missing of_node_put (bsc#1051510).
- drm/modes: Prevent division by zero htotal (bsc#1051510).
- drm/msm: Fix error return checking (bsc#1051510).
- drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510).
- drm/msm: Unblock writer if reader closes file (bsc#1051510).
- drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722)
- drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480).
- drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722)
- drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510).
- drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722)
- drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538).
- drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722)
- drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510).
- drm/rockchip: fix for mailbox read size (bsc#1051510).
- drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722)
- drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510).
- drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429)
- drm/vmwgfx: Fix setting of dma masks (bsc#1120902)
- drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902)
- e1000e: allow non-monotonic SYSTIM readings (bsc#1051510).
- earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510).
- earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510).
- Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,)
- enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510).
- enic: fix checksum validation for IPv6 (bsc#1051510).
- esp6: fix memleak on error path in esp6_input (bsc#1051510).
- esp: Fix locking on page fragment allocation (bsc#1051510).
- esp: Fix memleaks on error paths (bsc#1051510).
- esp: Fix skb tailroom calculation (bsc#1051510).
- exportfs: do not read dentry after free (bsc#1051510).
- ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981).
- ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978).
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980).
- ext4: Fix crash during online resizing (bsc#1122779).
- ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125).
- ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976).
- ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979).
- ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982).
- fanotify: fix handling of events on child sub-directory (bsc#1122019).
- fat: validate ->i_start before using (bsc#1051510).
- fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722)
- firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510).
- Fix kabi issues with new transport sharing code (bsc#1114893).
- Fix problem with sharetransport= and NFSv4 (bsc#1114893).
- fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510).
- floppy: check_events callback should not return a negative number (bsc#1051510).
- fork: do not copy inconsistent signal handler state to child (bsc#1051510).
- fork: record start_time late (git-fixes).
- fork: unconditionally clear stack on fork (git-fixes).
- fs/cifs: require sha512 (bsc#1051510).
- fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes).
- fs/devpts: always delete dcache dentry-s in dput() (git-fixes).
- fuse: call pipe_buf_release() under pipe lock (bsc#1051510).
- fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510).
- fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510).
- fuse: handle zero sized retrieve correctly (bsc#1051510).
- futex: Fix (possible) missed wakeup (bsc#1050549).
- gdrom: fix a memory leak bug (bsc#1051510).
- geneve: cleanup hard coded value for Ethernet header length (bsc#1123456).
- geneve: correctly handle ipv6.disable module parameter (bsc#1051510).
- geneve, vxlan: Do not check skb_dst() twice (bsc#1123456).
- geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456).
- genwqe: Fix size check (bsc#1051510).
- gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601).
- gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510).
- gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510).
- gianfar: prevent integer wrapping in the rx handler (bsc#1051510).
- gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510).
- gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510).
- gpio: pl061: handle failed allocations (bsc#1051510).
- gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510).
- gpio: vf610: Mask all GPIO interrupts (bsc#1051510).
- gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722)
- gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722)
- gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510).
- gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04).
- gro_cells: make sure device is up in gro_cells_receive() (git-fixes).
- hfs: do not free node before using (bsc#1051510).
- hfsplus: do not free node before using (bsc#1051510).
- hfsplus: prevent btree data loss on root split (bsc#1051510).
- hfs: prevent btree data loss on root split (bsc#1051510).
- hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510).
- hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes).
- hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510).
- hv: v4.12 API for hyperv-iommu (bsc#1122822).
- hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs ().
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs ().
- hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510).
- hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510).
- hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510).
- hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510).
- HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822).
- i2c-axxia: check for error conditions first (bsc#1051510).
- i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510).
- i2c: cadence: Fix the hold bit setting (bsc#1051510).
- i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510).
- i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510).
- i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510).
- i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662).
- i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662).
- i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662).
- IB/core: Destroy QP if XRC QP fails (bsc#1046306).
- IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306).
- IB/core: Unregister notifier before freeing MAD security (bsc#1046306).
- IB/hfi1: Close race condition on user context disable and close (bsc#1060463).
- IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ).
- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
- ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04).
- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
- ibmvnic: Increase maximum queue size limit (bsc#1121726).
- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
- ibmvnic: Report actual backing device speed and duplex values (bsc#1129923).
- ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
- ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019).
- ide: pmac: add of_node_put() (bsc#1051510).
- ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510).
- ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04).
- igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510).
- iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510).
- iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510).
- iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510).
- input: bma150 - register input device after setting private data (bsc#1051510).
- input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510).
- input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510).
- input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510).
- input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510).
- input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510).
- input: raspberrypi-ts - fix link error (git-fixes).
- input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes).
- input: restore EV_ABS ABS_RESERVED (bsc#1051510).
- input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510).
- input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510).
- input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510).
- input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666).
- intel_th: Do not reference unassigned outputs (bsc#1051510).
- intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510).
- iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947).
- iomap: warn on zero-length mappings (bsc#1127062).
- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
- iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181).
- iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182).
- iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205).
- iommu/vt-d: Check identity map for hot-added devices (bsc#1129183).
- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
- iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184).
- ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).
- ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456).
- ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456).
- ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).
- ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510).
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes).
- ipsec: check return value of skb_to_sgvec always (bsc#1051510).
- ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).
- ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12).
- ipv4: speedup ipv6 tunnels dismantle (bsc#1122982).
- ipv6: addrlabel: per netns list (bsc#1122982).
- ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12).
- ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01).
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22).
- ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04).
- ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20).
- ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch
- ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12).
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22).
- ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04).
- ip: validate header length on virtual device xmit (networking-stable-19_01_04).
- ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01).
- irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510).
- irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510).
- irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510).
- iscsi target: fix session creation failure handling (bsc#1051510).
- isdn: avm: Fix string plus integer warning from Clang (bsc#1051510).
- isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510).
- isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510).
- isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510).
- iser: set sector for ambiguous mr status errors (bsc#1051510).
- iwlwifi: mvm: avoid possible access out of array (bsc#1051510).
- iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510).
- iwlwifi: mvm: fix RSS config command (bsc#1051510).
- iwlwifi: pcie: fix emergency path (bsc#1051510).
- iwlwifi: pcie: fix TX while flushing (bsc#1120902).
- ixgbe: Be more careful when modifying MAC filters (bsc#1051510).
- ixgbe: check return value of napi_complete_done() (bsc#1051510).
- ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510).
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510).
- kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042).
- kabi: fix xhci kABI stability (bsc#1119086).
- kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982).
- kabi: handle addition of uevent_sock into struct net (bsc#1122982).
- kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008).
- kabi: protect struct sctp_association (kabi).
- kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662).
- kabi: protect struct smc_link (bnc#1117947, LTC#173662).
- kabi: protect vhost_log_write (kabi).
- kabi: restore ip_tunnel_delete_net() (bsc#1122982).
- kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510).
- kABI workaround for bt_accept_enqueue() change (bsc#1051510).
- kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944).
- kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944).
- kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805).
- kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510).
- kconfig: fix line numbers for if-entries in menu tree (bsc#1051510).
- kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510).
- kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510).
- kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes).
- keys: allow reaching the keys quotas exactly (bsc#1051510).
- keys: Timestamp new keys (bsc#1051510).
- kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510).
- kgdboc: Fix restrict error (bsc#1051510).
- kgdboc: Fix warning with module build (bsc#1051510).
- kobject: add kobject_uevent_net_broadcast() (bsc#1122982).
- kobject: copy env blob in one go (bsc#1122982).
- kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982).
- kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510).
- kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155).
- kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155).
- kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155).
- kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155).
- kvm: mmu: Fix race in emulated page table writes (bsc#1129284).
- kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291).
- kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292).
- kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293).
- kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589).
- kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279).
- kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294).
- kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).
- kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).
- kvm: x86: Fix single-step debugging (bsc#1129295).
- kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296).
- l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01).
- l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).
- l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01).
- lan78xx: Resolve issue with changing MAC address (bsc#1051510).
- leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510).
- leds: lp55xx: fix null deref on firmware load failure (bsc#1051510).
- libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800).
- libceph: handle an empty authorize reply (bsc#1126789).
- lib/div64.c: off by one in shift (bsc#1051510).
- libnvdimm: Fix altmap reservation size calculation (bsc#1127682).
- libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543).
- libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551).
- lib/rbtree-test: lower default params (git-fixes).
- lightnvm: fail fast on passthrough commands (bsc#1125780).
- livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995).
- livepatch: Consolidate klp_free functions (bsc#1071995 ).
- livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995).
- livepatch: Define a macro for new API identification (bsc#1071995).
- livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995).
- livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ).
- livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995).
- livepatch: Proper error handling in the shadow variables selftest (bsc#1071995).
- livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995).
- livepatch: Remove signal sysfs attribute (bsc#1071995 ).
- livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995).
- livepatch: Send a fake signal periodically (bsc#1071995 ).
- livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995).
- livepatch: Simplify API by removing registration step (bsc#1071995).
- llc: do not use sk_eat_skb() (bsc#1051510).
- lockd: fix access beyond unterminated strings in prints (git-fixes).
- locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).
- loop: drop caches if offset or block_size are changed (bsc#1124975).
- loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974).
- LSM: Check for NULL cred-security on free (bsc#1051510).
- mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510).
- mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510).
- mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510).
- mac80211: fix miscounting of ttl-dropped frames (bsc#1051510).
- mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510).
- mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510).
- mac80211: Restore vif beacon interval if start ap fails (bsc#1051510).
- macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510).
- mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510).
- mdio_bus: Fix use-after-free on device_register fails (bsc#1051510).
- media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510).
- media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510).
- media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510).
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510).
- media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510).
- media: s5k4ecgx: delete a bogus error message (bsc#1051510).
- media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510).
- media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510).
- media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510).
- media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610).
- media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510).
- media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510).
- media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510).
- media: v4l2-tpg: array index could become negative (bsc#1051510).
- media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510).
- media: vb2: be sure to unlock mutex on errors (bsc#1051510).
- media: vb2: vb2_mmap: move lock up (bsc#1051510).
- media: vivid: fix error handling of kthread_run (bsc#1051510).
- media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510).
- media: vivid: set min width/height to a value > 0 (bsc#1051510).
- memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510).
- mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510).
- mfd: db8500-prcmu: Fix some section annotations (bsc#1051510).
- mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510).
- mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510).
- mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510).
- mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510).
- mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510).
- mfd: tps6586x: Handle interrupts on suspend (bsc#1051510).
- mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510).
- mfd: wm5110: Add missing ASRC rate register (bsc#1051510).
- misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510).
- misc: hmc6352: fix potential Spectre v1 (bsc#1051510).
- misc: hpilo: Do not claim unsupported hardware (bsc#1129330).
- misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330).
- misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510).
- misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510).
- misc: sram: enable clock before registering regions (bsc#1051510).
- misc: sram: fix resource leaks in probe error path (bsc#1051510).
- misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510).
- misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510).
- mISDN: fix a race in dev_expire_timer() (bsc#1051510).
- mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662).
- mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes).
- mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22).
- mmap: introduce sane default mmap limits (git fixes (mm/mmap)).
- mmap: relax file size limit for regular files (git fixes (mm/mmap)).
- mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510).
- mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510).
- mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510).
- mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510).
- mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510).
- mmc: omap: fix the maximum timeout setting (bsc#1051510).
- mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510).
- mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510).
- mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510).
- mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510).
- mmc: sdhci-xenon: Fix timeout checks (bsc#1051510).
- mmc: spi: Fix card detection during probe (bsc#1051510).
- mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)).
- mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)).
- mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)).
- mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)).
- mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)).
- mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731).
- mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)).
- mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216).
- mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216)
- mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216).
- mm: migration: factor out code to compute expected number of page references (bsc#1084216).
- mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)).
- mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)).
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)).
- Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr
- Move the upstreamed HD-audio fix into sorted section
- mpt3sas: check sense buffer before copying sense data (bsc#1106811).
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510).
- mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510).
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510).
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510).
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510).
- mtdchar: fix overflows in adjustment of `count` (bsc#1051510).
- mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510).
- mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510).
- mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510).
- mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510).
- mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510).
- mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510).
- mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510).
- mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510).
- mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510).
- mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510).
- mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510).
- mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510).
- mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510).
- mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510).
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510).
- mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510).
- mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510).
- mtd: nand: omap2: Fix subpage write (bsc#1051510).
- mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510).
- mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510).
- mtd: nandsim: remove debugfs entries in error path (bsc#1051510).
- mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510).
- mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510).
- mtd: nand: vf610: set correct ooblayout (bsc#1051510).
- mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510).
- mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510).
- mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510).
- mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510).
- mv88e6060: disable hardware level MAC learning (bsc#1051510).
- nbd: Use set_blocksize() to set device blocksize (bsc#1124984).
- neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12).
- net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12).
- net: add uevent socket member (bsc#1122982).
- net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510).
- net: aquantia: fixed instack structure overflow (git-fixes).
- net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510).
- net: bcmgenet: abort suspend on error (bsc#1051510).
- net: bcmgenet: code movement (bsc#1051510).
- net: bcmgenet: fix OF child-node lookup (bsc#1051510).
- net: bcmgenet: remove HFB_CTRL access (bsc#1051510).
- net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510).
- net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20).
- net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26).
- net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04).
- net: do not call update_pmtu unconditionally (bsc#1123456).
- net: Do not default Cavium PTP driver to 'y' (bsc#1110096).
- net: dp83640: expire old TX-skb (networking-stable-19_02_10).
- net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes).
- net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22).
- net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10).
- net: ena: fix race between link up and device initalization (bsc#1083548).
- netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes).
- net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26).
- net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04).
- net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353).
- net: hns3: add handling for big TX fragment (bsc#1104353 ).
- net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353).
- net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ).
- net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ).
- net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ).
- net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ).
- net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ).
- net: hns3: remove hns3_fill_desc_tso (bsc#1104353).
- net: hns3: rename hns_nic_dma_unmap (bsc#1104353).
- net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353).
- net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26).
- net: macb: restart tx after tx used bit read (networking-stable-19_01_04).
- net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01).
- net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes).
- net/mlx4_core: Fix qp mtt size calculation (git-fixes).
- net/mlx4_core: Fix reset flow when in command polling mode (git-fixes).
- net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12).
- net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01).
- net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes).
- net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04).
- net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305).
- net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes).
- net/mlx5: Release resource on error flow (git-fixes).
- net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes).
- net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04).
- net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes).
- net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes).
- netns: restrict uevents (bsc#1122982).
- net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12).
- net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04).
- net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26).
- net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26).
- net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes).
- netrom: fix locking in nr_find_socket() (networking-stable-19_01_04).
- netrom: switch to sock timer API (bsc#1051510).
- net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01).
- net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26).
- net_sched: refetch skb protocol for each filter (networking-stable-19_01_26).
- net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01).
- net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03).
- net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662).
- net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662).
- net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662).
- net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662).
- net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662).
- net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662).
- net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662).
- net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662).
- net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662).
- net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662).
- net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662).
- net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662).
- net/smc: fix TCP fallback socket release (networking-stable-19_01_04).
- net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662).
- net/smc: no link delete for a never active link (bnc#1117947, LTC#173662).
- net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662).
- net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662).
- net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662).
- net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662).
- net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662).
- net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662).
- net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662).
- net: stmmac: Fix a race in EEE enable callback (git-fixes).
- net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes).
- net: stmmac: Fix PCI module removal leak (git-fixes).
- net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes).
- net: stmmac: Use mutex instead of spinlock (git-fixes).
- net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10).
- net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes).
- net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03).
- net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03).
- net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04).
- nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547).
- nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510).
- nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510).
- nfp: bpf: fix ALU32 high bits clearance bug (git-fixes).
- nfs: Allow NFSv4 mounts to not share transports ().
- nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes).
- nfsd: Fix an Oops in free_session() (git-fixes).
- nfs: Fix a missed page unlock after pg_doio() (git-fixes).
- nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes).
- nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ).
- nfsv4.1: Fix the r/wsize checking (git-fixes).
- nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes).
- niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510).
- ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510).
- nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351).
- nvme: flush namespace scanning work just before removing namespaces (bsc#1108101).
- nvme: kABI fix for scan_lock (bsc#1123882).
- nvme: lock NS list changes while handling command effects (bsc#1123882).
- nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807).
- nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939).
- nvme-multipath: round-robin I/O policy (bsc#1110705).
- nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595).
- of, numa: Validate some distance map rules (bsc#1051510).
- of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510).
- omap2fb: Fix stack memory disclosure (bsc#1120902)
- openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510).
- openvswitch: fix the incorrect flow action alloc size (bsc#1051510).
- openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510).
- packet: Do not leak dev refcounts on error exit (git-fixes).
- packet: validate address length if non-zero (networking-stable-19_01_04).
- packet: validate address length (networking-stable-19_01_04).
- parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510).
- Partially revert 'block: fail op_is_write() requests to (bsc#1125252).
- PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22).
- PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).
- pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510).
- pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822).
- pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510).
- pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281).
- pcrypt: use format specifier in kobject_add (bsc#1051510).
- perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).
- perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).
- perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805).
- perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805).
- perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).
- perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).
- perf/x86/intel: Fix memory corruption (bsc#1121805).
- perf/x86/intel: Fix memory corruption (bsc#1121805).
- perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).
- perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).
- perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).
- perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).
- perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).
- perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).
- phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04).
- phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510).
- phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510).
- phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510).
- phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510).
- phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510).
- phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510).
- phy: tegra: remove redundant self assignment of 'map' (bsc#1051510).
- phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510).
- pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510).
- pinctrl: meson: fix pull enable register calculation (bsc#1051510).
- pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510).
- pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510).
- pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510).
- pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510).
- pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510).
- pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510).
- pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510).
- pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510).
- pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510).
- pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510).
- pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510).
- pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510).
- pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510).
- pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510).
- pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510).
- pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510).
- pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510).
- pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510).
- pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510).
- pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510).
- pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510).
- pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510).
- pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510).
- pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510).
- platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510).
- platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510).
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510).
- platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510).
- powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995).
- powerpc: Add an option to disable static PCI bus numbering (bsc#1122159).
- powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338).
- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).
- powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).
- powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995).
- powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995).
- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).
- powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121).
- powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121).
- powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750).
- powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728).
- powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338).
- powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338).
- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
- powerpc/smp: Rework CPU topology construction (bsc#1109695).
- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
- powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338).
- powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338).
- powerpc/tm: Fix comment (bsc#1118338).
- powerpc/tm: Fix endianness flip on trap (bsc#1118338).
- powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338).
- powerpc/tm: Fix HTM documentation (bsc#1118338).
- powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338).
- powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338).
- powerpc/tm: Print 64-bits MSR (bsc#1118338).
- powerpc/tm: Print scratch value (bsc#1118338).
- powerpc/tm: Reformat comments (bsc#1118338).
- powerpc/tm: Remove msr_tm_active() (bsc#1118338).
- powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338).
- powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).
- powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955).
- powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338).
- powerpc/tm: Update function prototype comment (bsc#1118338).
- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).
- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
- pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes).
- proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes).
- pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080).
- pstore/ram: Avoid allocation and leak of platform data (bsc#1051510).
- pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510).
- pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510).
- pstore/ram: Do not treat empty buffers as valid (bsc#1051510).
- ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510).
- ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510).
- ptp_kvm: probe for kvm guest availability (bsc#1098382).
- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04).
- Put the xhci fix patch to the right place in the sorted section
- qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301).
- qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870).
- qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04).
- qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04).
- qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22).
- qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04).
- r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22).
- r8169: use PCI_VDEVICE macro (networking-stable-19_01_22).
- rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03).
- rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797).
- rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)).
- rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)).
- rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306).
- rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285).
- Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843)
- regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510).
- regulator: pv88060: Fix array out-of-bounds access (bsc#1051510).
- regulator: pv88080: Fix array out-of-bounds access (bsc#1051510).
- regulator: pv88090: Fix array out-of-bounds access (bsc#1051510).
- regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510).
- regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510).
- Remove blacklist of virtio patch so we can install it (bsc#1114585)
- Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510).
- Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510).
- Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510).
- Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252).
- Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510).
- Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it.
- Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854).
- rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510).
- rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time.
- rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995)
- rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902).
- rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12).
- rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10).
- s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes).
- s390/cpum_cf: Reject request for sampling in event initialization (git-fixes).
- s390/early: improve machine detection (git-fixes).
- s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662).
- s390/mm: always force a load of the primary ASCE on context switch (git-fixes).
- s390/mm: fix addressing exception after suspend/resume (bsc#1125252).
- s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561).
- s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567).
- s390/qeth: fix use-after-free in error path (bsc#1127534).
- s390/qeth: invoke softirqs after napi_schedule() (git-fixes).
- s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes).
- s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes).
- s390/sthyi: Fix machine name validity indication (git-fixes).
- s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061).
- sata_rcar: fix deferred probing (bsc#1051510).
- sbus: char: add of_node_put() (bsc#1051510).
- sc16is7xx: Fix for multi-channel stall (bsc#1051510).
- sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909).
- sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).
- sched/wake_q: Document wake_q_add() (bsc#1050549).
- sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).
- sched/wake_q: Reduce reference counting for special users (bsc#1050549).
- sch_multiq: fix double free on init failure (bsc#1051510).
- scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764).
- scsi: csiostor: remove flush_scheduled_work() (bsc#1127363).
- scsi: fix queue cleanup race before queue initialization is done (bsc#1125252).
- scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
- scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019).
- scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192).
- scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317).
- scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317).
- scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317).
- scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317).
- scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317).
- scsi: lpfc: fix remoteport access (bsc#1125252).
- scsi: lpfc: remove an unnecessary NULL check (bsc#1121317).
- scsi: lpfc: update fault value on successful trunk events (bsc#1121317).
- scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317).
- scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108).
- scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).
- scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108).
- scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108).
- scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108).
- scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108).
- scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108).
- scsi: mpt3sas: Fix indentation (bsc#1117108).
- scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).
- scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).
- scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).
- scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).
- scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108).
- scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).
- scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108).
- scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108).
- scsi: mpt3sas: switch to generic DMA API (bsc#1117108).
- scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).
- scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046).
- scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712).
- scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555).
- scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555).
- scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555).
- scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555).
- scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555).
- scsi: qla2xxx: Modify fall-through annotations (bsc#1094555).
- scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555).
- scsi: qla2xxx: Simplify conditional check (bsc#1094555).
- scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985).
- scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555).
- scsi: storvsc: Fix a race in sub-channel creation that can cause panic ().
- scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315).
- scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315).
- scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).
- scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585).
- sctp: add a ceiling to optlen in some sockopts (bnc#1129163).
- sctp: improve the events for sctp stream adding (networking-stable-19_02_01).
- sctp: improve the events for sctp stream reset (networking-stable-19_02_01).
- sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04).
- sctp: kfree_rcu asoc (networking-stable-18_12_12).
- sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355).
- selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995).
- selftests/livepatch: introduce tests (bsc#1071995).
- selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579).
- selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510).
- selinux: always allow mounting submounts (bsc#1051510).
- selinux: fix GPF on invalid policy (bsc#1051510).
- seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510).
- serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510).
- serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510).
- serial: fix race between flush_to_ldisc and tty_open (bsc#1051510).
- serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510).
- serial: imx: fix error handling in console_setup (bsc#1051510).
- serial: set suppress_bind_attrs flag only if builtin (bsc#1051510).
- serial/sunsu: fix refcount leak (bsc#1051510).
- serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510).
- serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510).
- signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes).
- skge: potential memory corruption in skge_get_regs() (bsc#1051510).
- sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510).
- sky2: Increase D3 delay again (bsc#1051510).
- slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)).
- smb3.1.1 dialect is no longer experimental (bsc#1051510).
- smb311: Fix reconnect (bsc#1051510).
- smb311: Improve checking of negotiate security contexts (bsc#1051510).
- smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510).
- smb3: allow stats which track session and share reconnects to be reset (bsc#1051510).
- smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510).
- smb3: check for and properly advertise directory lease support (bsc#1051510).
- smb3: directory sync should not return an error (bsc#1051510).
- smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510).
- smb3: do not request leases in symlink creation and query (bsc#1051510).
- smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510).
- smb3: Enable encryption for SMB3.1.1 (bsc#1051510).
- smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510).
- smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510).
- smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510).
- smb3: Fix root directory when server returns inode number of zero (bsc#1051510).
- smb3: fix various xid leaks (bsc#1051510).
- smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510).
- smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510).
- smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510).
- smb3: remove noisy warning message on mount (bsc#1129664).
- smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510).
- soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510).
- soc/tegra: Do not leak device tree node reference (bsc#1051510).
- splice: do not merge into linked buffers (git-fixes).
- staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510).
- staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510).
- staging: iio: ad7780: update voltage on read (bsc#1051510).
- staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510).
- staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510).
- staging: iio: adt7316: fix register and bit definitions (bsc#1051510).
- staging: iio: adt7316: fix the dac read calculation (bsc#1051510).
- staging: iio: adt7316: fix the dac write calculation (bsc#1051510).
- staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510).
- staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510).
- staging: speakup: Replace strncpy with memcpy (bsc#1051510).
- staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510).
- sunrpc: correct the computation for page_ptr when truncating (git-fixes).
- sunrpc: Fix a potential race in xprt_connect() (git-fixes).
- sunrpc: Fix leak of krb5p encode pages (git-fixes).
- sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).
- sunrpc: safely reallow resvport min/max inversion (git-fixes).
- svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285).
- swiotlb: Add is_swiotlb_active() function (bsc#1120008).
- swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008).
- switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510).
- switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510).
- sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510).
- tcp: batch tcp_net_metrics_exit (bsc#1122982).
- tcp: change txhash on SYN-data timeout (networking-stable-19_01_20).
- tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12).
- tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04).
- tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12).
- tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes).
- tcp: lack of available data can also cause TSO defer (git-fixes).
- team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510).
- team: Free BPF filter when unregistering netdev (bsc#1051510).
- thermal: do not clear passive state during system sleep (bsc#1051510).
- thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510).
- thermal/drivers/hisi: Fix configuration register setting (bsc#1051510).
- thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510).
- thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510).
- thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510).
- thermal: mediatek: fix register index error (bsc#1051510).
- timekeeping: Use proper seqcount initializer (bsc#1051510).
- tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04).
- tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510).
- tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510).
- tipc: fix a double kfree_skb() (networking-stable-19_01_04).
- tipc: fix a race condition of releasing subscriber object (bsc#1051510).
- tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510).
- tipc: fix infinite loop when dumping link monitor summary (bsc#1051510).
- tipc: fix RDM/DGRAM connect() regression (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510).
- tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04).
- tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510).
- tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510).
- tpm: Return the actual size when receiving an unsupported command (bsc#1051510).
- tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510).
- tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510).
- tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510).
- tpm: tpm_try_transmit() refactor error flow (bsc#1051510).
- tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581).
- tracing/uprobes: Fix output for multiple string arguments (bsc#1126495).
- tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625).
- Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510).
- tty: Handle problem if line discipline does not have receive_buf (bsc#1051510).
- tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510).
- tty/n_hdlc: fix __might_sleep warning (bsc#1051510).
- tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510).
- tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510).
- tun: forbid iface creation with rtnl ops (networking-stable-18_12_12).
- uart: Fix crash in uart_write and uart_put_char (bsc#1051510).
- ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01).
- ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510).
- uevent: add alloc_uevent_skb() helper (bsc#1122982).
- Update config files. Remove conditional support for smb2 and SMB3:
- Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061).
- Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789).
- Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference.
- Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082).
- Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425).
- uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510).
- usb: Add new USB LPM helpers (bsc#1120902).
- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902).
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902).
- usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902).
- usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510).
- usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902).
- usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510).
- usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510).
- usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902).
- usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510).
- usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510).
- usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510).
- usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510).
- usb: musb: dsps: fix otg state machine (bsc#1051510).
- usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902).
- usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03).
- usbnet: smsc95xx: fix rx packet alignment (bsc#1051510).
- usb: phy: am335x: fix race condition in _probe (bsc#1051510).
- usb: serial: option: add Fibocom NL678 series (bsc#1120902).
- usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902).
- usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510).
- usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510).
- usb: storage: add quirk for SMI SM3350 (bsc#1120902).
- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902).
- usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086).
- veth: set peer GSO values (bsc#1051510).
- vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes).
- vfio: ccw: process ssch with interrupts disabled (git-fixes).
- vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995).
- vfs: Add page_cache_seek_hole_data helper (bsc#1070995).
- vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995).
- vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510).
- vhost: log dirty page correctly (networking-stable-19_01_26).
- vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04).
- vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510).
- video: clps711x-fb: release disp device node in probe() (bsc#1051510).
- virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008).
- virtio: Introduce virtio_max_dma_size() (bsc#1120008).
- virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01).
- virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03).
- virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12).
- virtio/s390: avoid race on vcdev->config (git-fixes).
- virtio/s390: fix race in ccw_io_helper() (git-fixes).
- vmci: Support upto 64-bit PPNs (bsc#1127286).
- vsock: cope with memory allocation failure at socket creation time (bsc#1051510).
- vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04).
- vt: invoke notifier on screen size change (bsc#1051510).
- vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510).
- vxlan: Fix GRO cells race condition between receive and link delete (git-fixes).
- vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes).
- vxlan: update skb dst pmtu on tx path (bsc#1123456).
- w90p910_ether: remove incorrect __init annotation (bsc#1051510).
- watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510).
- watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).
- writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).
- x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).
- x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).
- x86/amd_nb: Add PCI device IDs for family 17h, model 30h ().
- x86/amd_nb: Add support for newer PCI topologies ().
- x86/a.out: Clear the dump structure initially (bsc#1114279).
- x86/apic: Provide apic_ack_irq() (bsc#1122822).
- x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154).
- x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154).
- x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154).
- x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).
- x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279).
- x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307).
- x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307).
- x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822).
- x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279).
- x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382).
- x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279).
- x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279).
- x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279).
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279).
- x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279).
- x86/pkeys: Properly copy pkey state at fork() (bsc#1129366).
- x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614).
- x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382).
- x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279).
- x86: respect memory size limiting via mem= parameter (bsc#1117645).
- x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279).
- x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279).
- x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279).
- x86/xen: dont add memory above max allowed allocation (bsc#1117645).
- x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382).
- x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382).
- x86/xen/time: setup vcpu 0 time info page (bsc#1098382).
- xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600).
- xen: fix dom0 boot on huge systems (bsc#1127836).
- xen: Fix x86 sched_clock() interface for xen (bsc#1098382).
- xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600).
- xen: remove pre-xen3 fallback handlers (bsc#1065600).
- xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133).
- xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995).
- xfs: remove filestream item xfs_inode reference (bsc#1127961).
- xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995).
- xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854).
- xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086).
- xprtrdma: Reset credit grant properly after a disconnect (git-fixes).
- Yama: Check for pid death before checking ancestry (bsc#1051510).
- yam: fix a missing-check bug (bsc#1051510).
- zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510).
- xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995).
ImportantSUSE bug 1046305SUSE bug 1046306SUSE bug 1050252SUSE bug 1050549SUSE bug 1051510SUSE bug 1054610SUSE bug 1055121SUSE bug 1056658SUSE bug 1056662SUSE bug 1056787SUSE bug 1060463SUSE bug 1063638SUSE bug 1065600SUSE bug 1068032SUSE bug 1070995SUSE bug 1071995SUSE bug 1074562SUSE bug 1074578SUSE bug 1074701SUSE bug 1075006SUSE bug 1075419SUSE bug 1075748SUSE bug 1078355SUSE bug 1080039SUSE bug 1082943SUSE bug 1083548SUSE bug 1083647SUSE bug 1084216SUSE bug 1086095SUSE bug 1086282SUSE bug 1086301SUSE bug 1086313SUSE bug 1086314SUSE bug 1086323SUSE bug 1087082SUSE bug 1087084SUSE bug 1087092SUSE bug 1087939SUSE bug 1088133SUSE bug 1094555SUSE bug 1098382SUSE bug 1098425SUSE bug 1098995SUSE bug 1102055SUSE bug 1103429SUSE bug 1104353SUSE bug 1106105SUSE bug 1106434SUSE bug 1106811SUSE bug 1107078SUSE bug 1107665SUSE bug 1108101SUSE bug 1108870SUSE bug 1109695SUSE bug 1110096SUSE bug 1110705SUSE bug 1111666SUSE bug 1113042SUSE bug 1113712SUSE bug 1113722SUSE bug 1113769SUSE bug 1113939SUSE bug 1114279SUSE bug 1114585SUSE bug 1114893SUSE bug 1117108SUSE bug 1117155SUSE bug 1117645SUSE bug 1117947SUSE bug 1118338SUSE bug 1119019SUSE bug 1119086SUSE bug 1119766SUSE bug 1119843SUSE bug 1120008SUSE bug 1120318SUSE bug 1120601SUSE bug 1120758SUSE bug 1120854SUSE bug 1120902SUSE bug 1120909SUSE bug 1120955SUSE bug 1121317SUSE bug 1121726SUSE bug 1121789SUSE bug 1121805SUSE bug 1122019SUSE bug 1122159SUSE bug 1122192SUSE bug 1122292SUSE bug 1122324SUSE bug 1122554SUSE bug 1122662SUSE bug 1122764SUSE bug 1122779SUSE bug 1122822SUSE bug 1122885SUSE bug 1122927SUSE bug 1122944SUSE bug 1122971SUSE bug 1122982SUSE bug 1123060SUSE bug 1123061SUSE bug 1123161SUSE bug 1123317SUSE bug 1123348SUSE bug 1123357SUSE bug 1123456SUSE bug 1123538SUSE bug 1123697SUSE bug 1123882SUSE bug 1123933SUSE bug 1124055SUSE bug 1124204SUSE bug 1124235SUSE bug 1124579SUSE bug 1124589SUSE bug 1124728SUSE bug 1124732SUSE bug 1124735SUSE bug 1124969SUSE bug 1124974SUSE bug 1124975SUSE bug 1124976SUSE bug 1124978SUSE bug 1124979SUSE bug 1124980SUSE bug 1124981SUSE bug 1124982SUSE bug 1124984SUSE bug 1124985SUSE bug 1125109SUSE bug 1125125SUSE bug 1125252SUSE bug 1125315SUSE bug 1125614SUSE bug 1125728SUSE bug 1125780SUSE bug 1125797SUSE bug 1125799SUSE bug 1125800SUSE bug 1125907SUSE bug 1125947SUSE bug 1126131SUSE bug 1126209SUSE bug 1126389SUSE bug 1126393SUSE bug 1126476SUSE bug 1126480SUSE bug 1126481SUSE bug 1126488SUSE bug 1126495SUSE bug 1126555SUSE bug 1126579SUSE bug 1126789SUSE bug 1126790SUSE bug 1126802SUSE bug 1126803SUSE bug 1126804SUSE bug 1126805SUSE bug 1126806SUSE bug 1126807SUSE bug 1127042SUSE bug 1127062SUSE bug 1127082SUSE bug 1127154SUSE bug 1127285SUSE bug 1127286SUSE bug 1127307SUSE bug 1127363SUSE bug 1127493SUSE bug 1127494SUSE bug 1127495SUSE bug 1127496SUSE bug 1127497SUSE bug 1127498SUSE bug 1127534SUSE bug 1127561SUSE bug 1127567SUSE bug 1127595SUSE bug 1127603SUSE bug 1127682SUSE bug 1127731SUSE bug 1127750SUSE bug 1127836SUSE bug 1127961SUSE bug 1128094SUSE bug 1128166SUSE bug 1128351SUSE bug 1128451SUSE bug 1128895SUSE bug 1129046SUSE bug 1129080SUSE bug 1129163SUSE bug 1129179SUSE bug 1129181SUSE bug 1129182SUSE bug 1129183SUSE bug 1129184SUSE bug 1129205SUSE bug 1129281SUSE bug 1129284SUSE bug 1129285SUSE bug 1129291SUSE bug 1129292SUSE bug 1129293SUSE bug 1129294SUSE bug 1129295SUSE bug 1129296SUSE bug 1129326SUSE bug 1129327SUSE bug 1129330SUSE bug 1129363SUSE bug 1129366SUSE bug 1129497SUSE bug 1129519SUSE bug 1129543SUSE bug 1129547SUSE bug 1129551SUSE bug 1129581SUSE bug 1129625SUSE bug 1129664SUSE bug 1129739SUSE bug 1129923SUSE bug 807502SUSE bug 824948SUSE bug 828192SUSE bug 925178CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-2024 at SUSECVE-2019-2024 at NVDCVE-2019-3459 at SUSECVE-2019-3459 at NVDCVE-2019-3460 at SUSECVE-2019-3460 at NVDCVE-2019-3819 at SUSECVE-2019-3819 at NVDCVE-2019-6974 at SUSECVE-2019-6974 at NVDCVE-2019-7221 at SUSECVE-2019-7221 at NVDCVE-2019-7222 at SUSECVE-2019-7222 at NVDCVE-2019-7308 at SUSECVE-2019-7308 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2019-8980 at SUSECVE-2019-8980 at NVDCVE-2019-9213 at SUSECVE-2019-9213 at NVDcpe:/o:suse:sles:12:sp4Security update for ovmf (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c
and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267).
- CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503).
ModerateSUSE bug 1128503SUSE bug 1130267CVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues.
The following security bugs were fixed:
- CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
- CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016).
- CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).
- CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161).
- CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which led to a use-after-free in sockfs_setattr (bnc#1125907 1126284).
- CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).
- CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
- CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
- CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
- CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).
- CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).
The following non-security bugs were fixed:
- 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).
- 9p: clear dangling pointers in p9stat_free (bsc#1051510).
- 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).
- 9p/net: fix memory leak in p9_client_create (bsc#1051510).
- 9p/net: put a lower bound on msize (bsc#1051510).
- 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510).
- acpi/APEI: Clear GHES block_status before panic() (bsc#1051510).
- acpi / device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510).
- acpi/nfit: Block function zero DSMs (bsc#1051510).
- acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).
- acpi/nfit: Fix bus command validation (bsc#1051510).
- acpi/nfit: Fix command-supported detection (bsc#1051510).
- acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662).
- acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969).
- acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510).
- acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510).
- acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510).
- acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510).
- add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705
- Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).
- add mainline tags for two hyperv iommu patches
- Adjust a commit id in a nvme patch to make our scripts happy
- af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510).
- alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).
- alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510).
- alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510).
- alsa: compress: prevent potential divide by zero bugs (bsc#1051510).
- alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510).
- alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).
- alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510).
- alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).
- alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510).
- alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).
- alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).
- alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510).
- alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510).
- alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131).
- alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510).
- alsa: hda - Serialize codec registrations (bsc#1122944).
- alsa: hda - Use standard device registration for beep (bsc#1122944).
- alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).
- alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510).
- alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).
- alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510).
- altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510).
- amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927).
- apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510).
- applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510).
- arm64: fault: avoid send SIGBUS two times (bsc#1126393).
- arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510).
- arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510).
- arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510).
- arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510).
- arm/arm64: KVM: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393).
- arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510).
- arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510).
- arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510).
- arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510).
- arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510).
- arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510).
- arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510).
- arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510).
- arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510).
- arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510).
- arm: pxa: avoid section mismatch warning (bsc#1051510).
- arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510).
- ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510).
- ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510).
- ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).
- ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510).
- ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510).
- ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510).
- ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510).
- ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510).
- ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510).
- ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510).
- ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510).
- ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510).
- assoc_array: Fix shortcut creation (bsc#1051510).
- ata: ahci: mvebu: remove stale comment (bsc#1051510).
- ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510).
- ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510).
- ath9k: dynack: make ewma estimation faster (bsc#1051510).
- ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510).
- atm: he: fix sign-extension overflow on large shift (bsc#1051510).
- ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04).
- ax25: fix possible use-after-free (bsc#1051510).
- backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722)
- batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510).
- batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510).
- batman-adv: Force mac header to start of data on xmit (bsc#1051510).
- be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252).
- bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094).
- blkdev: avoid migration stalls for blkdev pages (bsc#1084216).
- blk-mq: fix a hung issue when fsync (bsc#1125252).
- blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510).
- block: break discard submissions into the user defined size (git-fixes).
- block: cleanup __blkdev_issue_discard() (git-fixes).
- block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094).
- block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094).
- blockdev: Fix livelocks on loop device (bsc#1124984).
- block: do not deal with discard limit in blkdev_issue_discard() (git-fixes).
- block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895).
- block: do not warn when doing fsync on read-only devices (bsc#1125252).
- block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes).
- block: fix infinite loop if the device loses discard capability (git-fixes).
- block/loop: Use global lock for ioctl() operation (bsc#1124974).
- block: make sure discard bio is aligned with logical block size (git-fixes).
- block: make sure writesame bio is aligned with logical block size (git-fixes).
- block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585).
- block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes).
- bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510).
- bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510).
- bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323).
- bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323).
- bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323).
- bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323).
- bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323).
- bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ).
- bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282).
- bonding: update nest level on unlink (git-fixes).
- bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647).
- bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647).
- bpf: fix lockdep false positive in percpu_freelist (bsc#1083647).
- bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647).
- bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647).
- bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647).
- bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647).
- bpf/verifier: fix verifier instability (bsc#1056787).
- bsg: allocate sense buffer if requested (bsc#1106811).
- bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555).
- btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494).
- btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802).
- btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451).
- btrfs: fix clone vs chattr NODATASUM race (bsc#1127497).
- btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476).
- btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806).
- btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804).
- btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488).
- btrfs: fix fsync after succession of renames of different files (bsc#1126481).
- btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498).
- btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803).
- btrfs: fix use-after-free of cmp workspace pages (bsc#1127603).
- btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802).
- btrfs: Improve btrfs_search_slot description (bsc#1126802).
- btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802).
- btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638).
- btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638).
- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327).
- btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324).
- btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638).
- btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638).
- btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638).
- btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency).
- btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042).
- btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638).
- btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638).
- btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326).
- btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638).
- btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638).
- btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327).
- btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638).
- btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497).
- btrfs: remove always true check in unlock_up (bsc#1126802).
- btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802).
- btrfs: remove unnecessary level check in balance_level (bsc#1126802).
- btrfs: remove unused check of skip_locking (bsc#1126802).
- btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495).
- btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802).
- btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481).
- btrfs: split btrfs_extent_same (bsc#1127493).
- btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496).
- btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802).
- can: bcm: check timer values before ktime conversion (bsc#1051510).
- can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510).
- can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510).
- cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510).
- cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510).
- ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790).
- ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799).
- cfg80211: extend range deviation for DMG (bsc#1051510).
- ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235).
- char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510).
- checkstack.pl: fix for aarch64 (bsc#1051510).
- ch: fixup refcounting imbalance for SCSI devices (bsc#1124235).
- cifs: add missing debug entries for kconfig options (bsc#1051510).
- cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510).
- cifs: add sha512 secmech (bsc#1051510).
- cifs: Add support for reading attributes on SMB2+ (bsc#1051510).
- cifs: Add support for writing attributes on SMB2+ (bsc#1051510).
- cifs: Always resolve hostname before reconnecting (bsc#1051510).
- cifs: connect to servername instead of IP for IPC$ share (bsc#1051510).
- cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510).
- cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510).
- cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510).
- cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).
- cifs: Fix NULL pointer dereference of devname (bnc#1129519).
- cifs: fix return value for cifs_listxattr (bsc#1051510).
- cifs: Fix separator when building path from dentry (bsc#1051510).
- cifs: fix set info (bsc#1051510).
- cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510).
- cifs: fix wrapping bugs in num_entries() (bsc#1051510).
- cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510).
- cifs: hide unused functions (bsc#1051510).
- cifs: hide unused functions (bsc#1051510).
- cifs: implement v3.11 preauth integrity (bsc#1051510).
- cifs: invalidate cache when we truncate a file (bsc#1051510).
- cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510).
- cifs: OFD locks do not conflict with eachothers (bsc#1051510).
- cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510).
- cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510).
- cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510).
- cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510).
- cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510).
- cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510).
- cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510).
- cifs: Use ULL suffix for 64-bit constant (bsc#1051510).
- clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510).
- clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510).
- clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510).
- clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510).
- clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510).
- clk: imx6q: reset exclusive gates on init (bsc#1051510).
- clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510).
- clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510).
- clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510).
- clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510).
- clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510).
- clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510).
- clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510).
- clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510).
- clk: socfpga: fix refcount leak (bsc#1051510).
- clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510).
- clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510).
- clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510).
- clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).
- clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510).
- clk: uniphier: Fix update register for CPU-gear (bsc#1051510).
- clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510).
- clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510).
- clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510).
- clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510).
- configfs: fix registered group removal (bsc#1051510).
- copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
- cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042).
- cpufreq: conservative: Take limits changes into account properly (bsc#1051510).
- cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510).
- cpufreq: governor: Drop min_sampling_rate (bsc#1127042).
- cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042).
- cpufreq: imx6q: add return value check for voltage scale (bsc#1051510).
- cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042).
- cpuidle: big.LITTLE: fix refcount leak (bsc#1051510).
- cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510).
- crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510).
- crypto: ahash - fix another early termination in hash walk (bsc#1051510).
- crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510).
- crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510).
- crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510).
- crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510).
- crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510).
- crypto: brcm - Fix some set-but-not-used warning (bsc#1051510).
- crypto: caam - fixed handling of sg list (bsc#1051510).
- crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510).
- crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510).
- crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510).
- crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510).
- crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510).
- crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510).
- crypto: tgr192 - fix unaligned memory access (bsc#1051510).
- crypto: user - support incremental algorithm dumps (bsc#1120902).
- crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510).
- crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510).
- cw1200: drop useless LIST_HEAD (bsc#1051510).
- cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510).
- cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510).
- dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510).
- debugfs: fix debugfs_rename parameter checking (bsc#1051510).
- dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510).
- dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510).
- dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510).
- dlm: memory leaks on error path in dlm_user_request() (bsc#1051510).
- dlm: possible memory leak on error path in create_lkb() (bsc#1051510).
- dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510).
- dmaengine: at_hdmac: fix module unloading (bsc#1051510).
- dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510).
- dmaengine: bcm2835: Fix abort of transactions (bsc#1051510).
- dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510).
- dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510).
- dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510).
- dmaengine: dw: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510).
- dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510).
- dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510).
- dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510).
- dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510).
- dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510).
- dma: Introduce dma_max_mapping_size() (bsc#1120008).
- dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes).
- dm: call blk_queue_split() to impose device limits on bios (git-fixes).
- dm: do not allow readahead to limit IO size (git-fixes).
- dm thin: send event about thin-pool state change _after_ making it (git-fixes).
- dm zoned: Fix target BIO completion handling (git-fixes).
- doc: rcu: Suspicious RCU usage is a warning (bsc#1051510).
- doc/README.SUSE: Correct description for building a kernel (bsc#1123348)
- Do not log confusing message on reconnect by default (bsc#1129664).
- Do not log expected error on DFS referral request (bsc#1051510).
- driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510).
- driver core: Move async_synchronize_full call (bsc#1051510).
- drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510).
- drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579).
- drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579).
- drivers: hv: vmbus: Remove the useless API vmbus_get_outgoing_channel() (bsc#1127577).
- drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579).
- drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510).
- drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ).
- drivers/sbus/char: add of_node_put() (bsc#1051510).
- drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510).
- drm/ast: Fix connector leak during driver unload (bsc#1051510).
- drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510).
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510).
- drm: Block fb changes for async plane updates (bsc#1051510).
- drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510).
- drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510).
- drm/bridge: tc358767: fix output H/V syncs (bsc#1051510).
- drm/bridge: tc358767: fix single lane configuration (bsc#1051510).
- drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510).
- drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510).
- drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510).
- drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510).
- drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722)
- drm/etnaviv: potential NULL dereference (bsc#1113722)
- drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722)
- drm: Fix error handling in drm_legacy_addctx (bsc#1113722)
- drm/i915: Block fbdev HPD processing during suspend (bsc#1113722)
- drm/i915/fbdev: Actually configure untiled displays (bsc#1113722)
- drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722)
- drm/i915/gvt: Fix mmap range check (bsc#1120902)
- drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722)
- drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510).
- drm/i915/opregion: fix version check (bsc#1113722)
- drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722)
- drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722)
- drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510).
- drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722)
- drm/meson: add missing of_node_put (bsc#1051510).
- drm/modes: Prevent division by zero htotal (bsc#1051510).
- drm/msm: Fix error return checking (bsc#1051510).
- drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510).
- drm/msm: Unblock writer if reader closes file (bsc#1051510).
- drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722)
- drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480).
- drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722)
- drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510).
- drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722)
- drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538).
- drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722)
- drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510).
- drm/rockchip: fix for mailbox read size (bsc#1051510).
- drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722)
- drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510).
- drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429)
- drm/vmwgfx: Fix setting of dma masks (bsc#1120902)
- drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902)
- e1000e: allow non-monotonic SYSTIM readings (bsc#1051510).
- earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510).
- earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510).
- Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,)
- Enable livepatch test drivers in lib/ Livepatch kselftests need those.
- enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510).
- enic: fix checksum validation for IPv6 (bsc#1051510).
- esp6: fix memleak on error path in esp6_input (bsc#1051510).
- esp: Fix locking on page fragment allocation (bsc#1051510).
- esp: Fix memleaks on error paths (bsc#1051510).
- esp: Fix skb tailroom calculation (bsc#1051510).
- exportfs: do not read dentry after free (bsc#1051510).
- ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981).
- ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978).
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980).
- ext4: Fix crash during online resizing (bsc#1122779).
- ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125).
- ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976).
- ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979).
- ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982).
- fat: validate ->i_start before using (bsc#1051510).
- fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722)
- firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510).
- Fix kabi issues with new transport sharing code (bsc#1114893).
- Fix problem with sharetransport= and NFSv4 (bsc#1114893).
- fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510).
- floppy: check_events callback should not return a negative number (bsc#1051510).
- fork: do not copy inconsistent signal handler state to child (bsc#1051510).
- fork: record start_time late (git-fixes).
- fork: unconditionally clear stack on fork (git-fixes).
- fs/cifs: require sha512 (bsc#1051510).
- fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes).
- fuse: call pipe_buf_release() under pipe lock (bsc#1051510).
- fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510).
- fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510).
- fuse: handle zero sized retrieve correctly (bsc#1051510).
- futex: Fix (possible) missed wakeup (bsc#1050549).
- gdrom: fix a memory leak bug (bsc#1051510).
- geneve: cleanup hard coded value for Ethernet header length (bsc#1123456).
- geneve: correctly handle ipv6.disable module parameter (bsc#1051510).
- geneve, vxlan: Do not check skb_dst() twice (bsc#1123456).
- geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456).
- genwqe: Fix size check (bsc#1051510).
- gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601).
- gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510).
- gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510).
- gianfar: prevent integer wrapping in the rx handler (bsc#1051510).
- gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510).
- gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510).
- gpio: pl061: handle failed allocations (bsc#1051510).
- gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510).
- gpio: vf610: Mask all GPIO interrupts (bsc#1051510).
- gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722)
- gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722)
- gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510).
- gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04).
- gro_cells: make sure device is up in gro_cells_receive() (git-fixes).
- hfs: do not free node before using (bsc#1051510).
- hfsplus: do not free node before using (bsc#1051510).
- hfsplus: prevent btree data loss on root split (bsc#1051510).
- hfs: prevent btree data loss on root split (bsc#1051510).
- hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510).
- hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes).
- hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510).
- hv_uio_generic: map ringbuffer phys addr (bsc#1127577).
- hv: v4.12 API for hyperv-iommu (bsc#1122822).
- hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs ().
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs ().
- hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510).
- hwmon: (lm80) fix a missing check of the status of SMBus read (bsc#1051510).
- hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510).
- hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510).
- hyperv/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822).
- i2c-axxia: check for error conditions first (bsc#1051510).
- i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510).
- i2c: cadence: Fix the hold bit setting (bsc#1051510).
- i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510).
- i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510).
- i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510).
- i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662).
- i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662).
- i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662).
- ib/core: Destroy QP if XRC QP fails (bsc#1046306).
- ib/core: Fix potential memory leak while creating MAD agents (bsc#1046306).
- ib/core: Unregister notifier before freeing MAD security (bsc#1046306).
- ib/hfi1: Close race condition on user context disable and close (bsc#1060463).
- ib/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ).
- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
- ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04).
- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
- ibmvnic: Increase maximum queue size limit (bsc#1121726).
- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
- ibmvnic: Report actual backing device speed and duplex values (bsc#1129923).
- ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
- ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019).
- ide: pmac: add of_node_put() (bsc#1051510).
- ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510).
- ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04).
- igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510).
- iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID (bsc#1051510).
- iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510).
- iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510).
- input: bma150 - register input device after setting private data (bsc#1051510).
- input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510).
- input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bsc#1051510).
- input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510).
- input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510).
- input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510).
- input: raspberrypi-ts - fix link error (git-fixes).
- input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes).
- input: restore EV_ABS ABS_RESERVED (bsc#1051510).
- input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510).
- input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510).
- input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510).
- input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666).
- intel_th: Do not reference unassigned outputs (bsc#1051510).
- intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510).
- iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947).
- iomap: warn on zero-length mappings (bsc#1127062).
- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
- iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181).
- iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182).
- iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205).
- iommu/vt-d: Check identity map for hot-added devices (bsc#1129183).
- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
- iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184).
- ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).
- ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456).
- ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456).
- ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).
- ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510).
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes).
- ipsec: check return value of skb_to_sgvec always (bsc#1051510).
- ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).
- ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12).
- ipv4: speedup ipv6 tunnels dismantle (bsc#1122982).
- ipv6: addrlabel: per netns list (bsc#1122982).
- ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12).
- ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01).
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22).
- ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04).
- ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20).
- ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch
- ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12).
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22).
- ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04).
- ip: validate header length on virtual device xmit (networking-stable-19_01_04).
- ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01).
- irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510).
- irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510).
- irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510).
- iscsi target: fix session creation failure handling (bsc#1051510).
- isdn: avm: Fix string plus integer warning from Clang (bsc#1051510).
- isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510).
- isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510).
- isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510).
- iser: set sector for ambiguous mr status errors (bsc#1051510).
- iwlwifi: mvm: avoid possible access out of array (bsc#1051510).
- iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510).
- iwlwifi: mvm: fix RSS config command (bsc#1051510).
- iwlwifi: pcie: fix emergency path (bsc#1051510).
- iwlwifi: pcie: fix TX while flushing (bsc#1120902).
- ixgbe: Be more careful when modifying MAC filters (bsc#1051510).
- ixgbe: check return value of napi_complete_done() (bsc#1051510).
- ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510).
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510).
- kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042).
- kABI: fix xhci kABI stability (bsc#1119086).
- kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982).
- kabi: handle addition of uevent_sock into struct net (bsc#1122982).
- kABI: Preserve kABI for dma_max_mapping_size() (bsc#1120008).
- kABI: protect struct sctp_association (kabi).
- kABI: protect struct smc_buf_desc (bnc#1117947, LTC#173662).
- kABI: protect struct smc_link (bnc#1117947, LTC#173662).
- kABI: protect vhost_log_write (kabi).
- kabi: restore ip_tunnel_delete_net() (bsc#1122982).
- kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510).
- kABI workaround for bt_accept_enqueue() change (bsc#1051510).
- kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944).
- kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944).
- kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805).
- kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510).
- kconfig: fix line numbers for if-entries in menu tree (bsc#1051510).
- kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510).
- kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510).
- kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes).
- keys: allow reaching the keys quotas exactly (bsc#1051510).
- keys: Timestamp new keys (bsc#1051510).
- kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510).
- kgdboc: Fix restrict error (bsc#1051510).
- kgdboc: Fix warning with module build (bsc#1051510).
- kobject: add kobject_uevent_net_broadcast() (bsc#1122982).
- kobject: copy env blob in one go (bsc#1122982).
- kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982).
- kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510).
- kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155).
- kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155).
- kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155).
- kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155).
- kvm: mmu: Fix race in emulated page table writes (bsc#1129284).
- kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291).
- kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292).
- kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293).
- kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589).
- kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279).
- kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294).
- kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).
- kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).
- kvm: x86: Fix single-step debugging (bsc#1129295).
- kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296).
- l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01).
- l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).
- l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01).
- lan78xx: Resolve issue with changing MAC address (bsc#1051510).
- leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510).
- leds: lp55xx: fix null deref on firmware load failure (bsc#1051510).
- libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800).
- libceph: handle an empty authorize reply (bsc#1126789).
- lib/div64.c: off by one in shift (bsc#1051510).
- libnvdimm: Fix altmap reservation size calculation (bsc#1127682).
- libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543).
- libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551).
- lib/rbtree-test: lower default params (git-fixes).
- lightnvm: fail fast on passthrough commands (bsc#1125780).
- livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995).
- livepatch: Consolidate klp_free functions (bsc#1071995 ).
- livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995).
- livepatch: Define a macro for new API identification (bsc#1071995).
- livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995).
- livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ).
- livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995).
- livepatch: Proper error handling in the shadow variables selftest (bsc#1071995).
- livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995).
- livepatch: Remove signal sysfs attribute (bsc#1071995 ).
- livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995).
- livepatch: Send a fake signal periodically (bsc#1071995 ).
- livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995).
- livepatch: Simplify API by removing registration step (bsc#1071995).
- llc: do not use sk_eat_skb() (bsc#1051510).
- lockd: fix access beyond unterminated strings in prints (git-fixes).
- locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).
- loop: drop caches if offset or block_size are changed (bsc#1124975).
- loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974).
- lsm: Check for NULL cred-security on free (bsc#1051510).
- mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510).
- mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510).
- mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510).
- mac80211: fix miscounting of ttl-dropped frames (bsc#1051510).
- mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510).
- mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510).
- mac80211: Restore vif beacon interval if start ap fails (bsc#1051510).
- macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510).
- mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510).
- mdio_bus: Fix use-after-free on device_register fails (bsc#1051510).
- media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510).
- media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510).
- media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510).
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510).
- media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510).
- media: s5k4ecgx: delete a bogus error message (bsc#1051510).
- media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510).
- media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510).
- media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510).
- media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610).
- media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510).
- media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510).
- media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510).
- media: v4l2-tpg: array index could become negative (bsc#1051510).
- media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510).
- media: vb2: be sure to unlock mutex on errors (bsc#1051510).
- media: vb2: vb2_mmap: move lock up (bsc#1051510).
- media: vivid: fix error handling of kthread_run (bsc#1051510).
- media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510).
- media: vivid: set min width/height to a value > 0 (bsc#1051510).
- memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510).
- mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510).
- mfd: db8500-prcmu: Fix some section annotations (bsc#1051510).
- mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510).
- mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510).
- mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510).
- mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510).
- mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510).
- mfd: tps6586x: Handle interrupts on suspend (bsc#1051510).
- mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510).
- mfd: wm5110: Add missing ASRC rate register (bsc#1051510).
- misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510).
- misc: hmc6352: fix potential Spectre v1 (bsc#1051510).
- misc: hpilo: Do not claim unsupported hardware (bsc#1129330).
- misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330).
- misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510).
- misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510).
- misc: sram: enable clock before registering regions (bsc#1051510).
- misc: sram: fix resource leaks in probe error path (bsc#1051510).
- misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510).
- misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510).
- mISDN: fix a race in dev_expire_timer() (bsc#1051510).
- mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662).
- mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes).
- mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22).
- mmap: introduce sane default mmap limits (git fixes (mm/mmap)).
- mmap: relax file size limit for regular files (git fixes (mm/mmap)).
- mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510).
- mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510).
- mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510).
- mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510).
- mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510).
- mmc: omap: fix the maximum timeout setting (bsc#1051510).
- mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510).
- mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510).
- mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510).
- mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510).
- mmc: sdhci-xenon: Fix timeout checks (bsc#1051510).
- mmc: spi: Fix card detection during probe (bsc#1051510).
- mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)).
- mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)).
- mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)).
- mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)).
- mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)).
- mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731).
- mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)).
- mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216).
- mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216)
- mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216).
- mm: migration: factor out code to compute expected number of page references (bsc#1084216).
- mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)).
- mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)).
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)).
- Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363)
- mpt3sas: check sense buffer before copying sense data (bsc#1106811).
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510).
- mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510).
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510).
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510).
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510).
- mtdchar: fix overflows in adjustment of `count` (bsc#1051510).
- mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510).
- mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510).
- mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510).
- mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510).
- mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510).
- mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510).
- mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510).
- mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510).
- mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510).
- mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510).
- mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510).
- mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510).
- mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510).
- mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510).
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510).
- mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510).
- mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510).
- mtd: nand: omap2: Fix subpage write (bsc#1051510).
- mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510).
- mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510).
- mtd: nandsim: remove debugfs entries in error path (bsc#1051510).
- mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510).
- mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510).
- mtd: nand: vf610: set correct ooblayout (bsc#1051510).
- mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510).
- mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510).
- mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510).
- mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510).
- mv88e6060: disable hardware level MAC learning (bsc#1051510).
- nbd: Use set_blocksize() to set device blocksize (bsc#1124984).
- neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12).
- net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12).
- net: add uevent socket member (bsc#1122982).
- net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510).
- net: aquantia: fixed instack structure overflow (git-fixes).
- net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510).
- net: bcmgenet: abort suspend on error (bsc#1051510).
- net: bcmgenet: code movement (bsc#1051510).
- net: bcmgenet: fix OF child-node lookup (bsc#1051510).
- net: bcmgenet: remove HFB_CTRL access (bsc#1051510).
- net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510).
- net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20).
- net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26).
- net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04).
- net: do not call update_pmtu unconditionally (bsc#1123456).
- net: Do not default Cavium PTP driver to 'y' (bsc#1110096).
- net: dp83640: expire old TX-skb (networking-stable-19_02_10).
- net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes).
- net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22).
- net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10).
- net: ena: fix race between link up and device initalization (bsc#1083548).
- netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes).
- net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26).
- net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04).
- net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353).
- net: hns3: add handling for big TX fragment (bsc#1104353 ).
- net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353).
- net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ).
- net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ).
- net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ).
- net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ).
- net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ).
- net: hns3: remove hns3_fill_desc_tso (bsc#1104353).
- net: hns3: rename hns_nic_dma_unmap (bsc#1104353).
- net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353).
- net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26).
- net: macb: restart tx after tx used bit read (networking-stable-19_01_04).
- net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01).
- net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes).
- net/mlx4_core: Fix qp mtt size calculation (git-fixes).
- net/mlx4_core: Fix reset flow when in command polling mode (git-fixes).
- net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12).
- net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01).
- net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes).
- net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04).
- net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305).
- net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes).
- net/mlx5: Release resource on error flow (git-fixes).
- net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes).
- net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04).
- net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes).
- net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes).
- netns: restrict uevents (bsc#1122982).
- net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12).
- net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04).
- net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26).
- net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26).
- net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes).
- netrom: fix locking in nr_find_socket() (networking-stable-19_01_04).
- netrom: switch to sock timer API (bsc#1051510).
- net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01).
- net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26).
- net_sched: refetch skb protocol for each filter (networking-stable-19_01_26).
- net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01).
- net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03).
- net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662).
- net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662).
- net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662).
- net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662).
- net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662).
- net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662).
- net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662).
- net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662).
- net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662).
- net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662).
- net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662).
- net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662).
- net/smc: fix TCP fallback socket release (networking-stable-19_01_04).
- net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662).
- net/smc: no link delete for a never active link (bnc#1117947, LTC#173662).
- net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662).
- net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662).
- net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662).
- net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662).
- net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662).
- net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662).
- net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662).
- net: stmmac: Fix a race in EEE enable callback (git-fixes).
- net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes).
- net: stmmac: Fix PCI module removal leak (git-fixes).
- net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes).
- net: stmmac: Use mutex instead of spinlock (git-fixes).
- net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10).
- net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes).
- net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03).
- net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03).
- net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04).
- nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547).
- nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510).
- nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510).
- nfp: bpf: fix ALU32 high bits clearance bug (git-fixes).
- nfs: Allow NFSv4 mounts to not share transports ().
- nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes).
- nfsd: Fix an Oops in free_session() (git-fixes).
- nfs: Fix a missed page unlock after pg_doio() (git-fixes).
- nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes).
- nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ).
- nfsv4.1: Fix the r/wsize checking (git-fixes).
- nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes).
- niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510).
- ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510).
- nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351).
- nvme: flush namespace scanning work just before removing namespaces (bsc#1108101).
- nvme: kABI fix for scan_lock (bsc#1123882).
- nvme: lock NS list changes while handling command effects (bsc#1123882).
- nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807).
- nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939).
- nvme-multipath: round-robin I/O policy (bsc#1110705).
- nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595).
- of, numa: Validate some distance map rules (bsc#1051510).
- of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510).
- omap2fb: Fix stack memory disclosure (bsc#1120902)
- openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510).
- openvswitch: fix the incorrect flow action alloc size (bsc#1051510).
- openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510).
- packet: Do not leak dev refcounts on error exit (git-fixes).
- packet: validate address length if non-zero (networking-stable-19_01_04).
- packet: validate address length (networking-stable-19_01_04).
- parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510).
- Partially revert 'block: fail op_is_write() requests to (bsc#1125252).
- pci: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22).
- pci: Disable broken RTIT_BAR of Intel TH (bsc#1120318).
- pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510).
- pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822).
- pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510).
- pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281).
- pcrypt: use format specifier in kobject_add (bsc#1051510).
- perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).
- perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).
- perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805).
- perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805).
- perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).
- perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).
- perf/x86/intel: Fix memory corruption (bsc#1121805).
- perf/x86/intel: Fix memory corruption (bsc#1121805).
- perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).
- perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).
- perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).
- perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).
- perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).
- perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).
- phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04).
- phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510).
- phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510).
- phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510).
- phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510).
- phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510).
- phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510).
- phy: tegra: remove redundant self assignment of 'map' (bsc#1051510).
- phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510).
- pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510).
- pinctrl: meson: fix pull enable register calculation (bsc#1051510).
- pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510).
- pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510).
- pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510).
- pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510).
- pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510).
- pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510).
- pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510).
- pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510).
- pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510).
- pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510).
- pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510).
- pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510).
- pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510).
- pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510).
- pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510).
- pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510).
- pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510).
- pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510).
- pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510).
- pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510).
- pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510).
- pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510).
- pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510).
- pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510).
- platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510).
- platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510).
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510).
- platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510).
- powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995).
- powerpc: Add an option to disable static PCI bus numbering (bsc#1122159).
- powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338).
- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).
- powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).
- powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995).
- powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995).
- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).
- powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121).
- powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121).
- powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750).
- powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728).
- powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338).
- powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338).
- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
- powerpc/smp: Rework CPU topology construction (bsc#1109695).
- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
- powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338).
- powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338).
- powerpc/tm: Fix comment (bsc#1118338).
- powerpc/tm: Fix endianness flip on trap (bsc#1118338).
- powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338).
- powerpc/tm: Fix HTM documentation (bsc#1118338).
- powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338).
- powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338).
- powerpc/tm: Print 64-bits MSR (bsc#1118338).
- powerpc/tm: Print scratch value (bsc#1118338).
- powerpc/tm: Reformat comments (bsc#1118338).
- powerpc/tm: Remove msr_tm_active() (bsc#1118338).
- powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338).
- powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).
- powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955).
- powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338).
- powerpc/tm: Update function prototype comment (bsc#1118338).
- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).
- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
- pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes).
- proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes).
- pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080).
- pstore/ram: Avoid allocation and leak of platform data (bsc#1051510).
- pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510).
- pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510).
- pstore/ram: Do not treat empty buffers as valid (bsc#1051510).
- ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510).
- ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510).
- ptp_kvm: probe for kvm guest availability (bsc#1098382).
- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04).
- Put the xhci fix patch to the right place in the sorted section
- qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301).
- qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301).
- qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870).
- qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04).
- qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04).
- qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22).
- qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04).
- r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22).
- r8169: use PCI_VDEVICE macro (networking-stable-19_01_22).
- rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03).
- rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797).
- rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)).
- rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)).
- rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306).
- rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285).
- Reenable iscsi_tcp module (bsc#1127081)
- Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843)
- regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510).
- regulator: pv88060: Fix array out-of-bounds access (bsc#1051510).
- regulator: pv88080: Fix array out-of-bounds access (bsc#1051510).
- regulator: pv88090: Fix array out-of-bounds access (bsc#1051510).
- regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510).
- regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510).
- remove 2 entries since now we have them, 744889b7cbb56a64f957e65ade7cb65fe3f35714 1adfc5e4136f5967d591c399aff95b3b035f16b7
- Remove blacklist of virtio patch so we can install it (bsc#1114585)
- Remove conditional support for SMB2 and SMB3:
- Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510).
- Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510).
- Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510).
- Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()' This reverts commit f84e065a0c26b5f0777e94ceb67dd494bb7b4d2f. The patch should not have gone to SLE12-SP4. SLE12-SP4 still follows kGraft naming.
- Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252).
- Revert 'sd: disable logical block provisioning if 'lbpme' is not set' This reverts commit e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not accepted upstream.
- Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510).
- Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it.
- Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854).
- rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510).
- rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697)
- rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995)
- rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902).
- rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12).
- rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10).
- s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes).
- s390/cpum_cf: Reject request for sampling in event initialization (git-fixes).
- s390/early: improve machine detection (git-fixes).
- s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662).
- s390/mm: always force a load of the primary ASCE on context switch (git-fixes).
- s390/mm: fix addressing exception after suspend/resume (bsc#1125252).
- s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561).
- s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567).
- s390/qeth: fix use-after-free in error path (bsc#1127534).
- s390/qeth: invoke softirqs after napi_schedule() (git-fixes).
- s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes).
- s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes).
- s390/sthyi: Fix machine name validity indication (git-fixes).
- s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061).
- sata_rcar: fix deferred probing (bsc#1051510).
- sbus: char: add of_node_put() (bsc#1051510).
- sc16is7xx: Fix for multi-channel stall (bsc#1051510).
- sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909).
- sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).
- sched/wake_q: Document wake_q_add() (bsc#1050549).
- sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).
- sched/wake_q: Reduce reference counting for special users (bsc#1050549).
- sch_multiq: fix double free on init failure (bsc#1051510).
- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
- scripts/git_sort/git_sort.py: Add s390/linux.git fixes.
- scripts/git_sort/git_sort.py: add vfs 'fixes' branch
- scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764).
- scsi: csiostor: remove flush_scheduled_work() (bsc#1127363).
- SCSI: fix queue cleanup race before queue initialization is done (bsc#1125252).
- scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
- scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019).
- scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192).
- scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317).
- scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317).
- scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317).
- scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317).
- scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317).
- scsi: lpfc: fix remoteport access (bsc#1125252).
- scsi: lpfc: remove an unnecessary NULL check (bsc#1121317).
- scsi: lpfc: update fault value on successful trunk events (bsc#1121317).
- scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317).
- scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108).
- scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).
- scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108).
- scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108).
- scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108).
- scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108).
- scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108).
- scsi: mpt3sas: Fix indentation (bsc#1117108).
- scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).
- scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).
- scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).
- scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).
- scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108).
- scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).
- scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108).
- scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108).
- scsi: mpt3sas: switch to generic DMA API (bsc#1117108).
- scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).
- scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046).
- scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712).
- scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555).
- scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555).
- scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555).
- scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555).
- scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555).
- scsi: qla2xxx: Modify fall-through annotations (bsc#1094555).
- scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555).
- scsi: qla2xxx: Simplify conditional check (bsc#1094555).
- scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985).
- scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555).
- scsi: storvsc: Fix a race in sub-channel creation that can cause panic ().
- scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315).
- scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315).
- scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).
- scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585).
- sctp: add a ceiling to optlen in some sockopts (bnc#1129163).
- sctp: improve the events for sctp stream adding (networking-stable-19_02_01).
- sctp: improve the events for sctp stream reset (networking-stable-19_02_01).
- sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04).
- sctp: kfree_rcu asoc (networking-stable-18_12_12).
- sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355).
- selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995).
- selftests/livepatch: introduce tests (bsc#1071995).
- selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579).
- selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510).
- selinux: always allow mounting submounts (bsc#1051510).
- selinux: fix GPF on invalid policy (bsc#1051510).
- seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510).
- serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510).
- serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510).
- serial: fix race between flush_to_ldisc and tty_open (bsc#1051510).
- serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510).
- serial: imx: fix error handling in console_setup (bsc#1051510).
- serial: set suppress_bind_attrs flag only if builtin (bsc#1051510).
- serial/sunsu: fix refcount leak (bsc#1051510).
- serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510).
- serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510).
- signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes).
- skge: potential memory corruption in skge_get_regs() (bsc#1051510).
- sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510).
- sky2: Increase D3 delay again (bsc#1051510).
- slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)).
- smb3.1.1 dialect is no longer experimental (bsc#1051510).
- smb311: Fix reconnect (bsc#1051510).
- smb311: Improve checking of negotiate security contexts (bsc#1051510).
- smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510).
- smb3: allow stats which track session and share reconnects to be reset (bsc#1051510).
- smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510).
- smb3: check for and properly advertise directory lease support (bsc#1051510).
- smb3: directory sync should not return an error (bsc#1051510).
- smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510).
- smb3: do not request leases in symlink creation and query (bsc#1051510).
- smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510).
- smb3: Enable encryption for SMB3.1.1 (bsc#1051510).
- smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510).
- smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510).
- smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510).
- smb3: Fix root directory when server returns inode number of zero (bsc#1051510).
- smb3: fix various xid leaks (bsc#1051510).
- [SMB3] Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510).
- smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510).
- [SMB3] Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510).
- smb3: remove noisy warning message on mount (bsc#1129664).
- smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510).
- soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510).
- soc/tegra: Do not leak device tree node reference (bsc#1051510).
- splice: do not merge into linked buffers (git-fixes).
- staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510).
- staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510).
- staging: iio: ad7780: update voltage on read (bsc#1051510).
- staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510).
- staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510).
- staging: iio: adt7316: fix register and bit definitions (bsc#1051510).
- staging: iio: adt7316: fix the dac read calculation (bsc#1051510).
- staging: iio: adt7316: fix the dac write calculation (bsc#1051510).
- staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510).
- staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510).
- staging: speakup: Replace strncpy with memcpy (bsc#1051510).
- staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510).
- sunrpc: correct the computation for page_ptr when truncating (git-fixes).
- sunrpc: Fix a potential race in xprt_connect() (git-fixes).
- sunrpc: Fix leak of krb5p encode pages (git-fixes).
- sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).
- sunrpc: safely reallow resvport min/max inversion (git-fixes).
- supported.conf
- svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285).
- swiotlb: Add is_swiotlb_active() function (bsc#1120008).
- swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008).
- switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510).
- switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510).
- sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510).
- tcp: batch tcp_net_metrics_exit (bsc#1122982).
- tcp: change txhash on SYN-data timeout (networking-stable-19_01_20).
- tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12).
- tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04).
- tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12).
- tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes).
- tcp: lack of available data can also cause TSO defer (git-fixes).
- team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510).
- team: Free BPF filter when unregistering netdev (bsc#1051510).
- Thermal: do not clear passive state during system sleep (bsc#1051510).
- thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510).
- thermal/drivers/hisi: Fix configuration register setting (bsc#1051510).
- thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510).
- thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510).
- thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510).
- thermal: mediatek: fix register index error (bsc#1051510).
- timekeeping: Use proper seqcount initializer (bsc#1051510).
- tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04).
- tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510).
- tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510).
- tipc: fix a double kfree_skb() (networking-stable-19_01_04).
- tipc: fix a race condition of releasing subscriber object (bsc#1051510).
- tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510).
- tipc: fix infinite loop when dumping link monitor summary (bsc#1051510).
- tipc: fix RDM/DGRAM connect() regression (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510).
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510).
- tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04).
- tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510).
- tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510).
- tpm: Return the actual size when receiving an unsupported command (bsc#1051510).
- tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510).
- tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510).
- tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510).
- tpm: tpm_try_transmit() refactor error flow (bsc#1051510).
- tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581).
- tracing/uprobes: Fix output for multiple string arguments (bsc#1126495).
- tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625).
- Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510).
- tty: Handle problem if line discipline does not have receive_buf (bsc#1051510).
- tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510).
- tty/n_hdlc: fix __might_sleep warning (bsc#1051510).
- tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510).
- tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510).
- tun: forbid iface creation with rtnl ops (networking-stable-18_12_12).
- uart: Fix crash in uart_write and uart_put_char (bsc#1051510).
- ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01).
- ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510).
- uevent: add alloc_uevent_skb() helper (bsc#1122982).
- uio_hv_generic: defer opening vmbus until first use (bsc#1127577).
- uio_hv_generic: set callbacks on open (bsc#1127577).
- uio: introduce UIO_MEM_IOVA (bsc#1127577).
- Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061).
- Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789).
- Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference.
- Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082).
- Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425).
- uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510).
- usb: Add new USB LPM helpers (bsc#1120902).
- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902).
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902).
- usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902).
- usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510).
- usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902).
- usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510).
- usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510).
- usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902).
- usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510).
- usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510).
- usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510).
- usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510).
- usb: musb: dsps: fix otg state machine (bsc#1051510).
- usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902).
- usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03).
- usbnet: smsc95xx: fix rx packet alignment (bsc#1051510).
- usb: phy: am335x: fix race condition in _probe (bsc#1051510).
- usb: serial: option: add Fibocom NL678 series (bsc#1120902).
- usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902).
- usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510).
- usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510).
- usb: storage: add quirk for SMI SM3350 (bsc#1120902).
- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902).
- usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086).
- veth: set peer GSO values (bsc#1051510).
- vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes).
- vfio: ccw: process ssch with interrupts disabled (git-fixes).
- vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995).
- vfs: Add page_cache_seek_hole_data helper (bsc#1070995).
- vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995).
- vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510).
- vhost: log dirty page correctly (networking-stable-19_01_26).
- vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04).
- vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510).
- video: clps711x-fb: release disp device node in probe() (bsc#1051510).
- virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008).
- virtio: Introduce virtio_max_dma_size() (bsc#1120008).
- virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01).
- virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03).
- virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12).
- virtio/s390: avoid race on vcdev->config (git-fixes).
- virtio/s390: fix race in ccw_io_helper() (git-fixes).
- vmbus: fix subchannel removal (bsc#1127577).
- vmbus: keep pointer to ring buffer page (bsc#1127577).
- vmbus: pass channel to hv_process_channel_removal (bsc#1127577).
- vmbus: split ring buffer allocation from open (bsc#1127577).
- VMCI: Support upto 64-bit PPNs (bsc#1127286).
- vsock: cope with memory allocation failure at socket creation time (bsc#1051510).
- VSOCK: Send reset control packet when socket is partially bound (networking-stable-19_01_04).
- vt: invoke notifier on screen size change (bsc#1051510).
- vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510).
- vxlan: Fix GRO cells race condition between receive and link delete (git-fixes).
- vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes).
- vxlan: update skb dst pmtu on tx path (bsc#1123456).
- w90p910_ether: remove incorrect __init annotation (bsc#1051510).
- watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510).
- watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).
- writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).
- x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).
- x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).
- x86/amd_nb: Add PCI device IDs for family 17h, model 30h ().
- x86/amd_nb: Add support for newer PCI topologies ().
- x86/a.out: Clear the dump structure initially (bsc#1114279).
- x86/apic: Provide apic_ack_irq() (bsc#1122822).
- x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154).
- x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154).
- x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154).
- x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).
- x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279).
- x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307).
- x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307).
- x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822).
- x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279).
- x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382).
- x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279).
- x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279).
- x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279).
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279).
- x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279).
- x86/pkeys: Properly copy pkey state at fork() (bsc#1129366).
- x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614).
- x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382).
- x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279).
- x86: respect memory size limiting via mem= parameter (bsc#1117645).
- x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279).
- x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279).
- x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279).
- x86/xen: dont add memory above max allowed allocation (bsc#1117645).
- x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382).
- x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382).
- x86/xen/time: setup vcpu 0 time info page (bsc#1098382).
- xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600).
- xen: fix dom0 boot on huge systems (bsc#1127836).
- xen: Fix x86 sched_clock() interface for xen (bsc#1098382).
- xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600).
- xen: remove pre-xen3 fallback handlers (bsc#1065600).
- xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133).
- xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995).
- xfs: remove filestream item xfs_inode reference (bsc#1127961).
- xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995).
- xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995).
- xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854).
- xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086).
- xprtrdma: Reset credit grant properly after a disconnect (git-fixes).
- Yama: Check for pid death before checking ancestry (bsc#1051510).
- yam: fix a missing-check bug (bsc#1051510).
- zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510).
ImportantSUSE bug 1046305SUSE bug 1046306SUSE bug 1050252SUSE bug 1050549SUSE bug 1051510SUSE bug 1054610SUSE bug 1055121SUSE bug 1056658SUSE bug 1056662SUSE bug 1056787SUSE bug 1060463SUSE bug 1063638SUSE bug 1065600SUSE bug 1070995SUSE bug 1071995SUSE bug 1078355SUSE bug 1082943SUSE bug 1083548SUSE bug 1083647SUSE bug 1084216SUSE bug 1086095SUSE bug 1086282SUSE bug 1086301SUSE bug 1086313SUSE bug 1086314SUSE bug 1086323SUSE bug 1087082SUSE bug 1087092SUSE bug 1088133SUSE bug 1094555SUSE bug 1098382SUSE bug 1098425SUSE bug 1098995SUSE bug 1103429SUSE bug 1104353SUSE bug 1106105SUSE bug 1106434SUSE bug 1106811SUSE bug 1107078SUSE bug 1107665SUSE bug 1108101SUSE bug 1108870SUSE bug 1109695SUSE bug 1110096SUSE bug 1110705SUSE bug 1111666SUSE bug 1113042SUSE bug 1113712SUSE bug 1113722SUSE bug 1113939SUSE bug 1114279SUSE bug 1114585SUSE bug 1114893SUSE bug 1117108SUSE bug 1117155SUSE bug 1117645SUSE bug 1117947SUSE bug 1118338SUSE bug 1119019SUSE bug 1119086SUSE bug 1119766SUSE bug 1119843SUSE bug 1120008SUSE bug 1120318SUSE bug 1120601SUSE bug 1120758SUSE bug 1120854SUSE bug 1120902SUSE bug 1120909SUSE bug 1120955SUSE bug 1121317SUSE bug 1121726SUSE bug 1121789SUSE bug 1121805SUSE bug 1122159SUSE bug 1122192SUSE bug 1122324SUSE bug 1122554SUSE bug 1122662SUSE bug 1122764SUSE bug 1122779SUSE bug 1122822SUSE bug 1122885SUSE bug 1122927SUSE bug 1122944SUSE bug 1122971SUSE bug 1122982SUSE bug 1123060SUSE bug 1123061SUSE bug 1123161SUSE bug 1123317SUSE bug 1123348SUSE bug 1123357SUSE bug 1123456SUSE bug 1123538SUSE bug 1123697SUSE bug 1123882SUSE bug 1123933SUSE bug 1124055SUSE bug 1124204SUSE bug 1124235SUSE bug 1124579SUSE bug 1124589SUSE bug 1124728SUSE bug 1124732SUSE bug 1124735SUSE bug 1124969SUSE bug 1124974SUSE bug 1124975SUSE bug 1124976SUSE bug 1124978SUSE bug 1124979SUSE bug 1124980SUSE bug 1124981SUSE bug 1124982SUSE bug 1124984SUSE bug 1124985SUSE bug 1125109SUSE bug 1125125SUSE bug 1125252SUSE bug 1125315SUSE bug 1125614SUSE bug 1125728SUSE bug 1125780SUSE bug 1125797SUSE bug 1125799SUSE bug 1125800SUSE bug 1125907SUSE bug 1125947SUSE bug 1126131SUSE bug 1126209SUSE bug 1126284SUSE bug 1126389SUSE bug 1126393SUSE bug 1126476SUSE bug 1126480SUSE bug 1126481SUSE bug 1126488SUSE bug 1126495SUSE bug 1126555SUSE bug 1126579SUSE bug 1126789SUSE bug 1126790SUSE bug 1126802SUSE bug 1126803SUSE bug 1126804SUSE bug 1126805SUSE bug 1126806SUSE bug 1126807SUSE bug 1127042SUSE bug 1127062SUSE bug 1127081SUSE bug 1127082SUSE bug 1127154SUSE bug 1127285SUSE bug 1127286SUSE bug 1127307SUSE bug 1127363SUSE bug 1127493SUSE bug 1127494SUSE bug 1127495SUSE bug 1127496SUSE bug 1127497SUSE bug 1127498SUSE bug 1127534SUSE bug 1127561SUSE bug 1127567SUSE bug 1127577SUSE bug 1127595SUSE bug 1127603SUSE bug 1127682SUSE bug 1127731SUSE bug 1127750SUSE bug 1127836SUSE bug 1127961SUSE bug 1128094SUSE bug 1128166SUSE bug 1128351SUSE bug 1128378SUSE bug 1128451SUSE bug 1128895SUSE bug 1129016SUSE bug 1129046SUSE bug 1129080SUSE bug 1129163SUSE bug 1129179SUSE bug 1129181SUSE bug 1129182SUSE bug 1129183SUSE bug 1129184SUSE bug 1129205SUSE bug 1129281SUSE bug 1129284SUSE bug 1129285SUSE bug 1129291SUSE bug 1129292SUSE bug 1129293SUSE bug 1129294SUSE bug 1129295SUSE bug 1129296SUSE bug 1129326SUSE bug 1129327SUSE bug 1129330SUSE bug 1129363SUSE bug 1129366SUSE bug 1129497SUSE bug 1129519SUSE bug 1129543SUSE bug 1129547SUSE bug 1129551SUSE bug 1129581SUSE bug 1129625SUSE bug 1129664SUSE bug 1129739SUSE bug 1129923SUSE bug 807502SUSE bug 828192CVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-2024 at SUSECVE-2019-2024 at NVDCVE-2019-3459 at SUSECVE-2019-3459 at NVDCVE-2019-3460 at SUSECVE-2019-3460 at NVDCVE-2019-3819 at SUSECVE-2019-3819 at NVDCVE-2019-6974 at SUSECVE-2019-6974 at NVDCVE-2019-7221 at SUSECVE-2019-7221 at NVDCVE-2019-7222 at SUSECVE-2019-7222 at NVDCVE-2019-7308 at SUSECVE-2019-7308 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2019-8980 at SUSECVE-2019-8980 at NVDCVE-2019-9213 at SUSECVE-2019-9213 at NVDcpe:/o:suse:sles:12:sp4Security update for w3m (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for w3m fixes several issues.
These security issues were fixed:
- CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559)
- CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568)
- CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572)
ModerateSUSE bug 1077559SUSE bug 1077568SUSE bug 1077572CVE-2018-6196 at SUSECVE-2018-6196 at NVDCVE-2018-6197 at SUSECVE-2018-6197 at NVDCVE-2018-6198 at SUSECVE-2018-6198 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues:
Security issue fixed:
- CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed
to set IV with more than 12 bytes (bsc#1128189).
ModerateSUSE bug 1128189CVE-2019-1543 at SUSECVE-2019-1543 at NVDcpe:/o:suse:sles:12:sp4Security update for ntp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other isses addressed:
- Fixed an issue which caused openSSL mismatch (bsc#1125401)
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
ModerateSUSE bug 1125401SUSE bug 1128525CVE-2019-8936 at SUSECVE-2019-8936 at NVDcpe:/o:suse:sles:12:sp4Optional update for php72 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update provides PHP 7.2 and subpackages to the SUSE Linux Enterprise 12 Web and Scripting Module.
It is a replacement of the php7 packages, the packages do not co-exist.
The mcrypt extensions was removed in PHP 7.2.
ModerateSUSE bug 1126314SUSE bug 1129032CVE-2018-20783 at SUSECVE-2018-20783 at NVDCVE-2019-9020 at SUSECVE-2019-9020 at NVDCVE-2019-9021 at SUSECVE-2019-9021 at NVDCVE-2019-9022 at SUSECVE-2019-9022 at NVDCVE-2019-9023 at SUSECVE-2019-9023 at NVDCVE-2019-9024 at SUSECVE-2019-9024 at NVDCVE-2019-9641 at SUSECVE-2019-9641 at NVDcpe:/o:suse:sles:12:sp4Security update for bash (Important)SUSE Linux Enterprise Server 12 SP4
This update for bash fixes the following issues:
Security issue fixed:
- CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS
allowing the user to execute any command with the permissions of the shell (bsc#1130324).
ImportantSUSE bug 1130324CVE-2019-9924 at SUSECVE-2019-9924 at NVDcpe:/o:suse:sles:12:sp4Security update for file (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- Fixed an out-of-bounds read in the function do_core_note in readelf.c, which
allowed remote attackers to cause a denial of service (application crash) via
a crafted ELF file (bsc#1096974 CVE-2018-10360).
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
ModerateSUSE bug 1096974SUSE bug 1096984SUSE bug 1126117SUSE bug 1126118SUSE bug 1126119CVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Security issuess addressed:
- update to Firefox ESR 60.6.1 (bsc#1130262):
- CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations
- CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information
- Update to Firefox ESR 60.6 (bsc#1129821):
- CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file
- CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content
- CVE-2019-9788: Fixed multiple memory safety bugs
- CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements
- CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement
with IonMonkey
- CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
- CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled
- CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution
- CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler
- CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller
- Update to Firefox ESR 60.5.1 (bsc#1125330):
- CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when
creating a path, leading to a potentially exploitable crash.
- CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur
after specific transform operations, leading to a potentially exploitable crash.
- CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with
Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration
in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D
acceleration is already disabled by default.
Other issue addressed:
- Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987).
Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/
Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
ImportantSUSE bug 1125330SUSE bug 1127987SUSE bug 1129821SUSE bug 1130262CVE-2018-18335 at SUSECVE-2018-18335 at NVDCVE-2018-18356 at SUSECVE-2018-18356 at NVDCVE-2018-18506 at SUSECVE-2018-18506 at NVDCVE-2019-5785 at SUSECVE-2019-5785 at NVDCVE-2019-9788 at SUSECVE-2019-9788 at NVDCVE-2019-9790 at SUSECVE-2019-9790 at NVDCVE-2019-9791 at SUSECVE-2019-9791 at NVDCVE-2019-9792 at SUSECVE-2019-9792 at NVDCVE-2019-9793 at SUSECVE-2019-9793 at NVDCVE-2019-9794 at SUSECVE-2019-9794 at NVDCVE-2019-9795 at SUSECVE-2019-9795 at NVDCVE-2019-9796 at SUSECVE-2019-9796 at NVDCVE-2019-9801 at SUSECVE-2019-9801 at NVDCVE-2019-9810 at SUSECVE-2019-9810 at NVDCVE-2019-9813 at SUSECVE-2019-9813 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache2 fixes the following issues:
* CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for
URL normalization throughout all of its components. In particular,
consecutive slashes were not always collapsed. Attackers could potentially
abuse these inconsistencies to by-pass access control mechanisms and thus
gain unauthorized access to protected parts of the service. [bsc#1131241]
* CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in
a threaded server could have allowed users with valid credentials to
authenticate using another username, bypassing configured access control
restrictions. [bsc#1131239]
* CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child
processes or threads to execute arbitrary code with the privileges of the
parent process. Attackers with control over CGI scripts or extension modules
run by the server could have abused this issue to potentially gain super user
privileges. [bsc#1131233]
* CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a
'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade
request from http/1.1 to http/2 that was not the first request on a
connection could lead to a misconfiguration and crash. This issue could have
been abused to mount a denial-of-service attack. Servers that never enabled
the h2 protocol or that only enabled it for https: and did not configure the
'H2Upgrade on' are unaffected. [bsc#1131245]
* CVE-2019-0196: Through specially crafted network input the Apache's http/2
request handler could be lead to access previously freed memory while
determining the method of a request. This resulted in the request being
misclassified and thus being processed incorrectly. [bsc#1131237]
ImportantSUSE bug 1131233SUSE bug 1131237SUSE bug 1131239SUSE bug 1131241SUSE bug 1131245CVE-2019-0196 at SUSECVE-2019-0196 at NVDCVE-2019-0197 at SUSECVE-2019-0197 at NVDCVE-2019-0211 at SUSECVE-2019-0211 at NVDCVE-2019-0217 at SUSECVE-2019-0217 at NVDCVE-2019-0220 at SUSECVE-2019-0220 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen fixes the following issues:
Security issues fixed:
- Fixed an issue which could allow malicious PV guests may cause a host crash or
gain access to data pertaining to other guests.Additionally, vulnerable configurations
are likely to be unstable even in the absence of an attack (bsc#1126198).
- Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow
a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192).
- Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege
to that of other userspace processes in the same guest and potentially thereby to that
of the guest operating system (bsc#1126201).
- Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service
attack affecting the whole system (bsc#1126197).
- Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own
pagetables leading to privilege escalation (bsc#1126195).
- Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service
attack affecting the whole system (bsc#1126196).
- CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157).
- Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400).
- Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to
escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory
leaks were also possible (bsc#1126140).
- Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that
of the hypervisor (bsc#1126141).
- CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process
to read uninitialised stack memory contents (bsc#1129623).
Other issues addressed:
- Upstream bug fixes (bsc#1027519)
- Packages should no longer use /var/adm/fillup-templates (bsc#1069468).
- Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236).
- Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325).
- Fixed a building issue (bsc#1119161).
- Added a requirement for xen, xl.cfg firmware='pvgrub32|pvgrub64 (bsc#1127620).
- Fixed a segmetation fault in Libvirt when crash triggered on top of HVM guest (bsc#1120067).
ImportantSUSE bug 1026236SUSE bug 1027519SUSE bug 1069468SUSE bug 1119161SUSE bug 1120067SUSE bug 1123157SUSE bug 1126140SUSE bug 1126141SUSE bug 1126192SUSE bug 1126195SUSE bug 1126196SUSE bug 1126197SUSE bug 1126198SUSE bug 1126201SUSE bug 1126325SUSE bug 1127400SUSE bug 1127620SUSE bug 1129623CVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDcpe:/o:suse:sles:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4
This update for clamav to version 0.100.3 fixes the following issues:
Security issues fixed (bsc#1130721):
- CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur
when scanning PDF documents.
- CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur
when scanning PE files (i.e. Windows EXE and DLL files).
- CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur
when scanning OLE2 files such as Microsoft Office 97-2003 documents.
ImportantSUSE bug 1130721CVE-2019-1787 at SUSECVE-2019-1787 at NVDCVE-2019-1788 at SUSECVE-2019-1788 at NVDCVE-2019-1789 at SUSECVE-2019-1789 at NVDcpe:/o:suse:sles:12:sp4Security update for SDL (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for SDL fixes the following issues:
Security issues fixed:
- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).
- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).
- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).
- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).
- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).
- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).
- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).
- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).
- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).
- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).
- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).
ModerateSUSE bug 1124799SUSE bug 1124800SUSE bug 1124802SUSE bug 1124803SUSE bug 1124805SUSE bug 1124806SUSE bug 1124824SUSE bug 1124825SUSE bug 1124826SUSE bug 1124827SUSE bug 1125099CVE-2019-7572 at SUSECVE-2019-7572 at NVDCVE-2019-7573 at SUSECVE-2019-7573 at NVDCVE-2019-7574 at SUSECVE-2019-7574 at NVDCVE-2019-7575 at SUSECVE-2019-7575 at NVDCVE-2019-7576 at SUSECVE-2019-7576 at NVDCVE-2019-7577 at SUSECVE-2019-7577 at NVDCVE-2019-7578 at SUSECVE-2019-7578 at NVDCVE-2019-7635 at SUSECVE-2019-7635 at NVDCVE-2019-7636 at SUSECVE-2019-7636 at NVDCVE-2019-7637 at SUSECVE-2019-7637 at NVDCVE-2019-7638 at SUSECVE-2019-7638 at NVDcpe:/o:suse:sles:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4
This update for dovecot22 fixes the following issues:
Security issues fixed:
- CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing
local root escalation (bsc#1130116).
- CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022).
Other issue fixed:
- Fixed handling of command continuation(bsc#1111789)
ImportantSUSE bug 1111789SUSE bug 1123022SUSE bug 1130116CVE-2019-3814 at SUSECVE-2019-3814 at NVDCVE-2019-7524 at SUSECVE-2019-7524 at NVDcpe:/o:suse:sles:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).
- CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576).
ModerateSUSE bug 1119687SUSE bug 1131576CVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-20506 at SUSECVE-2018-20506 at NVDcpe:/o:suse:sles:12:sp4Security update for xmltooling (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for xmltooling fixes the following issue:
Security issue fixed:
- CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in
denial of service against the application using XMLTooling (bsc#1129537).
ModerateSUSE bug 1129537CVE-2019-9628 at SUSECVE-2019-9628 at NVDcpe:/o:suse:sles:12:sp4Security update for libvirt (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libvirt fixes the following issues:
Security issue fixed:
- CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could
have resulted in a remote denial of service via the guest agent (bsc#1127458).
- CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest
hostname under readonly mode (bsc#1131595).
Other issues addressed:
- libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325).
- conf: added new 'xenbus' controller type
- util: skip RDMA detection for non-PCI network devices (bsc#1112182).
- qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665).
- qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604).
- libxl: save current memory value after successful balloon (bsc#1120813).
- libxl: Add support for soft reset. (bsc#1081516)
ModerateSUSE bug 1081516SUSE bug 1102604SUSE bug 1112182SUSE bug 1120813SUSE bug 1125665SUSE bug 1126325SUSE bug 1127458SUSE bug 1131595CVE-2019-3840 at SUSECVE-2019-3840 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDcpe:/o:suse:sles:12:sp4Security update for wget (Important)SUSE Linux Enterprise Server 12 SP4
This update for wget fixes the following issues:
Security issue fixed:
- CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493).
ImportantSUSE bug 1131493CVE-2019-5953 at SUSECVE-2019-5953 at NVDcpe:/o:suse:sles:12:sp4Security update for soundtouch (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for soundtouch fixes the following issues:
Security issues fixed:
- CVE-2018-17098: Fixed a heap corruption from size inconsistency, which
allowed remote attackers to cause a denial of service or possibly have
other unspecified impact (bsc#1108632)
- CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause
a denial of service or possibly have other unspecified impact (bsc#1108631)
ModerateSUSE bug 1108631SUSE bug 1108632CVE-2018-17097 at SUSECVE-2018-17097 at NVDCVE-2018-17098 at SUSECVE-2018-17098 at NVDcpe:/o:suse:sles:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for python3 fixes the following issues:
Security issue fixed:
- CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346).
ImportantSUSE bug 1129346CVE-2019-9636 at SUSECVE-2019-9636 at NVDcpe:/o:suse:sles:12:sp4Security update for freeradius-server (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for freeradius-server fixes the following issues:
- CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd
(bsc#1144524).
- CVE-2019-17185: Fixed a debial of service due to multithreaded
BN_CTX access (bsc#1166847).
- Fixed an issue in TLS-EAP where the OCSP verification, when an
intermediate client certificate was not explicitly trusted
(bsc#1146848).
ModerateSUSE bug 1144524SUSE bug 1146848SUSE bug 1166847CVE-2019-13456 at SUSECVE-2019-13456 at NVDCVE-2019-17185 at SUSECVE-2019-17185 at NVDcpe:/o:suse:sles:12:sp4Security update for man (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for man fixes the following issues:
- Skip using 'safe-rm' in cron job below cache directory (bsc#1159105).
ModerateSUSE bug 1159105cpe:/o:suse:sles:12:sp4Security update for libqt4 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libqt4 fixes the following issues:
- CVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595)
- CVE-2018-19873: Fixed a segmantation fault via a malformed
BMP file (bsc#1118596).
- CVE-2018-19869: Fixed an improper checking which might lead to
a crach via a malformed url reference (bsc#1118599).
- Added stricter toplevel asm parsing by dropping volatile
qualification that has no effect (bsc#1121214).
ModerateSUSE bug 1118595SUSE bug 1118596SUSE bug 1118599SUSE bug 1121214CVE-2018-15518 at SUSECVE-2018-15518 at NVDCVE-2018-19869 at SUSECVE-2018-19869 at NVDCVE-2018-19873 at SUSECVE-2018-19873 at NVDcpe:/o:suse:sles:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4
This update for cups fixes the following issues:
- CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422).
ImportantSUSE bug 1168422CVE-2020-3898 at SUSECVE-2020-3898 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1967: Fixed a denial of service via NULL pointer dereference in SSL_check_chain (bsc#1169407).
ImportantSUSE bug 1169407CVE-2020-1967 at SUSECVE-2020-1967 at NVDcpe:/o:suse:sles:12:sp4Security update for ovmf (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ovmf fixes the following issues:
- CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927).
ModerateSUSE bug 1163927CVE-2019-14559 at SUSECVE-2019-14559 at NVDcpe:/o:suse:sles:12:sp4Security update for file-roller (Low)SUSE Linux Enterprise Server 12 SP4
This update for file-roller fixes the following issues:
- CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed
an overwriting of a file during extraction (bsc#1151585).
LowSUSE bug 1151585CVE-2019-16680 at SUSECVE-2019-16680 at NVDcpe:/o:suse:sles:12:sp4Security update for pam_radius (Important)SUSE Linux Enterprise Server 12 SP4
This update for pam_radius fixes the following issues:
- CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933).
- On s390x didn't decrypt passwords correctly (bsc#1141670).
ImportantSUSE bug 1141670SUSE bug 1163933CVE-2015-9542 at SUSECVE-2015-9542 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
- CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
- CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
- CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
- CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
- CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).
- CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
- CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).
- CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).
- CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111).
- CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
The following non-security bugs were fixed:
- ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
- ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
- ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
- ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
- ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666).
- ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
- ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
- ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
- ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
- ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
- ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
- ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
- ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
- ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
- ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
- ALSA: info: remove redundant assignment to variable c (bsc#1051510).
- ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
- ALSA: line6: Fix endless MIDI read loop (git-fixes).
- ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
- ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
- ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
- ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
- ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
- ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510).
- ALSA: via82xx: Fix endianness annotations (bsc#1051510).
- ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510).
- ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510).
- ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510).
- ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510).
- ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510).
- ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510).
- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510).
- ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).
- ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666).
- ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510).
- ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).
- ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510).
- atm: zatm: Fix empty body Clang warnings (bsc#1051510).
- atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003).
- b43legacy: Fix -Wcast-function-type (bsc#1051510).
- batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510).
- batman-adv: Do not schedule OGM for disabled interface (bsc#1051510).
- batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510).
- blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
- blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316).
- blktrace: fix dereference after null check (bsc#1159285).
- blktrace: fix trace mutex deadlock (bsc#1159285).
- block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142).
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760).
- block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762).
- Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510).
- bnxt_en: Fix TC queue mapping (networking-stable-20_02_05).
- bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09).
- bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647).
- bpf: Explicitly memset the bpf_attr structure (bsc#1083647).
- bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385).
- bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385).
- bpf: make unknown opcode handling more robust (bsc#1154385).
- bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385).
- bpf, x64: remove ld_abs/ld_ind (bsc#1154385).
- bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385).
- btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949).
- btrfs: add a flush step for delayed iputs (bsc#1165949).
- btrfs: add assertions for releasing trans handle reservations (bsc#1165949).
- btrfs: add btrfs_delete_ref_head helper (bsc#1165949).
- btrfs: add enospc debug messages for ticket failure (bsc#1165949).
- btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949).
- btrfs: add new flushing states for the delayed refs rsv (bsc#1165949).
- btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949).
- btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949).
- btrfs: always reserve our entire size for the global reserve (bsc#1165949).
- btrfs: assert on non-empty delayed iputs (bsc##1165949).
- btrfs: be more explicit about allowed flush states (bsc#1165949).
- btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949).
- btrfs: catch cow on deleting snapshots (bsc#1165949).
- btrfs: change the minimum global reserve size (bsc#1165949).
- btrfs: check if there are free block groups for commit (bsc#1165949).
- btrfs: clean up error handling in btrfs_truncate() (bsc#1165949).
- btrfs: cleanup extent_op handling (bsc#1165949).
- btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949).
- btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949).
- btrfs: clear space cache inode generation always (bsc#1165949).
- btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949).
- btrfs: do not account global reserve in can_overcommit (bsc#1165949).
- btrfs: do not allow reservations if we have pending tickets (bsc#1165949).
- btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949).
- btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949).
- btrfs: do not enospc all tickets on flush failure (bsc#1165949).
- btrfs: do not run delayed_iputs in commit (bsc##1165949).
- btrfs: do not run delayed refs in the end transaction logic (bsc#1165949).
- btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949).
- btrfs: do not use global reserve for chunk allocation (bsc#1165949).
- btrfs: drop min_size from evict_refill_and_join (bsc##1165949).
- btrfs: drop unused space_info parameter from create_space_info (bsc#1165949).
- btrfs: dump block_rsv details when dumping space info (bsc#1165949).
- btrfs: export block group accounting helpers (bsc#1165949).
- btrfs: export block_rsv_use_bytes (bsc#1165949).
- btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949).
- btrfs: export __btrfs_block_rsv_release (bsc#1165949).
- btrfs: export space_info_add_*_bytes (bsc#1165949).
- btrfs: export the block group caching helpers (bsc#1165949).
- btrfs: export the caching control helpers (bsc#1165949).
- btrfs: export the excluded extents helpers (bsc#1165949).
- btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949).
- btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949).
- btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949).
- btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949).
- btrfs: factor out the ticket flush handling (bsc#1165949).
- btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508).
- btrfs: fix insert_reserved error handling (bsc##1165949).
- btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949).
- btrfs: fix missing delayed iputs on unmount (bsc#1165949).
- btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508).
- btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949).
- btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949).
- btrfs: fix truncate throttling (bsc#1165949).
- btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949).
- btrfs: Improve global reserve stealing logic (bsc#1165949).
- btrfs: introduce an evict flushing state (bsc#1165949).
- btrfs: introduce delayed_refs_rsv (bsc#1165949).
- btrfs: loop in inode_rsv_refill (bsc#1165949).
- btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949).
- btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949).
- btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949).
- btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949).
- btrfs: migrate inc/dec_block_group_ro code (bsc#1165949).
- btrfs: migrate nocow and reservation helpers (bsc#1165949).
- btrfs: migrate the alloc_profile helpers (bsc#1165949).
- btrfs: migrate the block group caching code (bsc#1165949).
- btrfs: migrate the block group cleanup code (bsc#1165949).
- btrfs: migrate the block group lookup code (bsc#1165949).
- btrfs: migrate the block group read/creation code (bsc#1165949).
- btrfs: migrate the block group ref counting stuff (bsc#1165949).
- btrfs: migrate the block group removal code (bsc#1165949).
- btrfs: migrate the block group space accounting helpers (bsc#1165949).
- btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949).
- btrfs: migrate the chunk allocation code (bsc#1165949).
- btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949).
- btrfs: migrate the delayed refs rsv code (bsc#1165949).
- btrfs: migrate the dirty bg writeout code (bsc#1165949).
- btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949).
- btrfs: move and export can_overcommit (bsc#1165949).
- btrfs: move basic block_group definitions to their own header (bsc#1165949).
- btrfs: move btrfs_add_free_space out of a header file (bsc#1165949).
- btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949).
- btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949).
- btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949).
- btrfs: move dump_space_info to space-info.c (bsc#1165949).
- btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949).
- btrfs: move space_info to space-info.h (bsc#1165949).
- btrfs: move the space_info handling code to space-info.c (bsc#1165949).
- btrfs: move the space info update macro to space-info.h (bsc#1165949).
- btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949).
- btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949).
- btrfs: only check priority tickets for priority flushing (bsc#1165949).
- btrfs: only free reserved extent if we didn't insert it (bsc##1165949).
- btrfs: only reserve metadata_size for inodes (bsc#1165949).
- btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949).
- btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949).
- btrfs: pass root to various extent ref mod functions (bsc#1165949).
- btrfs: refactor block group replication factor calculation to a helper (bsc#1165949).
- btrfs: refactor priority_reclaim_metadata_space (bsc#1165949).
- btrfs: refactor the ticket wakeup code (bsc#1165949).
- btrfs: release metadata before running delayed refs (bsc##1165949).
- btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949).
- btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949).
- btrfs: remove orig_bytes from reserve_ticket (bsc#1165949).
- btrfs: Remove redundant argument of flush_space (bsc#1165949).
- btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949).
- btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949).
- btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949).
- btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949).
- btrfs: reserve delalloc metadata differently (bsc#1165949).
- btrfs: reserve extra space during evict (bsc#1165949).
- btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949).
- btrfs: reset max_extent_size properly (bsc##1165949).
- btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949).
- btrfs: rework wake_all_tickets (bsc#1165949).
- btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949).
- btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949).
- btrfs: run delayed iput at unlink time (bsc#1165949).
- btrfs: run delayed iputs before committing (bsc#1165949).
- btrfs: set max_extent_size properly (bsc##1165949).
- btrfs: stop partially refilling tickets when releasing space (bsc#1165949).
- btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949).
- btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949).
- btrfs: temporarily export fragment_free_space (bsc#1165949).
- btrfs: temporarily export inc_block_group_ro (bsc#1165949).
- btrfs: track DIO bytes in flight (bsc#1165949).
- btrfs: unexport can_overcommit (bsc#1165949).
- btrfs: unexport the temporary exported functions (bsc#1165949).
- btrfs: unify error handling for ticket flushing (bsc#1165949).
- btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949).
- btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949).
- btrfs: wait on caching when putting the bg cache (bsc#1165949).
- btrfs: wait on ordered extents on abort cleanup (bsc#1165949).
- btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949).
- ceph: canonicalize server path in place (bsc#1168443).
- ceph: remove the extra slashes in the server path (bsc#1168443).
- cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510).
- cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510).
- cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1144333).
- cifs: add missing mount option to /proc/mounts (bsc#1144333).
- cifs: add new debugging macro cifs_server_dbg (bsc#1144333).
- cifs: add passthrough for smb2 setinfo (bsc#1144333).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1144333).
- cifs: add smb2 POSIX info level (bsc#1144333).
- cifs: add SMB3 change notification support (bsc#1144333).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333).
- cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1144333).
- cifs: Adjust indentation in smb2_open_file (bsc#1144333).
- cifs: allow chmod to set mode bits using special sid (bsc#1144333).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1144333).
- cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333).
- cifs: Clean up DFS referral cache (bsc#1144333).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1144333).
- cifs: do d_move in rename (bsc#1144333).
- cifs: Do not display RDMA transport on reconnect (bsc#1144333).
- cifs: do not ignore the SYNC flags in getattr (bsc#1144333).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333).
- cifs: enable change notification for SMB2.1 dialect (bsc#1144333).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333).
- cifs: fix a comment for the timeouts when sending echos (bsc#1144333).
- cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333).
- cifs: fix dereference on ses before it is null checked (bsc#1144333).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333).
- cifs: Fix mode output in debugging statements (bsc#1144333).
- cifs: Fix mount options set in automount (bsc#1144333).
- cifs: fix NULL dereference in match_prepath (bsc#1144333).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333).
- cifs: fix potential mismatch of UNC paths (bsc#1144333).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333).
- cifs: Fix return value in __update_cache_entry (bsc#1144333).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1144333).
- cifs: Fix task struct use-after-free on reconnect (bsc#1144333).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333).
- cifs: get mode bits from special sid on stat (bsc#1144333).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1144333).
- cifs: handle prefix paths in reconnect (bsc#1144333).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: Introduce helpers for finding TCP connection (bsc#1144333).
- cifs: log warning message (once) if out of disk space (bsc#1144333).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1144333).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333).
- cifs: modefromsid: make room for 4 ACE (bsc#1144333).
- cifs: modefromsid: write mode ACE first (bsc#1144333).
- cifs: Optimize readdir on reparse points (bsc#1144333).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1144333).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333).
- cifs: print warning once if mounting with vers=1.0 (bsc#1144333).
- cifs: refactor cifs_get_inode_info() (bsc#1144333).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333).
- cifs: remove redundant assignment to variable rc (bsc#1144333).
- cifs: remove set but not used variables (bsc#1144333).
- cifs: remove set but not used variable 'server' (bsc#1144333).
- cifs: remove unused variable (bsc#1144333).
- cifs: remove unused variable 'sid_user' (bsc#1144333).
- cifs: rename a variable in SendReceive() (bsc#1144333).
- cifs: rename posix create rsp (bsc#1144333).
- cifs: replace various strncpy with strscpy and similar (bsc#1144333).
- cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333).
- cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1144333).
- cifs: Use #define in cifs_dbg (bsc#1144333).
- cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333).
- cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333).
- clk: qcom: rcg: Return failure for RCG update (bsc#1051510).
- cls_rsvp: fix rsvp_policy (networking-stable-20_02_05).
- configfs: Fix bool initialization/comparison (bsc#1051510).
- cpufreq: powernv: Fix unsafe notifiers (bsc#1065729).
- cpufreq: powernv: Fix use-after-free (bsc#1065729).
- cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510).
- cpuidle: Do not unset the driver if it is there already (bsc#1051510).
- crypto: arm64/sha-ce - implement export/import (bsc#1051510).
- crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510).
- crypto: pcrypt - Fix user-after-free on module unload (git-fixes).
- crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510).
- debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911).
- debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911).
- debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911).
- debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911).
- debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198).
- debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911).
- debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911).
- debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911).
- debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911).
- debugfs: simplify __debugfs_remove_file() (bsc#1159198).
- Delete patches which cause regression (bsc#1165527 ltc#184149).
- Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403).
- device: Use overflow helpers for devm_kmalloc() (bsc#1166003).
- dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510).
- dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510).
- dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142).
- driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510).
- driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510).
- driver core: Print device when resources present in really_probe() (bsc#1051510).
- drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).
- drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003).
- drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).
- drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003).
- drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510).
- drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279)
- drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279)
- drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510).
- drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510).
- drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510).
- drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510).
- drm/etnaviv: fix dumping of iommuv2 (bsc#1114279)
- drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510).
- drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279)
- drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279)
- drm/i915/userptr: fix size calculation (bsc#1114279)
- drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)
- drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279)
- drm/mediatek: Add gamma property according to hardware capability (bsc#1114279)
- drm/mediatek: disable all the planes in atomic_disable (bsc#1114279)
- drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510).
- drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279)
- drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279)
- drm/msm: Set dma maximum segment size for mdss (bsc#1051510).
- drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510).
- drm/msm: Use the correct dma_sync calls harder (bsc#1051510).
- drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510).
- drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510).
- drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510).
- drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279)
- drm: remove the newline for CRC source name (bsc#1051510).
- dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510).
- EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279).
- efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893).
- ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197).
- ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862).
- ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019).
- ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288).
- ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860).
- ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861).
- ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765).
- ext4: fix incorrect inodes per group in error message (bsc#1168764).
- ext4: fix potential race between online resizing and write operations (bsc#1166864).
- ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867).
- ext4: fix potential race between s_group_info online resizing and access (bsc#1166866).
- ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870).
- ext4: fix support for inode sizes > 1024 bytes (bsc#1164284).
- ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940).
- ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868).
- ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897).
- fat: fix uninit-memory access for partial initialized inode (bsc#1051510).
- fat: work around race with userspace's read via blockdev while mounting (bsc#1051510).
- fbdev/g364fb: Fix build failure (bsc#1051510).
- fbdev: potential information leak in do_fb_ioctl() (bsc#1114279)
- fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279)
- fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003).
- fix memory leak in large read decrypt offload (bsc#1144333).
- fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333).
- fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333).
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333).
- fs: cifs: mute -Wunused-const-variable message (bsc#1144333).
- fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333).
- fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333).
- fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333).
- fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985).
- ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes).
- gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27).
- gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05).
- HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510).
- HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510).
- HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes).
- hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20).
- hv_netvsc: pass netvsc_device to rndis halt
- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510).
- i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510).
- i2c: jz4780: silence log flood on txabrt (bsc#1051510).
- IB/hfi1: Close window for pq and request coliding (bsc#1060463 ).
- IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911).
- ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611).
- ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
- ibmvnic: Do not process device remove during device reset (bsc#1065729).
- ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729).
- iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: imu: adis16480: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510).
- iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510).
- Input: add safety guards to input_set_keycode() (bsc#1168075).
- Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510).
- Input: edt-ft5x06 - work around first register access error (bsc#1051510).
- Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510).
- Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510).
- Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510).
- Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510).
- Input: synaptics - switch T470s to RMI4 by default (bsc#1051510).
- intel_th: Fix user-visible error codes (bsc#1051510).
- intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510).
- iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101).
- iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057).
- iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102).
- iommu/dma: Fix MSI reservation allocation (bsc#1166730).
- iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731).
- iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732).
- iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103).
- iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733).
- iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734).
- iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735).
- ipmi: fix hung processes in __get_guid() (git-fixes).
- ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510).
- ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes).
- ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01).
- ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01).
- ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325).
- irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510).
- irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510).
- iwlegacy: Fix -Wcast-function-type (bsc#1051510).
- iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632).
- iwlwifi: mvm: Fix thermal zone registration (bsc#1051510).
- kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911).
- kabi fix for (bsc#1168202).
- kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552).
- kABI: restore debugfs_remove_recursive() (bsc#1159198).
- kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488).
- kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488).
- KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021).
- KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021).
- KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021).
- KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes).
- KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes).
- KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104).
- l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05).
- lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549).
- libfs: fix infoleak in simple_attr_read() (bsc#1168881).
- lib/raid6: add missing include for raid6test (bsc#1166003).
- lib/raid6: add option to skip algo benchmarking (bsc#1166003).
- lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003).
- lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003).
- locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549).
- mac80211: consider more elements in parsing CRC (bsc#1051510).
- mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510).
- mac80211: free peer keys before vif down in mesh (bsc#1051510).
- mac80211: mesh: fix RCU warning (bsc#1051510).
- mac80211: only warn once on chanctx_conf being NULL (bsc#1051510).
- mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510).
- macsec: add missing attribute validation for port (bsc#1051510).
- macsec: fix refcnt leak in module exit routine (bsc#1051510).
- md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003).
- md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003).
- md: add a missing endianness conversion in check_sb_changes (bsc#1166003).
- md: add bitmap_abort label in md_run (bsc#1166003).
- md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003).
- md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003).
- md: avoid invalid memory access for array sb->dev_roles (bsc#1166003).
- md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003).
- md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003).
- md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003).
- md-bitmap: small cleanups (bsc#1166003).
- md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003).
- md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003).
- md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003).
- md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003).
- md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003).
- md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003).
- md-cluster/raid10: support add disk under grow mode (bsc#1166003).
- md-cluster: remove suspend_info (bsc#1166003).
- md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003).
- md: convert to kvmalloc (bsc#1166003).
- md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003).
- md: do not set In_sync if array is frozen (bsc#1166003).
- md: fix an error code format and remove unsed bio_sector (bsc#1166003).
- md: fix a typo s/creat/create (bsc#1166003).
- md: fix for divide error in status_resync (bsc#1166003).
- md: fix spelling typo and add necessary space (bsc#1166003).
- md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003).
- md: introduce new personality funciton start() (bsc#1166003).
- md-linear: use struct_size() in kzalloc() (bsc#1166003).
- md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003).
- md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003).
- md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003).
- md: no longer compare spare disk superblock events in super_load (bsc#1166003).
- md/r5cache: remove redundant pointer bio (bsc#1166003).
- md/raid0: Fix an error message in raid0_make_request() (bsc#1166003).
- md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003).
- md/raid10: end bio when the device faulty (bsc#1166003).
- md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003).
- md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003).
- md/raid10: read balance chooses idlest disk for SSD (bsc#1166003).
- md: raid10: Use struct_size() in kmalloc() (bsc#1166003).
- md/raid1: avoid soft lockup under high load (bsc#1166003).
- md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003).
- md/raid1: end bio when the device faulty (bsc#1166003).
- md/raid1: fail run raid1 array when active disk less than one (bsc#1166003).
- md/raid1: Fix a warning message in remove_wb() (bsc#1166003).
- md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003).
- md/raid1: get rid of extra blank line and space (bsc#1166003).
- md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003).
- md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003).
- md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003).
- md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003).
- md: remove a bogus comment (bsc#1166003).
- md: remove redundant code that is no longer reachable (bsc#1166003).
- md: remove set but not used variable 'bi_rdev' (bsc#1166003).
- md: rename wb stuffs (bsc#1166003).
- md: return -ENODEV if rdev has no mddev assigned (bsc#1166003).
- md: use correct type in super_1_load (bsc#1166003).
- md: use correct type in super_1_sync (bsc#1166003).
- md: use correct types in md_bitmap_print_sb (bsc#1166003).
- media: dib0700: fix rc endpoint lookup (bsc#1051510).
- media: flexcop-usb: fix endpoint sanity check (git-fixes).
- media: go7007: Fix URB type for interrupt handling (bsc#1051510).
- media: ov519: add missing endpoint sanity checks (bsc#1168829).
- media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510).
- media: ov6650: Fix some format attributes not under control (bsc#1051510).
- media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510).
- media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510).
- media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
- media: tda10071: fix unsigned sign extension overflow (bsc#1051510).
- media: usbtv: fix control-message timeouts (bsc#1051510).
- media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507).
- media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510).
- media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510).
- media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510).
- mfd: dln2: Fix sanity checking for endpoints (bsc#1051510).
- misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510).
- mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510).
- mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884).
- mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600).
- MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403).
- mm: Use overflow helpers in kvmalloc() (bsc#1166003).
- mwifiex: set needed_headroom, not hard_header_len (bsc#1051510).
- net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549).
- net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27).
- net: dsa: bcm_sf2: Fix overflow checks (git-fixes).
- net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11).
- net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20).
- net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19).
- net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423).
- net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197).
- net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01).
- netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199).
- net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20).
- net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05).
- net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27).
- net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27).
- net, ip_tunnel: fix namespaces move (networking-stable-20_01_27).
- net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09).
- net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09).
- net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858).
- net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09).
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510).
- net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510).
- net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510).
- net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01).
- net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27).
- net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30).
- net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05).
- net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09).
- net_sched: fix datalen for ematch (networking-stable-20_01_27).
- net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19).
- net_sched: keep alloc_hash updated after hash allocation (git-fixes).
- net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19).
- net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11).
- net/smc: add fallback check to connect() (git-fixes).
- net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19).
- net/smc: fix refcount non-blocking connect() -part 2 (git-fixes).
- net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05).
- net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11).
- net-sysfs: Fix reference count leak (networking-stable-20_01_27).
- net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09).
- net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27).
- net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11).
- net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20).
- NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510).
- NFC: pn544: Fix a typo in a debug message (bsc#1051510).
- nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01).
- NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510).
- NFS: send state management on a single connection (bsc#1167005).
- nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983).
- objtool: Add is_static_jump() helper (bsc#1169514).
- objtool: Add relocation check for alternative sections (bsc#1169514).
- OMAP: DSS2: remove non-zero check on variable r (bsc#1114279)
- orinoco: avoid assertion in case of NULL pointer (bsc#1051510).
- padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes).
- partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763).
- PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510).
- PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510).
- PCI: pciehp: Fix MSI interrupt race (bsc#1159037).
- PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510).
- perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279).
- perf: qcom_l2: fix column exclusion check (git-fixes).
- pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510).
- pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510).
- pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510).
- pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510).
- pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11).
- platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510).
- PM: core: Fix handling of devices deleted during system-wide resume (git-fixes).
- powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868).
- powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868).
- powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734).
- powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686).
- powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729).
- powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729).
- powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868).
- powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659).
- powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498).
- powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498).
- powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498).
- powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091).
- powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868).
- powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030).
- powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030).
- pwm: bcm2835: Dynamically allocate base (bsc#1051510).
- pwm: meson: Fix confusing indentation (bsc#1051510).
- pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510).
- pwm: rcar: Fix late Runtime PM enablement (bsc#1051510).
- pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510).
- pxa168fb: fix release function mismatch in probe failure (bsc#1051510).
- qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01).
- qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510).
- qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510).
- raid10: refactor common wait code from regular read/write request (bsc#1166003).
- raid1: factor out a common routine to handle the completion of sync write (bsc#1166003).
- raid1: simplify raid1_error function (bsc#1166003).
- raid1: use an int as the return value of raise_barrier() (bsc#1166003).
- raid5: block failing device if raid will be failed (bsc#1166003).
- raid5-cache: Need to do start() part job after adding journal device (bsc#1166003).
- raid5: copy write hint from origin bio to stripe (bsc#1166003).
- raid5: do not increment read_errors on EILSEQ return (bsc#1166003).
- raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003).
- raid5 improve too many read errors msg by adding limits (bsc#1166003).
- raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003).
- raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003).
- raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003).
- raid5: set write hint for PPL (bsc#1166003).
- raid5: use bio_end_sector in r5_next_bio (bsc#1166003).
- raid6/test: fix a compilation error (bsc#1166003).
- raid6/test: fix a compilation warning (bsc#1166003).
- remoteproc: Initialize rproc_class before use (bsc#1051510).
- Revert 'HID: add NOGET quirk for Eaton Ellipse MAX UPS' (git-fixes).
- Revert 'locking/pvqspinlock: Do not wait if vCPU is preempted' (bsc#1050549).
- rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes).
- rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510).
- rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05).
- s390/cio: avoid duplicated 'ADD' uevents (git-fixes).
- s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes).
- s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes).
- s390/diag: fix display of diagnose call statistics (git-fixes).
- s390/gmap: return proper error code on ksm unsharing (git-fixes).
- s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102).
- s390/qeth: cancel RX reclaim work earlier (git-fixes).
- s390/qeth: do not return -ENOTSUPP to userspace (git-fixes).
- s390/qeth: do not warn for napi with 0 budget (git-fixes).
- s390/qeth: fix off-by-one in RX copybreak check (git-fixes).
- s390/qeth: fix promiscuous mode after reset (git-fixes).
- s390/qeth: fix qdio teardown after early init error (git-fixes).
- s390/qeth: handle error due to unsupported transport mode (git-fixes).
- s390/qeth: handle error when backing RX buffer (git-fixes).
- s390/qeth: lock the card while changing its hsuid (git-fixes).
- s390/qeth: support net namespaces for L3 devices (git-fixes).
- s390/time: Fix clk type in get_tod_clock (git-fixes).
- scsi: core: avoid repetitive logging of device offline messages (bsc#1145929).
- scsi: core: kABI fix offline_already (bsc#1145929).
- scsi: fnic: do not queue commands during fwreset (bsc#1146539).
- scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551).
- scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches.
- scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551).
- scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424).
- scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424).
- scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424).
- scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424).
- scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424).
- scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424).
- scsi: qla2xxx: add more FW debug information (bsc#1157424).
- scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424).
- scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424).
- scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424).
- scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424).
- scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424).
- scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424).
- scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424).
- scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424).
- scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424).
- scsi: qla2xxx: Display message for FCE enabled (bsc#1157424).
- scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424).
- scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424).
- scsi: qla2xxx: fix FW resource count values (bsc#1157424).
- scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424).
- scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424).
- scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424).
- scsi: qla2xxx: Fix RDP respond data format (bsc#1157424).
- scsi: qla2xxx: Fix RDP response size (bsc#1157424).
- scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424).
- scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424).
- scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424).
- scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424).
- scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424).
- scsi: qla2xxx: Improved secure flash support messages (bsc#1157424).
- scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424).
- scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424).
- scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424).
- scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424).
- scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424).
- scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424).
- scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424).
- scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424).
- scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424).
- scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424).
- scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424).
- scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424).
- scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424).
- scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424).
- scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424).
- scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424).
- scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424).
- scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424).
- scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424).
- scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes).
- sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11).
- sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01).
- serdev: ttyport: restore client ops on deregistration (bsc#1051510).
- smb3: add debug messages for closing unmatched open (bsc#1144333).
- smb3: Add defines for new information level, FileIdInformation (bsc#1144333).
- smb3: add dynamic tracepoints for flush and close (bsc#1144333).
- smb3: add missing flag definitions (bsc#1144333).
- smb3: Add missing reparse tags (bsc#1144333).
- smb3: add missing worker function for SMB3 change notify (bsc#1144333).
- smb3: add mount option to allow forced caching of read only share (bsc#1144333).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333).
- smb3: allow disabling requesting leases (bsc#1144333).
- smb3: allow parallelizing decryption of reads (bsc#1144333).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333).
- SMB3: Backup intent flag missing from some more ops (bsc#1144333).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333).
- smb3: display max smb3 requests in flight at any one time (bsc#1144333).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1144333).
- smb3: enable offload of decryption of large reads via mount option (bsc#1144333).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1144333).
- smb3: fix performance regression with setting mtime (bsc#1144333).
- smb3: fix potential null dereference in decrypt offload (bsc#1144333).
- smb3: fix problem with null cifs super block with previous patch (bsc#1144333).
- smb3: Fix regression in time handling (bsc#1144333).
- smb3: improve check for when we send the security descriptor context on create (bsc#1144333).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333).
- smb3: missing ACL related flags (bsc#1144333).
- smb3: only offload decryption of read responses if multiple requests (bsc#1144333).
- smb3: pass mode bits into create calls (bsc#1144333).
- smb3: print warning once if posix context returned on open (bsc#1144333).
- smb3: query attributes on file close (bsc#1144333).
- smb3: remove noisy debug message and minor cleanup (bsc#1144333).
- smb3: remove unused flag passed into close functions (bsc#1144333).
- staging: ccree: use signal safe completion wait (git-fixes).
- staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510).
- staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510).
- staging: rtl8188eu: Fix potential security hole (bsc#1051510).
- staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510).
- staging: rtl8723bs: Fix potential security hole (bsc#1051510).
- staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510).
- staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510).
- staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202).
- tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27).
- tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05).
- tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05).
- tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05).
- tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05).
- tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20).
- tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11).
- thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510).
- thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes).
- tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231).
- tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes).
- tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003).
- tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729).
- tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510).
- ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes).
- tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510).
- tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510).
- USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes).
- USB: core: add endpoint-blacklist quirk (git-fixes).
- USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes).
- USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes).
- USB: Disable LPM on WD19's Realtek Hub (git-fixes).
- USB: dwc2: Fix in ISOC request length checking (git-fixes).
- USB: Fix novation SourceControl XL after suspend (git-fixes).
- USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes).
- USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510).
- USB: host: xhci-plat: add a shutdown (git-fixes).
- USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes).
- USB: hub: Do not record a connect-change event during reset-resume (git-fixes).
- usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes).
- USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes).
- USB: misc: iowarrior: add support for the 100 device (git-fixes).
- USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes).
- USB: musb: Disable pullup at init (git-fixes).
- USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510).
- USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes).
- USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes).
- USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes).
- USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510).
- USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes).
- USB: serial: pl2303: add device-id for HP LD381 (git-fixes).
- USB: storage: Add quirk for Samsung Fit flash (git-fixes).
- USB: uas: fix a plug & unplug racing (git-fixes).
- USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes).
- uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507)
- vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279)
- virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes).
- vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11).
- vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11).
- vxlan: fix tos value before xmit (networking-stable-20_01_11).
- x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279).
- x86/mce/amd: Fix kobject lifetime (bsc#1114279).
- x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279).
- x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279).
- x86/mm: Split vmalloc_sync_all() (bsc#1165741).
- x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279).
- x86/xen: fix booting 32-bit pv guest (bsc#1071995).
- x86/xen: Make the boot CPU idle task reliable (bsc#1071995).
- x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995).
- xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486).
- xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873).
- xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984).
- xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes).
- xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes).
- xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510).
- xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510).
ImportantSUSE bug 1044231SUSE bug 1050549SUSE bug 1051510SUSE bug 1051858SUSE bug 1056686SUSE bug 1060463SUSE bug 1065600SUSE bug 1065729SUSE bug 1071995SUSE bug 1083647SUSE bug 1085030SUSE bug 1104967SUSE bug 1109911SUSE bug 1111666SUSE bug 1114279SUSE bug 1118338SUSE bug 1120386SUSE bug 1133021SUSE bug 1136157SUSE bug 1137325SUSE bug 1144333SUSE bug 1145051SUSE bug 1145929SUSE bug 1146539SUSE bug 1148868SUSE bug 1154385SUSE bug 1157424SUSE bug 1158552SUSE bug 1158983SUSE bug 1159037SUSE bug 1159142SUSE bug 1159198SUSE bug 1159199SUSE bug 1159285SUSE bug 1160659SUSE bug 1161951SUSE bug 1162929SUSE bug 1162931SUSE bug 1163403SUSE bug 1163508SUSE bug 1163897SUSE bug 1164078SUSE bug 1164284SUSE bug 1164507SUSE bug 1164893SUSE bug 1165019SUSE bug 1165111SUSE bug 1165182SUSE bug 1165404SUSE bug 1165488SUSE bug 1165527SUSE bug 1165741SUSE bug 1165813SUSE bug 1165873SUSE bug 1165949SUSE bug 1165984SUSE bug 1165985SUSE bug 1166003SUSE bug 1166101SUSE bug 1166102SUSE bug 1166103SUSE bug 1166104SUSE bug 1166632SUSE bug 1166730SUSE bug 1166731SUSE bug 1166732SUSE bug 1166733SUSE bug 1166734SUSE bug 1166735SUSE bug 1166780SUSE bug 1166860SUSE bug 1166861SUSE bug 1166862SUSE bug 1166864SUSE bug 1166866SUSE bug 1166867SUSE bug 1166868SUSE bug 1166870SUSE bug 1166940SUSE bug 1167005SUSE bug 1167288SUSE bug 1167290SUSE bug 1167316SUSE bug 1167421SUSE bug 1167423SUSE bug 1167629SUSE bug 1168075SUSE bug 1168202SUSE bug 1168276SUSE bug 1168295SUSE bug 1168424SUSE bug 1168443SUSE bug 1168486SUSE bug 1168760SUSE bug 1168762SUSE bug 1168763SUSE bug 1168764SUSE bug 1168765SUSE bug 1168829SUSE bug 1168854SUSE bug 1168881SUSE bug 1168884SUSE bug 1168952SUSE bug 1169057SUSE bug 1169390SUSE bug 1169514SUSE bug 1169625CVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-3701 at SUSECVE-2019-3701 at NVDCVE-2019-9458 at SUSECVE-2019-9458 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11669 at SUSECVE-2020-11669 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8834 at SUSECVE-2020-8834 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 to version 2.28.1 fixes the following issues:
Security issues fixed:
- CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528).
- CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658).
- CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).
- CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).
- CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).
- CVE-2020-3862: Fixed a memory handling issue (bsc#1163809).
- CVE-2020-3867: Fixed an XSS issue (bsc#1163809).
- CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).
- CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809).
Non-security issues fixed:
- Add API to enable Process Swap on (Cross-site) Navigation.
- Add user messages API for the communication with the web extension.
- Add support for same-site cookies.
- Service workers are enabled by default.
- Add support for Pointer Lock API.
- Add flatpak sandbox support.
- Make ondemand hardware acceleration policy never leave accelerated compositing mode.
- Always use a light theme for rendering form controls.
- Add about:gpu to show information about the graphics stack.
- Fixed issues while trying to play a video on NextCloud.
- Fixed vertical alignment of text containing arabic diacritics.
- Fixed build with icu 65.1.
- Fixed page loading errors with websites using HSTS.
- Fixed web process crash when displaying a KaTeX formula.
- Fixed several crashes and rendering issues.
- Switched to a single web process for Evolution and geary (bsc#1159329).
ImportantSUSE bug 1155321SUSE bug 1156318SUSE bug 1159329SUSE bug 1161719SUSE bug 1163809SUSE bug 1165528SUSE bug 1169658CVE-2019-8625 at SUSECVE-2019-8625 at NVDCVE-2019-8710 at SUSECVE-2019-8710 at NVDCVE-2019-8720 at SUSECVE-2019-8720 at NVDCVE-2019-8743 at SUSECVE-2019-8743 at NVDCVE-2019-8764 at SUSECVE-2019-8764 at NVDCVE-2019-8766 at SUSECVE-2019-8766 at NVDCVE-2019-8769 at SUSECVE-2019-8769 at NVDCVE-2019-8771 at SUSECVE-2019-8771 at NVDCVE-2019-8782 at SUSECVE-2019-8782 at NVDCVE-2019-8783 at SUSECVE-2019-8783 at NVDCVE-2019-8808 at SUSECVE-2019-8808 at NVDCVE-2019-8811 at SUSECVE-2019-8811 at NVDCVE-2019-8812 at SUSECVE-2019-8812 at NVDCVE-2019-8813 at SUSECVE-2019-8813 at NVDCVE-2019-8814 at SUSECVE-2019-8814 at NVDCVE-2019-8815 at SUSECVE-2019-8815 at NVDCVE-2019-8816 at SUSECVE-2019-8816 at NVDCVE-2019-8819 at SUSECVE-2019-8819 at NVDCVE-2019-8820 at SUSECVE-2019-8820 at NVDCVE-2019-8823 at SUSECVE-2019-8823 at NVDCVE-2019-8835 at SUSECVE-2019-8835 at NVDCVE-2019-8844 at SUSECVE-2019-8844 at NVDCVE-2019-8846 at SUSECVE-2019-8846 at NVDCVE-2020-10018 at SUSECVE-2020-10018 at NVDCVE-2020-11793 at SUSECVE-2020-11793 at NVDCVE-2020-3862 at SUSECVE-2020-3862 at NVDCVE-2020-3864 at SUSECVE-2020-3864 at NVDCVE-2020-3865 at SUSECVE-2020-3865 at NVDCVE-2020-3867 at SUSECVE-2020-3867 at NVDCVE-2020-3868 at SUSECVE-2020-3868 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).
- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).
- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).
- CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).
- CVE-2020-7211: Fixed potential directory traversal using relative paths via
tftp server on Windows host (bsc#1161181).
- arm: a CPU may speculate past the ERET instruction (bsc#1160932).
Non-security issues fixed:
- Xenstored Crashed during VM install (bsc#1167152)
- DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)
- Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490)
- aacraid blocks xen commands (bsc#1155200)
ImportantSUSE bug 1027519SUSE bug 1155200SUSE bug 1160932SUSE bug 1161181SUSE bug 1167152SUSE bug 1168140SUSE bug 1168142SUSE bug 1168143SUSE bug 1169392CVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-7211 at SUSECVE-2020-7211 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
- CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
- CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
- CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
- CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
- CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).
- CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
- CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).
- CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).
- CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111).
- CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
The following non-security bugs were fixed:
- ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
- ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
- ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
- ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
- ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
- ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
- ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
- ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
- ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
- ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
- ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
- ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
- ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
- ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
- ALSA: info: remove redundant assignment to variable c (bsc#1051510).
- ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
- ALSA: line6: Fix endless MIDI read loop (git-fixes).
- ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
- ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
- ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
- ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
- ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
- ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510).
- ALSA: via82xx: Fix endianness annotations (bsc#1051510).
- ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510).
- ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510).
- ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510).
- ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510).
- ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510).
- ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510).
- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510).
- ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).
- ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510).
- ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).
- ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510).
- atm: zatm: Fix empty body Clang warnings (bsc#1051510).
- atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003).
- b43legacy: Fix -Wcast-function-type (bsc#1051510).
- batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510).
- batman-adv: Do not schedule OGM for disabled interface (bsc#1051510).
- batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510).
- blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
- blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316).
- blktrace: fix dereference after null check (bsc#1159285).
- blktrace: fix trace mutex deadlock (bsc#1159285).
- block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142).
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760).
- block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762).
- Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510).
- bnxt_en: Fix TC queue mapping (networking-stable-20_02_05).
- bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09).
- bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647).
- bpf: Explicitly memset the bpf_attr structure (bsc#1083647).
- bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385).
- bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385).
- bpf: make unknown opcode handling more robust (bsc#1154385).
- bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385).
- bpf, x64: remove ld_abs/ld_ind (bsc#1154385).
- bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385).
- btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949).
- btrfs: add a flush step for delayed iputs (bsc#1165949).
- btrfs: add assertions for releasing trans handle reservations (bsc#1165949).
- btrfs: add btrfs_delete_ref_head helper (bsc#1165949).
- btrfs: add enospc debug messages for ticket failure (bsc#1165949).
- btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949).
- btrfs: add new flushing states for the delayed refs rsv (bsc#1165949).
- btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949).
- btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949).
- btrfs: always reserve our entire size for the global reserve (bsc#1165949).
- btrfs: assert on non-empty delayed iputs (bsc##1165949).
- btrfs: be more explicit about allowed flush states (bsc#1165949).
- btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949).
- btrfs: catch cow on deleting snapshots (bsc#1165949).
- btrfs: change the minimum global reserve size (bsc#1165949).
- btrfs: check if there are free block groups for commit (bsc#1165949).
- btrfs: clean up error handling in btrfs_truncate() (bsc#1165949).
- btrfs: cleanup extent_op handling (bsc#1165949).
- btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949).
- btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949).
- btrfs: clear space cache inode generation always (bsc#1165949).
- btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949).
- btrfs: do not account global reserve in can_overcommit (bsc#1165949).
- btrfs: do not allow reservations if we have pending tickets (bsc#1165949).
- btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949).
- btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949).
- btrfs: do not enospc all tickets on flush failure (bsc#1165949).
- btrfs: do not run delayed_iputs in commit (bsc##1165949).
- btrfs: do not run delayed refs in the end transaction logic (bsc#1165949).
- btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949).
- btrfs: do not use global reserve for chunk allocation (bsc#1165949).
- btrfs: drop min_size from evict_refill_and_join (bsc##1165949).
- btrfs: drop unused space_info parameter from create_space_info (bsc#1165949).
- btrfs: dump block_rsv details when dumping space info (bsc#1165949).
- btrfs: export block group accounting helpers (bsc#1165949).
- btrfs: export block_rsv_use_bytes (bsc#1165949).
- btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949).
- btrfs: export __btrfs_block_rsv_release (bsc#1165949).
- btrfs: export space_info_add_*_bytes (bsc#1165949).
- btrfs: export the block group caching helpers (bsc#1165949).
- btrfs: export the caching control helpers (bsc#1165949).
- btrfs: export the excluded extents helpers (bsc#1165949).
- btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949).
- btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949).
- btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949).
- btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949).
- btrfs: factor out the ticket flush handling (bsc#1165949).
- btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508).
- btrfs: fix insert_reserved error handling (bsc##1165949).
- btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949).
- btrfs: fix missing delayed iputs on unmount (bsc#1165949).
- btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508).
- btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949).
- btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949).
- btrfs: fix truncate throttling (bsc#1165949).
- btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949).
- btrfs: Improve global reserve stealing logic (bsc#1165949).
- btrfs: introduce an evict flushing state (bsc#1165949).
- btrfs: introduce delayed_refs_rsv (bsc#1165949).
- btrfs: loop in inode_rsv_refill (bsc#1165949).
- btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949).
- btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949).
- btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949).
- btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949).
- btrfs: migrate inc/dec_block_group_ro code (bsc#1165949).
- btrfs: migrate nocow and reservation helpers (bsc#1165949).
- btrfs: migrate the alloc_profile helpers (bsc#1165949).
- btrfs: migrate the block group caching code (bsc#1165949).
- btrfs: migrate the block group cleanup code (bsc#1165949).
- btrfs: migrate the block group lookup code (bsc#1165949).
- btrfs: migrate the block group read/creation code (bsc#1165949).
- btrfs: migrate the block group ref counting stuff (bsc#1165949).
- btrfs: migrate the block group removal code (bsc#1165949).
- btrfs: migrate the block group space accounting helpers (bsc#1165949).
- btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949).
- btrfs: migrate the chunk allocation code (bsc#1165949).
- btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949).
- btrfs: migrate the delayed refs rsv code (bsc#1165949).
- btrfs: migrate the dirty bg writeout code (bsc#1165949).
- btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949).
- btrfs: move and export can_overcommit (bsc#1165949).
- btrfs: move basic block_group definitions to their own header (bsc#1165949).
- btrfs: move btrfs_add_free_space out of a header file (bsc#1165949).
- btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949).
- btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949).
- btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949).
- btrfs: move dump_space_info to space-info.c (bsc#1165949).
- btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949).
- btrfs: move space_info to space-info.h (bsc#1165949).
- btrfs: move the space_info handling code to space-info.c (bsc#1165949).
- btrfs: move the space info update macro to space-info.h (bsc#1165949).
- btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949).
- btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949).
- btrfs: only check priority tickets for priority flushing (bsc#1165949).
- btrfs: only free reserved extent if we didn't insert it (bsc##1165949).
- btrfs: only reserve metadata_size for inodes (bsc#1165949).
- btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949).
- btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949).
- btrfs: pass root to various extent ref mod functions (bsc#1165949).
- btrfs: refactor block group replication factor calculation to a helper (bsc#1165949).
- btrfs: refactor priority_reclaim_metadata_space (bsc#1165949).
- btrfs: refactor the ticket wakeup code (bsc#1165949).
- btrfs: release metadata before running delayed refs (bsc##1165949).
- btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949).
- btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949).
- btrfs: remove orig_bytes from reserve_ticket (bsc#1165949).
- btrfs: Remove redundant argument of flush_space (bsc#1165949).
- btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949).
- btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949).
- btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949).
- btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949).
- btrfs: reserve delalloc metadata differently (bsc#1165949).
- btrfs: reserve extra space during evict (bsc#1165949).
- btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949).
- btrfs: reset max_extent_size properly (bsc##1165949).
- btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949).
- btrfs: rework wake_all_tickets (bsc#1165949).
- btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949).
- btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949).
- btrfs: run delayed iput at unlink time (bsc#1165949).
- btrfs: run delayed iputs before committing (bsc#1165949).
- btrfs: set max_extent_size properly (bsc##1165949).
- btrfs: stop partially refilling tickets when releasing space (bsc#1165949).
- btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949).
- btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949).
- btrfs: temporarily export fragment_free_space (bsc#1165949).
- btrfs: temporarily export inc_block_group_ro (bsc#1165949).
- btrfs: track DIO bytes in flight (bsc#1165949).
- btrfs: unexport can_overcommit (bsc#1165949).
- btrfs: unexport the temporary exported functions (bsc#1165949).
- btrfs: unify error handling for ticket flushing (bsc#1165949).
- btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949).
- btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949).
- btrfs: wait on caching when putting the bg cache (bsc#1165949).
- btrfs: wait on ordered extents on abort cleanup (bsc#1165949).
- btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949).
- ceph: canonicalize server path in place (bsc#1168443).
- ceph: remove the extra slashes in the server path (bsc#1168443).
- cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510).
- cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510).
- cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1144333).
- cifs: add missing mount option to /proc/mounts (bsc#1144333).
- cifs: add new debugging macro cifs_server_dbg (bsc#1144333).
- cifs: add passthrough for smb2 setinfo (bsc#1144333).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1144333).
- cifs: add smb2 POSIX info level (bsc#1144333).
- cifs: add SMB3 change notification support (bsc#1144333).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333).
- cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1144333).
- cifs: Adjust indentation in smb2_open_file (bsc#1144333).
- cifs: allow chmod to set mode bits using special sid (bsc#1144333).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1144333).
- cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333).
- cifs: Clean up DFS referral cache (bsc#1144333).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1144333).
- cifs: do d_move in rename (bsc#1144333).
- cifs: Do not display RDMA transport on reconnect (bsc#1144333).
- cifs: do not ignore the SYNC flags in getattr (bsc#1144333).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333).
- cifs: enable change notification for SMB2.1 dialect (bsc#1144333).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333).
- cifs: fix a comment for the timeouts when sending echos (bsc#1144333).
- cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333).
- cifs: fix dereference on ses before it is null checked (bsc#1144333).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333).
- cifs: Fix mode output in debugging statements (bsc#1144333).
- cifs: Fix mount options set in automount (bsc#1144333).
- cifs: fix NULL dereference in match_prepath (bsc#1144333).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333).
- cifs: fix potential mismatch of UNC paths (bsc#1144333).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333).
- cifs: Fix return value in __update_cache_entry (bsc#1144333).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1144333).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1144333).
- cifs: Fix task struct use-after-free on reconnect (bsc#1144333).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333).
- cifs: get mode bits from special sid on stat (bsc#1144333).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1144333).
- cifs: handle prefix paths in reconnect (bsc#1144333).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: Introduce helpers for finding TCP connection (bsc#1144333).
- cifs: log warning message (once) if out of disk space (bsc#1144333).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1144333).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333).
- cifs: modefromsid: make room for 4 ACE (bsc#1144333).
- cifs: modefromsid: write mode ACE first (bsc#1144333).
- cifs: Optimize readdir on reparse points (bsc#1144333).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1144333).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333).
- cifs: print warning once if mounting with vers=1.0 (bsc#1144333).
- cifs: refactor cifs_get_inode_info() (bsc#1144333).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333).
- cifs: remove redundant assignment to variable rc (bsc#1144333).
- cifs: remove set but not used variables (bsc#1144333).
- cifs: remove set but not used variable 'server' (bsc#1144333).
- cifs: remove unused variable (bsc#1144333).
- cifs: remove unused variable 'sid_user' (bsc#1144333).
- cifs: rename a variable in SendReceive() (bsc#1144333).
- cifs: rename posix create rsp (bsc#1144333).
- cifs: replace various strncpy with strscpy and similar (bsc#1144333).
- cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333).
- cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1144333).
- cifs: Use #define in cifs_dbg (bsc#1144333).
- cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333).
- cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333).
- clk: qcom: rcg: Return failure for RCG update (bsc#1051510).
- cls_rsvp: fix rsvp_policy (networking-stable-20_02_05).
- configfs: Fix bool initialization/comparison (bsc#1051510).
- cpufreq: powernv: Fix unsafe notifiers (bsc#1065729).
- cpufreq: powernv: Fix use-after-free (bsc#1065729).
- cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510).
- cpuidle: Do not unset the driver if it is there already (bsc#1051510).
- crypto: arm64/sha-ce - implement export/import (bsc#1051510).
- crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510).
- crypto: pcrypt - Fix user-after-free on module unload (git-fixes).
- crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510).
- debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198.
- debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198.
- Delete patches which cause regression (bsc#1165527 ltc#184149).
- Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403).
- device: Use overflow helpers for devm_kmalloc() (bsc#1166003).
- dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510).
- dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510).
- dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142).
- driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510).
- driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510).
- driver core: Print device when resources present in really_probe() (bsc#1051510).
- drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).
- drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003).
- drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).
- drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003).
- drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510).
- drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279)
- drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279)
- drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510).
- drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510).
- drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510).
- drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510).
- drm/etnaviv: fix dumping of iommuv2 (bsc#1114279)
- drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510).
- drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279)
- drm/i915/userptr: fix size calculation (bsc#1114279)
- drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)
- drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279)
- drm/mediatek: Add gamma property according to hardware capability (bsc#1114279)
- drm/mediatek: disable all the planes in atomic_disable (bsc#1114279)
- drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510).
- drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279)
- drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279)
- drm/msm: Set dma maximum segment size for mdss (bsc#1051510).
- drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510).
- drm/msm: Use the correct dma_sync calls harder (bsc#1051510).
- drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510).
- drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510).
- drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510).
- drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279)
- drm: remove the newline for CRC source name (bsc#1051510).
- dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510).
- EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279).
- efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893).
- ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197).
- ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862).
- ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019).
- ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288).
- ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860).
- ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861).
- ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765).
- ext4: fix incorrect inodes per group in error message (bsc#1168764).
- ext4: fix potential race between online resizing and write operations (bsc#1166864).
- ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867).
- ext4: fix potential race between s_group_info online resizing and access (bsc#1166866).
- ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870).
- ext4: fix support for inode sizes > 1024 bytes (bsc#1164284).
- ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940).
- ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868).
- ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897).
- fat: fix uninit-memory access for partial initialized inode (bsc#1051510).
- fat: work around race with userspace's read via blockdev while mounting (bsc#1051510).
- fbdev/g364fb: Fix build failure (bsc#1051510).
- fbdev: potential information leak in do_fb_ioctl() (bsc#1114279)
- fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279)
- fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003).
- fix memory leak in large read decrypt offload (bsc#1144333).
- fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333).
- fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333).
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333).
- fs: cifs: mute -Wunused-const-variable message (bsc#1144333).
- fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333).
- fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333).
- fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333).
- fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985).
- ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes).
- gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27).
- gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05).
- HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510).
- HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510).
- HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes).
- hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20).
- hv_netvsc: pass netvsc_device to rndis halt
- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510).
- i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510).
- i2c: jz4780: silence log flood on txabrt (bsc#1051510).
- IB/hfi1: Close window for pq and request coliding (bsc#1060463 ).
- IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611).
- ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
- ibmvnic: Do not process device remove during device reset (bsc#1065729).
- ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729).
- iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510).
- iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510).
- iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510).
- Input: add safety guards to input_set_keycode() (bsc#1168075).
- Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510).
- Input: edt-ft5x06 - work around first register access error (bsc#1051510).
- Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510).
- Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510).
- Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510).
- Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510).
- Input: synaptics - switch T470s to RMI4 by default (bsc#1051510).
- intel_th: Fix user-visible error codes (bsc#1051510).
- intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510).
- iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101).
- iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057).
- iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102).
- iommu/dma: Fix MSI reservation allocation (bsc#1166730).
- iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731).
- iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732).
- iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103).
- iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733).
- iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734).
- iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735).
- ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510).
- ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes).
- ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325).
- irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510).
- irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510).
- iwlegacy: Fix -Wcast-function-type (bsc#1051510).
- iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632).
- iwlwifi: mvm: Fix thermal zone registration (bsc#1051510).
- kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911).
- kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552).
- kABI: restore debugfs_remove_recursive() (bsc#1159198).
- kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488).
- kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488).
- KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021).
- KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021).
- KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021).
- KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104).
- l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05).
- lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549).
- libfs: fix infoleak in simple_attr_read() (bsc#1168881).
- lib/raid6: add missing include for raid6test (bsc#1166003).
- lib/raid6: add option to skip algo benchmarking (bsc#1166003).
- lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003).
- lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003).
- locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549).
- mac80211: consider more elements in parsing CRC (bsc#1051510).
- mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510).
- mac80211: free peer keys before vif down in mesh (bsc#1051510).
- mac80211: mesh: fix RCU warning (bsc#1051510).
- mac80211: only warn once on chanctx_conf being NULL (bsc#1051510).
- mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510).
- macsec: add missing attribute validation for port (bsc#1051510).
- macsec: fix refcnt leak in module exit routine (bsc#1051510).
- md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003).
- md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003).
- md: add a missing endianness conversion in check_sb_changes (bsc#1166003).
- md: add bitmap_abort label in md_run (bsc#1166003).
- md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003).
- md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003).
- md: avoid invalid memory access for array sb->dev_roles (bsc#1166003).
- md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003).
- md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003).
- md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003).
- md-bitmap: small cleanups (bsc#1166003).
- md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003).
- md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003).
- md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003).
- md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003).
- md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003).
- md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003).
- md-cluster/raid10: support add disk under grow mode (bsc#1166003).
- md-cluster: remove suspend_info (bsc#1166003).
- md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003).
- md: convert to kvmalloc (bsc#1166003).
- md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003).
- md: do not set In_sync if array is frozen (bsc#1166003).
- md: fix an error code format and remove unsed bio_sector (bsc#1166003).
- md: fix a typo s/creat/create (bsc#1166003).
- md: fix for divide error in status_resync (bsc#1166003).
- md: fix spelling typo and add necessary space (bsc#1166003).
- md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003).
- md: introduce new personality funciton start() (bsc#1166003).
- md-linear: use struct_size() in kzalloc() (bsc#1166003).
- md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003).
- md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003).
- md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003).
- md: no longer compare spare disk superblock events in super_load (bsc#1166003).
- md/r5cache: remove redundant pointer bio (bsc#1166003).
- md/raid0: Fix an error message in raid0_make_request() (bsc#1166003).
- md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003).
- md/raid10: end bio when the device faulty (bsc#1166003).
- md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003).
- md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003).
- md/raid10: read balance chooses idlest disk for SSD (bsc#1166003).
- md: raid10: Use struct_size() in kmalloc() (bsc#1166003).
- md/raid1: avoid soft lockup under high load (bsc#1166003).
- md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003).
- md/raid1: end bio when the device faulty (bsc#1166003).
- md/raid1: fail run raid1 array when active disk less than one (bsc#1166003).
- md/raid1: Fix a warning message in remove_wb() (bsc#1166003).
- md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003).
- md/raid1: get rid of extra blank line and space (bsc#1166003).
- md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003).
- md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003).
- md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003).
- md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003).
- md: remove a bogus comment (bsc#1166003).
- md: remove redundant code that is no longer reachable (bsc#1166003).
- md: remove set but not used variable 'bi_rdev' (bsc#1166003).
- md: rename wb stuffs (bsc#1166003).
- md: return -ENODEV if rdev has no mddev assigned (bsc#1166003).
- md: use correct type in super_1_load (bsc#1166003).
- md: use correct type in super_1_sync (bsc#1166003).
- md: use correct types in md_bitmap_print_sb (bsc#1166003).
- media: dib0700: fix rc endpoint lookup (bsc#1051510).
- media: flexcop-usb: fix endpoint sanity check (git-fixes).
- media: go7007: Fix URB type for interrupt handling (bsc#1051510).
- media: ov519: add missing endpoint sanity checks (bsc#1168829).
- media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510).
- media: ov6650: Fix some format attributes not under control (bsc#1051510).
- media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510).
- media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510).
- media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
- media: tda10071: fix unsigned sign extension overflow (bsc#1051510).
- media: usbtv: fix control-message timeouts (bsc#1051510).
- media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507).
- media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510).
- media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510).
- media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510).
- mfd: dln2: Fix sanity checking for endpoints (bsc#1051510).
- misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510).
- mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510).
- mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884).
- mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600).
- MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403).
- mm: Use overflow helpers in kvmalloc() (bsc#1166003).
- mwifiex: set needed_headroom, not hard_header_len (bsc#1051510).
- net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549).
- net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27).
- net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11).
- net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20).
- net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19).
- net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423).
- net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197).
- netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199).
- net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20).
- net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05).
- net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27).
- net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27).
- net, ip_tunnel: fix namespaces move (networking-stable-20_01_27).
- net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09).
- net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09).
- net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858).
- net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09).
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510).
- net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510).
- net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510).
- net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27).
- net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30).
- net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05).
- net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09).
- net_sched: fix datalen for ematch (networking-stable-20_01_27).
- net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19).
- net_sched: keep alloc_hash updated after hash allocation (git-fixes).
- net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19).
- net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11).
- net/smc: add fallback check to connect() (git-fixes).
- net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19).
- net/smc: fix refcount non-blocking connect() -part 2 (git-fixes).
- net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05).
- net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11).
- net-sysfs: Fix reference count leak (networking-stable-20_01_27).
- net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09).
- net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27).
- net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11).
- net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20).
- NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510).
- NFC: pn544: Fix a typo in a debug message (bsc#1051510).
- NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510).
- NFS: send state management on a single connection (bsc#1167005).
- nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983).
- objtool: Add is_static_jump() helper (bsc#1169514).
- objtool: Add relocation check for alternative sections (bsc#1169514).
- OMAP: DSS2: remove non-zero check on variable r (bsc#1114279)
- orinoco: avoid assertion in case of NULL pointer (bsc#1051510).
- padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes).
- partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763).
- PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510).
- PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510).
- PCI: pciehp: Fix MSI interrupt race (bsc#1159037).
- PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510).
- perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279).
- perf: qcom_l2: fix column exclusion check (git-fixes).
- pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510).
- pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510).
- pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510).
- pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510).
- pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11).
- platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510).
- PM: core: Fix handling of devices deleted during system-wide resume (git-fixes).
- powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868).
- powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868).
- powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734).
- powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686).
- powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729).
- powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729).
- powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868).
- powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659).
- powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498).
- powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498).
- powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498).
- powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091).
- powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868).
- powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030).
- powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030).
- pwm: bcm2835: Dynamically allocate base (bsc#1051510).
- pwm: meson: Fix confusing indentation (bsc#1051510).
- pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510).
- pwm: rcar: Fix late Runtime PM enablement (bsc#1051510).
- pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510).
- pxa168fb: fix release function mismatch in probe failure (bsc#1051510).
- qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510).
- qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510).
- raid10: refactor common wait code from regular read/write request (bsc#1166003).
- raid1: factor out a common routine to handle the completion of sync write (bsc#1166003).
- raid1: simplify raid1_error function (bsc#1166003).
- raid1: use an int as the return value of raise_barrier() (bsc#1166003).
- raid5: block failing device if raid will be failed (bsc#1166003).
- raid5-cache: Need to do start() part job after adding journal device (bsc#1166003).
- raid5: copy write hint from origin bio to stripe (bsc#1166003).
- raid5: do not increment read_errors on EILSEQ return (bsc#1166003).
- raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003).
- raid5 improve too many read errors msg by adding limits (bsc#1166003).
- raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003).
- raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003).
- raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003).
- raid5: set write hint for PPL (bsc#1166003).
- raid5: use bio_end_sector in r5_next_bio (bsc#1166003).
- raid6/test: fix a compilation error (bsc#1166003).
- raid6/test: fix a compilation warning (bsc#1166003).
- remoteproc: Initialize rproc_class before use (bsc#1051510).
- rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes).
- rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510).
- rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05).
- s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102).
- scsi: core: avoid repetitive logging of device offline messages (bsc#1145929).
- scsi: core: kABI fix offline_already (bsc#1145929).
- scsi: fnic: do not queue commands during fwreset (bsc#1146539).
- scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551).
- scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches.
- scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551).
- scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551).
- scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551).
- scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424).
- scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424).
- scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424).
- scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424).
- scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424).
- scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424).
- scsi: qla2xxx: add more FW debug information (bsc#1157424).
- scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424).
- scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424).
- scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424).
- scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424).
- scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424).
- scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424).
- scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424).
- scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424).
- scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424).
- scsi: qla2xxx: Display message for FCE enabled (bsc#1157424).
- scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424).
- scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424).
- scsi: qla2xxx: fix FW resource count values (bsc#1157424).
- scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424).
- scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424).
- scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424).
- scsi: qla2xxx: Fix RDP respond data format (bsc#1157424).
- scsi: qla2xxx: Fix RDP response size (bsc#1157424).
- scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424).
- scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424).
- scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424).
- scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424).
- scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424).
- scsi: qla2xxx: Improved secure flash support messages (bsc#1157424).
- scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424).
- scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424).
- scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424).
- scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424).
- scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424).
- scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424).
- scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424).
- scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424).
- scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424).
- scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424).
- scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424).
- scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424).
- scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424).
- scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424).
- scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424).
- scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424).
- scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424).
- scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424).
- scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424).
- sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11).
- serdev: ttyport: restore client ops on deregistration (bsc#1051510).
- smb3: add debug messages for closing unmatched open (bsc#1144333).
- smb3: Add defines for new information level, FileIdInformation (bsc#1144333).
- smb3: add dynamic tracepoints for flush and close (bsc#1144333).
- smb3: add missing flag definitions (bsc#1144333).
- smb3: Add missing reparse tags (bsc#1144333).
- smb3: add missing worker function for SMB3 change notify (bsc#1144333).
- smb3: add mount option to allow forced caching of read only share (bsc#1144333).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333).
- smb3: allow disabling requesting leases (bsc#1144333).
- smb3: allow parallelizing decryption of reads (bsc#1144333).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333).
- SMB3: Backup intent flag missing from some more ops (bsc#1144333).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333).
- smb3: display max smb3 requests in flight at any one time (bsc#1144333).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1144333).
- smb3: enable offload of decryption of large reads via mount option (bsc#1144333).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1144333).
- smb3: fix performance regression with setting mtime (bsc#1144333).
- smb3: fix potential null dereference in decrypt offload (bsc#1144333).
- smb3: fix problem with null cifs super block with previous patch (bsc#1144333).
- smb3: Fix regression in time handling (bsc#1144333).
- smb3: improve check for when we send the security descriptor context on create (bsc#1144333).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333).
- smb3: missing ACL related flags (bsc#1144333).
- smb3: only offload decryption of read responses if multiple requests (bsc#1144333).
- smb3: pass mode bits into create calls (bsc#1144333).
- smb3: print warning once if posix context returned on open (bsc#1144333).
- smb3: query attributes on file close (bsc#1144333).
- smb3: remove noisy debug message and minor cleanup (bsc#1144333).
- smb3: remove unused flag passed into close functions (bsc#1144333).
- staging: ccree: use signal safe completion wait (git-fixes).
- staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510).
- staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510).
- staging: rtl8188eu: Fix potential security hole (bsc#1051510).
- staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510).
- staging: rtl8723bs: Fix potential security hole (bsc#1051510).
- staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510).
- staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510).
- staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202).
- tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27).
- tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05).
- tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05).
- tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05).
- tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05).
- tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20).
- tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11).
- thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510).
- thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes).
- tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231).
- tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes).
- tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003).
- tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729).
- tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510).
- ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes).
- tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510).
- tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510).
- USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes).
- USB: core: add endpoint-blacklist quirk (git-fixes).
- USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes).
- USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes).
- USB: Disable LPM on WD19's Realtek Hub (git-fixes).
- USB: dwc2: Fix in ISOC request length checking (git-fixes).
- USB: Fix novation SourceControl XL after suspend (git-fixes).
- USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes).
- USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510).
- USB: host: xhci-plat: add a shutdown (git-fixes).
- USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes).
- USB: hub: Do not record a connect-change event during reset-resume (git-fixes).
- usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes).
- USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes).
- USB: misc: iowarrior: add support for the 100 device (git-fixes).
- USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes).
- USB: musb: Disable pullup at init (git-fixes).
- USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510).
- USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes).
- USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes).
- USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes).
- USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510).
- USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes).
- USB: serial: pl2303: add device-id for HP LD381 (git-fixes).
- USB: storage: Add quirk for Samsung Fit flash (git-fixes).
- USB: uas: fix a plug & unplug racing (git-fixes).
- USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes).
- uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507)
- vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279)
- virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes).
- vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11).
- vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11).
- vxlan: fix tos value before xmit (networking-stable-20_01_11).
- x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279).
- x86/mce/amd: Fix kobject lifetime (bsc#1114279).
- x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279).
- x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279).
- x86/mm: Split vmalloc_sync_all() (bsc#1165741).
- x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279).
- xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486).
- xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873).
- xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984).
- xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes).
- xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes).
- xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510).
- xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510).
ImportantSUSE bug 1044231SUSE bug 1050549SUSE bug 1051510SUSE bug 1051858SUSE bug 1056686SUSE bug 1060463SUSE bug 1065600SUSE bug 1065729SUSE bug 1083647SUSE bug 1085030SUSE bug 1104967SUSE bug 1109911SUSE bug 1114279SUSE bug 1118338SUSE bug 1120386SUSE bug 1133021SUSE bug 1136157SUSE bug 1137325SUSE bug 1144333SUSE bug 1145051SUSE bug 1145929SUSE bug 1146539SUSE bug 1148868SUSE bug 1154385SUSE bug 1157424SUSE bug 1158552SUSE bug 1158983SUSE bug 1159037SUSE bug 1159142SUSE bug 1159198SUSE bug 1159199SUSE bug 1159285SUSE bug 1160659SUSE bug 1161951SUSE bug 1162929SUSE bug 1162931SUSE bug 1163403SUSE bug 1163508SUSE bug 1163897SUSE bug 1164078SUSE bug 1164284SUSE bug 1164507SUSE bug 1164893SUSE bug 1165019SUSE bug 1165111SUSE bug 1165182SUSE bug 1165404SUSE bug 1165488SUSE bug 1165527SUSE bug 1165741SUSE bug 1165813SUSE bug 1165873SUSE bug 1165949SUSE bug 1165984SUSE bug 1165985SUSE bug 1166003SUSE bug 1166101SUSE bug 1166102SUSE bug 1166103SUSE bug 1166104SUSE bug 1166632SUSE bug 1166730SUSE bug 1166731SUSE bug 1166732SUSE bug 1166733SUSE bug 1166734SUSE bug 1166735SUSE bug 1166780SUSE bug 1166860SUSE bug 1166861SUSE bug 1166862SUSE bug 1166864SUSE bug 1166866SUSE bug 1166867SUSE bug 1166868SUSE bug 1166870SUSE bug 1166940SUSE bug 1167005SUSE bug 1167288SUSE bug 1167290SUSE bug 1167316SUSE bug 1167421SUSE bug 1167423SUSE bug 1167629SUSE bug 1168075SUSE bug 1168202SUSE bug 1168276SUSE bug 1168295SUSE bug 1168424SUSE bug 1168443SUSE bug 1168486SUSE bug 1168760SUSE bug 1168762SUSE bug 1168763SUSE bug 1168764SUSE bug 1168765SUSE bug 1168829SUSE bug 1168854SUSE bug 1168881SUSE bug 1168884SUSE bug 1168952SUSE bug 1169057SUSE bug 1169390SUSE bug 1169514SUSE bug 1169625CVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-3701 at SUSECVE-2019-3701 at NVDCVE-2019-9458 at SUSECVE-2019-9458 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11669 at SUSECVE-2020-11669 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8834 at SUSECVE-2020-8834 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDcpe:/o:suse:sles:12:sp4Security update for shibboleth-sp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for shibboleth-sp fixes the following issues:
Security issue fixed:
- CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471).
ModerateSUSE bug 1157471CVE-2019-19191 at SUSECVE-2019-19191 at NVDcpe:/o:suse:sles:12:sp4Security update for ceph (Important)SUSE Linux Enterprise Server 12 SP4
This update for ceph fixes the following issues:
- CVE-2020-12059: Fixed a denial of service caused by a specially crafted XML payload on POST requests (bsc#1170170).
ImportantSUSE bug 1170170CVE-2020-12059 at SUSECVE-2020-12059 at NVDcpe:/o:suse:sles:12:sp4Security update for LibVNCServer (Important)SUSE Linux Enterprise Server 12 SP4
This update for LibVNCServer fixes the following issues:
- CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471).
- CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).
- CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441).
ImportantSUSE bug 1155419SUSE bug 1160471SUSE bug 1170441CVE-2019-15681 at SUSECVE-2019-15681 at NVDCVE-2019-15690 at SUSECVE-2019-15690 at NVDCVE-2019-20788 at SUSECVE-2019-20788 at NVDcpe:/o:suse:sles:12:sp4Security update for icu (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for icu fixes the following issues:
- CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844).
ModerateSUSE bug 1166844CVE-2020-10531 at SUSECVE-2020-10531 at NVDcpe:/o:suse:sles:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for openldap2 fixes the following issues:
- CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771).
ImportantSUSE bug 1170771CVE-2020-12243 at SUSECVE-2020-12243 at NVDcpe:/o:suse:sles:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4
This update for webkit2gtk3 fixes the following issues:
Security issue fixed:
- CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643).
Non-security issues fixed:
- Update to version 2.28.2 (bsc#1170643):
+ Fix excessive CPU usage due to GdkFrameClock not being stopped.
+ Fix UI process crash when EGL_WL_bind_wayland_display extension
is not available.
+ Fix position of select popup menus in X11.
+ Fix playing of Youtube 'live stream'/H264 URLs.
+ Fix a crash under X11 when cairo uses xcb.
+ Fix the build in MIPS64.
+ Fix several crashes and rendering issues.
ImportantSUSE bug 1170643CVE-2020-3899 at SUSECVE-2020-3899 at NVDcpe:/o:suse:sles:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4
This update for ghostscript to version 9.52 fixes the following issues:
- CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603).
ImportantSUSE bug 1170603CVE-2020-12268 at SUSECVE-2020-12268 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
Update to version 68.8.0 ESR (bsc#1171186):
- CVE-2020-12387: Use-after-free during worker shutdown
- CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
- CVE-2020-12389: Sandbox escape with improperly separated process types
- CVE-2020-6831: Buffer overflow in SCTP chunk input validation
- CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
- CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
- CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
ImportantSUSE bug 1171186CVE-2020-12387 at SUSECVE-2020-12387 at NVDCVE-2020-12388 at SUSECVE-2020-12388 at NVDCVE-2020-12389 at SUSECVE-2020-12389 at NVDCVE-2020-12392 at SUSECVE-2020-12392 at NVDCVE-2020-12393 at SUSECVE-2020-12393 at NVDCVE-2020-12395 at SUSECVE-2020-12395 at NVDCVE-2020-6831 at SUSECVE-2020-6831 at NVDcpe:/o:suse:sles:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4
This update for squid fixes the following issues:
- CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can
result in cache poisoning, remote execution, and denial of service attacks
when processing ESI responses (bsc#1169659).
- CVE-2020-11945: fixes a potential remote execution vulnerability
when using HTTP Digest Authentication (bsc#1170313).
- CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass
and cross-site scripting attack when processing invalid HTTP
Request messages (bsc#1170423).
ImportantSUSE bug 1169659SUSE bug 1170313SUSE bug 1170423CVE-2019-12519 at SUSECVE-2019-12519 at NVDCVE-2019-12520 at SUSECVE-2019-12520 at NVDCVE-2019-12521 at SUSECVE-2019-12521 at NVDCVE-2019-12524 at SUSECVE-2019-12524 at NVDCVE-2020-11945 at SUSECVE-2020-11945 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for apache2 fixes the following issues:
- CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404).
- CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407).
- CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066).
ImportantSUSE bug 1168404SUSE bug 1168407SUSE bug 1169066CVE-2020-1927 at SUSECVE-2020-1927 at NVDCVE-2020-1934 at SUSECVE-2020-1934 at NVDCVE-2020-1938 at SUSECVE-2020-1938 at NVDcpe:/o:suse:sles:12:sp4Security update for python-PyYAML (Important)SUSE Linux Enterprise Server 12 SP4
This update for python-PyYAML fixes the following issues:
- CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439).
ImportantSUSE bug 1165439CVE-2020-1747 at SUSECVE-2020-1747 at NVDcpe:/o:suse:sles:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4
This update for libvirt fixes the following issues:
Security issue fixed:
- CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683).
Non-security issues fixed:
- apparmor: avoid copying empty profile name (bsc#1149100).
- logging: ensure virtlogd rollover takes priority over logrotate (bsc#1137137).
- qemu: Add support for overriding max threads per process limit (bsc#1133719).
- util: fix copying bitmap to larger data buffer (bsc#1138734).
- virsh: support for setting precopy bandwidth in migrate (bsc#1145586).
- virsh: use upstream name for migration precopy bandwidth parameter (bsc#1145586).
- virt-create-rootfs: add SLE 15 and SLE 12 service packs support (bsc#1154093).
ImportantSUSE bug 1133719SUSE bug 1137137SUSE bug 1138734SUSE bug 1145586SUSE bug 1149100SUSE bug 1154093SUSE bug 1168683CVE-2020-10703 at SUSECVE-2020-10703 at NVDcpe:/o:suse:sles:12:sp4Security update for openexr (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openexr provides the following fix:
Security issues fixed:
- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).
- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).
- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).
- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).
Non-security issue fixed:
- Enable tests when building the package on x86_64. (bsc#1146648)
ModerateSUSE bug 1146648SUSE bug 1169573SUSE bug 1169574SUSE bug 1169576SUSE bug 1169580CVE-2020-11758 at SUSECVE-2020-11758 at NVDCVE-2020-11760 at SUSECVE-2020-11760 at NVDCVE-2020-11763 at SUSECVE-2020-11763 at NVDCVE-2020-11764 at SUSECVE-2020-11764 at NVDcpe:/o:suse:sles:12:sp4Security update for git (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for git to 2.26.2 fixes the following issues:
Security issue fixed:
- CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper
to providing credential information that is not appropriate for the protocol
in use and host being contacted (bsc#1169936).
Non-security issue fixed:
- Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).
- Enabled access for git-daemon in firewall configuration (bsc#1170302).
- Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741).
ModerateSUSE bug 1149792SUSE bug 1168930SUSE bug 1169605SUSE bug 1169786SUSE bug 1169936SUSE bug 1170302SUSE bug 1170741SUSE bug 1170939CVE-2020-11008 at SUSECVE-2020-11008 at NVDCVE-2020-5260 at SUSECVE-2020-5260 at NVDcpe:/o:suse:sles:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4
This update for mailman fixes the following issues:
Security issue fixed:
- CVE-2020-12108: Fixed a content injection bug (bsc#1171363).
- CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558).
Non-security issue fixed:
- Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068).
- Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920).
ImportantSUSE bug 1167068SUSE bug 1170558SUSE bug 1171363SUSE bug 682920CVE-2020-12108 at SUSECVE-2020-12108 at NVDCVE-2020-12137 at SUSECVE-2020-12137 at NVDcpe:/o:suse:sles:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4
This update for bind fixes the following issues:
Security issues fixed:
- CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740).
- CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740).
Non-security issue fixed:
- Fixed an invalid string comparison in the handling of cookie-secrets (bsc#1161168).
ImportantSUSE bug 1161168SUSE bug 1171740CVE-2020-8616 at SUSECVE-2020-8616 at NVDCVE-2020-8617 at SUSECVE-2020-8617 at NVDcpe:/o:suse:sles:12:sp4Security update for ant (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ant fixes the following issues:
Security issue fixed:
- CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053).
Non-security issues fixed:
- Add rhino to the ant-apache-bsf optional tasks (bsc#1134001).
- Remove jakarta-commons-logging dependencies (bsc#1133997).
- Use apache-commons-logging in optional tasks
ModerateSUSE bug 1100053SUSE bug 1133997SUSE bug 1134001CVE-2018-10886 at SUSECVE-2018-10886 at NVDcpe:/o:suse:sles:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4
This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.35. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
* CVE-2020-9484 (bsc#1171928)
Apache Tomcat Remote Code Execution via session persistence
If an attacker was able to control the contents and name of a file on a
server configured to use the PersistenceManager, then the attacker could
have triggered a remote code execution via deserialization of the file under
their control.
ImportantSUSE bug 1171928CVE-2020-9484 at SUSECVE-2020-9484 at NVDcpe:/o:suse:sles:12:sp4Security update for libssh (Important)SUSE Linux Enterprise Server 12 SP4
This update for libssh fixes the following issues:
- CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095).
ImportantSUSE bug 1158095CVE-2019-14889 at SUSECVE-2019-14889 at NVDcpe:/o:suse:sles:12:sp4Security update for dpdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for dpdk to 17.11.7 fixes the following issues:
Security issues fixed:
- CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477 bsc#1171930).
- CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477).
ImportantSUSE bug 1171477SUSE bug 1171925SUSE bug 1171930CVE-2019-14818 at SUSECVE-2019-14818 at NVDCVE-2020-10722 at SUSECVE-2020-10722 at NVDCVE-2020-10723 at SUSECVE-2020-10723 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb-connector-c (Important)SUSE Linux Enterprise Server 12 SP4
This update for mariadb-connector-c fixes the following issues:
Security issue fixed:
- CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550).
Non-security issues fixed:
- Update to release 3.1.8 (bsc#1171550)
* CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner
* CONC-441: Default user name for C/C is wrong if login user is different from effective user
* CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf
* CONC-457: mysql_list_processes crashes in unpack_fields
* CONC-458: mysql_get_timeout_value crashes when used improper
* CONC-464: Fix static build for auth_gssapi_client plugin
ImportantSUSE bug 1171550CVE-2020-13249 at SUSECVE-2020-13249 at NVDcpe:/o:suse:sles:12:sp4Security update for Mesa (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for Mesa fixes the following issues:
Security issue fixed:
- CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015).
ModerateSUSE bug 1156015CVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:sles:12:sp4Security update for qemu (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect (bsc#1165776).
- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
Non-security issue fixed:
- Miscellaneous fixes to the in-package support documentation.
ModerateSUSE bug 1123156SUSE bug 1161066SUSE bug 1163018SUSE bug 1165776SUSE bug 1166240SUSE bug 1170940CVE-2019-20382 at SUSECVE-2019-20382 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDcpe:/o:suse:sles:12:sp4Security update for file-roller (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for file-roller fixes the following issues:
Security issue fixed:
- CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428).
ModerateSUSE bug 1169428CVE-2020-11736 at SUSECVE-2020-11736 at NVDcpe:/o:suse:sles:12:sp4Security update for python (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python to version 2.7.17 fixes the following issues:
Syncing with lots of upstream bug fixes and security fixes.
Bug fixes:
- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
- CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094).
- CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367).
- Fixed mismatches between libpython and python-base versions (bsc#1162224).
- Fixed segfault in libpython2.7.so.1 (bsc#1073748).
- Unified packages among openSUSE:Factory and SLE versions (bsc#1159035).
- Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830).
- Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401).
- Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).
Additionally a new 'shared-python-startup' package is provided containing startup files.
python-rpm-macros was updated to fix:
- Do not write .pyc files for tests (bsc#1171561)
ModerateSUSE bug 1027282SUSE bug 1041090SUSE bug 1042670SUSE bug 1073269SUSE bug 1073748SUSE bug 1078326SUSE bug 1078485SUSE bug 1081750SUSE bug 1084650SUSE bug 1086001SUSE bug 1149792SUSE bug 1153830SUSE bug 1155094SUSE bug 1159035SUSE bug 1162224SUSE bug 1162367SUSE bug 1162825SUSE bug 1165894SUSE bug 1170411SUSE bug 1171561SUSE bug 945401CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDcpe:/o:suse:sles:12:sp4Security update for krb5-appl (Important)SUSE Linux Enterprise Server 12 SP4
This update for krb5-appl fixes the following issues:
- CVE-2020-10188: Fixed a remote root execution (bsc#1165787).
ImportantSUSE bug 1165787CVE-2020-10188 at SUSECVE-2020-10188 at NVDcpe:/o:suse:sles:12:sp4Security update for libexif (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libexif fixes the following issues:
Security issues fixed:
- CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857).
- CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893).
- CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).
- CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
- CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847).
- CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475).
- CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121).
- CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105).
- CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).
Non-security issues fixed:
- libexif was updated to version 0.6.22:
* New translations: ms
* Updated translations for most languages
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
ModerateSUSE bug 1055857SUSE bug 1059893SUSE bug 1120943SUSE bug 1160770SUSE bug 1171475SUSE bug 1171847SUSE bug 1172105SUSE bug 1172116SUSE bug 1172121CVE-2016-6328 at SUSECVE-2016-6328 at NVDCVE-2017-7544 at SUSECVE-2017-7544 at NVDCVE-2018-20030 at SUSECVE-2018-20030 at NVDCVE-2019-9278 at SUSECVE-2019-9278 at NVDCVE-2020-0093 at SUSECVE-2020-0093 at NVDCVE-2020-12767 at SUSECVE-2020-12767 at NVDCVE-2020-13112 at SUSECVE-2020-13112 at NVDCVE-2020-13113 at SUSECVE-2020-13113 at NVDCVE-2020-13114 at SUSECVE-2020-13114 at NVDcpe:/o:suse:sles:12:sp4Security update for vim (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for vim fixes the following issues:
- CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim
was possible using interfaces (bsc#1172225 and bsc#1172031).
ModerateSUSE bug 1172031SUSE bug 1172225CVE-2019-20807 at SUSECVE-2019-20807 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
- MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402).
- CVE-2020-12405: Fixed a use-after-free in SharedWorkerService.
- CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes.
- CVE-2020-12410: Fixed multiple memory safety bugs.
ImportantSUSE bug 1172402CVE-2020-12405 at SUSECVE-2020-12405 at NVDCVE-2020-12406 at SUSECVE-2020-12406 at NVDCVE-2020-12410 at SUSECVE-2020-12410 at NVDcpe:/o:suse:sles:12:sp4Security update for ruby2.1 (Important)SUSE Linux Enterprise Server 12 SP4
This update for ruby2.1 fixes the following issues:
Security issues fixed:
- CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983).
- CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265).
- CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755).
- CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286).
- CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286).
- CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286).
- CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286).
- CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452).
- CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607).
- CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632).
- CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754).
- CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757).
- CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782).
- CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002).
- CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434).
- CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782).
- CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441).
- CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436).
- CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433).
- CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440).
- CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437).
- CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530).
- CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532).
- CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007).
- CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008).
- CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014).
- CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009).
- CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010).
- CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011).
- CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058).
- CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627).
- CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623).
- CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622).
- CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620).
- CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617).
- CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611).
- CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994).
- CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995).
- CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992).
- CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990).
- CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517).
Non-security issue fixed:
- Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072).
Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275)
ImportantSUSE bug 1043983SUSE bug 1048072SUSE bug 1055265SUSE bug 1056286SUSE bug 1056782SUSE bug 1058754SUSE bug 1058755SUSE bug 1058757SUSE bug 1062452SUSE bug 1069607SUSE bug 1069632SUSE bug 1073002SUSE bug 1078782SUSE bug 1082007SUSE bug 1082008SUSE bug 1082009SUSE bug 1082010SUSE bug 1082011SUSE bug 1082014SUSE bug 1082058SUSE bug 1087433SUSE bug 1087434SUSE bug 1087436SUSE bug 1087437SUSE bug 1087440SUSE bug 1087441SUSE bug 1112530SUSE bug 1112532SUSE bug 1130611SUSE bug 1130617SUSE bug 1130620SUSE bug 1130622SUSE bug 1130623SUSE bug 1130627SUSE bug 1152990SUSE bug 1152992SUSE bug 1152994SUSE bug 1152995SUSE bug 1171517SUSE bug 1172275CVE-2015-9096 at SUSECVE-2015-9096 at NVDCVE-2016-2339 at SUSECVE-2016-2339 at NVDCVE-2016-7798 at SUSECVE-2016-7798 at NVDCVE-2017-0898 at SUSECVE-2017-0898 at NVDCVE-2017-0899 at SUSECVE-2017-0899 at NVDCVE-2017-0900 at SUSECVE-2017-0900 at NVDCVE-2017-0901 at SUSECVE-2017-0901 at NVDCVE-2017-0902 at SUSECVE-2017-0902 at NVDCVE-2017-0903 at SUSECVE-2017-0903 at NVDCVE-2017-10784 at SUSECVE-2017-10784 at NVDCVE-2017-14033 at SUSECVE-2017-14033 at NVDCVE-2017-14064 at SUSECVE-2017-14064 at NVDCVE-2017-17405 at SUSECVE-2017-17405 at NVDCVE-2017-17742 at SUSECVE-2017-17742 at NVDCVE-2017-17790 at SUSECVE-2017-17790 at NVDCVE-2017-9228 at SUSECVE-2017-9228 at NVDCVE-2017-9229 at SUSECVE-2017-9229 at NVDCVE-2018-1000073 at SUSECVE-2018-1000073 at NVDCVE-2018-1000074 at SUSECVE-2018-1000074 at NVDCVE-2018-1000075 at SUSECVE-2018-1000075 at NVDCVE-2018-1000076 at SUSECVE-2018-1000076 at NVDCVE-2018-1000077 at SUSECVE-2018-1000077 at NVDCVE-2018-1000078 at SUSECVE-2018-1000078 at NVDCVE-2018-1000079 at SUSECVE-2018-1000079 at NVDCVE-2018-16395 at SUSECVE-2018-16395 at NVDCVE-2018-16396 at SUSECVE-2018-16396 at NVDCVE-2018-6914 at SUSECVE-2018-6914 at NVDCVE-2018-8777 at SUSECVE-2018-8777 at NVDCVE-2018-8778 at SUSECVE-2018-8778 at NVDCVE-2018-8779 at SUSECVE-2018-8779 at NVDCVE-2018-8780 at SUSECVE-2018-8780 at NVDCVE-2019-15845 at SUSECVE-2019-15845 at NVDCVE-2019-16201 at SUSECVE-2019-16201 at NVDCVE-2019-16254 at SUSECVE-2019-16254 at NVDCVE-2019-16255 at SUSECVE-2019-16255 at NVDCVE-2019-8320 at SUSECVE-2019-8320 at NVDCVE-2019-8321 at SUSECVE-2019-8321 at NVDCVE-2019-8322 at SUSECVE-2019-8322 at NVDCVE-2019-8323 at SUSECVE-2019-8323 at NVDCVE-2019-8324 at SUSECVE-2019-8324 at NVDCVE-2019-8325 at SUSECVE-2019-8325 at NVDCVE-2020-10663 at SUSECVE-2020-10663 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_0-openjdk to version 7u261 fixes the following issues:
- CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511)
- CVE-2020-2757: Less Blocking Array Queues (bsc#1169511)
- CVE-2020-2773: Better signatures in XML (bsc#1169511)
- CVE-2020-2781: Improve TLS session handling (bsc#1169511)
- CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511)
- CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511)
- CVE-2020-2805: Enhance typing of methods (bsc#1169511)
- CVE-2020-2830: Better Scanner conversions (bsc#1169511)
ImportantSUSE bug 1169511CVE-2020-2756 at SUSECVE-2020-2756 at NVDCVE-2020-2757 at SUSECVE-2020-2757 at NVDCVE-2020-2773 at SUSECVE-2020-2773 at NVDCVE-2020-2781 at SUSECVE-2020-2781 at NVDCVE-2020-2800 at SUSECVE-2020-2800 at NVDCVE-2020-2803 at SUSECVE-2020-2803 at NVDCVE-2020-2805 at SUSECVE-2020-2805 at NVDCVE-2020-2830 at SUSECVE-2020-2830 at NVDcpe:/o:suse:sles:12:sp4Security update for texlive (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for texlive fixes the following issues:
Security issues fixed:
- CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740).
- CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910).
- Fixed an issue where pstopdf was crashing (bsc#1138793).
ModerateSUSE bug 1138793SUSE bug 1158910SUSE bug 1159740CVE-2020-8016 at SUSECVE-2020-8016 at NVDCVE-2020-8017 at SUSECVE-2020-8017 at NVDcpe:/o:suse:sles:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ucode-intel fixes the following issues:
Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)
This update contains security mitigations for:
- CVE-2020-0543: Fixed a side channel attack against special registers
which could have resulted in leaking of read values to cores other
than the one which called it. This attack is known as Special Register
Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).
- CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to
mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack'
attacks. (bsc#1156353)
Microcode Table:
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
HSW C0 6-3c-3/32 00000027->00000028 Core Gen4
BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5
HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4
HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4
BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5
SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable
SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable
SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx
CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2
CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2
SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5
AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile
AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile
KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8
CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9
CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile
Also contains the Intel CPU Microcode update to 20200520:
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X
SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X
ModerateSUSE bug 1154824SUSE bug 1156353SUSE bug 1172466CVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDcpe:/o:suse:sles:12:sp4Security update for virglrenderer (Important)SUSE Linux Enterprise Server 12 SP4
This update for virglrenderer fixes the following issues:
- CVE-2019-18388: Fixed a null pointer dereference which could have led
to denial of service (bsc#1159479).
- CVE-2019-18390: Fixed an out of bound read which could have led to
denial of service (bsc#1159478).
- CVE-2019-18389: Fixed a heap buffer overflow which could have led to
guest escape or denial of service (bsc#1159482).
- CVE-2019-18391: Fixed a heap based buffer overflow which could have led to
guest escape or denial of service (bsc#1159486).
ImportantSUSE bug 1159478SUSE bug 1159479SUSE bug 1159482SUSE bug 1159486CVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it.
This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).
- CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).
- CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).
- CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).
- CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).
- CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).
- CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).
- CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).
- CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).
- CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).
- CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).
- CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).
- CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).
- CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).
- CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).
- CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).
- CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).
- CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).
- CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).
- CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).
- CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199).
- CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).
- CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).
The following non-security bugs were fixed:
- ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510).
- ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510).
- acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510).
- Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE.
- agp/intel: Reinforce the barrier after GTT updates (bsc#1051510).
- ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510).
- ALSA: hda: Do not release card at firmware loading error (bsc#1051510).
- ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510).
- ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510).
- ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510).
- ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes).
- ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510).
- ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes).
- ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes).
- ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510).
- ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293).
- ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510).
- ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes).
- ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes).
- ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510).
- ALSA: pcm: fix incorrect hw_base increase (git-fixes).
- ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522).
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes).
- ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes).
- ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510).
- ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510).
- ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510).
- ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes).
- ALSA: usx2y: Fix potential NULL dereference (bsc#1051510).
- ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510).
- ASoC: dapm: connect virtual mux with default value (bsc#1051510).
- ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510).
- ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510).
- ASoC: fix regwmask (bsc#1051510).
- ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510).
- ASoC: topology: Check return value of pcm_new_ver (bsc#1051510).
- ASoC: topology: use name_prefix for new kcontrol (bsc#1051510).
- b43legacy: Fix case where channel status is corrupted (bsc#1051510).
- batman-adv: fix batadv_nc_random_weight_tq (git-fixes).
- batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes).
- batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes).
- batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes).
- bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)).
- bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)).
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)).
- block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527).
- block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599).
- block: fix busy device checking in blk_drop_partitions again (bsc#1171948).
- block: fix busy device checking in blk_drop_partitions (bsc#1171948).
- block: fix memleak of bio integrity data (git fixes (block drivers)).
- block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948).
- bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28).
- bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14).
- bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14).
- brcmfmac: abort and release host after error (bsc#1051510).
- btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127).
- btrfs: fix log context list corruption after rename whiteout error (bsc#1172342).
- btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343).
- btrfs: move the dio_sem higher up the callchain (bsc#1171761).
- btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366).
- btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366).
- btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127).
- btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127).
- btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127).
- can: add missing attribute validation for termination (networking-stable-20_03_14).
- cdc-acm: close race betrween suspend() and acm_softint (git-fixes).
- cdc-acm: introduce a cool down (git-fixes).
- ceph: fix double unlock in handle_cap_export() (bsc#1171694).
- ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695).
- cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14).
- CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333).
- CIFS: Allocate encryption header through kmalloc (bsc#1144333).
- CIFS: allow unlock flock and OFD lock across fork (bsc#1144333).
- CIFS: check new file size when extending file by fallocate (bsc#1144333).
- CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333).
- CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333).
- CIFS: do not share tcons with DFS (bsc#1144333).
- CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333).
- CIFS: ensure correct super block for DFS reconnect (bsc#1144333).
- CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333).
- CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333).
- CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333).
- CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333).
- CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333).
- CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333).
- CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333).
- CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333).
- CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333).
- CIFS: smbd: Check send queue size before posting a send (bsc#1144333).
- CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333).
- CIFS: smbd: Merge code to track pending packets (bsc#1144333).
- CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333).
- CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333).
- CIFS: Warn less noisily on default mount (bsc#1144333).
- clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510).
- clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510).
- clk: imx: make mux parent strings const (bsc#1051510).
- clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510).
- clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510).
- clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620).
- clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510).
- component: Silence bind error on -EPROBE_DEFER (bsc#1051510).
- coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)).
- cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510).
- crypto: ccp - AES CFB mode is a stream cipher (git-fixes).
- crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes).
- crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279).
- crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279).
- debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes).
- dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510).
- dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574).
- dm writecache: fix data corruption when reloading the target (git fixes (block drivers)).
- dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)).
- dm writecache: verify watermark during resume (git fixes (block drivers)).
- dm zoned: fix invalid memory access (git fixes (block drivers)).
- dm zoned: reduce overhead of backing device checks (git fixes (block drivers)).
- dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)).
- dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)).
- dp83640: reverse arguments to list_add_tail (git-fixes).
- Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253).
- Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618).
- Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618).
- Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618).
- Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618).
- drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729).
- drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes
- drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes
- drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510).
- drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510).
- drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279)
- drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279)
- drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes
- drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510).
- drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279)
- drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510).
- drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510).
- drm/qxl: qxl_release use after free (bsc#1051510).
- drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes
- dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)).
- EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525).
- ext4: do not zeroout extents beyond i_disksize (bsc#1167851).
- ext4: fix extent_status fragmentation for plain files (bsc#1171949).
- ext4: use non-movable memory for superblock readahead (bsc#1171952).
- fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679).
- fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes
- fib: add missing attribute validation for tun_id (networking-stable-20_03_14).
- firmware: qcom: scm: fix compilation error when disabled (bsc#1051510).
- fs/cifs: fix gcc warning in sid_to_id (bsc#1144333).
- fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125).
- gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510).
- gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14).
- HID: hid-input: clear unmapped usages (git-fixes).
- HID: hyperv: Add a module description line (bsc#1172253).
- HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes).
- HID: i2c-hid: override HID descriptors for certain devices (git-fixes).
- HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510).
- HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes).
- hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)).
- hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28).
- hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17).
- hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28).
- hsr: set .netnsok flag (networking-stable-20_03_28).
- hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28).
- i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes).
- i2c: acpi: put device when verifying client fails (git-fixes).
- i2c: brcmstb: remove unused struct member (git-fixes).
- i2c: core: Allow empty id_table in ACPI case as well (git-fixes).
- i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes).
- i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510).
- i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes).
- i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes).
- i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes).
- i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes).
- i2c: isch: Remove unnecessary acpi.h include (git-fixes).
- i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510).
- i2c: st: fix missing struct parameter description (bsc#1051510).
- IB/ipoib: Add child to parent list only if device initialized (bsc#1168503).
- IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503).
- IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503).
- IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503).
- IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503).
- IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503).
- IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503).
- IB/ipoib: Move init code to ndo_init (bsc#1168503).
- IB/ipoib: Replace printk with pr_warn (bsc#1168503).
- IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503).
- IB/ipoib: Warn when one port fails to initialize (bsc#1168503).
- ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239).
- iio:ad7797: Use correct attribute_group (bsc#1051510).
- iio: adc: stm32-adc: fix device used to request dma (bsc#1051510).
- iio: adc: stm32-adc: fix sleep in atomic context (git-fixes).
- iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510).
- iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510).
- iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510).
- iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510).
- iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510).
- iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510).
- ima: Fix return value of ima_write_policy() (git-fixes).
- Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510).
- Input: hyperv-keyboard - add module description (bsc#1172253).
- Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510).
- Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510).
- Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510).
- Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510).
- Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes).
- Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510).
- Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510).
- iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096).
- iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097).
- iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098).
- iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099).
- iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101).
- iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102).
- iommu/amd: Update Device Table in increase_address_space() (bsc#1172103).
- iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397).
- ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02).
- ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14).
- ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09).
- ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14).
- ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14).
- ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14).
- iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510).
- kabi fix for early XHCI debug (git-fixes).
- kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes).
- kabi, protect struct ib_device (bsc#1168503).
- kabi/severities: Do not track KVM internal symbols.
- kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party.
- kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes).
- KEYS: reaching the keys quotas correctly (bsc#1051510).
- KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021).
- KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021).
- KVM: Check validity of resolved slot when searching memslots (bsc#1172104).
- KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes).
- KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489).
- l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17).
- libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510).
- libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510).
- lib: raid6: fix awk build warnings (git fixes (block drivers)).
- lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)).
- lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)).
- locks: print unsigned ino in /proc/locks (bsc#1171951).
- mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510).
- mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510).
- mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510).
- macsec: avoid to set wrong mtu (bsc#1051510).
- macsec: restrict to ethernet devices (networking-stable-20_03_28).
- macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14).
- macvlan: fix null dereference in macvlan_device_event() (bsc#1051510).
- md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes).
- md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)).
- md/raid10: prevent access of uninitialized resync_pages offset (git-fixes).
- media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510).
- media: platform: fcp: Set appropriate DMA parameters (bsc#1051510).
- media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes).
- mei: release me_cl object reference (bsc#1051510).
- mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27).
- mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09).
- mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes).
- mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes).
- mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes).
- mmc: meson-gx: simplify interrupt handler (git-fixes).
- mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes).
- mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510).
- mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510).
- mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes).
- mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510).
- mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510).
- mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510).
- mmc: tmio: fix access width of Block Count Register (git-fixes).
- mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)).
- mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510).
- mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes).
- mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes).
- mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes).
- mwifiex: avoid -Wstringop-overflow warning (bsc#1051510).
- mwifiex: Fix memory corruption in dump_station (bsc#1051510).
- net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27).
- net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27).
- net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27).
- net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09).
- net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09).
- net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28).
- net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14).
- net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14).
- net: fix race condition in __inet_lookup_established() (bsc#1151794).
- net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14).
- net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02).
- net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17).
- net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17).
- netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14).
- net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14).
- net: memcg: late association of sock to memcg (networking-stable-20_03_14).
- net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27).
- net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118).
- net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118).
- net/mlx5e: Fix ethtool self test: link speed (bsc#1171118).
- net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118).
- net/mlx5: Expose link speed directly (bsc#1171118).
- net/mlx5: Expose port speed when possible (bsc#1171118).
- net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28).
- net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27).
- net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14).
- net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28).
- net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17).
- net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
- net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27).
- nfc: add missing attribute validation for SE API (networking-stable-20_03_14).
- nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14).
- nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510).
- nfsd4: fix up replay_matches_cache() (git-fixes).
- nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes).
- nfsd: fix delay timer on 32-bit architectures (git-fixes).
- nfsd: fix jiffies/time_t mixup in LRU list (git-fixes).
- NFS: Directory page cache pages need to be locked when read (git-fixes).
- nfsd: memory corruption in nfsd4_lock() (git-fixes).
- NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457).
- NFS: Fix memory leaks and corruption in readdir (git-fixes).
- NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes).
- nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes).
- NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592).
- NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes).
- NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes).
- NFS: Revalidate the file size on a fatal write error (git-fixes).
- NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes).
- NFSv4: Do not allow a cached open with a revoked delegation (git-fixes).
- NFSv4: Fix leak of clp->cl_acceptor string (git-fixes).
- NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes).
- NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes).
- NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes).
- nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14).
- nl802154: add missing attribute validation (networking-stable-20_03_14).
- nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391).
- objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514).
- objtool: Fix switch table detection in .text.unlikely (bsc#1169514).
- objtool: Make BP scratch register warning more robust (bsc#1169514).
- padata: Remove broken queue flushing (git-fixes).
- Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)).
- pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes).
- pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes).
- platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510).
- pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes).
- powerpc: Add attributes for setjmp/longjmp (bsc#1065729).
- powerpc/pci/of: Parse unassigned resources (bsc#1065729).
- powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729).
- powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729).
- r8152: check disconnect status after long sleep (networking-stable-20_03_14).
- raid6/ppc: Fix build for clang (git fixes (block drivers)).
- rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)).
- RDMA/ipoib: Fix use of sizeof() (bsc#1168503).
- RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503).
- RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503).
- RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503).
- Remove 2 git-fixes that cause build issues. (bsc#1171691)
- Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes).
- Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279)
- Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221).
- rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510).
- s390/ftrace: fix potential crashes when switching tracers (git-fixes).
- s390/ism: fix error return code in ism_probe() (git-fixes).
- s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103).
- s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103).
- scripts/decodecode: fix trapping instruction formatting (bsc#1065729).
- scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388).
- scsi: bnx2i: fix potential use after free (bsc#1171600).
- scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data
- scsi: core: save/restore command resid for error handling (bsc#1171602).
- scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604).
- scsi: core: try to get module before removing device (bsc#1171605).
- scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606).
- scsi: csiostor: Do not enable IRQs too early (bsc#1171607).
- scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608).
- scsi: fnic: fix invalid stack access (bsc#1171609).
- scsi: fnic: fix msix interrupt allocation (bsc#1171610).
- scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611).
- scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612).
- scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613).
- scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614).
- scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615).
- scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616).
- scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169).
- scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169).
- scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169).
- scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169).
- scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169).
- scsi: qla2xxx: Fix regression warnings (bsc#1157169).
- scsi: qla2xxx: Remove non functional code (bsc#1157169).
- scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169).
- scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617).
- scsi: qla4xxx: fix double free bug (bsc#1171618).
- scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619).
- scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620).
- scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621).
- scsi: ufs: change msleep to usleep_range (bsc#1171622).
- scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623).
- scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624).
- scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625).
- scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626).
- sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02).
- sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02).
- seq_file: fix problem when seeking mid-record (bsc#1170125).
- serial: uartps: Move the spinlock after the read of the tx empty (git-fixes).
- sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14).
- signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185).
- slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28).
- slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14).
- smb3: Additional compression structures (bsc#1144333).
- smb3: Add new compression flags (bsc#1144333).
- smb3: change noisy error message to FYI (bsc#1144333).
- smb3: enable swap on SMB3 mounts (bsc#1144333).
- smb3: Minor cleanup of protocol definitions (bsc#1144333).
- smb3: remove overly noisy debug line in signing errors (bsc#1144333).
- smb3: smbdirect support can be configured by default (bsc#1144333).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333).
- spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes).
- spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510).
- spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510).
- spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510).
- spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510).
- spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510).
- spi: fsl: do not map irq during probe (git-fixes).
- spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes).
- spi: pxa2xx: Add CS control clock quirk (bsc#1051510).
- spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510).
- spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes).
- spi: spi-s3c64xx: Fix system resume support (git-fixes).
- spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510).
- staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510).
- staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510).
- staging: iio: ad2s1210: Fix SPI reading (bsc#1051510).
- staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes).
- staging: vt6656: Fix drivers TBTT timing counter (git-fixes).
- staging: vt6656: Fix pairwise key entry save (git-fixes).
- sunrpc: expiry_time should be seconds not timeval (git-fixes).
- SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes).
- supported.conf: Add br_netfilter to base (bsc#1169020).
- svcrdma: Fix leak of transport addresses (git-fixes).
- taskstats: fix data-race (bsc#1172188).
- tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27).
- tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28).
- team: add missing attribute validation for array index (networking-stable-20_03_14).
- team: add missing attribute validation for port ifindex (networking-stable-20_03_14).
- team: fix hang in team_mode_get() (networking-stable-20_04_27).
- tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes).
- tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729).
- tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555).
- tpm/tpm_tis: Free IRQ if probing fails (git-fixes).
- tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes).
- tracing: Disable trace_printk() on post poned tests (git-fixes).
- tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes).
- tty: rocket, avoid OOB access (git-fixes).
- UAS: fix deadlock in error handling and PM flushing work (git-fixes).
- UAS: no use logging any details in case of ENODEV (git-fixes).
- USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes).
- USB: cdc-acm: restore capability check order (git-fixes).
- USB: core: Fix misleading driver bug report (bsc#1051510).
- USB: dwc3: do not set gadget->is_otg flag (git-fixes).
- USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes).
- USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes).
- USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes).
- USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes).
- USB: gadget: composite: Inform controller driver of self-powered (git-fixes).
- USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes).
- USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes).
- USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510).
- USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes).
- USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes).
- USB: gadget: udc: atmel: Make some symbols static (git-fixes).
- USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes).
- USB: host: xhci-plat: keep runtime active when removing host (git-fixes).
- USB: hub: Fix handling of connect changes during sleep (git-fixes).
- usbnet: silence an unnecessary warning (bsc#1170770).
- USB: serial: garmin_gps: add sanity checking for data length (git-fixes).
- USB: serial: option: add BroadMobi BM806U (git-fixes).
- USB: serial: option: add support for ASKEY WWHC050 (git-fixes).
- USB: serial: option: add Wistron Neweb D19Q1 (git-fixes).
- USB: serial: qcserial: Add DW5816e support (git-fixes).
- USB: sisusbvga: Change port variable from signed to unsigned (git-fixes).
- usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes).
- USB: uas: add quirk for LaCie 2Big Quadra (git-fixes).
- USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes).
- video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279)
- video: fbdev: w100fb: Fix a potential double free (bsc#1051510).
- vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27).
- vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes).
- vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes).
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes).
- vxlan: check return value of gro_cells_init() (networking-stable-20_03_28).
- watchdog: reset last_hw_keepalive time at start (git-fixes).
- wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510).
- wil6210: remove reset file from debugfs (git-fixes).
- wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510).
- workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130).
- x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115).
- x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115).
- x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115).
- x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115).
- x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620).
- x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618).
- x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618).
- x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618).
- x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618).
- x86/Hyper-V: report value of misc_features (git-fixes).
- x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618).
- x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618).
- x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279).
- x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes).
- x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279).
- x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115).
- x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115).
- x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115).
- x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115).
- x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115).
- x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115).
- xen/pci: reserve MCFG areas earlier (bsc#1170145).
- xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27).
- xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes).
- xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes).
- xprtrdma: Fix completion wait during device removal (git-fixes).
ImportantSUSE bug 1051510SUSE bug 1058115SUSE bug 1065729SUSE bug 1082555SUSE bug 1089895SUSE bug 1114279SUSE bug 1133021SUSE bug 1144333SUSE bug 1151794SUSE bug 1152489SUSE bug 1154824SUSE bug 1157169SUSE bug 1158265SUSE bug 1160388SUSE bug 1160947SUSE bug 1165183SUSE bug 1165741SUSE bug 1166969SUSE bug 1167574SUSE bug 1167851SUSE bug 1168503SUSE bug 1168670SUSE bug 1169020SUSE bug 1169514SUSE bug 1169525SUSE bug 1170056SUSE bug 1170125SUSE bug 1170145SUSE bug 1170345SUSE bug 1170457SUSE bug 1170522SUSE bug 1170592SUSE bug 1170618SUSE bug 1170620SUSE bug 1170770SUSE bug 1170778SUSE bug 1170791SUSE bug 1170901SUSE bug 1171078SUSE bug 1171098SUSE bug 1171118SUSE bug 1171189SUSE bug 1171191SUSE bug 1171195SUSE bug 1171202SUSE bug 1171205SUSE bug 1171217SUSE bug 1171218SUSE bug 1171219SUSE bug 1171220SUSE bug 1171293SUSE bug 1171417SUSE bug 1171527SUSE bug 1171599SUSE bug 1171600SUSE bug 1171601SUSE bug 1171602SUSE bug 1171604SUSE bug 1171605SUSE bug 1171606SUSE bug 1171607SUSE bug 1171608SUSE bug 1171609SUSE bug 1171610SUSE bug 1171611SUSE bug 1171612SUSE bug 1171613SUSE bug 1171614SUSE bug 1171615SUSE bug 1171616SUSE bug 1171617SUSE bug 1171618SUSE bug 1171619SUSE bug 1171620SUSE bug 1171621SUSE bug 1171622SUSE bug 1171623SUSE bug 1171624SUSE bug 1171625SUSE bug 1171626SUSE bug 1171679SUSE bug 1171691SUSE bug 1171694SUSE bug 1171695SUSE bug 1171736SUSE bug 1171761SUSE bug 1171948SUSE bug 1171949SUSE bug 1171951SUSE bug 1171952SUSE bug 1171982SUSE bug 1171983SUSE bug 1172096SUSE bug 1172097SUSE bug 1172098SUSE bug 1172099SUSE bug 1172101SUSE bug 1172102SUSE bug 1172103SUSE bug 1172104SUSE bug 1172127SUSE bug 1172130SUSE bug 1172185SUSE bug 1172188SUSE bug 1172199SUSE bug 1172221SUSE bug 1172253SUSE bug 1172317SUSE bug 1172342SUSE bug 1172343SUSE bug 1172344SUSE bug 1172366SUSE bug 1172391SUSE bug 1172397SUSE bug 1172453CVE-2018-1000199 at SUSECVE-2018-1000199 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-20806 at SUSECVE-2019-20806 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-9455 at SUSECVE-2019-9455 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10720 at SUSECVE-2020-10720 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-12114 at SUSECVE-2020-12114 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12768 at SUSECVE-2020-12768 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it.
This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).
- CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).
- CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).
- CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736).
- CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).
- CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).
- CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).
- CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).
- CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).
- CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).
- CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).
- CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).
- CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).
- CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).
- CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).
- CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).
- CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).
- CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).
- CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).
- CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).
- CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199).
- CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).
- CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).
The following non-security bugs were fixed:
- ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510).
- ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510).
- acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510).
- Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE.
- agp/intel: Reinforce the barrier after GTT updates (bsc#1051510).
- ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510).
- ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666).
- ALSA: hda: Do not release card at firmware loading error (bsc#1051510).
- ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510).
- ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510).
- ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510).
- ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes).
- ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510).
- ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes).
- ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes).
- ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510).
- ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293).
- ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510).
- ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes).
- ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes).
- ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510).
- ALSA: pcm: fix incorrect hw_base increase (git-fixes).
- ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522).
- ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes).
- ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes).
- ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510).
- ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510).
- ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510).
- ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes).
- ALSA: usx2y: Fix potential NULL dereference (bsc#1051510).
- ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510).
- ASoC: dapm: connect virtual mux with default value (bsc#1051510).
- ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510).
- ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510).
- ASoC: fix regwmask (bsc#1051510).
- ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510).
- ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666).
- ASoC: topology: Check return value of pcm_new_ver (bsc#1051510).
- ASoC: topology: use name_prefix for new kcontrol (bsc#1051510).
- b43legacy: Fix case where channel status is corrupted (bsc#1051510).
- batman-adv: fix batadv_nc_random_weight_tq (git-fixes).
- batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes).
- batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes).
- batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes).
- bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)).
- bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)).
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)).
- block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527).
- block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599).
- block: fix busy device checking in blk_drop_partitions again (bsc#1171948).
- block: fix busy device checking in blk_drop_partitions (bsc#1171948).
- block: fix memleak of bio integrity data (git fixes (block drivers)).
- block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948).
- bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28).
- bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14).
- bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14).
- brcmfmac: abort and release host after error (bsc#1051510).
- Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127).
- btrfs: fix log context list corruption after rename whiteout error (bsc#1172342).
- btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343).
- btrfs: move the dio_sem higher up the callchain (bsc#1171761).
- btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366).
- btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366).
- btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127).
- btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127).
- btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127).
- can: add missing attribute validation for termination (networking-stable-20_03_14).
- cdc-acm: close race betrween suspend() and acm_softint (git-fixes).
- cdc-acm: introduce a cool down (git-fixes).
- ceph: fix double unlock in handle_cap_export() (bsc#1171694).
- ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695).
- cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14).
- CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333).
- CIFS: Allocate encryption header through kmalloc (bsc#1144333).
- CIFS: allow unlock flock and OFD lock across fork (bsc#1144333).
- CIFS: check new file size when extending file by fallocate (bsc#1144333).
- CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333).
- CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333).
- CIFS: do not share tcons with DFS (bsc#1144333).
- CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333).
- CIFS: ensure correct super block for DFS reconnect (bsc#1144333).
- CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333).
- CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333).
- CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333).
- CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333).
- CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333).
- CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333).
- CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333).
- CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333).
- CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333).
- CIFS: smbd: Check send queue size before posting a send (bsc#1144333).
- CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333).
- CIFS: smbd: Merge code to track pending packets (bsc#1144333).
- CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333).
- CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333).
- CIFS: Warn less noisily on default mount (bsc#1144333).
- clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510).
- clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510).
- clk: imx: make mux parent strings const (bsc#1051510).
- clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510).
- clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510).
- clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620).
- clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510).
- component: Silence bind error on -EPROBE_DEFER (bsc#1051510).
- coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)).
- cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510).
- crypto: ccp - AES CFB mode is a stream cipher (git-fixes).
- crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes).
- crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279).
- crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279).
- debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes).
- dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510).
- dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574).
- dm writecache: fix data corruption when reloading the target (git fixes (block drivers)).
- dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)).
- dm writecache: verify watermark during resume (git fixes (block drivers)).
- dm zoned: fix invalid memory access (git fixes (block drivers)).
- dm zoned: reduce overhead of backing device checks (git fixes (block drivers)).
- dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)).
- dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)).
- dp83640: reverse arguments to list_add_tail (git-fixes).
- drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253).
- Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618).
- Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618).
- Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618).
- Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618).
- drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729).
- drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes
- drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes
- drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510).
- drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510).
- drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279)
- drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279)
- drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes
- drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510).
- drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279)
- drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510).
- drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510).
- drm/qxl: qxl_release use after free (bsc#1051510).
- drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes
- dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)).
- EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525).
- ext4: do not zeroout extents beyond i_disksize (bsc#1167851).
- ext4: fix extent_status fragmentation for plain files (bsc#1171949).
- ext4: use non-movable memory for superblock readahead (bsc#1171952).
- fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679).
- fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes
- fib: add missing attribute validation for tun_id (networking-stable-20_03_14).
- firmware: qcom: scm: fix compilation error when disabled (bsc#1051510).
- fs/cifs: fix gcc warning in sid_to_id (bsc#1144333).
- fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125).
- gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510).
- gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14).
- HID: hid-input: clear unmapped usages (git-fixes).
- HID: hyperv: Add a module description line (bsc#1172253).
- HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes).
- HID: i2c-hid: override HID descriptors for certain devices (git-fixes).
- HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510).
- HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes).
- hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)).
- hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28).
- hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17).
- hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28).
- hsr: set .netnsok flag (networking-stable-20_03_28).
- hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28).
- i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes).
- i2c: acpi: put device when verifying client fails (git-fixes).
- i2c: brcmstb: remove unused struct member (git-fixes).
- i2c: core: Allow empty id_table in ACPI case as well (git-fixes).
- i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes).
- i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510).
- i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes).
- i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes).
- i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes).
- i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes).
- i2c: isch: Remove unnecessary acpi.h include (git-fixes).
- i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510).
- i2c: st: fix missing struct parameter description (bsc#1051510).
- IB/ipoib: Add child to parent list only if device initialized (bsc#1168503).
- IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503).
- IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503).
- IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503).
- IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503).
- IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503).
- IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503).
- IB/ipoib: Move init code to ndo_init (bsc#1168503).
- IB/ipoib: Replace printk with pr_warn (bsc#1168503).
- IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503).
- IB/ipoib: Warn when one port fails to initialize (bsc#1168503).
- ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239).
- iio:ad7797: Use correct attribute_group (bsc#1051510).
- iio: adc: stm32-adc: fix device used to request dma (bsc#1051510).
- iio: adc: stm32-adc: fix sleep in atomic context (git-fixes).
- iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510).
- iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510).
- iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510).
- iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510).
- iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510).
- iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510).
- ima: Fix return value of ima_write_policy() (git-fixes).
- Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510).
- Input: hyperv-keyboard - add module description (bsc#1172253).
- Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510).
- Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510).
- Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510).
- Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510).
- Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes).
- Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510).
- Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510).
- iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096).
- iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097).
- iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098).
- iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099).
- iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101).
- iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102).
- iommu/amd: Update Device Table in increase_address_space() (bsc#1172103).
- iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397).
- ipmi: fix hung processes in __get_guid() (git-fixes).
- ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02).
- ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14).
- ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09).
- ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01).
- ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01).
- ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14).
- ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14).
- ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14).
- iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510).
- kabi fix for early XHCI debug (git-fixes).
- kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes).
- kabi, protect struct ib_device (bsc#1168503).
- kabi/severities: Do not track KVM internal symbols.
- kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party.
- kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes).
- KEYS: reaching the keys quotas correctly (bsc#1051510).
- KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021).
- KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021).
- KVM: Check validity of resolved slot when searching memslots (bsc#1172104).
- KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes).
- KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes).
- KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes).
- KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489).
- l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17).
- libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510).
- libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510).
- lib: raid6: fix awk build warnings (git fixes (block drivers)).
- lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)).
- lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)).
- locks: print unsigned ino in /proc/locks (bsc#1171951).
- mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510).
- mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510).
- mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510).
- macsec: avoid to set wrong mtu (bsc#1051510).
- macsec: restrict to ethernet devices (networking-stable-20_03_28).
- macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14).
- macvlan: fix null dereference in macvlan_device_event() (bsc#1051510).
- md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes).
- md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)).
- md/raid10: prevent access of uninitialized resync_pages offset (git-fixes).
- media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510).
- media: platform: fcp: Set appropriate DMA parameters (bsc#1051510).
- media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes).
- mei: release me_cl object reference (bsc#1051510).
- mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27).
- mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09).
- mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes).
- mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes).
- mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes).
- mmc: meson-gx: simplify interrupt handler (git-fixes).
- mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes).
- mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510).
- mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510).
- mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes).
- mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510).
- mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510).
- mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510).
- mmc: tmio: fix access width of Block Count Register (git-fixes).
- mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)).
- mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510).
- mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes).
- mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes).
- mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes).
- mwifiex: avoid -Wstringop-overflow warning (bsc#1051510).
- mwifiex: Fix memory corruption in dump_station (bsc#1051510).
- net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27).
- net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27).
- net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27).
- net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09).
- net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09).
- net: dsa: bcm_sf2: Fix overflow checks (git-fixes).
- net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28).
- net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14).
- net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14).
- net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01).
- net: fix race condition in __inet_lookup_established() (bsc#1151794).
- net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14).
- net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02).
- net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17).
- net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17).
- netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14).
- net: macsec: update SCI upon MAC address change (networking-stable-20_03_14).
- net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14).
- net: memcg: late association of sock to memcg (networking-stable-20_03_14).
- net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27).
- net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118).
- net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118).
- net/mlx5e: Fix ethtool self test: link speed (bsc#1171118).
- net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118).
- net/mlx5: Expose link speed directly (bsc#1171118).
- net/mlx5: Expose port speed when possible (bsc#1171118).
- net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28).
- net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27).
- net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14).
- net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01).
- net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28).
- net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17).
- net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
- net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27).
- nfc: add missing attribute validation for SE API (networking-stable-20_03_14).
- nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14).
- nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01).
- NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510).
- nfsd4: fix up replay_matches_cache() (git-fixes).
- nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes).
- nfsd: fix delay timer on 32-bit architectures (git-fixes).
- nfsd: fix jiffies/time_t mixup in LRU list (git-fixes).
- NFS: Directory page cache pages need to be locked when read (git-fixes).
- nfsd: memory corruption in nfsd4_lock() (git-fixes).
- NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457).
- NFS: Fix memory leaks and corruption in readdir (git-fixes).
- NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes).
- NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes).
- NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592).
- NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes).
- NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes).
- NFS: Revalidate the file size on a fatal write error (git-fixes).
- NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes).
- NFSv4: Do not allow a cached open with a revoked delegation (git-fixes).
- NFSv4: Fix leak of clp->cl_acceptor string (git-fixes).
- NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes).
- NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes).
- NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes).
- nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14).
- nl802154: add missing attribute validation (networking-stable-20_03_14).
- nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391).
- objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514).
- objtool: Fix switch table detection in .text.unlikely (bsc#1169514).
- objtool: Make BP scratch register warning more robust (bsc#1169514).
- padata: Remove broken queue flushing (git-fixes).
- Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)).
- pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes).
- pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes).
- platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510).
- pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes).
- powerpc: Add attributes for setjmp/longjmp (bsc#1065729).
- powerpc/pci/of: Parse unassigned resources (bsc#1065729).
- powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729).
- powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729).
- qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01).
- r8152: check disconnect status after long sleep (networking-stable-20_03_14).
- raid6/ppc: Fix build for clang (git fixes (block drivers)).
- rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)).
- RDMA/ipoib: Fix use of sizeof() (bsc#1168503).
- RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503).
- RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503).
- RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503).
- Remove 2 git-fixes that cause build issues. (bsc#1171691)
- Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes).
- Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes
- Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted.
- Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module.
- Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted.
- Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221).
- rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510).
- s390/cio: avoid duplicated 'ADD' uevents (git-fixes).
- s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes).
- s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes).
- s390/diag: fix display of diagnose call statistics (git-fixes).
- s390/ftrace: fix potential crashes when switching tracers (git-fixes).
- s390/gmap: return proper error code on ksm unsharing (git-fixes).
- s390/ism: fix error return code in ism_probe() (git-fixes).
- s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103).
- s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103).
- s390/qeth: cancel RX reclaim work earlier (git-fixes).
- s390/qeth: do not return -ENOTSUPP to userspace (git-fixes).
- s390/qeth: do not warn for napi with 0 budget (git-fixes).
- s390/qeth: fix off-by-one in RX copybreak check (git-fixes).
- s390/qeth: fix promiscuous mode after reset (git-fixes).
- s390/qeth: fix qdio teardown after early init error (git-fixes).
- s390/qeth: handle error due to unsupported transport mode (git-fixes).
- s390/qeth: handle error when backing RX buffer (git-fixes).
- s390/qeth: lock the card while changing its hsuid (git-fixes).
- s390/qeth: support net namespaces for L3 devices (git-fixes).
- s390/time: Fix clk type in get_tod_clock (git-fixes).
- scripts/decodecode: fix trapping instruction formatting (bsc#1065729).
- scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388).
- scsi: bnx2i: fix potential use after free (bsc#1171600).
- scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data
- scsi: core: save/restore command resid for error handling (bsc#1171602).
- scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604).
- scsi: core: try to get module before removing device (bsc#1171605).
- scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606).
- scsi: csiostor: Do not enable IRQs too early (bsc#1171607).
- scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608).
- scsi: fnic: fix invalid stack access (bsc#1171609).
- scsi: fnic: fix msix interrupt allocation (bsc#1171610).
- scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611).
- scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612).
- scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613).
- scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614).
- scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615).
- scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616).
- scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169).
- scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169).
- scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169).
- scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169).
- scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169).
- scsi: qla2xxx: Fix regression warnings (bsc#1157169).
- scsi: qla2xxx: Remove non functional code (bsc#1157169).
- scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169).
- scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617).
- scsi: qla4xxx: fix double free bug (bsc#1171618).
- scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619).
- scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620).
- scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621).
- scsi: ufs: change msleep to usleep_range (bsc#1171622).
- scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623).
- scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624).
- scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625).
- scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626).
- scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes).
- sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02).
- sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02).
- sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01).
- seq_file: fix problem when seeking mid-record (bsc#1170125).
- serial: uartps: Move the spinlock after the read of the tx empty (git-fixes).
- sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14).
- signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185).
- slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28).
- slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14).
- smb3: Additional compression structures (bsc#1144333).
- smb3: Add new compression flags (bsc#1144333).
- smb3: change noisy error message to FYI (bsc#1144333).
- smb3: enable swap on SMB3 mounts (bsc#1144333).
- smb3: Minor cleanup of protocol definitions (bsc#1144333).
- smb3: remove overly noisy debug line in signing errors (bsc#1144333).
- smb3: smbdirect support can be configured by default (bsc#1144333).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333).
- spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes).
- spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510).
- spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510).
- spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510).
- spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510).
- spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510).
- spi: fsl: do not map irq during probe (git-fixes).
- spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes).
- spi: pxa2xx: Add CS control clock quirk (bsc#1051510).
- spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510).
- spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes).
- spi: spi-s3c64xx: Fix system resume support (git-fixes).
- spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510).
- staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510).
- staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510).
- staging: iio: ad2s1210: Fix SPI reading (bsc#1051510).
- staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes).
- staging: vt6656: Fix drivers TBTT timing counter (git-fixes).
- staging: vt6656: Fix pairwise key entry save (git-fixes).
- sunrpc: expiry_time should be seconds not timeval (git-fixes).
- SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes).
- supported.conf: Add br_netfilter to base (bsc#1169020).
- svcrdma: Fix leak of transport addresses (git-fixes).
- taskstats: fix data-race (bsc#1172188).
- tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27).
- tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28).
- team: add missing attribute validation for array index (networking-stable-20_03_14).
- team: add missing attribute validation for port ifindex (networking-stable-20_03_14).
- team: fix hang in team_mode_get() (networking-stable-20_04_27).
- tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes).
- tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729).
- tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555).
- tpm/tpm_tis: Free IRQ if probing fails (git-fixes).
- tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes).
- tracing: Disable trace_printk() on post poned tests (git-fixes).
- tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes).
- tty: rocket, avoid OOB access (git-fixes).
- UAS: fix deadlock in error handling and PM flushing work (git-fixes).
- UAS: no use logging any details in case of ENODEV (git-fixes).
- USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes).
- USB: cdc-acm: restore capability check order (git-fixes).
- USB: core: Fix misleading driver bug report (bsc#1051510).
- USB: dwc3: do not set gadget->is_otg flag (git-fixes).
- USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes).
- USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes).
- USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes).
- USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes).
- USB: gadget: composite: Inform controller driver of self-powered (git-fixes).
- USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes).
- USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes).
- USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510).
- USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes).
- USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes).
- USB: gadget: udc: atmel: Make some symbols static (git-fixes).
- USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes).
- USB: host: xhci-plat: keep runtime active when removing host (git-fixes).
- USB: hub: Fix handling of connect changes during sleep (git-fixes).
- usbnet: silence an unnecessary warning (bsc#1170770).
- USB: serial: garmin_gps: add sanity checking for data length (git-fixes).
- USB: serial: option: add BroadMobi BM806U (git-fixes).
- USB: serial: option: add support for ASKEY WWHC050 (git-fixes).
- USB: serial: option: add Wistron Neweb D19Q1 (git-fixes).
- USB: serial: qcserial: Add DW5816e support (git-fixes).
- USB: sisusbvga: Change port variable from signed to unsigned (git-fixes).
- usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes).
- USB: uas: add quirk for LaCie 2Big Quadra (git-fixes).
- USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes).
- video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279)
- video: fbdev: w100fb: Fix a potential double free (bsc#1051510).
- vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27).
- vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes).
- vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes).
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes).
- vxlan: check return value of gro_cells_init() (networking-stable-20_03_28).
- watchdog: reset last_hw_keepalive time at start (git-fixes).
- wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510).
- wil6210: remove reset file from debugfs (git-fixes).
- wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510).
- workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130).
- x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115).
- x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115).
- x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115).
- x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115).
- x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620).
- x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618).
- x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618).
- x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618).
- x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618).
- x86:Hyper-V: report value of misc_features (git-fixes).
- x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618).
- x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618).
- x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279).
- x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes).
- x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279).
- x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115).
- x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115).
- x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115).
- x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115).
- x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115).
- x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115).
- x86/xen: fix booting 32-bit pv guest (bsc#1071995).
- x86/xen: Make the boot CPU idle task reliable (bsc#1071995).
- x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995).
- xen/pci: reserve MCFG areas earlier (bsc#1170145).
- xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27).
- xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes).
- xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes).
- xprtrdma: Fix completion wait during device removal (git-fixes).
ImportantSUSE bug 1051510SUSE bug 1058115SUSE bug 1065729SUSE bug 1071995SUSE bug 1082555SUSE bug 1089895SUSE bug 1111666SUSE bug 1114279SUSE bug 1133021SUSE bug 1144333SUSE bug 1151794SUSE bug 1152489SUSE bug 1154824SUSE bug 1157169SUSE bug 1158265SUSE bug 1160388SUSE bug 1160947SUSE bug 1165183SUSE bug 1165741SUSE bug 1166969SUSE bug 1167574SUSE bug 1167851SUSE bug 1168503SUSE bug 1168670SUSE bug 1169020SUSE bug 1169514SUSE bug 1169525SUSE bug 1170056SUSE bug 1170125SUSE bug 1170145SUSE bug 1170345SUSE bug 1170457SUSE bug 1170522SUSE bug 1170592SUSE bug 1170618SUSE bug 1170620SUSE bug 1170770SUSE bug 1170778SUSE bug 1170791SUSE bug 1170901SUSE bug 1171078SUSE bug 1171098SUSE bug 1171118SUSE bug 1171189SUSE bug 1171191SUSE bug 1171195SUSE bug 1171202SUSE bug 1171205SUSE bug 1171217SUSE bug 1171218SUSE bug 1171219SUSE bug 1171220SUSE bug 1171293SUSE bug 1171417SUSE bug 1171527SUSE bug 1171599SUSE bug 1171600SUSE bug 1171601SUSE bug 1171602SUSE bug 1171604SUSE bug 1171605SUSE bug 1171606SUSE bug 1171607SUSE bug 1171608SUSE bug 1171609SUSE bug 1171610SUSE bug 1171611SUSE bug 1171612SUSE bug 1171613SUSE bug 1171614SUSE bug 1171615SUSE bug 1171616SUSE bug 1171617SUSE bug 1171618SUSE bug 1171619SUSE bug 1171620SUSE bug 1171621SUSE bug 1171622SUSE bug 1171623SUSE bug 1171624SUSE bug 1171625SUSE bug 1171626SUSE bug 1171679SUSE bug 1171691SUSE bug 1171694SUSE bug 1171695SUSE bug 1171736SUSE bug 1171761SUSE bug 1171948SUSE bug 1171949SUSE bug 1171951SUSE bug 1171952SUSE bug 1171982SUSE bug 1171983SUSE bug 1172096SUSE bug 1172097SUSE bug 1172098SUSE bug 1172099SUSE bug 1172101SUSE bug 1172102SUSE bug 1172103SUSE bug 1172104SUSE bug 1172127SUSE bug 1172130SUSE bug 1172185SUSE bug 1172188SUSE bug 1172199SUSE bug 1172221SUSE bug 1172253SUSE bug 1172317SUSE bug 1172342SUSE bug 1172343SUSE bug 1172344SUSE bug 1172366SUSE bug 1172391SUSE bug 1172397SUSE bug 1172453CVE-2018-1000199 at SUSECVE-2018-1000199 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-20806 at SUSECVE-2019-20806 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-9455 at SUSECVE-2019-9455 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10720 at SUSECVE-2020-10720 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-12114 at SUSECVE-2020-12114 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12768 at SUSECVE-2020-12768 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDcpe:/o:suse:sles:12:sp4Security update for ed (Low)SUSE Linux Enterprise Server 12 SP4
This update for ed fixes the following security issue:
- CVE-2017-5357: An invalid free in the regular expression handling
of the 'ed' command processing could allow local users to crash ed. (bsc#1019807)
LowSUSE bug 1019807CVE-2017-5357 at SUSECVE-2017-5357 at NVDcpe:/o:suse:sles:12:sp4Security update for adns (Important)SUSE Linux Enterprise Server 12 SP4
This update for adns fixes the following issues:
- CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver
which could have led to remote code execution (bsc#1172265).
- CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of
service (bsc#1172265).
- CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265).
- CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265).
ImportantSUSE bug 1172265CVE-2017-9103 at SUSECVE-2017-9103 at NVDCVE-2017-9104 at SUSECVE-2017-9104 at NVDCVE-2017-9105 at SUSECVE-2017-9105 at NVDCVE-2017-9106 at SUSECVE-2017-9106 at NVDCVE-2017-9107 at SUSECVE-2017-9107 at NVDCVE-2017-9108 at SUSECVE-2017-9108 at NVDCVE-2017-9109 at SUSECVE-2017-9109 at NVDcpe:/o:suse:sles:12:sp4Security update for audiofile (Low)SUSE Linux Enterprise Server 12 SP4
This update for audiofile fixes the following issues:
Security issue fixed:
- CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523).
LowSUSE bug 1100523CVE-2018-13440 at SUSECVE-2018-13440 at NVDcpe:/o:suse:sles:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4
This update for xen to version 4.11.4 fixes the following issues:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it.
This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).
ImportantSUSE bug 1027519SUSE bug 1172205CVE-2020-0543 at SUSECVE-2020-0543 at NVDcpe:/o:suse:sles:12:sp4Security update for gnuplot (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gnuplot fixes the following issues:
Following security issues were fixed:
- CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463)
- CVE-2018-19491: Fixed a buffer overlow in the PS_options function (bsc#1117464)
- CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465)
- CVE-2017-9670: Fixed a uninitialized stack variable vulnerability which could lead to a Denial of Service (bsc#1044638)
ModerateSUSE bug 1044638SUSE bug 1117463SUSE bug 1117464SUSE bug 1117465CVE-2017-9670 at SUSECVE-2017-9670 at NVDCVE-2018-19490 at SUSECVE-2018-19490 at NVDCVE-2018-19491 at SUSECVE-2018-19491 at NVDCVE-2018-19492 at SUSECVE-2018-19492 at NVDcpe:/o:suse:sles:12:sp4Security update for perl (Important)SUSE Linux Enterprise Server 12 SP4
This update for perl fixes the following issues:
- CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have
allowed overwriting of allocated memory with attacker's data (bsc#1171863).
- CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of
instructions into the compiled form of Perl regular expression (bsc#1171864).
- CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a
compiled regular expression (bsc#1171866).
- Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601).
- Some packages make assumptions about the date and time they are built.
This update will solve the issues caused by calling the perl function timelocal
expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039)
ImportantSUSE bug 1102840SUSE bug 1160039SUSE bug 1170601SUSE bug 1171863SUSE bug 1171864SUSE bug 1171866CVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_1-ibm fixes the following issues:
java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511)
- CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service
- CVE-2020-2756: Improved mapping of serial ENUMs
- CVE-2020-2757: Less Blocking Array Queues
- CVE-2020-2781: Improved TLS session handling
- CVE-2020-2800: Improved Headings for HTTP Servers
- CVE-2020-2803: Enhanced buffering of byte buffers
- CVE-2020-2805: Enhanced typing of methods
- CVE-2020-2830: Improved Scanner conversions
ImportantSUSE bug 1169511SUSE bug 1172277CVE-2020-2654 at SUSECVE-2020-2654 at NVDCVE-2020-2756 at SUSECVE-2020-2756 at NVDCVE-2020-2757 at SUSECVE-2020-2757 at NVDCVE-2020-2781 at SUSECVE-2020-2781 at NVDCVE-2020-2800 at SUSECVE-2020-2800 at NVDCVE-2020-2803 at SUSECVE-2020-2803 at NVDCVE-2020-2805 at SUSECVE-2020-2805 at NVDCVE-2020-2830 at SUSECVE-2020-2830 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-ibm fixes the following issues:
java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968)
- CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service
- CVE-2020-2754: Forwarded references to Nashorn
- CVE-2020-2755: Improved Nashorn matching
- CVE-2020-2756: Improved mapping of serial ENUMs
- CVE-2020-2757: Less Blocking Array Queues
- CVE-2020-2781: Improved TLS session handling
- CVE-2020-2800: Improved Headings for HTTP Servers
- CVE-2020-2803: Enhanced buffering of byte buffers
- CVE-2020-2805: Enhanced typing of methods
- CVE-2020-2830: Improved Scanner conversions
- CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data
- Added RSA PSS SUPPORT TO IBMPKCS11IMPL
- The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352).
ImportantSUSE bug 1160968SUSE bug 1169511SUSE bug 1171352SUSE bug 1172277CVE-2019-2949 at SUSECVE-2019-2949 at NVDCVE-2020-2654 at SUSECVE-2020-2654 at NVDCVE-2020-2754 at SUSECVE-2020-2754 at NVDCVE-2020-2755 at SUSECVE-2020-2755 at NVDCVE-2020-2756 at SUSECVE-2020-2756 at NVDCVE-2020-2757 at SUSECVE-2020-2757 at NVDCVE-2020-2781 at SUSECVE-2020-2781 at NVDCVE-2020-2800 at SUSECVE-2020-2800 at NVDCVE-2020-2803 at SUSECVE-2020-2803 at NVDCVE-2020-2805 at SUSECVE-2020-2805 at NVDCVE-2020-2830 at SUSECVE-2020-2830 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues:
- CVE-2020-2754: Forward references to Nashorn (bsc#1169511)
- CVE-2020-2755: Improve Nashorn matching (bsc#1169511)
- CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511)
- CVE-2020-2757: Less Blocking Array Queues (bsc#1169511)
- CVE-2020-2773: Better signatures in XML (bsc#1169511)
- CVE-2020-2781: Improve TLS session handling (bsc#1169511)
- CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511)
- CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511)
- CVE-2020-2805: Enhance typing of methods (bsc#1169511)
- CVE-2020-2830: Better Scanner conversions (bsc#1169511)
ImportantSUSE bug 1160398SUSE bug 1169511CVE-2020-2754 at SUSECVE-2020-2754 at NVDCVE-2020-2755 at SUSECVE-2020-2755 at NVDCVE-2020-2756 at SUSECVE-2020-2756 at NVDCVE-2020-2757 at SUSECVE-2020-2757 at NVDCVE-2020-2773 at SUSECVE-2020-2773 at NVDCVE-2020-2781 at SUSECVE-2020-2781 at NVDCVE-2020-2800 at SUSECVE-2020-2800 at NVDCVE-2020-2803 at SUSECVE-2020-2803 at NVDCVE-2020-2805 at SUSECVE-2020-2805 at NVDCVE-2020-2830 at SUSECVE-2020-2830 at NVDcpe:/o:suse:sles:12:sp4Security update for libgxps (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libgxps fixes the following issues:
- CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125).
ModerateSUSE bug 1092125CVE-2018-10733 at SUSECVE-2018-10733 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb fixes the following issues:
mariadb was updated to version 10.2.32 (bsc#1171550)
- CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server.
Release notes and changelog:
- https://mariadb.com/kb/en/library/mariadb-10232-release-notes
- https://mariadb.com/kb/en/library/mariadb-10232-changelog
- Update to 10.2.32 GA [bsc#1171550]
ModerateSUSE bug 1171550CVE-2020-13249 at SUSECVE-2020-13249 at NVDCVE-2020-2752 at SUSECVE-2020-2752 at NVDCVE-2020-2760 at SUSECVE-2020-2760 at NVDCVE-2020-2812 at SUSECVE-2020-2812 at NVDCVE-2020-2814 at SUSECVE-2020-2814 at NVDcpe:/o:suse:sles:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious
server to overwrite a local file when using the -J option (bsc#1173027).
ImportantSUSE bug 1173027CVE-2020-8177 at SUSECVE-2020-8177 at NVDcpe:/o:suse:sles:12:sp4Security update for ceph (Important)SUSE Linux Enterprise Server 12 SP4
This is a version update for ceph to version 12.2.13:
Security issue fixed:
- CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921).
- Notable changes in this update for ceph:
* mgr: telemetry: backported and now available on SES5.5. Please
consider enabling via 'ceph telemetry on' (bsc#1171670)
* OSD heartbeat ping time: new health warning, options and admin
commands (bsc#1171960)
* 'osd_calc_pg_upmaps_max_stddev' ceph.conf parameter has been
removed; use 'upmap_max_deviation' instead (bsc#1171961)
* Default maximum concurrent bluestore rocksdb compaction threads
raised from 1 to 2 for improved ability to keep up with rgw
bucket index workloads (bsc#1171963)
- Bug fixes in this ceph update:
* mon: Error message displayed when mon_osd_max_split_count would be
exceeded is not as user-friendly as it could be (bsc#1126230)
* ceph_volume_client: remove ceph mds calls in favor of ceph fs
calls (bsc#1136082)
* rgw: crypt: permit RGW-AUTO/default with SSE-S3 headers
(bsc#1157607)
* mon/AuthMonitor: don't validate fs caps on authorize (bsc#1161096)
- Additional bug fixes:
* ceph-volume: strip _dmcrypt suffix in simple scan json output (bsc#1162553) ImportantSUSE bug 1126230SUSE bug 1136082SUSE bug 1157607SUSE bug 1161096SUSE bug 1162553SUSE bug 1171670SUSE bug 1171921SUSE bug 1171960SUSE bug 1171961SUSE bug 1171963CVE-2020-10753 at SUSECVE-2020-10753 at NVDcpe:/o:suse:sles:12:sp4Security update for tigervnc (Important)SUSE Linux Enterprise Server 12 SP4
This update for tigervnc fixes the following issues:
- CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856).
- CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250).
- CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858).
- CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251).
- CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860).
Other bugs fixed:
- Fix random connection freezes (bsc#1169952, bsc#1160249, bsc#1165680):
ImportantSUSE bug 1159856SUSE bug 1159858SUSE bug 1159860SUSE bug 1160249SUSE bug 1160250SUSE bug 1160251SUSE bug 1160937SUSE bug 1165680SUSE bug 1169952CVE-2019-15691 at SUSECVE-2019-15691 at NVDCVE-2019-15692 at SUSECVE-2019-15692 at NVDCVE-2019-15693 at SUSECVE-2019-15693 at NVDCVE-2019-15694 at SUSECVE-2019-15694 at NVDCVE-2019-15695 at SUSECVE-2019-15695 at NVDcpe:/o:suse:sles:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4
This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)
ImportantSUSE bug 1172405CVE-2020-8022 at SUSECVE-2020-8022 at NVDcpe:/o:suse:sles:12:sp4Security update for python3-requests (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python3-requests provides the following fix:
python-requests was updated to 2.20.1.
Update to version 2.20.1:
* Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).
Update to version 2.20.0:
* Bugfixes
+ Content-Type header parsing is now case-insensitive
(e.g. charset=utf8 v Charset=utf8).
+ Fixed exception leak where certain redirect urls would raise
uncaught urllib3 exceptions.
+ Requests removes Authorization header from requests redirected
from https to http on the same hostname. (CVE-2018-18074)
+ should_bypass_proxies now handles URIs without hostnames
(e.g. files).
Update to version 2.19.1:
* Fixed issue where status_codes.py’s init function failed trying
to append to a __doc__ value of None.
Update to version 2.19.0:
* Improvements
+ Warn about possible slowdown with cryptography version < 1.3.4
+ Check host in proxy URL, before forwarding request to adapter.
+ Maintain fragments properly across redirects. (RFC7231 7.1.2)
+ Removed use of cgi module to expedite library load time.
+ Added support for SHA-256 and SHA-512 digest auth algorithms.
+ Minor performance improvement to Request.content.
* Bugfixes
+ Parsing empty Link headers with parse_header_links() no longer
return one bogus entry.
+ Fixed issue where loading the default certificate bundle from
a zip archive would raise an IOError.
+ Fixed issue with unexpected ImportError on windows system
which do not support winreg module.
+ DNS resolution in proxy bypass no longer includes the username
and password in the request. This also fixes the issue of DNS
queries failing on macOS.
+ Properly normalize adapter prefixes for url comparison.
+ Passing None as a file pointer to the files param no longer
raises an exception.
+ Calling copy on a RequestsCookieJar will now preserve the
cookie policy correctly.
Update to version 2.18.4:
* Improvements
+ Error messages for invalid headers now include the header name
for easier debugging
Update to version 2.18.3:
* Improvements
+ Running $ python -m requests.help now includes the installed
version of idna.
* Bugfixes
+ Fixed issue where Requests would raise ConnectionError instead
of SSLError when encountering SSL problems when using urllib3
v1.22.
- Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https
connections will fail.
ModerateSUSE bug 1054413SUSE bug 1073879SUSE bug 1111622SUSE bug 1122668SUSE bug 761500SUSE bug 922448SUSE bug 929736SUSE bug 935252SUSE bug 945455SUSE bug 947357SUSE bug 961596SUSE bug 967128CVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sles:12:sp4Security update for mutt (Important)SUSE Linux Enterprise Server 12 SP4
This update for mutt fixes the following issues:
- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was
affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was
proceeding with a connection (bsc#1172906, bsc#1172935).
ImportantSUSE bug 1172906SUSE bug 1172935SUSE bug 1173197CVE-2020-14093 at SUSECVE-2020-14093 at NVDCVE-2020-14154 at SUSECVE-2020-14154 at NVDCVE-2020-14954 at SUSECVE-2020-14954 at NVDcpe:/o:suse:sles:12:sp4Security update for unzip (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for unzip fixes the following issues:
- CVE-2018-18384: Fixed a buffer overflow when listing files (bsc#1110194)
ModerateSUSE bug 1110194CVE-2018-18384 at SUSECVE-2018-18384 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb-100 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb-100 fixes the following issues:
mariadb-100 was updated to version 10.0.44 (bsc#1171550)
- CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- Fixed some test failures
ModerateSUSE bug 1171550CVE-2020-2752 at SUSECVE-2020-2752 at NVDCVE-2020-2812 at SUSECVE-2020-2812 at NVDcpe:/o:suse:sles:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4
This update for squid fixes the following issues:
- CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server
during TLS Handshake (bsc#1173304).
- CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373).
ImportantSUSE bug 1167373SUSE bug 1173304CVE-2019-18860 at SUSECVE-2019-18860 at NVDCVE-2020-14059 at SUSECVE-2020-14059 at NVDcpe:/o:suse:sles:12:sp4Security update for ntp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address
frequently send to the client ntpd could have caused denial of service (bsc#1169740).
- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent
a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed
mode 3 and mode 5 packets (bsc#1171355).
- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time
from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming
the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
ModerateSUSE bug 1169740SUSE bug 1171355SUSE bug 1172651SUSE bug 1173334CVE-2018-8956 at SUSECVE-2018-8956 at NVDCVE-2020-11868 at SUSECVE-2020-11868 at NVDCVE-2020-13817 at SUSECVE-2020-13817 at NVDCVE-2020-15025 at SUSECVE-2020-15025 at NVDcpe:/o:suse:sles:12:sp4Security update for transfig (Low)SUSE Linux Enterprise Server 12 SP4
This update for transfig fixes the following issues:
Security issue fixed:
- CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650).
- CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in
read.c, which allowed an attacker to write prior to the beginning of the
buffer via specially crafted .fig file (bsc#1106531)
LowSUSE bug 1106531SUSE bug 1143650CVE-2018-16140 at SUSECVE-2018-16140 at NVDCVE-2019-14275 at SUSECVE-2019-14275 at NVDcpe:/o:suse:sles:12:sp4Security update for systemd (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for systemd fixes the following issues:
- CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436).
- Renamed the persistent link for ATA devices (bsc#1164538)
- shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315)
- tmpfiles: removed unnecessary assert (bsc#1171145)
- pid1: by default make user units inherit their umask from the user manager (bsc#1162698)
- manager: fixed job mode when signalled to shutdown etc (bsc#1161262)
- coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622)
- udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633)
- libblkid: open device in nonblock mode. (bsc#1084671)
- udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)
ModerateSUSE bug 1084671SUSE bug 1154256SUSE bug 1157315SUSE bug 1161262SUSE bug 1161436SUSE bug 1162698SUSE bug 1164538SUSE bug 1165633SUSE bug 1167622SUSE bug 1171145CVE-2019-20386 at SUSECVE-2019-20386 at NVDcpe:/o:suse:sles:12:sp4Security update for permissions (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for permissions fixes the following issues:
- Removed conflicting entries which might expose pcp to security issues (bsc#1171883)
ModerateSUSE bug 1171883cpe:/o:suse:sles:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4
This update for openldap2 fixes the following issues:
- CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).
- Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
- Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715).
ImportantSUSE bug 1170715SUSE bug 1172698SUSE bug 1172704CVE-2020-8023 at SUSECVE-2020-8023 at NVDcpe:/o:suse:sles:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for samba fixes the following issues:
- CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888).
ModerateSUSE bug 1160888CVE-2019-14907 at SUSECVE-2019-14907 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212]
* Security fixes:
CVE-2019-2933 CVE-2019-2945 CVE-2019-2958
CVE-2019-2962 CVE-2019-2964 CVE-2019-2975
CVE-2019-2978 CVE-2019-2983 CVE-2019-2988
CVE-2019-2989 CVE-2019-2992 CVE-2019-2996
CVE-2019-2999 CVE-2019-2973 CVE-2019-2981
CVE-2019-17631
ModerateSUSE bug 1154212SUSE bug 1158442CVE-2019-17631 at SUSECVE-2019-17631 at NVDCVE-2019-2933 at SUSECVE-2019-2933 at NVDCVE-2019-2945 at SUSECVE-2019-2945 at NVDCVE-2019-2958 at SUSECVE-2019-2958 at NVDCVE-2019-2962 at SUSECVE-2019-2962 at NVDCVE-2019-2964 at SUSECVE-2019-2964 at NVDCVE-2019-2973 at SUSECVE-2019-2973 at NVDCVE-2019-2975 at SUSECVE-2019-2975 at NVDCVE-2019-2978 at SUSECVE-2019-2978 at NVDCVE-2019-2981 at SUSECVE-2019-2981 at NVDCVE-2019-2983 at SUSECVE-2019-2983 at NVDCVE-2019-2988 at SUSECVE-2019-2988 at NVDCVE-2019-2989 at SUSECVE-2019-2989 at NVDCVE-2019-2992 at SUSECVE-2019-2992 at NVDCVE-2019-2996 at SUSECVE-2019-2996 at NVDCVE-2019-2999 at SUSECVE-2019-2999 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u232 (icedtea 3.14.0) (October 2019 CPU, bsc#1154212)
Security issues fixed:
- CVE-2019-2933: Windows file handling redux
- CVE-2019-2945: Better socket support
- CVE-2019-2949: Better Kerberos ccache handling
- CVE-2019-2958: Build Better Processes
- CVE-2019-2964: Better support for patterns
- CVE-2019-2962: Better Glyph Images
- CVE-2019-2973: Better pattern compilation
- CVE-2019-2975: Unexpected exception in jjs
- CVE-2019-2978: Improved handling of jar files
- CVE-2019-2981: Better Path supports
- CVE-2019-2983: Better serial attributes
- CVE-2019-2987: Better rendering of native glyphs
- CVE-2019-2988: Better Graphics2D drawing
- CVE-2019-2989: Improve TLS connection support
- CVE-2019-2992: Enhance font glyph mapping
- CVE-2019-2999: Commentary on Javadoc comments
- CVE-2019-2894: Enhance ECDSA operations (bsc#1152856)
Bug fixes:
- Add patch to fix hotspot-aarch64 (bsc#1138529).
ModerateSUSE bug 1138529SUSE bug 1152856SUSE bug 1154212CVE-2019-2894 at SUSECVE-2019-2894 at NVDCVE-2019-2933 at SUSECVE-2019-2933 at NVDCVE-2019-2945 at SUSECVE-2019-2945 at NVDCVE-2019-2949 at SUSECVE-2019-2949 at NVDCVE-2019-2958 at SUSECVE-2019-2958 at NVDCVE-2019-2962 at SUSECVE-2019-2962 at NVDCVE-2019-2964 at SUSECVE-2019-2964 at NVDCVE-2019-2973 at SUSECVE-2019-2973 at NVDCVE-2019-2975 at SUSECVE-2019-2975 at NVDCVE-2019-2978 at SUSECVE-2019-2978 at NVDCVE-2019-2981 at SUSECVE-2019-2981 at NVDCVE-2019-2983 at SUSECVE-2019-2983 at NVDCVE-2019-2987 at SUSECVE-2019-2987 at NVDCVE-2019-2988 at SUSECVE-2019-2988 at NVDCVE-2019-2989 at SUSECVE-2019-2989 at NVDCVE-2019-2992 at SUSECVE-2019-2992 at NVDCVE-2019-2999 at SUSECVE-2019-2999 at NVDcpe:/o:suse:sles:12:sp4Security update for sysstat (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for sysstat fixes the following issues:
Security issue fixed:
- CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104).
Bug fixes:
- Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958)
ModerateSUSE bug 1144923SUSE bug 1159104CVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-openjdk fixes the following issues:
Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968):
- CVE-2020-2583: Unlink Set of LinkedHashSets
- CVE-2020-2590: Improve Kerberos interop capabilities
- CVE-2020-2593: Normalize normalization for all
- CVE-2020-2601: Better Ticket Granting Services
- CVE-2020-2604: Better serial filter handling
- CVE-2020-2659: Enhance datagram socket support
- CVE-2020-2654: Improve Object Identifier Processing
ImportantSUSE bug 1160968CVE-2020-2583 at SUSECVE-2020-2583 at NVDCVE-2020-2590 at SUSECVE-2020-2590 at NVDCVE-2020-2593 at SUSECVE-2020-2593 at NVDCVE-2020-2601 at SUSECVE-2020-2601 at NVDCVE-2020-2604 at SUSECVE-2020-2604 at NVDCVE-2020-2654 at SUSECVE-2020-2654 at NVDCVE-2020-2659 at SUSECVE-2020-2659 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_0_0 fixes the following issues:
Security issue fixed:
- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).
ModerateSUSE bug 1158809CVE-2019-1551 at SUSECVE-2019-1551 at NVDcpe:/o:suse:sles:12:sp4Security update for libqt5-qtbase (Important)SUSE Linux Enterprise Server 12 SP4
This update for libqt5-qtbase fixes the following issues:
Security issues fixed:
- CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167).
- CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service
when opening crafted gif files (bsc#1118597).
- CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246).
ImportantSUSE bug 1118597SUSE bug 1130246SUSE bug 1161167CVE-2018-19870 at SUSECVE-2018-19870 at NVDCVE-2018-19872 at SUSECVE-2018-19872 at NVDCVE-2020-0569 at SUSECVE-2020-0569 at NVDcpe:/o:suse:sles:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4
This update for systemd fixes the following issues:
- CVE-2020-1712 (bsc#bsc#1162108)
Fix a heap use-after-free vulnerability, when asynchronous
Polkit queries were performed while handling Dbus messages. A local
unprivileged attacker could have abused this flaw to crash systemd services or
potentially execute code and elevate their privileges, by sending specially
crafted Dbus messages.
- Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459)
- Fix warnings thrown during package installation. (bsc#1154043)
- Fix for system-udevd prevent crash within OES2018. (bsc#1151506)
- Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482)
- Wait for workers to finish when exiting. (bsc#1106383)
- Improve log message when inotify limit is reached. (bsc#1155574)
- Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377)
- Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)
ImportantSUSE bug 1106383SUSE bug 1133495SUSE bug 1139459SUSE bug 1151377SUSE bug 1151506SUSE bug 1154043SUSE bug 1155574SUSE bug 1156482SUSE bug 1159814SUSE bug 1162108CVE-2020-1712 at SUSECVE-2020-1712 at NVDcpe:/o:suse:sles:12:sp4Security update for e2fsprogs (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for e2fsprogs fixes the following issues:
- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).
ModerateSUSE bug 1160571CVE-2019-5188 at SUSECVE-2019-5188 at NVDcpe:/o:suse:sles:12:sp4Security update for wicked (Important)SUSE Linux Enterprise Server 12 SP4
This update for wicked fixes the following issues:
- CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903).
- CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904).
- CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905).
- CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906).
ImportantSUSE bug 1160903SUSE bug 1160904SUSE bug 1160905SUSE bug 1160906CVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:sles:12:sp4Security update for LibreOffice (Moderate)SUSE Linux Enterprise Server 12 SP4
This update libreoffice and libraries fixes the following issues:
LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes.
More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3
Security issue fixed:
- CVE-2019-9853: Fixed an issue where by executing macros, the security settings
could have been bypassed (bsc#1152684).
Other issues addressed:
- Dropped disable-kde4 switch, since it is no longer known by configure
- Disabled gtk2 because it will be removed in future releases
- librelogo is now a standalone sub-package (bsc#1144522).
- Partial fixes for an issue where Table(s) from DOCX showed wrong
position or color (bsc#1061210).
cmis-client was updated to 0.5.2:
* Removed header for Uuid's sha1 header(bsc#1105173).
* Fixed Google Drive login
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder
* Limited the maximal number of redirections to 20
* Switched library implementation to C++11 (the API remains C++98-compatible)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck
libixion was updated to 0.15.0:
* Updated for new liborcus
* Switched to spdlog for compile-time debug log outputs
* Fixed various issues
libmwaw was updated 0.3.15:
* Fixed fuzzing issues
liborcus was updated to 0.15.3:
* Fixed various xml related bugs
* Improved performance
* Fixed multiple parser issues
* Added map and structure mode to orcus-json
* Other improvements and fixes
mdds was updated to 1.5.0:
* API changed to 1.5
* Moved the API incompatibility notes from README to the rst doc.
* Added the overview section for flat_segment_tree.
myspell-dictionaries was updated to 20191016:
* Updated Slovenian thesaurus
* Updated the da_DK dictionary
* Removed the abbreviations from Thai hunspell dictionary
* Updated the English dictionaries
* Fixed the logo management for 'ca'
spdlog was updated to 0.16.3:
* Fixed sleep issue under MSVC that happens when changing
the clock backwards
* Ensured that macros always expand to expressions
* Added global flush_on function
bluez changes:
* lib: Changed bluetooth.h to compile in strict C
gperf was updated to 3.1:
* The generated C code is now in ANSI-C by default.
* Added option --constants-prefix.
* Added declaration %define constants-prefix.
ModerateSUSE bug 1061210SUSE bug 1105173SUSE bug 1144522SUSE bug 1152684CVE-2019-9853 at SUSECVE-2019-9853 at NVDcpe:/o:suse:sles:12:sp4Security update for dbus-1 (Important)SUSE Linux Enterprise Server 12 SP4
This update for dbus-1 fixes the following issues:
Security issue fixed:
- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which
could have allowed local attackers to bypass authentication (bsc#1137832).
ImportantSUSE bug 1137832CVE-2019-12749 at SUSECVE-2019-12749 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 68.5.0 ESR
* CVE-2020-6796 (bmo#1610426)
Missing bounds check on shared memory read in the parent
process
* CVE-2020-6797 (bmo#1596668)
Extensions granted downloads.open permission could open
arbitrary applications on Mac OSX
* CVE-2020-6798 (bmo#1602944)
Incorrect parsing of template tag could result in JavaScript
injection
* CVE-2020-6799 (bmo#1606596)
Arbitrary code execution when opening pdf links from other
applications, when Firefox is configured as default pdf
reader
* CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
* Fixed: Fixed various issues opening files with spaces in
their path (bmo#1601905, bmo#1602726)
ImportantSUSE bug 1161799CVE-2020-6796 at SUSECVE-2020-6796 at NVDCVE-2020-6797 at SUSECVE-2020-6797 at NVDCVE-2020-6798 at SUSECVE-2020-6798 at NVDCVE-2020-6799 at SUSECVE-2020-6799 at NVDCVE-2020-6800 at SUSECVE-2020-6800 at NVDcpe:/o:suse:sles:12:sp4Security update for gcc9 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gcc9 fixes the following issues:
The GNU Compiler Collection is shipped in version 9.
A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html
The compilers have been added to the SUSE Linux Enterprise Toolchain Module.
To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9
CXX=g++-9 set.
For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and
other compiler libraries have been switched from their gcc8 variants to
their gcc9 variants.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
ModerateSUSE bug 1114592SUSE bug 1135254SUSE bug 1141897SUSE bug 1142649SUSE bug 1142654SUSE bug 1148517SUSE bug 1149145CVE-2019-14250 at SUSECVE-2019-14250 at NVDCVE-2019-15847 at SUSECVE-2019-15847 at NVDcpe:/o:suse:sles:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4
This update for sudo fixes the following issues:
Security issue fixed:
- CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202).
Non-security issue fixed:
- Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675).
ImportantSUSE bug 1162202SUSE bug 1162675CVE-2019-18634 at SUSECVE-2019-18634 at NVDcpe:/o:suse:sles:12:sp4Security update for ImageMagick (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for ImageMagick fixes the following issues:
Security issue fixed:
- CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861).
- CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369).
Non-security issue fixed:
- Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194).
ModerateSUSE bug 1159861SUSE bug 1160369SUSE bug 1161194CVE-2019-19948 at SUSECVE-2019-19948 at NVDCVE-2019-19949 at SUSECVE-2019-19949 at NVDcpe:/o:suse:sles:12:sp4Security update for dnsmasq (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for dnsmasq fixes the following issues:
Security issue fixed:
- CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers
to cause denial of service via DHCP response creation (bsc#1154849)
Other issue addressed:
- Removed cache size limit (bsc#1138743).
ModerateSUSE bug 1138743SUSE bug 1154849CVE-2019-14834 at SUSECVE-2019-14834 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_1-ibm fixes the following issues:
Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968].
Security issues fixed:
- CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972).
- CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972).
- CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972).
- CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972).
Non-security issues fixed:
* Class Libraries:
IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN
WHEN TIMEOUT IS SET
IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED
CHINESE EDITION OF WINDOWS CLIENT SYSTEM
IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE
INCONSISTENT WITH CLDR
IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C
* JIT Compiler:
IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES
ImportantSUSE bug 1160968SUSE bug 1162972CVE-2020-2583 at SUSECVE-2020-2583 at NVDCVE-2020-2593 at SUSECVE-2020-2593 at NVDCVE-2020-2604 at SUSECVE-2020-2604 at NVDCVE-2020-2659 at SUSECVE-2020-2659 at NVDcpe:/o:suse:sles:12:sp4Security update for libexif (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libexif fixes the following issues:
- CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
- CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).
ModerateSUSE bug 1120943SUSE bug 1160770CVE-2018-20030 at SUSECVE-2018-20030 at NVDCVE-2019-9278 at SUSECVE-2019-9278 at NVDcpe:/o:suse:sles:12:sp4Security update for libvpx (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libvpx fixes the following issues:
- CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613).
- CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614).
ModerateSUSE bug 1160613SUSE bug 1160614CVE-2019-9232 at SUSECVE-2019-9232 at NVDCVE-2019-9433 at SUSECVE-2019-9433 at NVDcpe:/o:suse:sles:12:sp4Security update for ppp (Important)SUSE Linux Enterprise Server 12 SP4
This update for ppp fixes the following security issue:
- CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610).
ImportantSUSE bug 1162610CVE-2020-8597 at SUSECVE-2020-8597 at NVDcpe:/o:suse:sles:12:sp4Security update for python3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python3 fixes the following issues:
Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6:
Security issues fixed:
- Update expat copy from 2.1.1 to 2.2.0 to fix the following issues:
CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063
- CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664).
ModerateSUSE bug 1068664SUSE bug 1159208SUSE bug 1159623CVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-1000158 at SUSECVE-2017-1000158 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb fixes the following issues:
MariaDB was updated to version 10.2.31 GA (bsc#1162388).
Security issues fixed:
- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
- CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895).
- Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878).
- Fixed a permissions issue in /var/lib/mysql (bsc#1077717).
ModerateSUSE bug 1077717SUSE bug 1160878SUSE bug 1160883SUSE bug 1160895SUSE bug 1160912SUSE bug 1162388CVE-2019-18901 at SUSECVE-2019-18901 at NVDCVE-2020-2574 at SUSECVE-2020-2574 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_1-ibm fixes the following issues:
- Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212]
* Security fixes:
CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964
CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992
CVE-2019-2999 CVE-2019-2973 CVE-2019-2981
ModerateSUSE bug 1154212SUSE bug 1158442CVE-2019-2933 at SUSECVE-2019-2933 at NVDCVE-2019-2945 at SUSECVE-2019-2945 at NVDCVE-2019-2962 at SUSECVE-2019-2962 at NVDCVE-2019-2964 at SUSECVE-2019-2964 at NVDCVE-2019-2973 at SUSECVE-2019-2973 at NVDCVE-2019-2978 at SUSECVE-2019-2978 at NVDCVE-2019-2981 at SUSECVE-2019-2981 at NVDCVE-2019-2983 at SUSECVE-2019-2983 at NVDCVE-2019-2989 at SUSECVE-2019-2989 at NVDCVE-2019-2992 at SUSECVE-2019-2992 at NVDCVE-2019-2999 at SUSECVE-2019-2999 at NVDcpe:/o:suse:sles:12:sp4Security update for mariadb-100 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mariadb-100 fixes the following issues:
MariaDB was updated to version 10.0.40-3 (bsc#1162388).
Security issue fixed:
- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
ModerateSUSE bug 1162388CVE-2020-2574 at SUSECVE-2020-2574 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_8_0-ibm fixes the following issues:
Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968)
- CVE-2020-2583: Unlink Set of LinkedHashSets
- CVE-2019-4732: Untrusted DLL search path vulnerability
- CVE-2020-2593: Normalize normalization for all
- CVE-2020-2604: Better serial filter handling
- CVE-2020-2659: Enhance datagram socket support
ImportantSUSE bug 1160968SUSE bug 1162972CVE-2019-4732 at SUSECVE-2019-4732 at NVDCVE-2020-2583 at SUSECVE-2020-2583 at NVDCVE-2020-2593 at SUSECVE-2020-2593 at NVDCVE-2020-2604 at SUSECVE-2020-2604 at NVDCVE-2020-2659 at SUSECVE-2020-2659 at NVDcpe:/o:suse:sles:12:sp4Security update for log4j (Important)SUSE Linux Enterprise Server 12 SP4
This update for log4j fixes the following issues:
- CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646).
ImportantSUSE bug 1159646CVE-2019-17571 at SUSECVE-2019-17571 at NVDcpe:/o:suse:sles:12:sp4Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues:
python-cfn-lint was included as a new package in 0.21.4.
python-aws-sam-translator was updated to 1.11.0:
* Add ReservedConcurrentExecutions to globals
* Fix ElasticsearchHttpPostPolicy resource reference
* Support using AWS::Region in Ref and Sub
* Documentation and examples updates
* Add VersionDescription property to Serverless::Function
* Update ServerlessRepoReadWriteAccessPolicy
* Add additional template validation
Upgrade to 1.10.0:
* Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy
* Add DynamoDBReconfigurePolicy
* Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy
* Add EKSDescribePolicy
* Add SESBulkTemplatedCrudPolicy
* Add FilterLogEventsPolicy
* Add SSMParameterReadPolicy
* Add SESEmailTemplateCrudPolicy
* Add s3:PutObjectAcl to S3CrudPolicy
* Add allow_credentials CORS option
* Add support for AccessLogSetting and CanarySetting Serverless::Api properties
* Add support for X-Ray in Serverless::Api
* Add support for MinimumCompressionSize in Serverless::Api
* Add Auth to Serverless::Api globals
* Remove trailing slashes from APIGW permissions
* Add SNS FilterPolicy and an example application
* Add Enabled property to Serverless::Function event sources
* Add support for PermissionsBoundary in Serverless::Function
* Fix boto3 client initialization
* Add PublicAccessBlockConfiguration property to S3 bucket resource
* Make PAY_PER_REQUEST default mode for Serverless::SimpleTable
* Add limited support for resolving intrinsics in Serverless::LayerVersion
* SAM now uses Flake8
* Add example application for S3 Events written in Go
* Updated several example applications
- Initial build
+ Version 1.9.0
- Add patch to drop compatible releases operator from setup.py,
required for SLES12 as the setuptools version is too old
+ ast_drop-compatible-releases-operator.patch
python-jsonschema was updated to 2.6.0:
* Improved performance on CPython by adding caching around ref resolution
Update to version 2.5.0:
* Improved performance on CPython by adding caching around ref
resolution (#203)
Update to version 2.4.0:
* Added a CLI (#134)
* Added absolute path and absolute schema path to errors (#120)
* Added ``relevance``
* Meta-schemas are now loaded via ``pkgutil``
* Added ``by_relevance`` and ``best_match`` (#91)
* Fixed ``format`` to allow adding formats for non-strings (#125)
* Fixed the ``uri`` format to reject URI references (#131)
- Install /usr/bin/jsonschema with update-alternatives support
python-nose2 was updated to 0.9.1:
* the prof plugin now uses cProfile instead of hotshot for profiling
* skipped tests now include the user's reason in junit XML's message field
* the prettyassert plugin mishandled multi-line function definitions
* Using a plugin's CLI flag when the plugin is already enabled via config
no longer errors
* nose2.plugins.prettyassert, enabled with --pretty-assert
* Cleanup code for EOLed python versions
* Dropped support for distutils.
* Result reporter respects failure status set by other plugins
* JUnit XML plugin now includes the skip reason in its output
Upgrade to 0.8.0:
List of changes is too long to show here, see
https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst
changes between 0.6.5 and 0.8.0
Update to 0.7.0:
* Added parameterized_class feature, for parameterizing entire test
classes (many thanks to @TobyLL for their suggestions and help testing!)
* Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh;
https://github.com/wolever/parameterized/issues/67)
* Make sure that `setUp` and `tearDown` methods work correctly (#40)
* Raise a ValueError when input is empty (thanks @danielbradburn;
https://github.com/wolever/parameterized/pull/48)
* Fix the order when number of cases exceeds 10 (thanks @ntflc;
https://github.com/wolever/parameterized/pull/49)
python-scandir was included in version 2.3.2.
python-requests was updated to version 2.20.1 (bsc#1111622)
* Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).
* remove restriction for urllib3 < 1.24
Update to version 2.20.0:
* Bugfixes
+ Content-Type header parsing is now case-insensitive
(e.g. charset=utf8 v Charset=utf8).
+ Fixed exception leak where certain redirect urls would raise
uncaught urllib3 exceptions.
+ Requests removes Authorization header from requests redirected
from https to http on the same hostname. (CVE-2018-18074)
+ should_bypass_proxies now handles URIs without hostnames
(e.g. files).
* Dependencies
+ Requests now supports urllib3 v1.24.
* Deprecations
+ Requests has officially stopped support for Python 2.6.
Update to version 2.19.1:
* Fixed issue where status_codes.py’s init function failed trying
to append to a __doc__ value of None.
Update to version 2.19.0:
* Improvements
+ Warn about possible slowdown with cryptography version < 1.3.4
+ Check host in proxy URL, before forwarding request to adapter.
+ Maintain fragments properly across redirects. (RFC7231 7.1.2)
+ Removed use of cgi module to expedite library load time.
+ Added support for SHA-256 and SHA-512 digest auth algorithms.
+ Minor performance improvement to Request.content.
+ Migrate to using collections.abc for 3.7 compatibility.
* Bugfixes
+ Parsing empty Link headers with parse_header_links() no longer
return one bogus entry.
+ Fixed issue where loading the default certificate bundle from
a zip archive would raise an IOError.
+ Fixed issue with unexpected ImportError on windows system
which do not support winreg module.
+ DNS resolution in proxy bypass no longer includes the username
and password in the request. This also fixes the issue of DNS
queries failing on macOS.
+ Properly normalize adapter prefixes for url comparison.
+ Passing None as a file pointer to the files param no longer
raises an exception.
+ Calling copy on a RequestsCookieJar will now preserve the
cookie policy correctly.
* We now support idna v2.7 and urllib3 v1.23.
update to version 2.18.4:
* Improvements
+ Error messages for invalid headers now include the header name
for easier debugging
* Dependencies
+ We now support idna v2.6.
update to version 2.18.3:
* Improvements
+ Running $ python -m requests.help now includes the installed
version of idna.
* Bugfixes
+ Fixed issue where Requests would raise ConnectionError instead
of SSLError when encountering SSL problems when using urllib3
v1.22.
ModerateSUSE bug 1111622SUSE bug 1122668CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971).
- CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069).
- CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).
- CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service or possibly obtain sensitive information from kernel memory (bnc#1162109).
- CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c (bnc#1160966).
- CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures (bnc#1161522).
- CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service (bnc#1161523).
- CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures (bnc#1161518).
- CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).
- CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).
- CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).
- CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).
- CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).
- CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911).
- CVE-2019-20095: Fixed a memory leak and denial of service in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c, where some error-handling cases did not free allocated hostcmd memory (bnc#1159909).
- CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c related to put_links (bnc#1159910).
- CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908).
- CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841).
- CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819).
- CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, could cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021).
- CVE-2019-19767: The Linux kernel mishandled ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297).
- CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259).
- CVE-2019-19066: A memory leak in the bfad_im_get_stats() in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303).
The following non-security bugs were fixed:
- 6pack,mkiss: fix possible deadlock (bsc#1051510).
- ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510).
- ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510).
- ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510).
- ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510).
- ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510).
- ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510).
- ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557).
- ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557).
- ACPI / watchdog: Set default timeout in probe (bsc#1162557).
- af_packet: set defaule value for tmo (bsc#1051510).
- ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes).
- ALSA: echoaudio: simplify get_audio_levels (bsc#1051510).
- ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510).
- ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes).
- ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes).
- ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes).
- ALSA: hda/ca0132 - Avoid endless loop (git-fixes).
- ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes).
- ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes).
- ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes).
- ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes).
- ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510).
- ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510).
- ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510).
- ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
- ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510).
- ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666).
- ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes).
- ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510).
- ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510).
- ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes).
- ALSA: seq: Avoid concurrent access to queue flags (git-fixes).
- ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes).
- ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
- ALSA: sh: Fix compile warning wrt const (git-fixes).
- ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes).
- ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510).
- ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
- apparmor: fix unsigned len comparison with less than zero (git-fixes).
- ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510).
- arm64: Revert support for execute-only user mappings (bsc#1160218).
- ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
- ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510).
- ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510).
- ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510).
- ASoC: sun8i-codec: Fix setting DAI data format (git-fixes).
- ASoC: wm8962: fix lambda value (git-fixes).
- ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388).
- ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510).
- ath9k: fix storage endpoint lookup (git-fixes).
- batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510).
- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762).
- bcache: add code comments for state->pool in __btree_sort() (bsc#1163762).
- bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762).
- bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762).
- bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762).
- bcache: add more accurate error messages in read_super() (bsc#1163762).
- bcache: add readahead cache policy options via sysfs interface (bsc#1163762).
- bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762).
- bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762).
- bcache: check return value of prio_read() (bsc#1163762).
- bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762).
- bcache: do not export symbols (bsc#1163762).
- bcache: explicity type cast in bset_bkey_last() (bsc#1163762).
- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762).
- bcache: Fix an error code in bch_dump_read() (bsc#1163762).
- bcache: fix deadlock in bcache_allocator (bsc#1163762).
- bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762).
- bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762).
- bcache: fix static checker warning in bcache_device_free() (bsc#1163762).
- bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504).
- bcache: print written and keys in trace_bcache_btree_write (bsc#1163762).
- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762).
- bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762).
- bcache: remove macro nr_to_fifo_front() (bsc#1163762).
- bcache: remove member accessed from struct btree (bsc#1163762).
- bcache: remove the extra cflags for request.o (bsc#1163762).
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504).
- bcma: remove set but not used variable 'sizel' (git-fixes).
- blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840).
- blk-mq: make sure that line break can be printed (bsc#1164098).
- Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510).
- bonding: fix active-backup transition after link failure (git-fixes).
- bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510).
- bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10).
- bonding: fix state transition issue in link monitoring (networking-stable-19_11_10).
- bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510).
- brcmfmac: fix interface sanity check (git-fixes).
- brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes).
- brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes).
- Btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936).
- Btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483).
- Btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569).
- Btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067).
- Btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934).
- Btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943).
- Btrfs: Ensure we trim ranges across block group boundary (bsc#1151910).
- Btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442).
- Btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243).
- Btrfs: fix infinite loop during fsync after rename operations (bsc#1163383).
- Btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804).
- Btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
- Btrfs: fix missing data checksums after replaying a log tree (bsc#1161931).
- Btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802).
- Btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384).
- Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803).
- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692).
- Btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937).
- Btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973).
- Btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692).
- Btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931).
- Btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692).
- Btrfs: record all roots for rename exchange on a subvol (bsc#1161933).
- Btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
- Btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067).
- Btrfs: send, skip backreference walking for extents with many references (bsc#1162139).
- Btrfs: simplify inode locking for RWF_NOWAIT (git-fixes).
- Btrfs: skip log replay on orphaned roots (bsc#1161935).
- Btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692).
- Btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692).
- Btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692).
- Btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692).
- Btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692).
- Btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692).
- Btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692).
- Btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
- Btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
- Btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910).
- can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510).
- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510).
- can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510).
- can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510).
- can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510).
- CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10).
- cdrom: respect device capabilities during opening action (boo#1164632).
- cfg80211: check for set_wiphy_params (bsc#1051510).
- cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510).
- cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
- chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849).
- cifs: add support for flock (bsc#1144333).
- CIFS: Close cached root handle only if it had a lease (bsc#1144333).
- CIFS: Close open handle after interrupted close (bsc#1144333).
- CIFS: close the shared root handle on tree disconnect (bsc#1144333).
- CIFS: Do not miss cancelled OPEN responses (bsc#1144333).
- CIFS: Fix lookup of root ses in DFS referral cache (bsc#1144333).
- CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
- CIFS: fix mount option display for sec=krb5i (bsc#1161907).
- CIFS: Fix mount options set in automount (bsc#1144333).
- CIFS: Fix NULL pointer dereference in mid callback (bsc#1144333).
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333).
- CIFS: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
- CIFS: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
- CIFS: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
- CIFS: Properly process SMB3 lease breaks (bsc#1144333).
- CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333).
- CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
- clk: Do not try to enable critical clocks if prepare failed (bsc#1051510).
- clk: mmp2: Fix the order of timer mux parents (bsc#1051510).
- clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510).
- clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
- clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
- clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510).
- clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510).
- clk: tegra: Mark fuse clock as critical (bsc#1051510).
- clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510).
- clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510).
- closures: fix a race on wakeup from closure_sync (bsc#1163762).
- configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510).
- copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts:
- Cover up kABI breakage due to DH key verification (bsc#1155331).
- crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510).
- crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510).
- crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510).
- crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510).
- crypto: ccp - fix uninitialized list head (bsc#1051510).
- crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510).
- crypto: dh - add public key verification test (bsc#1155331).
- crypto: dh - fix calculating encoded key size (bsc#1155331).
- crypto: dh - fix memory leak (bsc#1155331).
- crypto: dh - update test for public key verification (bsc#1155331).
- crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334).
- crypto: ecdh - add public key verification test (bsc#1155331).
- crypto: ecdh - fix typo of P-192 b value (bsc#1155331).
- crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510).
- crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510).
- crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix).
- cxgb4: request the TX CIDX updates to status page (bsc#1127371).
- dma-buf: Fix memory leak in sync_file_merge() (git-fixes).
- dmaengine: coh901318: Fix a double-lock bug (bsc#1051510).
- dmaengine: coh901318: Remove unused variable (bsc#1051510).
- dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510).
- dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510).
- Documentation: Document arm64 kpti control (bsc#1162623).
- drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993).
- drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510).
- drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510).
- drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510).
- drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510).
- drm: bridge: dw-hdmi: constify copied structure (bsc#1051510).
- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
- drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
- drm/i810: Prevent underflow in ioctl (bsc#1114279)
- drm/i915: Add missing include file <linux/math64.h> (bsc#1051510).
- drm/i915: Fix pid leak with banned clients (bsc#1114279)
- drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).
- drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510).
- drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510).
- drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510).
- drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510).
- drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
- drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)
- drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510).
- drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510).
- e1000e: Add support for Comet Lake (bsc#1158533).
- e1000e: Add support for Tiger Lake (bsc#1158533).
- e1000e: Increase pause and refresh time (bsc#1158533).
- e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510).
- Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632).
- enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147).
- exit: panic before exit_mm() on global init exit (bsc#1161549).
- ext2: check err when partial != NULL (bsc#1163859).
- ext4: check for directory entries too close to block end (bsc#1163861).
- ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841).
- ext4: fix checksum errors with indexed dirs (bsc#1160979).
- ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842).
- ext4: Fix mount failure with quota configured as module (bsc#1164471).
- ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843).
- ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853).
- extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510).
- firestream: fix memory leaks (bsc#1051510).
- fix autofs regression caused by follow_managed() changes (bsc#1159271).
- fix dget_parent() fastpath race (bsc#1159271).
- Fix partial checked out tree build ... so that bisection does not break.
- Fix the locking in dcache_readdir() and friends (bsc#1123328).
- fjes: fix missed check in fjes_acpi_add (bsc#1051510).
- fs: cifs: Fix atime update check vs mtime (bsc#1144333).
- fscrypt: do not set policy for a dead directory (bsc#1163846).
- fs/namei.c: fix missing barriers when checking positivity (bsc#1159271).
- fs/namei.c: pull positivity check into follow_managed() (bsc#1159271).
- fs/open.c: allow opening only regular files during execve() (bsc#1163845).
- ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes).
- ftrace: Avoid potential division by zero in function profiler (bsc#1160784).
- ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes).
- genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510).
- genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392).
- genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510).
- gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510).
- gtp: avoid zero size hashtable (networking-stable-20_01_01).
- gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01).
- gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01).
- gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01).
- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
- HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
- hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).
- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
- hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510).
- hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510).
- hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510).
- hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510).
- i2c: imx: do not print error message on probe defer (bsc#1051510).
- ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983).
- iio: adc: max9611: Fix too short conversion time delay (bsc#1051510).
- iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510).
- inet: protect against too small mtu values (networking-stable-19_12_16).
- init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179).
- Input: aiptek - fix endpoint sanity check (bsc#1051510).
- Input: cyttsp4_core - fix use after free bug (bsc#1051510).
- Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510).
- Input: gtco - fix endpoint sanity check (bsc#1051510).
- Input: keyspan-remote - fix control-message timeouts (bsc#1051510).
- Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510).
- Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510).
- Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510).
- Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510).
- Input: sur40 - fix interface sanity checks (bsc#1051510).
- Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510).
- Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510).
- Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510).
- iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617).
- iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314).
- iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115).
- iommu: Remove device link to group on failure (bsc#1160755).
- iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).
- ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10).
- iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes).
- iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510).
- iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510).
- iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510).
- iwlwifi: mvm: synchronize TID queue removal (bsc#1051510).
- jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862).
- jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836).
- jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860).
- jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863).
- jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880).
- jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852).
- kABI: add _q suffix to exports that take struct dh (bsc#1155331).
- kABI: protect struct sctp_ep_common (kabi).
- kABI workaround for can/skb.h inclusion (bsc#1051510).
- kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510).
- kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360).
- kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787).
- kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510).
- kexec: bail out upon SIGKILL when allocating memory (git-fixes).
- KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021).
- KVM: fix spectrev1 gadgets (bsc#1164705).
- KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840).
- KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840).
- KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840).
- KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes).
- KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes).
- KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618).
- KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476).
- KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734).
- KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728).
- KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729).
- KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712).
- KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730).
- KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733).
- KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731).
- KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732).
- KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735).
- KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705).
- KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727).
- leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674).
- leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674).
- lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762).
- lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510).
- lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510).
- livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995).
- livepatch/selftest: Clean up shadow variable names and type (bsc#1071995).
- livepatch: Simplify stack trace retrieval (jsc#SLE-11179).
- mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510).
- mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510).
- mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510).
- macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510).
- macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510).
- media: af9005: uninitialized variable printked (bsc#1051510).
- media: cec: CEC 2.0-only bcast messages were ignored (git-fixes).
- media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510).
- media: cec: report Vendor ID after initialization (bsc#1051510).
- media: digitv: do not continue if remote control state can't be read (bsc#1051510).
- media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510).
- media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes).
- media: gspca: zero usb_buf (bsc#1051510).
- media: iguanair: fix endpoint sanity check (bsc#1051510).
- media: ov6650: Fix crop rectangle alignment not passed back (git-fixes).
- media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes).
- media: pulse8-cec: fix lost cec_transmit_attempt_done() call.
- media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510).
- media: stkwebcam: Bugfix for wrong return values (bsc#1051510).
- media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510).
- media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510).
- media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510).
- media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510).
- mfd: da9062: Fix watchdog compatible string (bsc#1051510).
- mfd: dln2: More sanity checking for endpoints (bsc#1051510).
- mfd: rn5t618: Mark ADC control register volatile (bsc#1051510).
- mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510).
- mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510).
- mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510).
- mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510).
- mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510).
- mmc: tegra: fix SDR50 tuning override (bsc#1051510).
- mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993).
- mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394).
- mod_devicetable: fix PHY module format (networking-stable-19_12_28).
- mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510).
- mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes).
- namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851).
- net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16).
- net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes).
- net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28).
- net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01).
- net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10).
- net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16).
- netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes).
- net: fix data-race in neigh_event_send() (networking-stable-19_11_10).
- net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28).
- net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).
- net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).
- net/mlx5e: Fix SFF 8472 eeprom length (git-fixes).
- net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303).
- net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).
- net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28).
- net: psample: fix skb_over_panic (networking-stable-19_12_03).
- net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28).
- net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25).
- net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25).
- net: sched: correct flower port blocking (git-fixes).
- net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03).
- net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28).
- net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).
- net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10).
- net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18).
- new helper: lookup_positive_unlocked() (bsc#1159271).
- NFC: fdp: fix incorrect free object (networking-stable-19_11_10).
- NFC: pn533: fix bulk-message timeout (bsc#1051510).
- NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes).
- NFC: st21nfca: fix double free (networking-stable-19_11_10).
- nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774).
- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03).
- openvswitch: remove another BUG_ON() (networking-stable-19_12_03).
- openvswitch: support asymmetric conntrack (networking-stable-19_12_16).
- orinoco_usb: fix interface sanity check (git-fixes).
- PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510).
- PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510).
- PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes).
- PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510).
- percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279).
- perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315).
- phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510).
- pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510).
- platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510).
- platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510).
- platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510).
- powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17).
- powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17).
- powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729).
- powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086).
- powerpc: Fix vDSO clock_getres() (bsc#1065729).
- powerpc/irq: fix stack overflow verification (bsc#1065729).
- powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875).
- powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).
- powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840).
- powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).
- powerpc/powernv: Disable native PCIe port management (bsc#1065729).
- powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729).
- powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729).
- powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes).
- powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729).
- powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740).
- powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729).
- powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086).
- powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).
- powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734).
- powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).
- powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030).
- powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030).
- powerpc/xmon: do not access ASDR in VMs (bsc#1065729).
- power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510).
- ppp: Adjust indentation into ppp_async_input (git-fixes).
- prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286).
- pstore/ram: Write new dumps to start of recycled zones (bsc#1051510).
- pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes).
- pwm: Remove set but not set variable 'pwm' (git-fixes).
- pxa168fb: Fix the function used to release some memory in an error (bsc#1114279)
- qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qede: Fix multicast mac configuration (networking-stable-19_12_28).
- qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10).
- qmi_wwan: Add support for Quectel RM500Q (bsc#1051510).
- quota: Check that quota is not dirty before release (bsc#1163858).
- quota: fix livelock in dquot_writeback_dquots (bsc#1163857).
- r8152: add missing endpoint sanity check (bsc#1051510).
- r8152: get default setting of WOL before initializing (bsc#1051510).
- random: move FIPS continuous test to output functions (bsc#1155334).
- RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
- RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ).
- README.BRANCH: Update the branch name to cve/linux-4.12
- regulator: Fix return value of _set_load() stub (bsc#1051510).
- regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510).
- regulator: rn5t618: fix module aliases (bsc#1051510).
- reiserfs: Fix memory leak of journal device string (bsc#1163867).
- reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869).
- resource: fix locking in find_next_iomem_res() (bsc#1114279).
- Revert 'ath10k: fix DMA related firmware crashes on multiple devices' (git-fixes).
- Revert 'Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers' (bsc#1051510).
- Revert 'mmc: sdhci: Fix incorrect switch to HS mode' (bsc#1051510).
- rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field)
- rpm/kernel-binary.spec.in: Replace Novell with SUSE
- rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages
- rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)
- rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling:
- rpm/kernel-subpackage-spec: Unify dependency handling.
- rpm/modules.fips: update module list (bsc#1157853)
- rsi_91x_usb: fix interface sanity check (git-fixes).
- rtc: cmos: Stop using shared IRQ (bsc#1051510).
- rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510).
- rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510).
- rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510).
- rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510).
- rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510).
- rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510).
- rtl8xxxu: fix interface sanity check (git-fixes).
- rtlwifi: Fix MAX MPDU of VHT capability (git-fixes).
- rtlwifi: Remove redundant semicolon in wifi.h (git-fixes).
- s390: add stack switch helper (jsc#SLE-11179).
- s390: add support for virtually mapped kernel stacks (jsc#SLE-11179).
- s390: always inline current_stack_pointer() (jsc#SLE-11179).
- s390: always inline disabled_wait (jsc#SLE-11179).
- s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179).
- s390: clean up stacks setup (jsc#SLE-11179).
- s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179).
- s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179).
- s390: fine-tune stack switch helper (jsc#SLE-11179).
- s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179).
- s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179).
- s390/ftrace: save traced function caller (jsc#SLE-11179).
- s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179).
- s390/head64: correct init_task stack setup (jsc#SLE-11179).
- s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179).
- s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179).
- s390: kabi workaround for reliable stack tracing (jsc#SLE-11179).
- s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179).
- s390/kasan: avoid report in get_wchan (jsc#SLE-11179).
- s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179).
- s390: preserve kabi for stack unwind API (jsc#SLE-11179).
- s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179).
- s390/qeth: clean up page frag creation (git-fixes).
- s390/qeth: consolidate skb allocation (git-fixes).
- s390/qeth: ensure linear access to packet headers (git-fixes).
- s390/qeth: guard against runt packets (git-fixes).
- s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179).
- s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179).
- s390/test_unwind: print verbose unwinding results (jsc#SLE-11179).
- s390: unify stack size definitions (jsc#SLE-11179).
- s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179).
- s390/unwind: always inline get_stack_pointer (jsc#SLE-11179).
- s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179).
- s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179).
- s390/unwind: correct stack switching during unwind (jsc#SLE-11179).
- s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179).
- s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179).
- s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179).
- s390/unwind: fix mixing regs and sp (jsc#SLE-11179).
- s390/unwind: introduce stack unwind API (jsc#SLE-11179).
- s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179).
- s390/unwind: remove stack recursion warning (jsc#SLE-11179).
- s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179).
- s390/unwind: start unwinding from reliable state (jsc#SLE-11179).
- s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179).
- s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179).
- s390/unwind: unify task is current checks (jsc#SLE-11179).
- sched/fair: Add tmp_alone_branch assertion (bnc#1156462).
- sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462).
- sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462).
- sched/fair: Optimize update_blocked_averages() (bnc#1156462).
- scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013).
- scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013).
- scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).
- scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).
- scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).
- scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424).
- scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).
- scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).
- scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).
- scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013).
- scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).
- scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013).
- scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424).
- scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).
- scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013).
- scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013).
- scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).
- scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).
- scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013).
- scsi: zfcp: trace channel log even for FCP command responses (git-fixes).
- sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).
- sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28).
- serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510).
- serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510).
- serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510).
- serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510).
- serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510).
- sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25).
- sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510).
- sh_eth: fix dumping ARSTR (bsc#1051510).
- sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510).
- sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510).
- sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510).
- sh_eth: fix TXALCR1 offsets (bsc#1051510).
- sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510).
- SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333).
- SMB3: Fix persistent handles reconnect (bsc#1144333).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333).
- soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510).
- soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510).
- soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510).
- spi: tegra114: clear packed bit for unpacked mode (bsc#1051510).
- spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510).
- spi: tegra114: fix for unpacked mode transfers (bsc#1051510).
- spi: tegra114: flush fifos (bsc#1051510).
- spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510).
- sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632).
- stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179).
- stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179).
- stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179).
- stacktrace: Provide common infrastructure (jsc#SLE-11179).
- stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179).
- stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179).
- stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179).
- staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510).
- Staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510).
- staging: rtl8188eu: fix interface sanity check (bsc#1051510).
- staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510).
- staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510).
- staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510).
- staging: wlan-ng: ensure error return is actually returned (bsc#1051510).
- stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702).
- stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702).
- stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702).
- stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702).
- tcp: clear tp->packets_out when purging write queue (bsc#1160560).
- tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01).
- tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159).
- tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16).
- tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes).
- tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes).
- tracing: Cleanup stack trace code (jsc#SLE-11179).
- tracing: Fix tracing_stat return values in error handling paths (git-fixes).
- tracing: Fix very unlikely race of registering two stat tracers (git-fixes).
- tracing: Have the histogram compare functions convert to u64 first (bsc#1160210).
- tracing: xen: Ordered comparison of function pointers (git-fixes).
- tty: n_hdlc: fix build on SPARC (bsc#1051510).
- tty/serial: atmel: Add is_half_duplex helper (bsc#1051510).
- tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510).
- tty: vt: keyboard: reject invalid keycodes (bsc#1051510).
- ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850).
- ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856).
- ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855).
- ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844).
- udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01).
- USB: adutux: fix interface sanity check (bsc#1051510).
- USB: Allow USB device to be warm reset in suspended state (bsc#1051510).
- USB: atm: ueagle-atm: add missing endpoint check (bsc#1051510).
- USB: chipidea: host: Disable port power only if previously enabled (bsc#1051510).
- USB: core: fix check for duplicate endpoints (git-fixes).
- USB: core: hub: Improved device recognition on remote wakeup (bsc#1051510).
- USB: core: urb: fix URB structure initialization function (bsc#1051510).
- USB: documentation: flags on usb-storage versus UAS (bsc#1051510).
- USB: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510).
- USB: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510).
- USB: dwc3: ep0: Clear started flag on completion (bsc#1051510).
- USB: dwc3: turn off VBUS when leaving host mode (bsc#1051510).
- USB: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes).
- USB: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510).
- USB: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510).
- USB: gadget: legacy: set max_speed to super-speed (bsc#1051510).
- USB: gadget: pch_udc: fix use after free (bsc#1051510).
- USB: gadget: u_serial: add missing port entry locking (bsc#1051510).
- USB: gadget: Zero ffs_io_data (bsc#1051510).
- USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510).
- USB: idmouse: fix interface sanity checks (bsc#1051510).
- usbip: Fix error path of vhci_recv_ret_submit() (git-fixes).
- usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510).
- USB: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510).
- USB: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510).
- USB: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510).
- USB: musb: fix idling for suspend after disconnect interrupt (bsc#1051510).
- USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
- USB: serial: io_edgeport: add missing active-port sanity check (bsc#1051510).
- USB: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510).
- USB: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510).
- USB: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510).
- USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510).
- USB: serial: ir-usb: fix IrLAP framing (bsc#1051510).
- USB: serial: ir-usb: fix link-speed handling (bsc#1051510).
- USB: serial: keyspan: handle unbound ports (bsc#1051510).
- USB: serial: opticon: fix control-message timeouts (bsc#1051510).
- USB: serial: option: Add support for Quectel RM500Q (bsc#1051510).
- USB: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes).
- USB: serial: option: add Telit ME910G1 0x110a composition (git-fixes).
- USB: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes).
- USB: serial: quatech2: handle unbound ports (bsc#1051510).
- USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510).
- USB: serial: suppress driver bind attributes (bsc#1051510).
- usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510).
- USB: typec: tcpci: mask event interrupts when remove driver (bsc#1051510).
- USB: uas: heed CAPACITY_HEURISTICS (bsc#1051510).
- USB: uas: honor flag to avoid CAPACITY16 (bsc#1051510).
- USB: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510).
- USB: xhci: only set D3hot for pci device (bsc#1051510).
- vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01).
- watchdog: max77620_wdt: fix potential build errors (bsc#1051510).
- watchdog: rn5t618_wdt: fix module aliases (bsc#1051510).
- watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557).
- wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510).
- wireless: wext: avoid gcc -O3 warning (bsc#1051510).
- workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).
- x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619).
- x86/intel_rdt: Split resource group removal in two (bsc#1112178).
- x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).
- x86/MCE/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279).
- x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279).
- x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279).
- x86/MCE: Fix possibly incorrect severity calculation on AMD (bsc#1114279).
- x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279).
- x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178).
- x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).
- x86/resctrl: Fix potential memory leak (bsc#1114279).
- x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178).
- x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279).
- xen/balloon: Support xend-based toolstack take two (bsc#1065600).
- xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600).
- xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).
- xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917).
- xen: Enable interrupts when calling _cond_resched() (bsc#1065600).
- xfrm: Fix transport mode skb control buffer usage (bsc#1161552).
- xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917).
- xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510).
- xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510).
- xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510).
- xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510).
- xhci: make sure interrupts are restored to correct state (bsc#1051510).
- zd1211rw: fix storage endpoint lookup (git-fixes).
ImportantSUSE bug 1046303SUSE bug 1050244SUSE bug 1051510SUSE bug 1051858SUSE bug 1061840SUSE bug 1065600SUSE bug 1065729SUSE bug 1071995SUSE bug 1085030SUSE bug 1086301SUSE bug 1086313SUSE bug 1086314SUSE bug 1088810SUSE bug 1104427SUSE bug 1105392SUSE bug 1111666SUSE bug 1112178SUSE bug 1112504SUSE bug 1114279SUSE bug 1118338SUSE bug 1123328SUSE bug 1127371SUSE bug 1133021SUSE bug 1133147SUSE bug 1134973SUSE bug 1140025SUSE bug 1143959SUSE bug 1144333SUSE bug 1151910SUSE bug 1151927SUSE bug 1153917SUSE bug 1154243SUSE bug 1155331SUSE bug 1155334SUSE bug 1156259SUSE bug 1156286SUSE bug 1156462SUSE bug 1157155SUSE bug 1157157SUSE bug 1157303SUSE bug 1157424SUSE bug 1157692SUSE bug 1157853SUSE bug 1157966SUSE bug 1158013SUSE bug 1158021SUSE bug 1158026SUSE bug 1158533SUSE bug 1158819SUSE bug 1159028SUSE bug 1159271SUSE bug 1159297SUSE bug 1159394SUSE bug 1159483SUSE bug 1159484SUSE bug 1159569SUSE bug 1159588SUSE bug 1159841SUSE bug 1159908SUSE bug 1159909SUSE bug 1159910SUSE bug 1159911SUSE bug 1159955SUSE bug 1160195SUSE bug 1160210SUSE bug 1160211SUSE bug 1160218SUSE bug 1160433SUSE bug 1160442SUSE bug 1160476SUSE bug 1160560SUSE bug 1160755SUSE bug 1160756SUSE bug 1160784SUSE bug 1160787SUSE bug 1160802SUSE bug 1160803SUSE bug 1160804SUSE bug 1160917SUSE bug 1160966SUSE bug 1160979SUSE bug 1161087SUSE bug 1161360SUSE bug 1161514SUSE bug 1161518SUSE bug 1161522SUSE bug 1161523SUSE bug 1161549SUSE bug 1161552SUSE bug 1161674SUSE bug 1161702SUSE bug 1161875SUSE bug 1161907SUSE bug 1161931SUSE bug 1161933SUSE bug 1161934SUSE bug 1161935SUSE bug 1161936SUSE bug 1161937SUSE bug 1162028SUSE bug 1162067SUSE bug 1162109SUSE bug 1162139SUSE bug 1162557SUSE bug 1162617SUSE bug 1162618SUSE bug 1162619SUSE bug 1162623SUSE bug 1162928SUSE bug 1162943SUSE bug 1163383SUSE bug 1163384SUSE bug 1163762SUSE bug 1163774SUSE bug 1163836SUSE bug 1163840SUSE bug 1163841SUSE bug 1163842SUSE bug 1163843SUSE bug 1163844SUSE bug 1163845SUSE bug 1163846SUSE bug 1163849SUSE bug 1163850SUSE bug 1163851SUSE bug 1163852SUSE bug 1163853SUSE bug 1163855SUSE bug 1163856SUSE bug 1163857SUSE bug 1163858SUSE bug 1163859SUSE bug 1163860SUSE bug 1163861SUSE bug 1163862SUSE bug 1163863SUSE bug 1163867SUSE bug 1163869SUSE bug 1163880SUSE bug 1163971SUSE bug 1164069SUSE bug 1164098SUSE bug 1164115SUSE bug 1164314SUSE bug 1164315SUSE bug 1164388SUSE bug 1164471SUSE bug 1164632SUSE bug 1164705SUSE bug 1164712SUSE bug 1164727SUSE bug 1164728SUSE bug 1164729SUSE bug 1164730SUSE bug 1164731SUSE bug 1164732SUSE bug 1164733SUSE bug 1164734SUSE bug 1164735CVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-16994 at SUSECVE-2019-16994 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-19036 at SUSECVE-2019-19036 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19318 at SUSECVE-2019-19318 at NVDCVE-2019-19319 at SUSECVE-2019-19319 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-19966 at SUSECVE-2019-19966 at NVDCVE-2019-20054 at SUSECVE-2019-20054 at NVDCVE-2019-20095 at SUSECVE-2019-20095 at NVDCVE-2019-20096 at SUSECVE-2019-20096 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-7053 at SUSECVE-2020-7053 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDcpe:/o:suse:sles:12:sp4Security update for libpng16 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libpng16 fixes the following issues:
Security issues fixed:
- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when
png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).
ModerateSUSE bug 1124211SUSE bug 1141493CVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sles:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971).
- CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954).
- CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).
- CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).
- CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).
- CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).
- CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).
- CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259).
- CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).
- CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).
- CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024).
- CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).
- CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303).
- CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).
- CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021).
- CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827).
- CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819).
- CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823).
- CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413).
- CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417).
- CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893).
- CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900).
- CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407).
- CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381).
- CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410).
- CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445).
- CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824).
- CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834).
- CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398).
- CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903).
- CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394).
- CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904).
- CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).
- CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297).
- CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).
- CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841).
- CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910).
- CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909).
- CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).
- CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).
- CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109).
- CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).
- CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069).
The following non-security bugs were fixed:
- 6pack,mkiss: fix possible deadlock (bsc#1051510).
- ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510).
- ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510).
- ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510).
- ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510).
- ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557).
- ACPI / watchdog: Set default timeout in probe (bsc#1162557).
- ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510).
- ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510).
- ACPI: OSL: only free map once in osl.c (bsc#1051510).
- ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510).
- ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510).
- ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510).
- ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557).
- af_packet: set defaule value for tmo (bsc#1051510).
- ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes).
- ALSA: echoaudio: simplify get_audio_levels (bsc#1051510).
- ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510).
- ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes).
- ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes).
- ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes).
- ALSA: hda/ca0132 - Avoid endless loop (git-fixes).
- ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes).
- ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes).
- ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes).
- ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes).
- ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510).
- ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510).
- ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes).
- ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510).
- ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes).
- ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
- ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510).
- ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes).
- ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666).
- ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes).
- ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510).
- ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510).
- ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes).
- ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes).
- ALSA: seq: Avoid concurrent access to queue flags (git-fixes).
- ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes).
- ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
- ALSA: sh: Fix compile warning wrt const (git-fixes).
- ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes).
- ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510).
- ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
- apparmor: fix unsigned len comparison with less than zero (git-fixes).
- ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510).
- arm64: Revert support for execute-only user mappings (bsc#1160218).
- ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
- ASoC: compress: fix unsigned integer overflow check (bsc#1051510).
- ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510).
- ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510).
- ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510).
- ASoC: sun8i-codec: Fix setting DAI data format (git-fixes).
- ASoC: wm8962: fix lambda value (git-fixes).
- ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388).
- ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510).
- ath6kl: Fix off by one error in scan completion (bsc#1051510).
- ath9k: fix storage endpoint lookup (git-fixes).
- atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510).
- audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094).
- batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510).
- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762).
- bcache: add code comments for state->pool in __btree_sort() (bsc#1163762).
- bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762).
- bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762).
- bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762).
- bcache: add more accurate error messages in read_super() (bsc#1163762).
- bcache: add readahead cache policy options via sysfs interface (bsc#1163762).
- bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762).
- bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762).
- bcache: check return value of prio_read() (bsc#1163762).
- bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762).
- bcache: do not export symbols (bsc#1163762).
- bcache: explicity type cast in bset_bkey_last() (bsc#1163762).
- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762).
- bcache: Fix an error code in bch_dump_read() (bsc#1163762).
- bcache: fix deadlock in bcache_allocator (bsc#1163762).
- bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762).
- bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762).
- bcache: fix static checker warning in bcache_device_free() (bsc#1163762).
- bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504).
- bcache: print written and keys in trace_bcache_btree_write (bsc#1163762).
- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762).
- bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762).
- bcache: remove macro nr_to_fifo_front() (bsc#1163762).
- bcache: remove member accessed from struct btree (bsc#1163762).
- bcache: remove the extra cflags for request.o (bsc#1163762).
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504).
- bcma: remove set but not used variable 'sizel' (git-fixes).
- blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840).
- blk-mq: make sure that line break can be printed (bsc#1164098).
- Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510).
- Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510).
- bonding: fix active-backup transition after link failure (git-fixes).
- bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510).
- bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10).
- bonding: fix state transition issue in link monitoring (networking-stable-19_11_10).
- bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510).
- bpf: Make use of probe_user_write in probe write helper (bsc#1083647).
- brcmfmac: fix interface sanity check (git-fixes).
- brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes).
- brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes).
- btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936).
- btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483).
- btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569).
- btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067).
- btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934).
- btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943).
- btrfs: Ensure we trim ranges across block group boundary (bsc#1151910).
- btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442).
- btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243).
- btrfs: fix infinite loop during fsync after rename operations (bsc#1163383).
- btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804).
- btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
- btrfs: fix missing data checksums after replaying a log tree (bsc#1161931).
- btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802).
- btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384).
- btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803).
- btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692).
- btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937).
- btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973).
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692).
- btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931).
- btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692).
- btrfs: record all roots for rename exchange on a subvol (bsc#1161933).
- btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
- btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067).
- btrfs: send, skip backreference walking for extents with many references (bsc#1162139).
- btrfs: simplify inode locking for RWF_NOWAIT (git-fixes).
- btrfs: skip log replay on orphaned roots (bsc#1161935).
- btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692).
- btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692).
- btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692).
- btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692).
- btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692).
- btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692).
- btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692).
- btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
- btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
- btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910).
- can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510).
- can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510).
- can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510).
- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510).
- can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510).
- can: peak_usb: report bus recovery as well (bsc#1051510).
- can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510).
- can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510).
- can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510).
- can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510).
- can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510).
- CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10).
- cdrom: respect device capabilities during opening action (boo#1164632).
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510).
- cfg80211: check for set_wiphy_params (bsc#1051510).
- cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
- cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645).
- cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
- chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849).
- cifs: add support for flock (bsc#1144333).
- cifs: Close cached root handle only if it had a lease (bsc#1144333).
- cifs: Close open handle after interrupted close (bsc#1144333).
- cifs: close the shared root handle on tree disconnect (bsc#1144333).
- cifs: Do not miss cancelled OPEN responses (bsc#1144333).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- cifs: Fix mount options set in automount (bsc#1144333).
- cifs: Fix NULL pointer dereference in mid callback (bsc#1144333).
- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
- cifs: Properly process SMB3 lease breaks (bsc#1144333).
- cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333).
- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
- clk: Do not try to enable critical clocks if prepare failed (bsc#1051510).
- clk: mmp2: Fix the order of timer mux parents (bsc#1051510).
- clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510).
- clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
- clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510).
- clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
- clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510).
- clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510).
- clk: tegra: Mark fuse clock as critical (bsc#1051510).
- clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510).
- clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510).
- closures: fix a race on wakeup from closure_sync (bsc#1163762).
- compat_ioctl: handle SIOCOUTQNSD (bsc#1051510).
- configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510).
- copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts:
- Cover up kABI breakage due to DH key verification (bsc#1155331).
- crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510).
- crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510).
- crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510).
- crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510).
- crypto: ccp - fix uninitialized list head (bsc#1051510).
- crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510).
- crypto: dh - add public key verification test (bsc#1155331).
- crypto: dh - fix calculating encoded key size (bsc#1155331).
- crypto: dh - fix memory leak (bsc#1155331).
- crypto: dh - update test for public key verification (bsc#1155331).
- crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334).
- crypto: ecdh - add public key verification test (bsc#1155331).
- crypto: ecdh - fix typo of P-192 b value (bsc#1155331).
- crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510).
- crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510).
- crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510).
- crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix).
- cxgb4: request the TX CIDX updates to status page (bsc#1127371).
- dma-buf: Fix memory leak in sync_file_merge() (git-fixes).
- dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510).
- dmaengine: coh901318: Fix a double-lock bug (bsc#1051510).
- dmaengine: coh901318: Remove unused variable (bsc#1051510).
- dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510).
- Documentation: Document arm64 kpti control (bsc#1162623).
- drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993).
- drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510).
- drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510).
- drivers/regulator: fix a missing check of return value (bsc#1051510).
- drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510).
- drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279)
- drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510).
- drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510).
- drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510).
- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
- drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
- drm/i810: Prevent underflow in ioctl (bsc#1114279)
- drm/i915: Add missing include file <linux/math64.h> (bsc#1051510).
- drm/i915: Fix pid leak with banned clients (bsc#1114279)
- drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510).
- drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510).
- drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510).
- drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
- drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)
- drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510).
- drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279)
- drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510).
- drm: bridge: dw-hdmi: constify copied structure (bsc#1051510).
- drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).
- drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510).
- drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279)
- e1000e: Add support for Comet Lake (bsc#1158533).
- e1000e: Add support for Tiger Lake (bsc#1158533).
- e1000e: Increase pause and refresh time (bsc#1158533).
- e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510).
- ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646).
- ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647).
- EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279).
- Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632).
- enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147).
- exit: panic before exit_mm() on global init exit (bsc#1161549).
- ext2: check err when partial != NULL (bsc#1163859).
- ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853).
- ext4: check for directory entries too close to block end (bsc#1163861).
- ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841).
- ext4: fix checksum errors with indexed dirs (bsc#1160979).
- ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842).
- ext4: Fix mount failure with quota configured as module (bsc#1164471).
- ext4: fix punch hole for inline_data file systems (bsc#1158640).
- ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843).
- ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639).
- extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510).
- firestream: fix memory leaks (bsc#1051510).
- fix autofs regression caused by follow_managed() changes (bsc#1159271).
- fix dget_parent() fastpath race (bsc#1159271).
- Fix partial checked out tree build ... so that bisection does not break.
- Fix the locking in dcache_readdir() and friends (bsc#1123328).
- fjes: fix missed check in fjes_acpi_add (bsc#1051510).
- fs/namei.c: fix missing barriers when checking positivity (bsc#1159271).
- fs/namei.c: pull positivity check into follow_managed() (bsc#1159271).
- fs/open.c: allow opening only regular files during execve() (bsc#1163845).
- fs: cifs: Fix atime update check vs mtime (bsc#1144333).
- fscrypt: do not set policy for a dead directory (bsc#1163846).
- ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes).
- ftrace: Avoid potential division by zero in function profiler (bsc#1160784).
- ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853).
- ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes).
- genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392).
- genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510).
- genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510).
- gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510).
- gtp: avoid zero size hashtable (networking-stable-20_01_01).
- gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01).
- gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01).
- gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01).
- HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510).
- HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
- HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510).
- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
- hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).
- hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510).
- hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510).
- hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510).
- hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510).
- hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510).
- i2c: imx: do not print error message on probe defer (bsc#1051510).
- ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983).
- ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
- ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
- ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
- ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047).
- idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510).
- iio: adc: max9611: Fix too short conversion time delay (bsc#1051510).
- iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510).
- inet: protect against too small mtu values (networking-stable-19_12_16).
- init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179).
- Input: aiptek - fix endpoint sanity check (bsc#1051510).
- Input: cyttsp4_core - fix use after free bug (bsc#1051510).
- Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510).
- Input: gtco - fix endpoint sanity check (bsc#1051510).
- Input: keyspan-remote - fix control-message timeouts (bsc#1051510).
- Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510).
- Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510).
- Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510).
- Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510).
- Input: sur40 - fix interface sanity checks (bsc#1051510).
- Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510).
- Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510).
- Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510).
- iomap: Fix pipe page leakage during splicing (bsc#1158651).
- iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617).
- iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314).
- iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115).
- iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).
- iommu: Remove device link to group on failure (bsc#1160755).
- ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10).
- iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes).
- iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510).
- iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510).
- iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510).
- iwlwifi: mvm: synchronize TID queue removal (bsc#1051510).
- jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862).
- jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836).
- jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860).
- jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863).
- jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880).
- jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852).
- kABI workaround for can/skb.h inclusion (bsc#1051510).
- kABI: add _q suffix to exports that take struct dh (bsc#1155331).
- kABI: protect struct sctp_ep_common (kabi).
- kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510).
- kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360).
- kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787).
- kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510).
- kexec: bail out upon SIGKILL when allocating memory (git-fixes).
- KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021).
- KVM: fix spectrev1 gadgets (bsc#1164705).
- KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840).
- KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840).
- KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840).
- KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes).
- KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes).
- KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279).
- KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618).
- KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279).
- KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476).
- KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734).
- KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728).
- KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729).
- KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712).
- KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730).
- KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733).
- KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731).
- KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732).
- KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735).
- KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705).
- KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727).
- KVM: x86: Remove a spurious export of a static function (bsc#1158954).
- leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674).
- leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674).
- lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510).
- lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510).
- lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762).
- livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995).
- livepatch/selftest: Clean up shadow variable names and type (bsc#1071995).
- livepatch: Allow to distinguish different version of system state changes (bsc#1071995).
- livepatch: Basic API to track system state changes (bsc#1071995 ).
- livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995).
- livepatch: Selftests of the API for tracking system state changes (bsc#1071995).
- livepatch: Simplify stack trace retrieval (jsc#SLE-11179).
- loop: fix no-unmap write-zeroes request behavior (bsc#1158637).
- mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510).
- mac80211: fix station inactive_time shortly after boot (bsc#1051510).
- mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510).
- mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510).
- macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510).
- macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510).
- mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510).
- media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510).
- media: af9005: uninitialized variable printked (bsc#1051510).
- media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510).
- media: cec: CEC 2.0-only bcast messages were ignored (git-fixes).
- media: cec: report Vendor ID after initialization (bsc#1051510).
- media: digitv: do not continue if remote control state can't be read (bsc#1051510).
- media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510).
- media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes).
- media: gspca: zero usb_buf (bsc#1051510).
- media: iguanair: fix endpoint sanity check (bsc#1051510).
- media: ov6650: Fix control handler not freed on init error (git-fixes).
- media: ov6650: Fix crop rectangle alignment not passed back (git-fixes).
- media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes).
- media: pulse8-cec: fix lost cec_transmit_attempt_done() call.
- media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510).
- media: stkwebcam: Bugfix for wrong return values (bsc#1051510).
- media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510).
- media: uvcvideo: Fix error path in control parsing failure (git-fixes).
- media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510).
- media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510).
- media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510).
- mei: bus: prefix device names on bus with the bus name (bsc#1051510).
- mfd: da9062: Fix watchdog compatible string (bsc#1051510).
- mfd: dln2: More sanity checking for endpoints (bsc#1051510).
- mfd: rn5t618: Mark ADC control register volatile (bsc#1051510).
- missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)')
- mlx5: add parameter to disable enhanced IPoIB (bsc#1142095)
- mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026).
- mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394).
- mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993).
- mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510).
- mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510).
- mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510).
- mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510).
- mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510).
- mmc: tegra: fix SDR50 tuning override (bsc#1051510).
- moduleparam: fix parameter description mismatch (bsc#1051510).
- mod_devicetable: fix PHY module format (networking-stable-19_12_28).
- mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510).
- mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510).
- mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes).
- mwifiex: fix potential NULL dereference and use after free (bsc#1051510).
- namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851).
- nbd: prevent memory leak (bsc#1158638).
- net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047).
- net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).
- net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303).
- net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).
- net/mlx5e: Fix SFF 8472 eeprom length (git-fixes).
- net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).
- net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25).
- net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16).
- net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes).
- net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28).
- net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01).
- net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10).
- net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16).
- net: fix data-race in neigh_event_send() (networking-stable-19_11_10).
- net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28).
- net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28).
- net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510).
- net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510).
- net: phy: Check against net_device being NULL (bsc#1051510).
- net: phy: dp83867: Set up RGMII TX delay (bsc#1051510).
- net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510).
- net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510).
- net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510).
- net: phy: marvell: clear wol event before setting it (bsc#1051510).
- net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510).
- net: phy: meson-gxl: check phy_write return value (bsc#1051510).
- net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510).
- net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510).
- net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510).
- net: phy: xgene: disable clk on error paths (bsc#1051510).
- net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510).
- net: phy: xgmiitorgmii: Check read_status results (bsc#1051510).
- net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510).
- net: psample: fix skb_over_panic (networking-stable-19_12_03).
- net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28).
- net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25).
- net: sched: correct flower port blocking (git-fixes).
- net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03).
- net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28).
- net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).
- net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10).
- net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18).
- netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes).
- new helper: lookup_positive_unlocked() (bsc#1159271).
- NFC: fdp: fix incorrect free object (networking-stable-19_11_10).
- NFC: pn533: fix bulk-message timeout (bsc#1051510).
- NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes).
- NFC: st21nfca: fix double free (networking-stable-19_11_10).
- nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774).
- ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644).
- ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649).
- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03).
- openvswitch: remove another BUG_ON() (networking-stable-19_12_03).
- openvswitch: support asymmetric conntrack (networking-stable-19_12_16).
- orinoco_usb: fix interface sanity check (git-fixes).
- PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes).
- PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510).
- PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510).
- PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510).
- PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510).
- PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510).
- PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510).
- PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510).
- PCI: dwc: Fix find_next_bit() usage (bsc#1051510).
- PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510).
- PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510).
- PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes).
- percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279).
- perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315).
- phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510).
- pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510).
- pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510).
- pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510).
- pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510).
- platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510).
- platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510).
- platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510).
- platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510).
- platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510).
- PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510).
- PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510).
- power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510).
- powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729).
- powerpc/irq: fix stack overflow verification (bsc#1065729).
- powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875).
- powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).
- powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840).
- powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).
- powerpc/powernv: Disable native PCIe port management (bsc#1065729).
- powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729).
- powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740).
- powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798).
- powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729).
- powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729).
- powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729).
- powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes).
- powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).
- powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734).
- powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).
- powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030).
- powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030).
- powerpc/xmon: do not access ASDR in VMs (bsc#1065729).
- powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17).
- powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17).
- powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086).
- powerpc: Fix vDSO clock_getres() (bsc#1065729).
- powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086).
- ppp: Adjust indentation into ppp_async_input (git-fixes).
- prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286).
- printk: Export console_printk (bsc#1071995).
- pstore/ram: Write new dumps to start of recycled zones (bsc#1051510).
- pwm: Clear chip_data in pwm_put() (bsc#1051510).
- pwm: clps711x: Fix period calculation (bsc#1051510).
- pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes).
- pwm: Remove set but not set variable 'pwm' (git-fixes).
- pxa168fb: Fix the function used to release some memory in an error (bsc#1114279)
- qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ).
- qede: Fix multicast mac configuration (networking-stable-19_12_28).
- qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10).
- qmi_wwan: Add support for Quectel RM500Q (bsc#1051510).
- quota: Check that quota is not dirty before release (bsc#1163858).
- quota: fix livelock in dquot_writeback_dquots (bsc#1163857).
- r8152: add missing endpoint sanity check (bsc#1051510).
- r8152: get default setting of WOL before initializing (bsc#1051510).
- random: move FIPS continuous test to output functions (bsc#1155334).
- RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
- RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ).
- regulator: Fix return value of _set_load() stub (bsc#1051510).
- regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510).
- regulator: rn5t618: fix module aliases (bsc#1051510).
- regulator: tps65910: fix a missing check of return value (bsc#1051510).
- reiserfs: Fix memory leak of journal device string (bsc#1163867).
- reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869).
- reset: fix reset_control_ops kerneldoc comment (bsc#1051510).
- resource: fix locking in find_next_iomem_res() (bsc#1114279).
- rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field)
- rpm/kernel-binary.spec.in: Replace Novell with SUSE
- rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages
- rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)
- rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling:
- rpm/kernel-subpackage-spec: Unify dependency handling.
- rpm/modules.fips: update module list (bsc#1157853)
- rsi_91x_usb: fix interface sanity check (git-fixes).
- rt2800: remove errornous duplicate condition (git-fixes).
- rtc: cmos: Stop using shared IRQ (bsc#1051510).
- rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510).
- rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510).
- rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510).
- rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510).
- rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510).
- rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510).
- rtl818x: fix potential use after free (bsc#1051510).
- rtl8xxxu: fix interface sanity check (git-fixes).
- rtlwifi: Fix MAX MPDU of VHT capability (git-fixes).
- rtlwifi: Remove redundant semicolon in wifi.h (git-fixes).
- s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179).
- s390/ftrace: save traced function caller (jsc#SLE-11179).
- s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179).
- s390/head64: correct init_task stack setup (jsc#SLE-11179).
- s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179).
- s390/kasan: avoid report in get_wchan (jsc#SLE-11179).
- s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179).
- s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510).
- s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179).
- s390/qeth: clean up page frag creation (git-fixes).
- s390/qeth: consolidate skb allocation (git-fixes).
- s390/qeth: ensure linear access to packet headers (git-fixes).
- s390/qeth: guard against runt packets (git-fixes).
- s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179).
- s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179).
- s390/test_unwind: print verbose unwinding results (jsc#SLE-11179).
- s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179).
- s390/unwind: always inline get_stack_pointer (jsc#SLE-11179).
- s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179).
- s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179).
- s390/unwind: correct stack switching during unwind (jsc#SLE-11179).
- s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179).
- s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179).
- s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179).
- s390/unwind: fix mixing regs and sp (jsc#SLE-11179).
- s390/unwind: introduce stack unwind API (jsc#SLE-11179).
- s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179).
- s390/unwind: remove stack recursion warning (jsc#SLE-11179).
- s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179).
- s390/unwind: start unwinding from reliable state (jsc#SLE-11179).
- s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179).
- s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179).
- s390/unwind: unify task is current checks (jsc#SLE-11179).
- s390: add stack switch helper (jsc#SLE-11179).
- s390: add support for virtually mapped kernel stacks (jsc#SLE-11179).
- s390: always inline current_stack_pointer() (jsc#SLE-11179).
- s390: always inline disabled_wait (jsc#SLE-11179).
- s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179).
- s390: clean up stacks setup (jsc#SLE-11179).
- s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179).
- s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179).
- s390: fine-tune stack switch helper (jsc#SLE-11179).
- s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179).
- s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179).
- s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179).
- s390: kabi workaround for reliable stack tracing (jsc#SLE-11179).
- s390: preserve kabi for stack unwind API (jsc#SLE-11179).
- s390: unify stack size definitions (jsc#SLE-11179).
- sched/fair: Add tmp_alone_branch assertion (bnc#1156462).
- sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462).
- sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462).
- sched/fair: Optimize update_blocked_averages() (bnc#1156462).
- sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132).
- scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013).
- scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013).
- scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
- scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).
- scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).
- scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).
- scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
- scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424).
- scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).
- scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
- scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).
- scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).
- scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013).
- scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).
- scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013).
- scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424).
- scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).
- scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013).
- scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013).
- scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).
- scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).
- scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013).
- scsi: zfcp: trace channel log even for FCP command responses (git-fixes).
- sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).
- sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28).
- serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510).
- serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510).
- serial: max310x: Fix tx_empty() callback (bsc#1051510).
- serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510).
- serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510).
- serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510).
- sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25).
- sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510).
- sh_eth: fix dumping ARSTR (bsc#1051510).
- sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510).
- sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510).
- sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510).
- sh_eth: fix TXALCR1 offsets (bsc#1051510).
- sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510).
- smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333).
- smb3: Fix persistent handles reconnect (bsc#1144333).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333).
- soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510).
- soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510).
- soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510).
- spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510).
- spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510).
- spi: tegra114: clear packed bit for unpacked mode (bsc#1051510).
- spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510).
- spi: tegra114: fix for unpacked mode transfers (bsc#1051510).
- spi: tegra114: flush fifos (bsc#1051510).
- spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510).
- sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632).
- stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179).
- stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179).
- stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179).
- stacktrace: Provide common infrastructure (jsc#SLE-11179).
- stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179).
- stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179).
- stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179).
- staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510).
- staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510).
- staging: rtl8188eu: fix interface sanity check (bsc#1051510).
- staging: rtl8192e: fix potential use after free (bsc#1051510).
- staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510).
- staging: rtl8723bs: Drop ACPI device ids (bsc#1051510).
- staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510).
- staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510).
- staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510).
- staging: wlan-ng: ensure error return is actually returned (bsc#1051510).
- stm class: Fix a double free of stm_source_device (bsc#1051510).
- stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702).
- stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702).
- stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702).
- stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702).
- supported.conf:
- synclink_gt(): fix compat_ioctl() (bsc#1051510).
- tcp: clear tp->packets_out when purging write queue (bsc#1160560).
- tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01).
- tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159).
- tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16).
- tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510).
- thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510).
- tipc: Avoid copying bytes beyond the supplied data (bsc#1051510).
- tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510).
- tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510).
- tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510).
- tipc: compat: allow tipc commands without arguments (bsc#1051510).
- tipc: fix a missing check of genlmsg_put (bsc#1051510).
- tipc: fix link name length check (bsc#1051510).
- tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510).
- tipc: fix skb may be leaky in tipc_link_input (bsc#1051510).
- tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510).
- tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510).
- tipc: handle the err returned from cmd header function (bsc#1051510).
- tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510).
- tipc: tipc clang warning (bsc#1051510).
- tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes).
- tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes).
- tracing: Cleanup stack trace code (jsc#SLE-11179).
- tracing: Fix tracing_stat return values in error handling paths (git-fixes).
- tracing: Fix very unlikely race of registering two stat tracers (git-fixes).
- tracing: Have the histogram compare functions convert to u64 first (bsc#1160210).
- tracing: xen: Ordered comparison of function pointers (git-fixes).
- tty/serial: atmel: Add is_half_duplex helper (bsc#1051510).
- tty: n_hdlc: fix build on SPARC (bsc#1051510).
- tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510).
- tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510).
- tty: serial: msm_serial: Fix flow control (bsc#1051510).
- tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510).
- tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510).
- tty: vt: keyboard: reject invalid keycodes (bsc#1051510).
- uaccess: Add non-pagefault user-space write function (bsc#1083647).
- ubifs: Correctly initialize c->min_log_bytes (bsc#1158641).
- ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850).
- ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856).
- ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855).
- ubifs: Limit the number of pages in shrink_liability (bsc#1158643).
- ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844).
- udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01).
- usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510).
- usb: adutux: fix interface sanity check (bsc#1051510).
- usb: Allow USB device to be warm reset in suspended state (bsc#1051510).
- usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510).
- usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510).
- usb: core: fix check for duplicate endpoints (git-fixes).
- usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510).
- usb: core: urb: fix URB structure initialization function (bsc#1051510).
- usb: documentation: flags on usb-storage versus UAS (bsc#1051510).
- usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510).
- usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510).
- usb: dwc3: ep0: Clear started flag on completion (bsc#1051510).
- usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510).
- usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes).
- usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510).
- usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510).
- usb: gadget: legacy: set max_speed to super-speed (bsc#1051510).
- usb: gadget: pch_udc: fix use after free (bsc#1051510).
- usb: gadget: u_serial: add missing port entry locking (bsc#1051510).
- usb: gadget: Zero ffs_io_data (bsc#1051510).
- usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510).
- usb: idmouse: fix interface sanity checks (bsc#1051510).
- usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510).
- usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510).
- usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510).
- usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510).
- usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510).
- usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
- usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510).
- usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510).
- usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510).
- usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510).
- usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510).
- usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510).
- usb: serial: ir-usb: fix IrLAP framing (bsc#1051510).
- usb: serial: ir-usb: fix link-speed handling (bsc#1051510).
- usb: serial: keyspan: handle unbound ports (bsc#1051510).
- usb: serial: opticon: fix control-message timeouts (bsc#1051510).
- usb: serial: option: Add support for Quectel RM500Q (bsc#1051510).
- usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes).
- usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes).
- usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes).
- usb: serial: quatech2: handle unbound ports (bsc#1051510).
- usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510).
- usb: serial: suppress driver bind attributes (bsc#1051510).
- usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510).
- usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510).
- usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510).
- usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510).
- usb: xhci: only set D3hot for pci device (bsc#1051510).
- usbip: Fix error path of vhci_recv_ret_submit() (git-fixes).
- usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510).
- vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510).
- vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01).
- video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5.
- video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5.
- vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes).
- watchdog: max77620_wdt: fix potential build errors (bsc#1051510).
- watchdog: rn5t618_wdt: fix module aliases (bsc#1051510).
- watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510).
- watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557).
- wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510).
- wireless: wext: avoid gcc -O3 warning (bsc#1051510).
- workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).
- x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619).
- x86/intel_rdt: Split resource group removal in two (bsc#1112178).
- x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).
- x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279).
- x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279).
- x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279).
- x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279).
- x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279).
- x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178).
- x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).
- x86/resctrl: Fix potential memory leak (bsc#1114279).
- x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178).
- x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279).
- x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279).
- x86/speculation: Fix redundant MDS mitigation message (bsc#1114279).
- xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917).
- xen/balloon: Support xend-based toolstack take two (bsc#1065600).
- xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600).
- xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).
- xen: Enable interrupts when calling _cond_resched() (bsc#1065600).
- xfrm: Fix transport mode skb control buffer usage (bsc#1161552).
- xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917).
- xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652).
- xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510).
- xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510).
- xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510).
- xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510).
- xhci: make sure interrupts are restored to correct state (bsc#1051510).
- zd1211rw: fix storage endpoint lookup (git-fixes).
ImportantSUSE bug 1046303SUSE bug 1050244SUSE bug 1051510SUSE bug 1051858SUSE bug 1061840SUSE bug 1065600SUSE bug 1065729SUSE bug 1071995SUSE bug 1083647SUSE bug 1085030SUSE bug 1086301SUSE bug 1086313SUSE bug 1086314SUSE bug 1088810SUSE bug 1090888SUSE bug 1104427SUSE bug 1105392SUSE bug 1111666SUSE bug 1112178SUSE bug 1112504SUSE bug 1114279SUSE bug 1115026SUSE bug 1118338SUSE bug 1120853SUSE bug 1123328SUSE bug 1127371SUSE bug 1133021SUSE bug 1133147SUSE bug 1134973SUSE bug 1140025SUSE bug 1141054SUSE bug 1142095SUSE bug 1143959SUSE bug 1144333SUSE bug 1146519SUSE bug 1146544SUSE bug 1151548SUSE bug 1151910SUSE bug 1151927SUSE bug 1152631SUSE bug 1153917SUSE bug 1154243SUSE bug 1155331SUSE bug 1155334SUSE bug 1155689SUSE bug 1156259SUSE bug 1156286SUSE bug 1156462SUSE bug 1157155SUSE bug 1157157SUSE bug 1157169SUSE bug 1157303SUSE bug 1157424SUSE bug 1157692SUSE bug 1157853SUSE bug 1157908SUSE bug 1157966SUSE bug 1158013SUSE bug 1158021SUSE bug 1158026SUSE bug 1158094SUSE bug 1158132SUSE bug 1158381SUSE bug 1158394SUSE bug 1158398SUSE bug 1158407SUSE bug 1158410SUSE bug 1158413SUSE bug 1158417SUSE bug 1158427SUSE bug 1158445SUSE bug 1158533SUSE bug 1158637SUSE bug 1158638SUSE bug 1158639SUSE bug 1158640SUSE bug 1158641SUSE bug 1158643SUSE bug 1158644SUSE bug 1158645SUSE bug 1158646SUSE bug 1158647SUSE bug 1158649SUSE bug 1158651SUSE bug 1158652SUSE bug 1158819SUSE bug 1158823SUSE bug 1158824SUSE bug 1158827SUSE bug 1158834SUSE bug 1158893SUSE bug 1158900SUSE bug 1158903SUSE bug 1158904SUSE bug 1158954SUSE bug 1159024SUSE bug 1159028SUSE bug 1159271SUSE bug 1159297SUSE bug 1159394SUSE bug 1159483SUSE bug 1159484SUSE bug 1159569SUSE bug 1159588SUSE bug 1159841SUSE bug 1159908SUSE bug 1159909SUSE bug 1159910SUSE bug 1159911SUSE bug 1159955SUSE bug 1160195SUSE bug 1160210SUSE bug 1160211SUSE bug 1160218SUSE bug 1160433SUSE bug 1160442SUSE bug 1160476SUSE bug 1160560SUSE bug 1160755SUSE bug 1160756SUSE bug 1160784SUSE bug 1160787SUSE bug 1160802SUSE bug 1160803SUSE bug 1160804SUSE bug 1160917SUSE bug 1160966SUSE bug 1160979SUSE bug 1161087SUSE bug 1161360SUSE bug 1161514SUSE bug 1161518SUSE bug 1161522SUSE bug 1161523SUSE bug 1161549SUSE bug 1161552SUSE bug 1161674SUSE bug 1161702SUSE bug 1161875SUSE bug 1161907SUSE bug 1161931SUSE bug 1161933SUSE bug 1161934SUSE bug 1161935SUSE bug 1161936SUSE bug 1161937SUSE bug 1162028SUSE bug 1162067SUSE bug 1162109SUSE bug 1162139SUSE bug 1162557SUSE bug 1162617SUSE bug 1162618SUSE bug 1162619SUSE bug 1162623SUSE bug 1162928SUSE bug 1162943SUSE bug 1163383SUSE bug 1163384SUSE bug 1163762SUSE bug 1163774SUSE bug 1163836SUSE bug 1163840SUSE bug 1163841SUSE bug 1163842SUSE bug 1163843SUSE bug 1163844SUSE bug 1163845SUSE bug 1163846SUSE bug 1163849SUSE bug 1163850SUSE bug 1163851SUSE bug 1163852SUSE bug 1163853SUSE bug 1163855SUSE bug 1163856SUSE bug 1163857SUSE bug 1163858SUSE bug 1163859SUSE bug 1163860SUSE bug 1163861SUSE bug 1163862SUSE bug 1163863SUSE bug 1163867SUSE bug 1163869SUSE bug 1163880SUSE bug 1163971SUSE bug 1164069SUSE bug 1164098SUSE bug 1164115SUSE bug 1164314SUSE bug 1164315SUSE bug 1164388SUSE bug 1164471SUSE bug 1164632SUSE bug 1164705SUSE bug 1164712SUSE bug 1164727SUSE bug 1164728SUSE bug 1164729SUSE bug 1164730SUSE bug 1164731SUSE bug 1164732SUSE bug 1164733SUSE bug 1164734SUSE bug 1164735CVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-15213 at SUSECVE-2019-15213 at NVDCVE-2019-16994 at SUSECVE-2019-16994 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-19036 at SUSECVE-2019-19036 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19318 at SUSECVE-2019-19318 at NVDCVE-2019-19319 at SUSECVE-2019-19319 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19527 at SUSECVE-2019-19527 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19530 at SUSECVE-2019-19530 at NVDCVE-2019-19531 at SUSECVE-2019-19531 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19535 at SUSECVE-2019-19535 at NVDCVE-2019-19536 at SUSECVE-2019-19536 at NVDCVE-2019-19537 at SUSECVE-2019-19537 at NVDCVE-2019-19543 at SUSECVE-2019-19543 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-19966 at SUSECVE-2019-19966 at NVDCVE-2019-20054 at SUSECVE-2019-20054 at NVDCVE-2019-20095 at SUSECVE-2019-20095 at NVDCVE-2019-20096 at SUSECVE-2019-20096 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-7053 at SUSECVE-2020-7053 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDcpe:/o:suse:sles:12:sp4Recommended update for permissions (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for permissions fixes the following issues:
- CVE-2020-8013: Fixed an improper check which could have allowed the
setting of unintented setuid bits (bsc#1163922).
- Fixed handling of relative directory symlinks in chkstat.
- Whitelisted postgres sticky directories (bsc#1123886).
- Fixed regression where chkstat broke when /proc was not available
(bsc#1160764, bsc#1160594)
- Fixed capability handling when doing multiple permission changes
at once (bsc#1161779)
ModerateSUSE bug 1123886SUSE bug 1160594SUSE bug 1160764SUSE bug 1161779SUSE bug 1163922CVE-2020-8013 at SUSECVE-2020-8013 at NVDcpe:/o:suse:sles:12:sp4Security update for librsvg (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for librsvg to version 2.40.21 fixes the following issues:
librsvg was updated to version 2.40.21 fixing the following issues:
- CVE-2019-20446: Fixed an issue where a crafted SVG file with nested
patterns can cause denial of service (bsc#1162501).
NOTE: Librsvg now has limits on the number of loaded XML elements,
and the number of referenced elements within an SVG document.
- Fixed a stack exhaustion with circular references in <use>
elements.
- Fixed a denial-of-service condition from exponential explosion
of rendered elements, through nested use of SVG 'use' elements in
malicious SVGs.
ModerateSUSE bug 1162501CVE-2019-20446 at SUSECVE-2019-20446 at NVDcpe:/o:suse:sles:12:sp4Security update for gd (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for gd fixes the following issues:
- CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241).
- CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471).
- CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).
ModerateSUSE bug 1050241SUSE bug 1140120SUSE bug 1165471CVE-2017-7890 at SUSECVE-2017-7890 at NVDCVE-2018-14553 at SUSECVE-2018-14553 at NVDCVE-2019-11038 at SUSECVE-2019-11038 at NVDcpe:/o:suse:sles:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4
This update for java-1_7_0-openjdk fixes the following issues:
Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968):
- CVE-2020-2583: Unlink Set of LinkedHashSets
- CVE-2020-2590: Improve Kerberos interop capabilities
- CVE-2020-2593: Normalize normalization for all
- CVE-2020-2601: Better Ticket Granting Services
- CVE-2020-2604: Better serial filter handling
- CVE-2020-2659: Enhance datagram socket support
- CVE-2020-2654: Improve Object Identifier Processing
ImportantSUSE bug 1160968CVE-2020-2583 at SUSECVE-2020-2583 at NVDCVE-2020-2590 at SUSECVE-2020-2590 at NVDCVE-2020-2593 at SUSECVE-2020-2593 at NVDCVE-2020-2601 at SUSECVE-2020-2601 at NVDCVE-2020-2604 at SUSECVE-2020-2604 at NVDCVE-2020-2654 at SUSECVE-2020-2654 at NVDCVE-2020-2659 at SUSECVE-2020-2659 at NVDcpe:/o:suse:sles:12:sp4Security update for ipmitool (Important)SUSE Linux Enterprise Server 12 SP4
This update for ipmitool fixes the following issues:
- CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities (bsc#1163026).
- picmg discover messages are now DEBUG and not INFO messages (bsc#1085469).
ImportantSUSE bug 1085469SUSE bug 1163026CVE-2020-5208 at SUSECVE-2020-5208 at NVDcpe:/o:suse:sles:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4
This update for tomcat to version 9.0.31 fixes the following issues:
Security issues fixed:
- CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams (bsc#1139924).
- CVE-2019-12418: Fixed a local privilege escalation by manipulating the RMI registry (bsc#1159723).
- CVE-2019-17563: Fixed a session fixation attack when using FORM authentication (bsc#1159729).
- CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling (bsc#1164825).
- CVE-2020-1935: Fixed an HTTP Request Smuggling issue (bsc#1164860).
- CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692).
ImportantSUSE bug 1139924SUSE bug 1159723SUSE bug 1159729SUSE bug 1164692SUSE bug 1164825SUSE bug 1164860CVE-2019-10072 at SUSECVE-2019-10072 at NVDCVE-2019-12418 at SUSECVE-2019-12418 at NVDCVE-2019-17563 at SUSECVE-2019-17563 at NVDCVE-2019-17569 at SUSECVE-2019-17569 at NVDCVE-2020-1935 at SUSECVE-2020-1935 at NVDCVE-2020-1938 at SUSECVE-2020-1938 at NVDcpe:/o:suse:sles:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4
This update for squid fixes the following issues:
- CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689).
- CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326).
- CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329).
- CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328).
- CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323).
- CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).
- CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687).
- CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687).
- CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691).
ImportantSUSE bug 1156323SUSE bug 1156324SUSE bug 1156326SUSE bug 1156328SUSE bug 1156329SUSE bug 1162687SUSE bug 1162689SUSE bug 1162691CVE-2019-12523 at SUSECVE-2019-12523 at NVDCVE-2019-12526 at SUSECVE-2019-12526 at NVDCVE-2019-12528 at SUSECVE-2019-12528 at NVDCVE-2019-18676 at SUSECVE-2019-18676 at NVDCVE-2019-18677 at SUSECVE-2019-18677 at NVDCVE-2019-18678 at SUSECVE-2019-18678 at NVDCVE-2019-18679 at SUSECVE-2019-18679 at NVDCVE-2020-8449 at SUSECVE-2020-8449 at NVDCVE-2020-8450 at SUSECVE-2020-8450 at NVDCVE-2020-8517 at SUSECVE-2020-8517 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 68.4.1 ESR
* Fixed: Security fix
MFSA 2020-03 (bsc#1160498)
* CVE-2019-17026 (bmo#1607443)
IonMonkey type confusion with StoreElementHole and
FallibleStoreElement
- Firefox Extended Support Release 68.4.0 ESR
* Fixed: Various security fixes
MFSA 2020-02 (bsc#1160305)
* CVE-2019-17015 (bmo#1599005)
Memory corruption in parent process during new content
process initialization on Windows
* CVE-2019-17016 (bmo#1599181)
Bypass of @namespace CSS sanitization during pasting
* CVE-2019-17017 (bmo#1603055)
Type Confusion in XPCVariant.cpp
* CVE-2019-17021 (bmo#1599008)
Heap address disclosure in parent process during content
process initialization on Windows
* CVE-2019-17022 (bmo#1602843)
CSS sanitization does not escape HTML tags
* CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605,
bmo#1601826)
Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
ImportantSUSE bug 1160305SUSE bug 1160498CVE-2019-17015 at SUSECVE-2019-17015 at NVDCVE-2019-17016 at SUSECVE-2019-17016 at NVDCVE-2019-17017 at SUSECVE-2019-17017 at NVDCVE-2019-17021 at SUSECVE-2019-17021 at NVDCVE-2019-17022 at SUSECVE-2019-17022 at NVDCVE-2019-17024 at SUSECVE-2019-17024 at NVDCVE-2019-17026 at SUSECVE-2019-17026 at NVDcpe:/o:suse:sles:12:sp4Security update for ovmf (Low)SUSE Linux Enterprise Server 12 SP4
This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959).
- CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences (bsc#1153072).
- CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927).
- CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969).
- Enabled HTTPS-over-IPv6 (bsc#1153072).
LowSUSE bug 1153072SUSE bug 1163927SUSE bug 1163959SUSE bug 1163969CVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDcpe:/o:suse:sles:12:sp4Security update for apache2-mod_auth_openidc (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2019-20479: Fixed an open redirect issue in URLs with slash and backslash (bsc#1164459).
ModerateSUSE bug 1164459CVE-2019-20479 at SUSECVE-2019-20479 at NVDcpe:/o:suse:sles:12:sp4Security update for postgresql10 (Low)SUSE Linux Enterprise Server 12 SP4
This update for postgresql10 fixes the following issues:
PostgreSQL was updated to version 10.12.
Security issue fixed:
- CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985).
LowSUSE bug 1163985CVE-2020-1720 at SUSECVE-2020-1720 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238)
- CVE-2020-6805: Fixed a use-after-free when removing data about origins
- CVE-2020-6806: Fixed improper protections against state confusion
- CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction
- CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully
escape website-controlled data potentially leading to command injection
- CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init
- CVE-2020-6812: Fixed an issue where the names of AirPods with personally
identifiable information were exposed to websites with camera or microphone
permission
- CVE-2020-6814: Fixed multiple memory safety bugs
- Fixed an issue with minimizing a window (bsc#1132665).
ImportantSUSE bug 1132665SUSE bug 1166238CVE-2019-20503 at SUSECVE-2019-20503 at NVDCVE-2020-6805 at SUSECVE-2020-6805 at NVDCVE-2020-6806 at SUSECVE-2020-6806 at NVDCVE-2020-6807 at SUSECVE-2020-6807 at NVDCVE-2020-6811 at SUSECVE-2020-6811 at NVDCVE-2020-6812 at SUSECVE-2020-6812 at NVDCVE-2020-6814 at SUSECVE-2020-6814 at NVDcpe:/o:suse:sles:12:sp4Security update for libzypp (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
ModerateSUSE bug 1158763CVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sles:12:sp4Security update for python-cffi, python-cryptography (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python-cffi, python-cryptography fixes the following issues:
Security issue fixed:
- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820).
Non-security issues fixed:
python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598):
- fixed a build failure on i586 (bsc#1111657)
- Salt was unable to highstate in snapshot 20171129 (bsc#1070737)
- Update pytest in spec to add c directory tests in addition to
testing directory.
- update to version 1.11.2:
* Fix Windows issue with managing the thread-state on CPython 3.0 to
3.5
- Update pytest in spec to add c directory tests in addition to
testing directory.
- Omit test_init_once_multithread tests as they rely on multiple
threads finishing in a given time. Returns sporadic pass/fail
within build.
- Update to 1.11.1:
* Fix tests, remove deprecated C API usage
* Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary
extensions (cpython issue #29943)
* Fix for 3.7.0a1+
- Update to 1.11.0:
* Support the modern standard types char16_t and char32_t. These
work like wchar_t: they represent one unicode character, or when
used as charN_t * or charN_t[] they represent a unicode string.
The difference with wchar_t is that they have a known, fixed
size. They should work at all places that used to work with
wchar_t (please report an issue if I missed something). Note
that with set_source(), you need to make sure that these types
are actually defined by the C source you provide (if used in
cdef()).
* Support the C99 types float _Complex and double _Complex. Note
that libffi doesn't support them, which means that in the ABI
mode you still cannot call C functions that take complex
numbers directly as arguments or return type.
* Fixed a rare race condition when creating multiple FFI instances
from multiple threads. (Note that you aren't meant to create
many FFI instances: in inline mode, you should write
ffi = cffi.FFI() at module level just after import cffi; and in
out-of-line mode you don't instantiate FFI explicitly at all.)
* Windows: using callbacks can be messy because the CFFI internal
error messages show up to stderr-but stderr goes nowhere in many
applications. This makes it particularly hard to get started
with the embedding mode. (Once you get started, you can at least
use @ffi.def_extern(onerror=...) and send the error logs where
it makes sense for your application, or record them in log
files, and so on.) So what is new in CFFI is that now, on
Windows CFFI will try to open a non-modal MessageBox (in addition
to sending raw messages to stderr). The MessageBox is only
visible if the process stays alive: typically, console
applications that crash close immediately, but that is also the
situation where stderr should be visible anyway.
* Progress on support for callbacks in NetBSD.
* Functions returning booleans would in some case still return 0
or 1 instead of False or True. Fixed.
* ffi.gc() now takes an optional third parameter, which gives an
estimate of the size (in bytes) of the object. So far, this is
only used by PyPy, to make the next GC occur more quickly
(issue #320). In the future, this might have an effect on
CPython too (provided the CPython issue 31105 is addressed).
* Add a note to the documentation: the ABI mode gives function
objects that are slower to call than the API mode does. For
some reason it is often thought to be faster. It is not!
- Update to 1.10.1:
* Fixed the line numbers reported in case of cdef() errors. Also,
I just noticed, but pycparser always supported the preprocessor
directive # 42 'foo.h' to mean 'from the next line, we're in
file foo.h starting from line 42';, which it puts in the error
messages.
- update to 1.10.0:
* Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()
to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)
where most of the time you never touch most of the array.
* Some OS/X build fixes ('only with Xcode but without CLT';).
* Improve a couple of error messages: when getting mismatched versions of
cffi and its backend; and when calling functions which cannot be called with
libffi because an argument is a struct that is 'too complicated'; (and not
a struct pointer, which always works).
* Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)
* Implemented the remaining cases for ffi.from_buffer. Now all
buffer/memoryview objects can be passed. The one remaining check is against
passing unicode strings in Python 2. (They support the buffer interface, but
that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the
times not what you expect. In Python 3 this has been fixed and the unicode
strings don't support the memoryview interface any more.)
* The C type _Bool or bool now converts to a Python boolean when reading,
instead of the content of the byte as an integer. The potential
incompatibility here is what occurs if the byte contains a value different
from 0 and 1. Previously, it would just return it; with this change, CFFI
raises an exception in this case. But this case means 'undefined behavior';
in C; if you really have to interface with a library relying on this,
don't use bool in the CFFI side. Also, it is still valid to use a byte
string as initializer for a bool[], but now it must only contain \x00 or
\x01. As an aside, ffi.string() no longer works on bool[] (but it never made
much sense, as this function stops at the first zero).
* ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works
like before but is the constructor of that type.
* ffi.addressof(lib, 'name') now works also in in-line mode, not only in
out-of-line mode. This is useful for taking the address of global variables.
* Issue #255: cdata objects of a primitive type (integers, floats, char) are
now compared and ordered by value. For example, <cdata 'int' 42> compares
equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,
<cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it
compares smaller, because -1 < 4294967295.
* PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';,
causing the GC to run too infrequently if you call ffi.new() very often
and/or with large arrays. Fixed in PyPy 5.7.
* Support in ffi.cdef() for numeric expressions with + or -. Assumes that
there is no overflow; it should be fixed first before we add more general
support for arbitrary arithmetic on constants.
- do not generate HTML documentation for packages that are indirect
dependencies of Sphinx
(see docs at https://cffi.readthedocs.org/ )
- update to 1.9.1
- Structs with variable-sized arrays as their last field: now we track the
length of the array after ffi.new() is called, just like we always tracked
the length of ffi.new('int[]', 42). This lets us detect out-of-range
accesses to array items. This also lets us display a better repr(), and
have the total size returned by ffi.sizeof() and ffi.buffer(). Previously
both functions would return a result based on the size of the declared
structure type, with an assumed empty array. (Thanks andrew for starting
this refactoring.)
- Add support in cdef()/set_source() for unspecified-length arrays in
typedefs: typedef int foo_t[...];. It was already supported for global
variables or structure fields.
- I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has
no values explicitly defined: refusing to guess which integer type it is
meant to be (unsigned/signed, int/long). Now I'm turning it back to a
warning again; it seems that guessing that the enum has size int is a
99%-safe bet. (But not 100%, so it stays as a warning.)
- Fix leaks in the code handling FILE * arguments. In CPython 3 there is a
remaining issue that is hard to fix: if you pass a Python file object to a
FILE * argument, then os.dup() is used and the new file descriptor is only
closed when the GC reclaims the Python file object-and not at the earlier
time when you call close(), which only closes the original file descriptor.
If this is an issue, you should avoid this automatic convertion of Python
file objects: instead, explicitly manipulate file descriptors and call
fdopen() from C (...via cffi).
- When passing a void * argument to a function with a different pointer type,
or vice-versa, the cast occurs automatically, like in C. The same occurs
for initialization with ffi.new() and a few other places. However, I
thought that char * had the same property-but I was mistaken. In C you get
the usual warning if you try to give a char * to a char ** argument, for
example. Sorry about the confusion. This has been fixed in CFFI by giving
for now a warning, too. It will turn into an error in a future version.
- Issue #283: fixed ffi.new() on structures/unions with nested anonymous
structures/unions, when there is at least one union in the mix. When
initialized with a list or a dict, it should now behave more closely like
the { } syntax does in GCC.
- CPython 3.x: experimental: the generated C extension modules now use the
'limited API';, which means that, as a compiled .so/.dll, it should work
directly on any version of CPython >= 3.2. The name produced by distutils
is still version-specific. To get the version-independent name, you can
rename it manually to NAME.abi3.so, or use the very recent setuptools 26.
- Added ffi.compile(debug=...), similar to python setup.py build --debug but
defaulting to True if we are running a debugging version of Python itself.
- Removed the restriction that ffi.from_buffer() cannot be used on byte
strings. Now you can get a char * out of a byte string, which is valid as
long as the string object is kept alive. (But don't use it to modify the
string object! If you need this, use bytearray or other official
techniques.)
- PyPy 5.4 can now pass a byte string directly to a char * argument (in older
versions, a copy would be made). This used to be a CPython-only
optimization.
- ffi.gc(p, None) removes the destructor on an object previously created by
another call to ffi.gc()
- bool(ffi.cast('primitive type', x)) now returns False if the value is zero
(including -0.0), and True otherwise. Previously this would only return
False for cdata objects of a pointer type when the pointer is NULL.
- bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason
it was not supported was that it was hard to do in PyPy, but it works since
PyPy 5.3.) To call a C function with a char * argument from a buffer
object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)).
Additionally, this is now supported: p[0:length] = bytearray-object. The
problem with this was that a iterating over bytearrays gives numbers
instead of characters. (Now it is implemented with just a memcpy, of
course, not actually iterating over the characters.)
- C++: compiling the generated C code with C++ was supposed to work, but
failed if you make use the bool type (because that is rendered as the C
_Bool type, which doesn't exist in C++).
- help(lib) and help(lib.myfunc) now give useful information, as well as
dir(p) where p is a struct or pointer-to-struct.
- update for multipython build
- disable 'negative left shift' warning in test suite to prevent
failures with gcc6, until upstream fixes the undefined code
in question (bsc#981848)
- Update to version 1.6.0:
* ffi.list_types()
* ffi.unpack()
* extern 'Python+C';
* in API mode, lib.foo.__doc__ contains the C signature now.
* Yet another attempt at robustness of ffi.def_extern() against
CPython's interpreter shutdown logic.
- Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)
- Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
- Add proper conditional for the python2, the ifpython works only
for the requires/etc
- add missing dependency on python ssl
- update to version 2.1.4:
* Added X509_up_ref for an upcoming pyOpenSSL release.
- update to version 2.1.3:
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
OpenSSL 1.1.0g.
- update to version 2.1.2:
* Corrected a bug with the manylinux1 wheels where OpenSSL's stack
was marked executable.
- fix BuildRequires conditions for python3
- update to 2.1.1
- Fix cffi version requirement.
- Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478)
- update to 2.0.3
- update to 2.0.2
- update to 2.0
- update to 1.9
- add python-packaging to requirements explicitly instead of relying
on setuptools to pull it in
- Switch to singlespec approach
- update to 1.8.1
- Adust Requires and BuildRequires ModerateSUSE bug 1055478SUSE bug 1070737SUSE bug 1101820SUSE bug 1111657SUSE bug 1138748SUSE bug 1149792SUSE bug 981848CVE-2018-10903 at SUSECVE-2018-10903 at NVDcpe:/o:suse:sles:12:sp4Security update for spamassassin (Important)SUSE Linux Enterprise Server 12 SP4
This update for spamassassin fixes the following issues:
- CVE-2018-11805: Fixed an issue with delimiter handling in rule files
related to is_regexp_valid() (bsc#1118987).
- CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which
can be configured to run system commands (bsc#1162197).
- CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which
can be configured to run system commands with warnings (bsc#1162200).
ImportantSUSE bug 1118987SUSE bug 1162197SUSE bug 1162200CVE-2018-11805 at SUSECVE-2018-11805 at NVDCVE-2020-1930 at SUSECVE-2020-1930 at NVDCVE-2020-1931 at SUSECVE-2020-1931 at NVDcpe:/o:suse:sles:12:sp4Security update for glibc (Important)SUSE Linux Enterprise Server 12 SP4
This update for glibc fixes the following issues:
- CVE-2020-1752: Fixed a use after free in glob which could have allowed
a local attacker to create a specially crafted path that, when processed
by the glob function, could potentially have led to arbitrary code execution
(bsc#1167631).
- CVE-2020-1751: Fixed an array overflow in backtrace for PowerPC (bsc#1158996).
- CVE-2020-10029: Fixed a stack buffer overflow during range reduction (bsc#1165784).
- Use 'posix_spawn' on popen preventing crash caused by 'subprocess'. (bsc#1149332, BZ #22834)
- Fix handling of needles crossing a page, preventing incorrect results to return during the cross page boundary search. (bsc#1157893, BZ #25226)
ImportantSUSE bug 1149332SUSE bug 1157893SUSE bug 1158996SUSE bug 1165784SUSE bug 1167631CVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDcpe:/o:suse:sles:12:sp4Security update for memcached (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for memcached fixes the following issues:
Security issue fixed:
- CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817).
- CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110).
ModerateSUSE bug 1133817SUSE bug 1149110CVE-2019-11596 at SUSECVE-2019-11596 at NVDCVE-2019-15026 at SUSECVE-2019-15026 at NVDcpe:/o:suse:sles:12:sp4Security update for mgetty (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mgetty fixes the following issues:
- CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770).
ModerateSUSE bug 1142770CVE-2019-1010190 at SUSECVE-2019-1010190 at NVDcpe:/o:suse:sles:12:sp4Security update for python3 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for python3 fixes the following issue:
- CVE-2019-18348: Fixed a CRLF injection via the host part
of the url passed to urlopen(). Now an InvalidURL exception
is raised (bsc#1155094).
- CVE-2019-9674: Improved the documentation to reflect the
dangers of zip-bombs (bsc#1162825).
- CVE-2020-8492: Fixed a regular expression in urllib that
was prone to denial of service via HTTP (bsc#1162367).
- Fixed an issue with version missmatch (bsc#1162224).
- Rename idle icons to idle3 in order to not conflict with python2
variant of the package. (bsc#1165894)
ModerateSUSE bug 1155094SUSE bug 1162224SUSE bug 1162367SUSE bug 1162825SUSE bug 1165894CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDcpe:/o:suse:sles:12:sp4Security update for exiv2 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for exiv2 fixes the following issues:
- CVE-2018-17581: Fixed an excessive stack consumption in CiffDirectory:readDirectory()
which might have led to denial of service (bsc#1110282).
- CVE-2019-13110: Fixed an integer overflow and an out of bounds read in
CiffDirectory:readDirectory which might have led to denial of service (bsc#1142678).
- CVE-2019-13113: Fixed a potential denial of service via an invalid data location
in a CRW image (bsc#1142683).
- CVE-2019-17402: Fixed an improper validation of the relationship of the total
size to the offset and size in Exiv2::getULong (bsc#1153577).
- CVE-2019-20421: Fixed an infinite loop triggered via an input file (bsc#1161901).
- CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).
ModerateSUSE bug 1040973SUSE bug 1110282SUSE bug 1142678SUSE bug 1142683SUSE bug 1153577SUSE bug 1161901CVE-2017-9239 at SUSECVE-2017-9239 at NVDCVE-2018-17581 at SUSECVE-2018-17581 at NVDCVE-2019-13110 at SUSECVE-2019-13110 at NVDCVE-2019-13113 at SUSECVE-2019-13113 at NVDCVE-2019-17402 at SUSECVE-2019-17402 at NVDCVE-2019-20421 at SUSECVE-2019-20421 at NVDcpe:/o:suse:sles:12:sp4Security update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.47.1:
Security issues fixed:
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527).
- CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322).
mozilla-nspr was updated to version 4.23:
- Whitespace in C files was cleaned up and no longer uses tab characters for indenting.
ModerateSUSE bug 1141322SUSE bug 1158527SUSE bug 1159819CVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDcpe:/o:suse:sles:12:sp4Security update for libpng12 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libpng12 fixes the following issues:
Security issue fixed:
- CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).
ModerateSUSE bug 1141493CVE-2017-12652 at SUSECVE-2017-12652 at NVDcpe:/o:suse:sles:12:sp4Security update for libxslt (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for libxslt fixes the following issue:
- CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).
ModerateSUSE bug 1154609CVE-2019-18197 at SUSECVE-2019-18197 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox fixes the following issues:
- Mozilla Firefox 68.6.1esr
MFSA 2020-11 (bsc#1168630)
* CVE-2020-6819 (bmo#1620818)
Use-after-free while running the nsDocShell destructor
* CVE-2020-6820 (bmo#1626728)
Use-after-free when handling a ReadableStream
ImportantSUSE bug 1168630CVE-2020-6819 at SUSECVE-2020-6819 at NVDCVE-2020-6820 at SUSECVE-2020-6820 at NVDcpe:/o:suse:sles:12:sp4Security update for vino (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for vino fixes the following issues:
- CVE-2019-15681: Fixed a memory leak which could have allowed to a
remote attacker to read stack memory (bsc#1155419).
ModerateSUSE bug 1155419CVE-2019-15681 at SUSECVE-2019-15681 at NVDcpe:/o:suse:sles:12:sp4Security update for ceph (Important)SUSE Linux Enterprise Server 12 SP4
This update for ceph fixes the following issues:
- CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting (bsc#1166484).
ImportantSUSE bug 1166484CVE-2020-1760 at SUSECVE-2020-1760 at NVDcpe:/o:suse:sles:12:sp4Security update for djvulibre (Low)SUSE Linux Enterprise Server 12 SP4
This update for djvulibre fixes the following issues:
- CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188).
LowSUSE bug 1156188CVE-2019-18804 at SUSECVE-2019-18804 at NVDcpe:/o:suse:sles:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4
This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues:
- CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874).
- CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874).
- CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874).
- CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874).
- CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874).
ImportantSUSE bug 1168874CVE-2020-6821 at SUSECVE-2020-6821 at NVDCVE-2020-6822 at SUSECVE-2020-6822 at NVDCVE-2020-6825 at SUSECVE-2020-6825 at NVDCVE-2020-6827 at SUSECVE-2020-6827 at NVDCVE-2020-6828 at SUSECVE-2020-6828 at NVDcpe:/o:suse:sles:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4
This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).
- CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250).
- CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809).
- CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247).
- CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
Bug fixes:
- Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277).
- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430).
ModerateSUSE bug 1133925SUSE bug 1140277SUSE bug 1150003SUSE bug 1150247SUSE bug 1150250SUSE bug 1158809CVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDcpe:/o:suse:sles:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4
This update for git fixes the following issues:
Security issue fixed:
- CVE-2020-5260: With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for a wrong host (bsc#1168930).
Non-security issue fixed:
git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608):
- the xinetd snippet was removed
- the System V init script for the git-daemon was replaced by a systemd
service file of the same name.
git 2.26.0:
* 'git rebase' now uses a different backend that is based on the
'merge' machinery by default. The 'rebase.backend' configuration
variable reverts to old behaviour when set to 'apply'
* Improved handling of sparse checkouts
* Improvements to many commands and internal features
git 2.25.1:
* 'git commit' now honors advise.statusHints
* various updates, bug fixes and documentation updates
git 2.25.0:
* The branch description ('git branch --edit-description') has been
used to fill the body of the cover letters by the format-patch
command; this has been enhanced so that the subject can also be
filled.
* A few commands learned to take the pathspec from the standard input
or a named file, instead of taking it as the command line
arguments, with the '--pathspec-from-file' option.
* Test updates to prepare for SHA-2 transition continues.
* Redo 'git name-rev' to avoid recursive calls.
* When all files from some subdirectory were renamed to the root
directory, the directory rename heuristics would fail to detect that
as a rename/merge of the subdirectory to the root directory, which has
been corrected.
* HTTP transport had possible allocator/deallocator mismatch, which
has been corrected.
git 2.24.1:
* CVE-2019-1348: The --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=...
and it allows overwriting arbitrary paths (bsc#1158785)
* CVE-2019-1349: on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled
into using the same Git directory twice (bsc#1158787)
* CVE-2019-1350: Incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in
conjunction with SSH URLs (bsc#1158788)
* CVE-2019-1351: on Windows mistakes drive letters outside of
the US-English alphabet as relative paths (bsc#1158789)
* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
Streams (bsc#1158790)
* CVE-2019-1353: when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active (bsc#1158791)
* CVE-2019-1354: on Windows refuses to write tracked files with
filenames that contain backslashes (bsc#1158792)
* CVE-2019-1387: Recursive clones vulnerability that is caused
by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive
clones (bsc#1158793)
* CVE-2019-19604: a recursive clone followed by a submodule
update could execute code contained within the repository
without the user explicitly having asked for that (bsc#1158795)
- Fix building with asciidoctor and without DocBook4 stylesheets.
git 2.24.0
* The command line parser learned '--end-of-options' notation.
* A mechanism to affect the default setting for a (related) group of
configuration variables is introduced.
* 'git fetch' learned '--set-upstream' option to help those who first
clone from their private fork they intend to push to, add the true
upstream via 'git remote add' and then 'git fetch' from it.
* fixes and improvements to UI, workflow and features, bash completion fixes
* part of it merged upstream
* the Makefile attempted to download some documentation, banned
git 2.23.0:
* The '--base' option of 'format-patch' computed the patch-ids for
prerequisite patches in an unstable way, which has been updated
to compute in a way that is compatible with 'git patch-id
--stable'.
* The 'git log' command by default behaves as if the --mailmap
option was given.
* fixes and improvements to UI, workflow and features
git 2.22.1:
* A relative pathname given to 'git init --template=<path> <repo>'
ought to be relative to the directory 'git init' gets invoked in,
but it instead was made relative to the repository, which has been
corrected.
* 'git worktree add' used to fail when another worktree connected to
the same repository was corrupt, which has been corrected.
* 'git am -i --resolved' segfaulted after trying to see a commit as
if it were a tree, which has been corrected.
* 'git merge --squash' is designed to update the working tree and the
index without creating the commit, and this cannot be countermanded
by adding the '--commit' option; the command now refuses to work
when both options are given.
* Update to Unicode 12.1 width table.
* 'git request-pull' learned to warn when the ref we ask them to pull
from in the local repository and in the published repository are
different.
* 'git fetch' into a lazy clone forgot to fetch base objects that are
necessary to complete delta in a thin packfile, which has been
corrected.
* The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.
* 'git clean' silently skipped a path when it cannot lstat() it; now
it gives a warning.
* 'git rm' to resolve a conflicted path leaked an internal message
'needs merge' before actually removing the path, which was
confusing. This has been corrected.
* Many more bugfixes and code cleanups.
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
git 2.22.0:
* The filter specification '--filter=sparse:path=<path>' used to
create a lazy/partial clone has been removed. Using a blob that is
part of the project as sparse specification is still supported with
the '--filter=sparse:oid=<blob>' option
* 'git checkout --no-overlay' can be used to trigger a new mode of
checking out paths out of the tree-ish, that allows paths that
match the pathspec that are in the current index and working tree
and are not in the tree-ish.
* Four new configuration variables {author,committer}.{name,email}
have been introduced to override user.{name,email} in more specific
cases.
* 'git branch' learned a new subcommand '--show-current'.
* The command line completion (in contrib/) has been taught to
complete more subcommand parameters.
* The completion helper code now pays attention to repository-local
configuration (when available), which allows --list-cmds to honour
a repository specific setting of completion.commands, for example.
* The list of conflicted paths shown in the editor while concluding a
conflicted merge was shown above the scissors line when the
clean-up mode is set to 'scissors', even though it was commented
out just like the list of updated paths and other information to
help the user explain the merge better.
* 'git rebase' that was reimplemented in C did not set ORIG_HEAD
correctly, which has been corrected.
* 'git worktree add' used to do a 'find an available name with stat
and then mkdir', which is race-prone. This has been fixed by using
mkdir and reacting to EEXIST in a loop.
- update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)
git 2.21.0:
* Historically, the '-m' (mainline) option can only be used for 'git
cherry-pick' and 'git revert' when working with a merge commit.
This version of Git no longer warns or errors out when working with
a single-parent commit, as long as the argument to the '-m' option
is 1 (i.e. it has only one parent, and the request is to pick or
revert relative to that first parent). Scripts that relied on the
behaviour may get broken with this change.
* Small fixes and features for fast-export and fast-import.
* The 'http.version' configuration variable can be used with recent
enough versions of cURL library to force the version of HTTP used
to talk when fetching and pushing.
* 'git push $there $src:$dst' rejects when $dst is not a fully
qualified refname and it is not clear what the end user meant.
* Update 'git multimail' from the upstream.
* A new date format '--date=human' that morphs its output depending
on how far the time is from the current time has been introduced.
'--date=auto:human' can be used to use this new format (or any
existing format) when the output is going to the pager or to the
terminal, and otherwise the default format.
- Fix worktree creation race (bsc#1114225).
git 2.20.1:
* portability fixes
* 'git help -a' did not work well when an overly long alias was
defined
* no longer squelched an error message when the run_command API
failed to run a missing command
git 2.20.0:
* 'git help -a' now gives verbose output (same as 'git help -av').
Those who want the old output may say 'git help --no-verbose -a'..
* 'git send-email' learned to grab address-looking string on any
trailer whose name ends with '-by'.
* 'git format-patch' learned new '--interdiff' and '--range-diff'
options to explain the difference between this version and the
previous attempt in the cover letter (or after the three-dashes as
a comment).
* Developer builds now use -Wunused-function compilation option.
* Fix a bug in which the same path could be registered under multiple
worktree entries if the path was missing (for instance, was removed
manually). Also, as a convenience, expand the number of cases in
which --force is applicable.
* The overly large Documentation/config.txt file have been split into
million little pieces. This potentially allows each individual piece
to be included into the manual page of the command it affects more easily.
* Malformed or crafted data in packstream can make our code attempt
to read or write past the allocated buffer and abort, instead of
reporting an error, which has been fixed.
* Fix for a long-standing bug that leaves the index file corrupt when
it shrinks during a partial commit.
* 'git merge' and 'git pull' that merges into an unborn branch used
to completely ignore '--verify-signatures', which has been
corrected.
* ...and much more features and fixes
- fix CVE-2018-19486 (bsc#1117257)
git 2.19.2:
* various bug fixes for multiple subcommands and operations
git 2.19.1:
* CVE-2018-17456: Specially crafted .gitmodules files may have
allowed arbitrary code execution when the repository is cloned
with --recurse-submodules (bsc#1110949)
git 2.19.0:
* 'git diff' compares the index and the working tree. For paths
added with intent-to-add bit, the command shows the full contents
of them as added, but the paths themselves were not marked as new
files. They are now shown as new by default.
* 'git apply' learned the '--intent-to-add' option so that an
otherwise working-tree-only application of a patch will add new
paths to the index marked with the 'intent-to-add' bit.
* 'git grep' learned the '--column' option that gives not just the
line number but the column number of the hit.
* The '-l' option in 'git branch -l' is an unfortunate short-hand for
'--create-reflog', but many users, both old and new, somehow expect
it to be something else, perhaps '--list'. This step warns when '-l'
is used as a short-hand for '--create-reflog' and warns about the
future repurposing of the it when it is used.
* The userdiff pattern for .php has been updated.
* The content-transfer-encoding of the message 'git send-email' sends
out by default was 8bit, which can cause trouble when there is an
overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
automatically switch to quoted-printable when there is such a line
in the payload has been introduced and is made the default.
* 'git checkout' and 'git worktree add' learned to honor
checkout.defaultRemote when auto-vivifying a local branch out of a
remote tracking branch in a repository with multiple remotes that
have tracking branches that share the same names.
(merge 8d7b558bae ab/checkout-default-remote later to maint).
* 'git grep' learned the '--only-matching' option.
* 'git rebase --rebase-merges' mode now handles octopus merges as
well.
* Add a server-side knob to skip commits in exponential/fibbonacci
stride in an attempt to cover wider swath of history with a smaller
number of iterations, potentially accepting a larger packfile
transfer, instead of going back one commit a time during common
ancestor discovery during the 'git fetch' transaction.
(merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).
* A new configuration variable core.usereplacerefs has been added,
primarily to help server installations that want to ignore the
replace mechanism altogether.
* Teach 'git tag -s' etc. a few configuration variables (gpg.format
that can be set to 'openpgp' or 'x509', and gpg.<format>.program
that is used to specify what program to use to deal with the format)
to allow x.509 certs with CMS via 'gpgsm' to be used instead of
openpgp via 'gnupg'.
* Many more strings are prepared for l10n.
* 'git p4 submit' learns to ask its own pre-submit hook if it should
continue with submitting.
* The test performed at the receiving end of 'git push' to prevent
bad objects from entering repository can be customized via
receive.fsck.* configuration variables; we now have gained a
counterpart to do the same on the 'git fetch' side, with
fetch.fsck.* configuration variables.
* 'git pull --rebase=interactive' learned 'i' as a short-hand for
'interactive'.
* 'git instaweb' has been adjusted to run better with newer Apache on
RedHat based distros.
* 'git range-diff' is a reimplementation of 'git tbdiff' that lets us
compare individual patches in two iterations of a topic.
* The sideband code learned to optionally paint selected keywords at
the beginning of incoming lines on the receiving end.
* 'git branch --list' learned to take the default sort order from the
'branch.sort' configuration variable, just like 'git tag --list'
pays attention to 'tag.sort'.
* 'git worktree' command learned '--quiet' option to make it less
verbose.
git 2.18.0:
* improvements to rename detection logic
* When built with more recent cURL, GIT_SSL_VERSION can now
specify 'tlsv1.3' as its value.
* 'git mergetools' learned talking to guiffy.
* various other workflow improvements and fixes
* performance improvements and other developer visible fixes
Update to git 2.16.4: security fix release
git 2.17.1:
* Submodule 'names' come from the untrusted .gitmodules file, but
we blindly append them to $GIT_DIR/modules to create our on-disk
repo paths. This means you can do bad things by putting '../'
into the name. We now enforce some rules for submodule names
which will cause Git to ignore these malicious names
(CVE-2018-11235, bsc#1095219)
* It was possible to trick the code that sanity-checks paths on
NTFS into reading random piece of memory
(CVE-2018-11233, bsc#1095218)
* Support on the server side to reject pushes to repositories
that attempt to create such problematic .gitmodules file etc.
as tracked contents, to help hosting sites protect their
customers by preventing malicious contents from spreading.
git 2.17.0:
* 'diff' family of commands learned '--find-object=<object-id>' option
to limit the findings to changes that involve the named object.
* 'git format-patch' learned to give 72-cols to diffstat, which is
consistent with other line length limits the subcommand uses for
its output meant for e-mails.
* The log from 'git daemon' can be redirected with a new option; one
relevant use case is to send the log to standard error (instead of
syslog) when running it from inetd.
* 'git rebase' learned to take '--allow-empty-message' option.
* 'git am' has learned the '--quit' option, in addition to the
existing '--abort' option; having the pair mirrors a few other
commands like 'rebase' and 'cherry-pick'.
* 'git worktree add' learned to run the post-checkout hook, just like
'git clone' runs it upon the initial checkout.
* 'git tag' learned an explicit '--edit' option that allows the
message given via '-m' and '-F' to be further edited.
* 'git fetch --prune-tags' may be used as a handy short-hand for
getting rid of stale tags that are locally held.
* The new '--show-current-patch' option gives an end-user facing way
to get the diff being applied when 'git rebase' (and 'git am')
stops with a conflict.
* 'git add -p' used to offer '/' (look for a matching hunk) as a
choice, even there was only one hunk, which has been corrected.
Also the single-key help is now given only for keys that are
enabled (e.g. help for '/' won't be shown when there is only one
hunk).
* Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when
the side branch being merged is a descendant of the current commit,
create a merge commit instead of fast-forwarding) when merging a
tag object. This was appropriate default for integrators who pull
signed tags from their downstream contributors, but caused an
unnecessary merges when used by downstream contributors who
habitually 'catch up' their topic branches with tagged releases
from the upstream. Update 'git merge' to default to --no-ff only
when merging a tag object that does *not* sit at its usual place in
refs/tags/ hierarchy, and allow fast-forwarding otherwise, to
mitigate the problem.
* 'git status' can spend a lot of cycles to compute the relation
between the current branch and its upstream, which can now be
disabled with '--no-ahead-behind' option.
* 'git diff' and friends learned funcname patterns for Go language
source files.
* 'git send-email' learned '--reply-to=<address>' option.
* Funcname pattern used for C# now recognizes 'async' keyword.
* In a way similar to how 'git tag' learned to honor the pager
setting only in the list mode, 'git config' learned to ignore the
pager setting when it is used for setting values (i.e. when the
purpose of the operation is not to 'show').
- Use %license instead of %doc [bsc#1082318]
git 2.16.3:
* 'git status' after moving a path in the working tree (hence
making it appear 'removed') and then adding with the -N option
(hence making that appear 'added') detected it as a rename, but
did not report the old and new pathnames correctly.
* 'git commit --fixup' did not allow '-m<message>' option to be
used at the same time; allow it to annotate resulting commit
with more text.
* When resetting the working tree files recursively, the working
tree of submodules are now also reset to match.
* Fix for a commented-out code to adjust it to a rather old API
change around object ID.
* When there are too many changed paths, 'git diff' showed a
warning message but in the middle of a line.
* The http tracing code, often used to debug connection issues,
learned to redact potentially sensitive information from its
output so that it can be more safely sharable.
* Crash fix for a corner case where an error codepath tried to
unlock what it did not acquire lock on.
* The split-index mode had a few corner case bugs fixed.
* Assorted fixes to 'git daemon'.
* Completion of 'git merge -s<strategy>' (in contrib/) did not
work well in non-C locale.
* Workaround for segfault with more recent versions of SVN.
* Recently introduced leaks in fsck have been plugged.
* Travis CI integration now builds the executable in 'script'
phase to follow the established practice, rather than during
'before_script' phase. This allows the CI categorize the
failures better ('failed' is project's fault, 'errored' is
build environment's).
- Drop superfluous xinetd snippet, no longer used (bsc#1084460)
- Build with asciidoctor for the recent distros (bsc#1075764)
- Move %{?systemd_requires} to daemon subpackage
- Create subpackage for libsecret credential helper.
git 2.16.2:
* An old regression in 'git describe --all $annotated_tag^0' has
been fixed.
* 'git svn dcommit' did not take into account the fact that a
svn+ssh:// URL with a username@ (typically used for pushing)
refers to the same SVN repository without the username@ and
failed when svn.pushmergeinfo option is set.
* 'git merge -Xours/-Xtheirs' learned to use our/their version
when resolving a conflicting updates to a symbolic link.
* 'git clone $there $here' is allowed even when here directory
exists as long as it is an empty directory, but the command
incorrectly removed it upon a failure of the operation.
* 'git stash -- <pathspec>' incorrectly blew away untracked files
in the directory that matched the pathspec, which has been
corrected.
* 'git add -p' was taught to ignore local changes to submodules
as they do not interfere with the partial addition of regular
changes anyway.
git 2.16.1:
* 'git clone' segfaulted when cloning a project that happens to
track two paths that differ only in case on a case insensitive
filesystem
git 2.16.0 (CVE-2017-15298, bsc#1063412):
* See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt
git 2.15.1:
* fix 'auto' column output
* fixes to moved lines diffing
* documentation updates
* fix use of repositories immediately under the root directory
* improve usage of libsecret
* fixes to various error conditions in git commands
- Rewrite from sysv init to systemd unit file for git-daemon
(bsc#1069803)
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (bsc#1069468)
- split off p4 to a subpackage (bsc#1067502)
- Build with the external libsha1detectcoll (bsc#1042644)
git 2.15.0:
* Use of an empty string as a pathspec element that is used for
'everything matches' is still warned and Git asks users to use a
more explicit '.' for that instead. Removal scheduled for 2.16
* Git now avoids blindly falling back to '.git' when the setup
sequence said we are _not_ in Git repository (another corner
case removed)
* 'branch --set-upstream' was retired, deprecated since 1.8
* many other improvements and updates
git 2.14.3:
* git send-email understands more cc: formats
* fixes so gitk --bisect
* git commit-tree fixed to handle -F file alike
* Prevent segfault in 'git cat-file --textconv'
* Fix function header parsing for HTML
* Various small fixes to user commands and and internal functions
git 2.14.2:
* fixes to color output
* http.{sslkey,sslCert} now interpret '~[username]/' prefix
* fixes to walking of reflogs via 'log -g' and friends
* various fixes to output correctness
* 'git push --recurse-submodules $there HEAD:$target' is now
propagated down to the submodules
* 'git clone --recurse-submodules --quiet' c$how propagates quiet
option down to submodules.
* 'git svn --localtime' correctness fixes
* 'git grep -L' and 'git grep --quiet -L' now report same exit code
* fixes to 'git apply' when converting line endings
* Various Perl scripts did not use safe_pipe_capture() instead
of backticks, leaving them susceptible to end-user input.
CVE-2017-14867 bsc#1061041
* 'git cvsserver' no longer is invoked by 'git daemon' by
default
git 2.14.1 (bsc#1052481):
* Security fix for CVE-2017-1000117: A malicious third-party can
give a crafted 'ssh://...' URL to an unsuspecting victim, and
an attempt to visit the URL can result in any program that
exists on the victim's machine being executed. Such a URL could
be placed in the .gitmodules file of a malicious project, and
an unsuspecting victim could be tricked into running
'git clone --recurse-submodules' to trigger the vulnerability.
* A 'ssh://...' URL can result in a 'ssh' command line with a
hostname that begins with a dash '-', which would cause the
'ssh' command to instead (mis)treat it as an option. This is
now prevented by forbidding such a hostname (which should not
impact any real-world usage).
* Similarly, when GIT_PROXY_COMMAND is configured, the command
is run with host and port that are parsed out from 'ssh://...'
URL; a poorly written GIT_PROXY_COMMAND could be tricked into
treating a string that begins with a dash '-' as an option.
This is now prevented by forbidding such a hostname and port
number (again, which should not impact any real-world usage).
* In the same spirit, a repository name that begins with a dash
'-' is also forbidden now.
git 2.14.0:
* Use of an empty string as a pathspec element that is used for
'everything matches' is deprecated, use '.'
* Avoid blindly falling back to '.git' when the setup sequence
indicates operation not on a Git repository
* 'indent heuristics' are now the default.
* Builds with pcre2
* Many bug fixes, improvements and updates
git 2.13.4:
* Update the character width tables.
* Fix an alias that contained an uppercase letter
* Progress meter fixes
* git gc concurrency fixes
git 2.13.3:
* various internal bug fixes
* Fix a regression to 'git rebase -i'
* Correct unaligned 32-bit access in pack-bitmap code
* Tighten error checks for invalid 'git apply' input
* The split index code did not honor core.sharedrepository setting
correctly
* Fix 'git branch --list' handling of color.branch.local
git 2.13.2:
* 'collision detecting' SHA-1 update for platform fixes
* 'git checkout --recurse-submodules' did not quite work with a
submodule that itself has submodules.
* The 'run-command' API implementation has been made more robust
against dead-locking in a threaded environment.
* 'git clean -d' now only cleans ignored files with '-x'
* 'git status --ignored' did not list ignored and untracked files
without '-uall'
* 'git pull --rebase --autostash' didn't auto-stash when the local
history fast-forwards to the upstream.
* 'git describe --contains' gives as much weight to lightweight
tags as annotated tags
* Fix 'git stash push <pathspec>' from a subdirectory
git 2.13.1:
* Setting 'log.decorate=false' in the configuration file did not
take effect in v2.13, which has been corrected.
* corrections to documentation and command help output
* garbage collection fixes
* memory leaks fixed
* receive-pack now makes sure that the push certificate records
the same set of push options used for pushing
* shell completion corrections for git stash
* fix 'git clone --config var=val' with empty strings
* internal efficiency improvements
* Update sha1 collision detection code for big-endian platforms
and platforms not supporting unaligned fetches
- Fix packaging of documentation
git 2.13.0:
* empty string as a pathspec element for 'everything matches'
is still warned, for future removal.
* deprecated argument order 'git merge <msg> HEAD <commit>...'
was removed
* default location '~/.git-credential-cache/socket' for the
socket used to communicate with the credential-cache daemon
moved to '~/.cache/git/credential/socket'.
* now avoid blindly falling back to '.git' when the setup
sequence indicated otherwise
* many workflow features, improvements and bug fixes
* add a hardened implementation of SHA1 in response to practical
collision attacks (CVE-2005-4900, bsc#1042640)
* CVE-2017-8386: On a server running git-shell as login shell to
restrict user to git commands, remote users may have been able
to have git service programs spawn an interactive pager
and thus escape the shell restrictions. (bsc#1038395)
Changes in pcre2:
- Include the libraries, development and tools packages.
git uses only libpcre2-8 so far, but this allows further
application usage of pcre2.
ImportantSUSE bug 1167890SUSE bug 1168930CVE-2020-5260 at SUSECVE-2020-5260 at NVDcpe:/o:suse:sles:12:sp4Security update for mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53.1
- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
- Fixed an issue where Firefox tab was crashing (bsc#1170908).
Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
ImportantSUSE bug 1159819SUSE bug 1168669SUSE bug 1169746SUSE bug 1170908SUSE bug 1171978SUSE bug 1173022CVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).
- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).
- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).
- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).
ImportantSUSE bug 1173376SUSE bug 1173377SUSE bug 1173378SUSE bug 1173380CVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues:
Security issues fixed:
- CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576).
- CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).
- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576).
- CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576).
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576).
- CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576).
- CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576).
- CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576).
- CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576).
- CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576).
- CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).
- CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).
- FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).
Non-security issues fixed:
- Fixed interaction with freetype6 (bsc#1173613).
ImportantSUSE bug 1167231SUSE bug 1173576SUSE bug 1173613CVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12415 at SUSECVE-2020-12415 at NVDCVE-2020-12416 at SUSECVE-2020-12416 at NVDCVE-2020-12417 at SUSECVE-2020-12417 at NVDCVE-2020-12418 at SUSECVE-2020-12418 at NVDCVE-2020-12419 at SUSECVE-2020-12419 at NVDCVE-2020-12420 at SUSECVE-2020-12420 at NVDCVE-2020-12421 at SUSECVE-2020-12421 at NVDCVE-2020-12422 at SUSECVE-2020-12422 at NVDCVE-2020-12423 at SUSECVE-2020-12423 at NVDCVE-2020-12424 at SUSECVE-2020-12424 at NVDCVE-2020-12425 at SUSECVE-2020-12425 at NVDCVE-2020-12426 at SUSECVE-2020-12426 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for squid fixes the following issues:
- CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling
attack (CVE-2020-15049, bsc#1173455)
ImportantSUSE bug 1173455CVE-2020-15049 at SUSECVE-2020-15049 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
Tomcat was updated to 9.0.36 See changelog at
- CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU
usage for several seconds making potentially the server unresponsive (bsc#1173389).
ImportantSUSE bug 1173389CVE-2020-11996 at SUSECVE-2020-11996 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update fixes the following issues:
cobbler:
- Calculate relative path for kernel and inited when generating
grub entry (bsc#1170231)
Added: fix-grub2-entry-paths.diff
- Fix os-release version detection for SUSE
Modified: sles15.patch
- Jinja2 template library fix (bsc#1141661)
- Removes string replace for textmode fix (bsc#1134195)
golang-github-prometheus-node_exporter:
- Update to 0.18.1
* [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345
* [BUGFIX] Fix rollover bug in mountstats collector #1364
* Renamed interface label to device in netclass collector for consistency with
* other network metrics #1224
* The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248
* The labels for the network_up metric have changed, see issue #1236
* Bonding collector now uses mii_status instead of operstatus #1124
* Several systemd metrics have been turned off by default to improve performance #1254
* These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds
* The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255
* [CHANGE] Bonding state uses mii_status #1124
* [CHANGE] Add a limit to the number of in-flight requests #1166
* [CHANGE] Renamed interface label to device in netclass collector #1224
* [CHANGE] Add separate cpufreq and scaling metrics #1248
* [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254
* [CHANGE] Expand systemd collector blacklist #1255
* [CHANGE] Split cpufreq metrics into a separate collector #1253
* [FEATURE] Add a flag to disable exporter metrics #1148
* [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197
* [FEATURE] Add uname collector for FreeBSD #1239
* [FEATURE] Add diskstats collector for OpenBSD #1250
* [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174
* [FEATURE] Add perf exporter for Linux #1274
* [ENHANCEMENT] Add Infiniband counters #1120
* [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143
* [ENHANCEMENT] Move network_up labels into new metric network_info #1236
* [ENHANCEMENT] Use 64-bit counters for Darwin netstat
* [BUGFIX] Add fallback for missing /proc/1/mounts #1172
* [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326
- Add network-online (Wants and After) dependency to systemd unit bsc#1143913
golang-github-prometheus-prometheus:
- Update change log and spec file
+ Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS.
+ Rebase and update patches for version 2.18.0
+ Changed:
* 0002-Default-settings.patch Changed
- Update to 2.18.0
+ Features
* Tracing: Added experimental Jaeger support #7148
+ Changes
* Federation: Only use local TSDB for federation (ignore remote read). #7096
* Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094
+ Enhancements
* TSDB: Significantly reduce WAL size kept around after a block cut. #7098
* Discovery: Add `architecture` meta label for EC2. #7000
+ Bug fixes
* UI: Fixed wrong MinTime reported by /status. #7182
* React UI: Fixed multiselect legend on OSX. #6880
* Remote Write: Fixed blocked resharding edge case. #7122
* Remote Write: Fixed remote write not updating on relabel configs change. #7073
- Changes from 2.17.2
+ Bug fixes
* Federation: Register federation metrics #7081
* PromQL: Fix panic in parser error handling #7132
* Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138
* TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135
* TSDB: Make isolation more robust to panics in web handlers #7129 #7136
- Changes from 2.17.1
+ Bug fixes
* TSDB: Fix query performance regression that increased memory and CPU usage #7051
- Changes from 2.17.0
+ Features
* TSDB: Support isolation #6841
* This release implements isolation in TSDB. API queries and recording rules are
guaranteed to only see full scrapes and full recording rules. This comes with a
certain overhead in resource usage. Depending on the situation, there might be
some increase in memory usage, CPU usage, or query latency.
+ Enhancements
* PromQL: Allow more keywords as metric names #6933
* React UI: Add normalization of localhost URLs in targets page #6794
* Remote read: Read from remote storage concurrently #6770
* Rules: Mark deleted rule series as stale after a reload #6745
* Scrape: Log scrape append failures as debug rather than warn #6852
* TSDB: Improve query performance for queries that partially hit the head #6676
* Consul SD: Expose service health as meta label #5313
* EC2 SD: Expose EC2 instance lifecycle as meta label #6914
* Kubernetes SD: Expose service type as meta label for K8s service role #6684
* Kubernetes SD: Expose label_selector and field_selector #6807
* Openstack SD: Expose hypervisor id as meta label #6962
+ Bug fixes
* PromQL: Do not escape HTML-like chars in query log #6834 #6795
* React UI: Fix data table matrix values #6896
* React UI: Fix new targets page not loading when using non-ASCII characters #6892
* Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018
* Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998
* Scrape: Prevent removal of metric names upon relabeling #6891
* Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986
* Scrape: Fix crash when reloads are separated by two scrape intervals #7011
- Changes from 2.16.0
+ Features
* React UI: Support local timezone on /graph #6692
* PromQL: add absent_over_time query function #6490
* Adding optional logging of queries to their own file #6520
+ Enhancements
* React UI: Add support for rules page and 'Xs ago' duration displays #6503
* React UI: alerts page, replace filtering togglers tabs with checkboxes #6543
* TSDB: Export metric for WAL write errors #6647
* TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651
* PromQL: Refactoring in parser errors to improve error messages #6634
* PromQL: Support trailing commas in grouping opts #6480
* Scrape: Reduce memory usage on reloads by reusing scrape cache #6670
* Scrape: Add metrics to track bytes and entries in the metadata cache #6675
* promtool: Add support for line-column numbers for invalid rules output #6533
* Avoid restarting rule groups when it is unnecessary #6450
+ Bug fixes
* React UI: Send cookies on fetch() on older browsers #6553
* React UI: adopt grafana flot fix for stacked graphs #6603
* React UI: broken graph page browser history so that back button works as expected #6659
* TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616
* TSDB: return an error on ingesting series with duplicate labels #6664
* PromQL: Fix unary operator precedence #6579
* PromQL: Respect query.timeout even when we reach query.max-concurrency #6712
* PromQL: Fix string and parentheses handling in engine, which affected React UI #6612
* PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493
* Scrape: Validate that OpenMetrics input ends with `# EOF` #6505
* Remote read: return the correct error if configs can't be marshal'd to JSON #6622
* Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673
* Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511
* Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693
- Changes from 2.15.2
+ Bug fixes
* TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564
* TSDB: Fixed block compaction issues on Windows. #6547
- Changes from 2.15.1
+ Bug fixes
* TSDB: Fixed race on concurrent queries against same data. #6512
- Changes from 2.15.0
+ Features
* API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442
+ Changes
* Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393
* Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043
+ Enhancements
* TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461
* TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475
* TSDB: Improve replay latency. #6230
* TSDB: WAL size is now used for size based retention calculation. #5886
* Remote read: Added query grouping and range hints to the remote read request #6401
* Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344
* promql: Improved PromQL parser performance. #6356
* React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements.
* promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065
+ Bug fixes
* Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455
* Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378
* Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469
* API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303
- Changes from 2.14.0
+ Features
* API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243
* React UI: implement the new experimental React based UI. #5694 and many more
* Can be found by under `/new`.
* Not all pages are implemented yet.
* Status: Cardinality statistics added to the Runtime & Build Information page. #6125
+ Enhancements
* Remote write: fix delays in remote write after a compaction. #6021
* UI: Alerts can be filtered by state. #5758
+ Bug fixes
* Ensure warnings from the API are escaped. #6279
* API: lifecycle endpoints return 403 when not enabled. #6057
* Build: Fix Solaris build. #6149
* Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270
* Remote write: restore use of deduplicating logger in remote write. #6113
* Remote write: do not reshard when unable to send samples. #6111
* Service discovery: errors are no longer logged on context cancellation. #6116, #6133
* UI: handle null response from API properly. #6071
- Changes from 2.13.1
+ Bug fixes
* Fix panic in ARM builds of Prometheus. #6110
* promql: fix potential panic in the query logger. #6094
* Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145
- Changes from 2.13.0
+ Enhancements
* Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254
* Include the tsdb tool in builds. #6089
* Service discovery: add new node address types for kubernetes. #5902
* UI: show warnings if query have returned some warnings. #5964
* Remote write: reduce memory usage of the series cache. #5849
* Remote read: use remote read streaming to reduce memory usage. #5703
* Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787
* Promtool: show the warnings during label query. #5924
* Promtool: improve error messages when parsing bad rules. #5965
* Promtool: more promlint rules. #5515
+ Bug fixes
* UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098
* Promtool: fix recording inconsistency due to duplicate labels. #6026
* UI: fixes service-discovery view when accessed from unhealthy targets. #5915
* Metrics format: OpenMetrics parser crashes on short input. #5939
* UI: avoid truncated Y-axis values. #6014
- Changes from 2.12.0
+ Features
* Track currently active PromQL queries in a log file. #5794
* Enable and provide binaries for `mips64` / `mips64le` architectures. #5792
+ Enhancements
* Improve responsiveness of targets web UI and API endpoint. #5740
* Improve remote write desired shards calculation. #5763
* Flush TSDB pages more precisely. tsdb#660
* Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667
* Add logging during TSDB WAL replay on startup. tsdb#662
* Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627
+ Bug fixes
* Check for duplicate label names in remote read. #5829
* Mark deleted rules' series as stale on next evaluation. #5759
* Fix JavaScript error when showing warning about out-of-sync server time. #5833
* Fix `promtool test rules` panic when providing empty `exp_labels`. #5774
* Only check last directory when discovering checkpoint number. #5756
* Fix error propagation in WAL watcher helper functions. #5741
* Correctly handle empty labels from alert templates. #5845
- Update Uyuni/SUSE Manager service discovery patch
+ Modified 0003-Add-Uyuni-service-discovery.patch:
+ Adapt service discovery to the new Uyuni API endpoints
+ Modified spec file: force golang 1.12 to fix build issues in SLE15SP2
- Update to Prometheus 2.11.2
grafana:
- Update to version 7.0.3
* Features / Enhancements
- Stats: include all fields. #24829, @ryantxu
- Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff
* Bug fixes
- Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian
- Configuration: Fix env var override of sections containing hyphen. #25178, @marefr
- Dashboard: Get panels in collapsed rows. #25079, @peterholmberg
- Do not show alerts tab when alerting is disabled. #25285, @dprokop
- Jaeger: fixes cascader option label duration value. #25129, @Estrax
- Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo
- Update to version 7.0.2
* Bug fixes
- Security: Urgent security patch release to fix CVE-2020-13379
- Update to version 7.0.1
* Features / Enhancements
- Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney
- Download CSV: Add date and time formatting. #24992, @ryantxu
- Table: Make last cell value visible when right aligned. #24921, @peterholmberg
- TablePanel: Adding sort order persistance. #24705, @torkelo
- Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg
- Transformations: Allow custom number input for binary operations. #24752, @ryantxu
* Bug fixes
- Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani
- Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani
- Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark
- DataLinks: Bring back variables interpolation in title. #24970, @dprokop
- Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney
- Explore/Table: Keep existing field types if possible. #24944, @kaydelaney
- Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova
- Explore: fix undo in query editor. #24797, @zoltanbedi
- Explore: fix word break in type head info. #25014, @zoltanbedi
- Graph: Legend decimals now work as expected. #24931, @torkelo
- LoginPage: Fix hover color for service buttons. #25009, @tskarhed
- LogsPanel: Fix scrollbar. #24850, @ivanahuckova
- MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo
- Organize transformer: Use display name in field order comparer. #24984, @dprokop
- Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark
- PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop
- PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo
- PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark
- PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark
- PanelMenu: Make menu disappear on button press. #25015, @tskarhed
- Postgres: Fix add button. #25087, @phemmer
- Prometheus: Fix recording rules expansion. #24977, @ivanahuckova
- Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian
- Update to version 7.0.0
* Breaking changes
- Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin.
- Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds.
- Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10.
- Datasource/Loki: Support for deprecated Loki endpoints has been removed.
- Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information.
- @grafana/ui: Forms migration notice, see @grafana/ui changelog
- @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog
+ Deprecation warnings
- Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059
- The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins.
* Features / Enhancements
- Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr
- Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal
- Loki: Allow multiple derived fields with the same name. #24437, @aocenas
- Orgs: Add future deprecation notice. #24502, @torkelo
* Bug Fixes
- @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi
- Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark
- Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop
- Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo
- Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn
- Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo
- Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg
- Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop
- Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet
- Data source: Fixes async mount errors. #24579, @Estrax
- Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1
- Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova
- Explore: Fix rendering of react query editors. #24593, @ivanahuckova
- Explore: Fixes loading more logs in logs context view. #24135, @Estrax
- Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo
- Graphite: Makes query annotations work again. #24556, @hugohaggmark
- Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney
- Logs: Fix total bytes process calculation. #24691, @davkal
- Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet
- Plugins: Fix manifest validation. #24573, @aknuds1
- Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist
- Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed
- Search: Save folder expanded state. #24496, @Clarity-89
- Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss
- Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo
- Table: Fixed persisting column resize for time series fields. #24505, @torkelo
- Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark
- Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn
- Transformations: Make transform dropdowns not cropped. #24615, @dprokop
- Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark
- Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark
- Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark
- Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark
- Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas
- SAML: Switch from email to login for user login attribute mapping (Enterprise)
- Update Makefile and spec file
* Remove phantomJS patch from Makefile
* Fix multiline strings in Makefile
* Exclude s390 from SLE12 builds, golang 1.14 is not built for s390
- Add instructions for patching the Grafana javascript frontend.
- BuildRequires golang(API) instead of go metapackage version range
* BuildRequires: golang(API) >= 1.14 from
BuildRequires: ( go >= 1.14 with go < 1.15 )
- Update to version 6.7.3
- This version fixes bsc#1170557 and its corresponding CVE-2020-12245
- Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin
- Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark
- AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken
- Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg
- Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan
- DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo
- Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh
- Security: Fix annotation popup XSS vulnerability. #23813, @torkelo
- Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1
- TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo
- Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark
- Update to version 6.7.2:
(see installed changelog for the full list of changes)
- BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo
- Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop
- DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn
- Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn
- Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo
- Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo
- Plugins: Expose promiseToDigest. #23249, @torkelo
- Reporting (Enterprise): Fixes issue updating a report created by someone else
- Update to 6.7.1:
(see installed changelog for the full list of changes)
Bug Fixes
- Azure: Fixed dropdowns not showing current value. #22914, @torkelo
- BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark
- Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo
- Reporting: fixes migrations compatibility with mysql (Enterprise)
- Reporting: Reduce default concurrency limit to 4 (Enterprise)
- Update to 6.7.0:
(see installed changelog for the full list of changes)
Bug Fixes
- AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo
- BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark
- Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo
- Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo
- Rich History: UX adjustments and fixes. #22729, @ivanahuckova
- Update to 6.7.0-beta1:
Breaking changes
- Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked.
- Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338
- Notice about changes in backendSrv for plugin authors
In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv.
Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI.
To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv.
Bug Fixes
API: Fix redirect issues. #22285, @papagian
Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1
Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal
Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal
Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek
BackendSrv: Fixes POST body for form data. gmark
CloudWatch: Credentials cache invalidation fix. #22473, @sunker
CloudWatch: Expand alias variables when query yields no result. #22695, @sunker
Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk
Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing
Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d
Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo
StatPanel: Fixes base color is being used for null values .
#22646, @torkelo
- Update to version 6.6.2:
(see installed changelog for the full list of changes)
- Update to version 6.6.1:
(see installed changelog for the full list of changes)
- Update to version 6.6.0:
(see installed changelog for the full list of changes)
- Update to version 6.5.3:
(see installed changelog for the full list of changes)
- Update to version 6.5.2:
(see installed changelog for the full list of changes)
- Update to version 6.5.1:
(see installed changelog for the full list of changes)
- Update to version 6.5.0
(see installed changelog for the full list of changes)
- Update to version 6.4.5:
* Create version 6.4.5
* CloudWatch: Fix high CPU load (#20579)
- Add obs-service-go_modules to download required modules into vendor.tar.gz
- Adjusted spec file to use vendor.tar.gz
- Adjusted Makefile to work with new filenames
- BuildRequire go1.14
- Update to version 6.4.4:
* DataLinks: Fix blur issues. #19883, @aocenas
* Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson
* LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen
* LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson
* Singlestat: Fix no data / null value mapping . #19951, @ryantxu
- Revert the spec file and make script
- Remove PhantomJS dependency
- Update to 6.4.3
* Bug Fixes
- Alerting: All notification channels should send even if one fails to send. #19807, @jan25
- AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas
- ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal
- DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop
- DataLinks: Fix url field not releasing focus. #19804, @aocenas
- Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas
- Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark
- Singlestat: Fixed issue with mapping null to text. #19689, @torkelo
- @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop
- @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang
- Update to 6.4.2
* Bug Fixes
- CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron
- Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark
- Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo
- Graph: Switching to series mode should re-render graph. #19623, @torkelo
- Loki: Fix autocomplete on label values. #19579, @aocenas
- Loki: Removes live option for logs panel. #19533, @davkal
- Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha
- Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark
- sted keys in YAML provisioning caused a server crash, #19547
- ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise)
- Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise).
- Changes from 6.4.0
* Features / Enhancements
- Build: Upgrade go to 1.12.10. #19499, @marefr
- DataLinks: Suggestions menu improvements. #19396, @dprokop
- Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova
- Explore: Update broken link to logql docs. #19510, @ivanahuckova
- Logs: Adds Logs Panel as a visualization. #19504, @davkal
* Bug Fixes
- CLI: Fix version selection for plugin install. #19498, @aocenas
- Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo
- Changes from 6.4.0 Beta 2
* Features / Enhancements
- Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker
- Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr
- Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo
- grafana/toolkit: Add plugin creation task. #19207, @dprokop
* Bug Fixes
- Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark
- Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm
- Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz
- Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu
- MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr
- Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh
- MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr
- MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr
- MySQL: Limit datasource error details returned from the backend. #19373, @marefr
- Changes from 6.4.0 Beta 1
* Features / Enhancements
- API: Readonly datasources should not be created via the API. #19006, @papagian
- Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar
- Annotations: Add annotations support to Loki. #18949, @aocenas
- Annotations: Use a single row to represent a region. #17673, @ryantxu
- Auth: Allow inviting existing users when login form is disabled. #19048, @548017
- Azure Monitor: Add support for cross resource queries. #19115, @sunker
- CLI: Allow installing custom binary plugins. #17551, @aocenas
- Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark
- Dashboard: Reuse query results between panels . #16660, @ryantxu
- Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod
- DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu
- DataLinks: Enable access to labels & field names. #18918, @torkelo
- DataLinks: Enable multiple data links per panel. #18434, @dprokop
- Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech
- Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery
- Explore: Add throttling when doing live queries. #19085, @aocenas
- Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney
- Explore: Reduce default time range to last hour. #18212, @davkal
- Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu
- Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal
- Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian
- InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code
- LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh
- Ldap: Add ldap debug page. #18759, @peterholmberg
- Loki: Remove prefetching of default label values. #18213, @davkal
- Metrics: Add failed alert notifications metric. #18089, @koorgoo
- OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon
- OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin
- Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh
- Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati
- Plugins: better warning when plugins fail to load. #18671, @ryantxu
- Postgres: Add support for scram sha 256 authentication. #18397, @nonamef
- RemoteCache: Support SSL with Redis. #18511, @kylebrandt
- SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu
- Stackdriver: Add extra alignment period options. #18909, @sunker
- Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon
- Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar
* Bug Fixes
- Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian
- Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt
- Alerting: fix response popover prompt when add notification channels. #18967, @lzdw
- CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger
- Explore: Fix auto completion on label values for Loki. #18988, @aocenas
- Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark
- Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark
- MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold
- MSSQL: Fix memory leak when debug enabled. #19049, @briangann
- Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt
- TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark
* Breaking changes
+ Annotations
There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented
using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details.
+ Docker
Grafana is now using Alpine 3.10 as docker base image.
+ HTTP API
- GET /api/alert-notifications now requires at least editor access.
New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user.
- GET /api/alert-notifiers now requires at least editor access
- GET /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
- GET /api/annotations no longer returns regionId property.
- POST /api/annotations no longer supports isRegion property.
- PUT /api/annotations/:id no longer supports isRegion property.
- PATCH /api/annotations/:id no longer supports isRegion property.
- DELETE /api/annotations/region/:id has been removed.
* Deprecation notes
+ PhantomJS
- PhantomJS, which is used for rendering images of dashboards and panels,
is deprecated and will be removed in a future Grafana release.
A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use.
Please consider migrating from PhantomJS to the Grafana Image Renderer plugin.
- Changes from 6.3.6
* Features / Enhancements
- Metrics: Adds setting for turning off total stats metrics. #19142, @marefr
* Bug Fixes
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney
- Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors.
- Add missing directories provisioning/datasources and provisioning/notifiers
and sample.yaml as described in packaging/rpm/control from upstream.
Missing directories are shown in logfiles.
- Version 6.3.5
* Upgrades
+ Build: Upgrade to go 1.12.9.
* Bug Fixes
+ Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties.
+ Editor: Fixes issue where only entire lines were being copied.
+ Explore: Fixes query field layout in splitted view for Safari browsers.
+ LDAP: multildap + ldap integration.
+ Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds.
+ Prometheus: Prevents panel editor crash when switching to Prometheus datasource.
+ Prometheus: Changes brace-insertion behavior to be less annoying.
- Version 6.3.4
* Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use.
- Version 6.3.3
* Bug Fixes
+ Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1
+ Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3
+ DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1
+ DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1
+ DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1
+ Explore: Fix loading error for empty queries. #18488 1, @davkal
+ Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2
+ Graphite: Avoid glob of single-value array variables . #18420, @gotjosh
+ Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3
+ Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2
+ TimeSeries: Assume values are all numbers. #18540 4, @ryantxu
- Version 6.3.2
* Bug Fixes
+ Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12
- Version 6.3.1
* Bug Fixes
+ PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2
- Version 6.3.0
* Features / Enhancements
+ OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3
+ Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh
+ Build grafana images consistently. #18224 12, @hassanfarid
+ Docs: SAML. #18069 11, @gotjosh
+ Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas
+ TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2
+ Alerting: Add tags to alert rules. #10989 13, @Thib17 1
+ Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng
+ Alerting: Improve alert rule testing. #16286 2, @marefr
+ Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25
+ Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1
+ Auth: Allow expiration of API keys. #17678, @papagian 3
+ Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1
+ Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1
+ AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1
+ CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu
+ Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu
+ Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax
+ Data links. #17267 11, @torkelo 2
+ Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1
+ Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr
+ Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3
+ Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2
+ Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2
+ Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2
+ Explore: Allow switching between metrics and logs . #16959 2, @marefr
+ Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3
+ Explore: Display log lines context . #17097, @dprokop 1
+ Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr
+ Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2
+ Explore: Support for new LogQL filtering syntax. #16674 4, @davkal
+ Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3
+ Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1
+ Graph: Added new fill gradient option. #17528 3, @torkelo 2
+ GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1
+ InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3
+ Logging: Login and Logout actions (#17760). #17883 1, @ATTron
+ Logging: Move log package to pkg/infra. #17023, @zhulongcheng
+ Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1
+ MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd
+ MySQL: Add support for periodically reloading client certs. #14892, @tpetr
+ Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu
+ Prometheus: Take timezone into account for step alignment. #17477, @fxmiii
+ Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246
+ Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA
+ Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis
+ Refresh picker: Handle empty intervals. #17585 1, @dehrax
+ Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr
+ Snapshot: use given key and deleteKey. #16876, @zhulongcheng
+ Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev
+ Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad
+ Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway
+ Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin
* Bug Fixes
+ PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax
+ OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3
+ cli: fix for recognizing when in dev mode… #18334, @xlson
+ DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2
+ Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2
+ PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson
+ TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2
+ Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2
+ remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke
+ AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax
+ CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr
+ Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr
+ Explore: Fix browsing back to dashboard panel. #17061, @jschill
+ Explore: Fix filter by series level in logs graph. #17798, @marefr
+ Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr
+ Explore: Fix selection/copy of log lines. #17121, @marefr
+ Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas
+ Frontend: Fix for Json tree component not working. #17608, @srid12
+ Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2
+ Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2
+ Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3
+ HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25
+ InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki
+ Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess
+ Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi
+ SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri
- Make phantomjs dependency configurable
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
mgr-cfg:
- Remove commented code in test files
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Add mgr manpage links
mgr-custom-info:
- Bump version to 4.1.0 (bsc#1154940)
mgr-daemon:
- Bump version to 4.1.0 (bsc#1154940)
- Fix systemd timer configuration on SLE12 (bsc#1142038)
mgr-osad:
- Separate osa-dispatcher and jabberd so it can be disabled independently
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Move /usr/share/rhn/config-defaults to uyuni-base-common
- Require uyuni-base-common for /etc/rhn (for osa-dispatcher)
- Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-push:
- Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
mgr-virtualization:
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Fix mgr-virtualization timer
rhnlib:
- Fix building
- Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)
- Bump version to 4.1.0 (bsc#1154940)
- Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)
spacecmd:
- Only report real error, not result (bsc#1171687)
- Use defined return values for spacecmd methods so scripts can
check for failure (bsc#1171687)
- Disable globbing for api subcommand to allow wildcards in filter
settings (bsc#1163871)
- Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
- Bump version to 4.1.0 (bsc#1154940)
- Prevent error when piping stdout in Python 2 (bsc#1153090)
- Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277)
- Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
- Add unit test for schedule, errata, user, utils, misc, configchannel
and kickstart modules
- Multiple minor bugfixes alongside the unit tests
- Bugfix: referenced variable before assignment.
- Add unit test for report, package, org, repo and group
spacewalk-client-tools:
- Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921)
- Spell correctly 'successful' and 'successfully'
- Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)
- Replace spacewalk-usix with uyuni-common-libs
- Return a non-zero exit status on errors in rhn_check
- Bump version to 4.1.0 (bsc#1154940)
- Make a explicit requirement to systemd for spacewalk-client-tools
when rhnsd timer is installed
spacewalk-koan:
- Bump version to 4.1.0 (bsc#1154940)
- Require commands we use in merge-rd.sh
spacewalk-oscap:
- Bump version to 4.1.0 (bsc#1154940)
spacewalk-remote-utils:
- Update spacewalk-create-channel with RHEL 7.7 channel definitions
- Bump version to 4.1.0 (bsc#1154940)
supportutils-plugin-susemanager-client:
- Bump version to 4.1.0 (bsc#1154940)
suseRegisterInfo:
- SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310)
- Bump version to 4.1.0 (bsc#1154940)
zypp-plugin-spacewalk:
- Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462)
ModerateSUSE bug 1113160SUSE bug 1134195SUSE bug 1138822SUSE bug 1141661SUSE bug 1142038SUSE bug 1143913SUSE bug 1148177SUSE bug 1153090SUSE bug 1153277SUSE bug 1154940SUSE bug 1154968SUSE bug 1155372SUSE bug 1163871SUSE bug 1165921SUSE bug 1168310SUSE bug 1170231SUSE bug 1170557SUSE bug 1171687SUSE bug 1172462CVE-2019-10215 at SUSECVE-2019-10215 at NVDCVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2020-12245 at SUSECVE-2020-12245 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xrdp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xrdp fixes the following issues:
- Security fixes (bsc#1173580, CVE-2020-4044):
+ Add patches:
* xrdp-cve-2020-4044-fix-0.patch
* xrdp-cve-2020-4044-fix-1.patch
+ Rebase SLE patch:
* xrdp-fate318398-change-expired-password.patch
- Update patch:
+ xrdp-Allow-sessions-with-32-bpp.patch.patch
ImportantSUSE bug 1173580CVE-2020-4044 at SUSECVE-2020-4044 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
ImportantSUSE bug 1174117SUSE bug 1174121CVE-2020-13934 at SUSECVE-2020-13934 at NVDCVE-2020-13935 at SUSECVE-2020-13935 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mailman fixes the following issues:
- CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369).
ImportantSUSE bug 1173369CVE-2020-15011 at SUSECVE-2020-15011 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160).
ModerateSUSE bug 1173160CVE-2020-10745 at SUSECVE-2020-10745 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.3 (bsc#1173998):
+ Enable kinetic scrolling with async scrolling.
+ Fix web process hangs on large GitHub pages.
+ Bubblewrap sandbox should not attempt to bind empty paths.
+ Fix threading issues in the media player.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805,
CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,
CVE-2020-13753.
ImportantSUSE bug 1173998CVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9806 at SUSECVE-2020-9806 at NVDCVE-2020-9807 at SUSECVE-2020-9807 at NVDCVE-2020-9843 at SUSECVE-2020-9843 at NVDCVE-2020-9850 at SUSECVE-2020-9850 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for grub2 fixes the following issues:
- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
(bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)
- Use overflow checking primitives where the arithmetic expression for buffer
allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur
- Use gcc-9 compiler for overflow check builtins
- Backport gcc-9 build fixes
ImportantSUSE bug 1168994SUSE bug 1173812SUSE bug 1174463SUSE bug 1174570CVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ghostscript fixes the following issues:
- fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout)
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
(bsc#1174415)
ImportantSUSE bug 1174415CVE-2020-15900 at SUSECVE-2020-15900 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.1.0 ESR
* Fixed: Various stability, functionality, and security fixes (bsc#1174538)
* CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514: WebRTC data channel leaks internal address to peer
* CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653: Bypassing iframe sandbox when allowing popups
* CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656: Type confusion for special arguments in IonMonkey
* CVE-2020-15658: Overriding file type when saving to disk
* CVE-2020-15657: DLL hijacking due to incorrect loading path
* CVE-2020-15654: Custom cursor can overlay user interface
* CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
ModerateSUSE bug 1173948SUSE bug 1174538CVE-2020-15652 at SUSECVE-2020-15652 at NVDCVE-2020-15653 at SUSECVE-2020-15653 at NVDCVE-2020-15654 at SUSECVE-2020-15654 at NVDCVE-2020-15655 at SUSECVE-2020-15655 at NVDCVE-2020-15656 at SUSECVE-2020-15656 at NVDCVE-2020-15657 at SUSECVE-2020-15657 at NVDCVE-2020-15658 at SUSECVE-2020-15658 at NVDCVE-2020-15659 at SUSECVE-2020-15659 at NVDCVE-2020-6463 at SUSECVE-2020-6463 at NVDCVE-2020-6514 at SUSECVE-2020-6514 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628)
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
- CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
- CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
- CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
- CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).
- CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).
- CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
- CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
- CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
- CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
- CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783).
- CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781).
- CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
- CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775).
- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458).
The following non-security bugs were fixed:
- ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510).
- ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
- bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
- block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
- block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673).
- block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
- block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)).
- btrfs: always wait on ordered extents at fsync time (bsc#1171761).
- btrfs: clean up the left over logged_list usage (bsc#1171761).
- btrfs: do not zero f_bavail if we have available space (bsc#1168081).
- btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
- btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761).
- btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761).
- btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761).
- btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
- btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761).
- btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761).
- btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
- btrfs: remove no longer used logged range variables when logging extents (bsc#1171761).
- btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761).
- btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
- btrfs: remove the logged extents infrastructure (bsc#1171761).
- btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761).
- btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
- CDC-ACM: heed quirk also in error handling (git-fixes).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016).
- clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
- clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
- clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)).
- compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)).
- copy_{to,from}_user(): consolidate object size checks (git fixes).
- crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes).
- dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)).
- dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)).
- dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)).
- dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)).
- dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)).
- dm: various cleanups to md->queue initialization code (git fixes).
- dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)).
- dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)).
- Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618).
- drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510).
- drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes
- drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
- drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes
- drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472)
- drm/radeon: fix double free (bsc#1152472)
- drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
- e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
- e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510).
- EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
- evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
- evm: Fix a small race in init_desc() (bsc#1051510).
- extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510).
- gpiolib: Document that GPIO line names are not globally unique (bsc#1051510).
- HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
- ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
- ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
- ibmvnic: Flush existing work items before device removal (bsc#1065729).
- ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
- iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510).
- iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
- ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510).
- ima: Fix ima digest hash table key calculation (bsc#1051510).
- include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868).
- intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
- KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279).
- kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
- KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904).
- KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
- libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
- livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
- livepatch: Disallow vmlinux.ko (bsc#1071995).
- livepatch: Make klp_apply_object_relocs static (bsc#1071995).
- livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
- livepatch: Remove .klp.arch (bsc#1071995).
- md: Avoid namespace collision with bitmap API (git fixes (block drivers)).
- md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)).
- mmc: fix compilation of user API (bsc#1051510).
- netfilter: connlabels: prefer static lock initialiser (git-fixes).
- netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
- netfilter: not mark a spinlock as __read_mostly (git-fixes).
- net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484).
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592).
- NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
- nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058).
- nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058).
- objtool: Clean instruction state before each function validation (bsc#1169514).
- objtool: Ignore empty alternatives (bsc#1169514).
- overflow: Fix -Wtype-limits compilation warnings (git fixes).
- overflow.h: Add arithmetic shift helper (git fixes).
- p54usb: add AirVasT USB stick device-id (bsc#1051510).
- PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
- PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510).
- PCI: Program MPS for RCiEP devices (bsc#1051510).
- PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510).
- perf: Allocate context task_ctx_data for child event (git-fixes).
- perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
- perf: Copy parent's address filter offsets on clone (git-fixes).
- perf/core: Add sanity check to deal with pinned event failure (git-fixes).
- perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
- perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
- perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
- perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
- perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
- perf/core: Fix error handling in perf_event_alloc() (git-fixes).
- perf/core: Fix exclusive events' grouping (git-fixes).
- perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
- perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
- perf/core: Fix locking for children siblings group read (git-fixes).
- perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)).
- perf/core: Fix perf_event_read_value() locking (git-fixes).
- perf/core: Fix perf_pmu_unregister() locking (git-fixes).
- perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)).
- perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
- perf/core: Fix race between close() and fork() (git-fixes).
- perf/core: Fix the address filtering fix (git-fixes).
- perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
- perf/core: Force USER_DS when recording user stack data (git-fixes).
- perf/core: Restore mmap record type correctly (git-fixes).
- perf: Fix header.size for namespace events (git-fixes).
- perf/ioctl: Add check for the sample_period value (git-fixes).
- perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes).
- perf: Return proper values for user stack errors (git-fixes).
- perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
- perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes).
- perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
- perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes).
- perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes).
- perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable).
- perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
- perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable).
- perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
- perf/x86: Fix incorrect PEBS_REGS (git-fixes).
- perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes).
- perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes).
- perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
- perf/x86/intel: Fix PT PMI handling (git-fixes).
- perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes).
- perf/x86/intel/uncore: Add Node ID mask (git-fixes).
- perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
- perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)).
- perf/x86/uncore: Fix event group support (git-fixes).
- pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)).
- pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510).
- pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510).
- pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510).
- pnp: Use list_for_each_entry() instead of open coding (git fixes).
- powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
- powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729).
- powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
- power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510).
- power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510).
- power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
- raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)).
- resolve KABI warning for perf-pt-coresight (git-fixes).
- Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)).
- Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)).
- Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove'
- rpm/kernel-docs.spec.in: Require python-packaging for build.
- s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
- s390: fix syscall_get_error for compat processes (git-fixes).
- s390/qdio: consistently restore the IRQ handler (git-fixes).
- s390/qdio: lock device while installing IRQ handler (git-fixes).
- s390/qdio: put thinint indicator after early error (git-fixes).
- s390/qdio: tear down thinint indicator after early error (git-fixes).
- s390/qeth: fix error handling for isolation mode cmds (git-fixes).
- scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814).
- scsi: qedf: Add port_id getter (bsc#1150660).
- scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).
- spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510).
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
- staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
- SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624).
- tracing: Fix event trigger to accept redundant spaces (git-fixes).
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
- tty: n_gsm: Fix SOF skipping (bsc#1051510).
- tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510).
- usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510).
- usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510).
- usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510).
- usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510).
- usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
- usb: musb: start session in resume for host port (bsc#1051510).
- usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
- usb: serial: qcserial: add DW5816e QDL support (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes).
- virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)).
- vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
- vmxnet3: add support to get/set rx flow hash (bsc#1172484).
- vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
- vmxnet3: avoid format strint overflow warning (bsc#1172484).
- vmxnet3: prepare for version 4 changes (bsc#1172484).
- vmxnet3: Remove always false conditional statement (bsc#1172484).
- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484).
- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
- vmxnet3: update to version 4 (bsc#1172484).
- vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484).
- w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510).
- work around mvfs bug (bsc#1162063).
- x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
- x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes).
- x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
- x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
- xfrm: fix error in comment (git fixes).
ImportantSUSE bug 1051510SUSE bug 1065729SUSE bug 1071995SUSE bug 1085030SUSE bug 1104967SUSE bug 1114279SUSE bug 1144333SUSE bug 1148868SUSE bug 1150660SUSE bug 1152107SUSE bug 1152472SUSE bug 1152624SUSE bug 1158983SUSE bug 1159058SUSE bug 1161016SUSE bug 1162002SUSE bug 1162063SUSE bug 1168081SUSE bug 1169194SUSE bug 1169514SUSE bug 1169795SUSE bug 1170011SUSE bug 1170592SUSE bug 1170618SUSE bug 1171124SUSE bug 1171424SUSE bug 1171558SUSE bug 1171673SUSE bug 1171732SUSE bug 1171761SUSE bug 1171868SUSE bug 1171904SUSE bug 1172257SUSE bug 1172344SUSE bug 1172458SUSE bug 1172484SUSE bug 1172759SUSE bug 1172775SUSE bug 1172781SUSE bug 1172782SUSE bug 1172783SUSE bug 1172999SUSE bug 1173265SUSE bug 1173280SUSE bug 1173428SUSE bug 1173462SUSE bug 1173514SUSE bug 1173567SUSE bug 1173573SUSE bug 1174115SUSE bug 1174462SUSE bug 1174543CVE-2019-16746 at SUSECVE-2019-16746 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20908 at SUSECVE-2019-20908 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10769 at SUSECVE-2020-10769 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- bsc#1174543 - secure boot related fixes
- bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages
ImportantSUSE bug 1163019SUSE bug 1174543CVE-2020-8608 at SUSECVE-2020-8608 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-ipaddress (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-ipaddress fixes the following issues:
- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing
CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions
in IPv4Interface and IPv6Interface could lead to DOS.
ImportantSUSE bug 1173274CVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for LibVNCServer (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for LibVNCServer fixes the following issues:
- security update
fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
ImportantSUSE bug 1173477SUSE bug 1173691SUSE bug 1173694SUSE bug 1173700SUSE bug 1173701SUSE bug 1173743SUSE bug 1173874SUSE bug 1173875SUSE bug 1173876SUSE bug 1173880CVE-2017-18922 at SUSECVE-2017-18922 at NVDCVE-2018-21247 at SUSECVE-2018-21247 at NVDCVE-2019-20839 at SUSECVE-2019-20839 at NVDCVE-2019-20840 at SUSECVE-2019-20840 at NVDCVE-2020-14397 at SUSECVE-2020-14397 at NVDCVE-2020-14398 at SUSECVE-2020-14398 at NVDCVE-2020-14399 at SUSECVE-2020-14399 at NVDCVE-2020-14400 at SUSECVE-2020-14400 at NVDCVE-2020-14401 at SUSECVE-2020-14401 at NVDCVE-2020-14402 at SUSECVE-2020-14402 at NVDCVE-2020-14403 at SUSECVE-2020-14403 at NVDCVE-2020-14404 at SUSECVE-2020-14404 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628).
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xerces-c (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xerces-c fixes the following issues:
- CVE-2017-12627: Processing of external DTD paths could have resulted in a
null pointer dereference under certain conditions (bsc#1083630)
ModerateSUSE bug 1083630CVE-2017-12627 at SUSECVE-2017-12627 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.4 (bsc#1174662):
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,
CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.
ImportantSUSE bug 1174662CVE-2020-9862 at SUSECVE-2020-9862 at NVDCVE-2020-9893 at SUSECVE-2020-9893 at NVDCVE-2020-9894 at SUSECVE-2020-9894 at NVDCVE-2020-9895 at SUSECVE-2020-9895 at NVDCVE-2020-9915 at SUSECVE-2020-9915 at NVDCVE-2020-9925 at SUSECVE-2020-9925 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dovecot22 fixes the following issues:
- CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922).
- CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923).
ImportantSUSE bug 1174922SUSE bug 1174923CVE-2020-12673 at SUSECVE-2020-12673 at NVDCVE-2020-12674 at SUSECVE-2020-12674 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for grub2 fixes the following issues:
- CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).
- Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745).
ImportantSUSE bug 1172745SUSE bug 1174421CVE-2020-15705 at SUSECVE-2020-15705 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
- CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
- CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).
ImportantSUSE bug 1174633SUSE bug 1174635SUSE bug 1174638CVE-2020-14345 at SUSECVE-2020-14345 at NVDCVE-2020-14346 at SUSECVE-2020-14346 at NVDCVE-2020-14347 at SUSECVE-2020-14347 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573).
- CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574).
ImportantSUSE bug 1174910SUSE bug 1174913CVE-2020-14361 at SUSECVE-2020-14361 at NVDCVE-2020-14362 at SUSECVE-2020-14362 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
ModerateSUSE bug 1175070SUSE bug 1175071SUSE bug 1175072CVE-2020-11985 at SUSECVE-2020-11985 at NVDCVE-2020-11993 at SUSECVE-2020-11993 at NVDCVE-2020-9490 at SUSECVE-2020-9490 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
CVE-2019-17639
* Class Libraries:
- JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
- JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
- TRANSLATION MESSAGES UPDATE FOR JCL
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Java Virtual Machine:
- IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
- LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
* JIT Compiler:
- CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
IN DEBUGGING MODE
- INTERMITTENT ASSERTION FAILURE REPORTED
- CRASH IN RESOLVECLASSREF() DURING AOT LOAD
- JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
- SEGMENTATION FAULT WHILE COMPILING A METHOD
- UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
APPLICATION ON IBM Z PLATFORM
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
- CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
- IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH
DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
- IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
KEYFACTORY CLASS
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for squid (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for squid fixes the following issues:
- CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671).
- CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665).
- CVE-2020-15810: Enforce token characters for field-name (bsc#1175664).
CriticalSUSE bug 1175664SUSE bug 1175665SUSE bug 1175671CVE-2020-15810 at SUSECVE-2020-15810 at NVDCVE-2020-15811 at SUSECVE-2020-15811 at NVDCVE-2020-24606 at SUSECVE-2020-24606 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libX11 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libX11 fixes the following issues:
- CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239).
ModerateSUSE bug 1175239CVE-2020-14363 at SUSECVE-2020-14363 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621
CVE-2020-14593 CVE-2020-14583 CVE-2019-17639
* Class Libraries:
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
- Mozilla Firefox ESR 78.2
MFSA 2020-38 (bsc#1175686)
* CVE-2020-15663 (bmo#1643199)
Downgrade attack on the Mozilla Maintenance Service could
have resulted in escalation of privilege
* CVE-2020-15664 (bmo#1658214)
Attacker-induced prompt for extension installation
* CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
bmo#1656957)
Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- Fixed Firefox tab crash in FIPS mode (bsc#1174284).
- Fix broken translation-loading. (bsc#1173991)
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes
- Google API key is not usable for geolocation service any more
ModerateSUSE bug 1173991SUSE bug 1174284SUSE bug 1175686CVE-2020-15663 at SUSECVE-2020-15663 at NVDCVE-2020-15664 at SUSECVE-2020-15664 at NVDCVE-2020-15670 at SUSECVE-2020-15670 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
- cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
- cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
- cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127).
- ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
- ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
- ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
- ipvs: fix the connection sync failed in some cases (bsc#1174699).
- kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
- kabi: mask changes to struct ipv6_stub (bsc#1165629).
- mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
- ocfs2: add trimfs dlm lock resource (bsc#1175228).
- ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix remounting needed after setfacl command (bsc#1173954).
- ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
- ocfs2: load global_inode_alloc (bsc#1172963).
- ocfs2: load global_inode_alloc (bsc#1172963).
- powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
- powerpc/pseries: PCIE PHB reset (bsc#1174689).
- Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b.
- Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47.
- scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978).
- selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
- Update patch reference for a tipc fix patch (bsc#1175515)
- x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
- xen: do not reschedule in preemption off sections (bsc#1175749).
ImportantSUSE bug 1058115SUSE bug 1071995SUSE bug 1144333SUSE bug 1154366SUSE bug 1165629SUSE bug 1171988SUSE bug 1172428SUSE bug 1172963SUSE bug 1173798SUSE bug 1173954SUSE bug 1174205SUSE bug 1174689SUSE bug 1174699SUSE bug 1174757SUSE bug 1174784SUSE bug 1174978SUSE bug 1175112SUSE bug 1175127SUSE bug 1175213SUSE bug 1175228SUSE bug 1175515SUSE bug 1175518SUSE bug 1175691SUSE bug 1175749SUSE bug 1176069CVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24394 at SUSECVE-2020-24394 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for shim (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for shim fixes the following issues:
- Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)
This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by
disallowing binaries signed by the previous SUSE UEFI signing key from booting.
This update should only be installed after updates of grub2, the Linux kernel and (if used)
Xen from July / August 2020 are applied.
Additional fixes:
+ shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
ModerateSUSE bug 1168994SUSE bug 1175626SUSE bug 1175656CVE-2020-10713 at SUSECVE-2020-10713 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libsolv (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libsolv fixes the following issues:
This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.
libsolv was updated to version 0.6.36 fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
ModerateSUSE bug 1120629SUSE bug 1120630SUSE bug 1120631SUSE bug 1127155SUSE bug 1131823SUSE bug 1137977CVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for perl-DBI (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for perl-DBI fixes the following issues:
Security issues fixed:
- CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412).
- CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409).
ImportantSUSE bug 1176409SUSE bug 1176412CVE-2020-14392 at SUSECVE-2020-14392 at NVDCVE-2020-14393 at SUSECVE-2020-14393 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091).
- CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface
could have led to denial of service (bsc#1173274).
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
- CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).
- If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).
ImportantSUSE bug 1088004SUSE bug 1088009SUSE bug 1130840SUSE bug 1141853SUSE bug 1149955SUSE bug 1153238SUSE bug 1162423SUSE bug 1173274SUSE bug 1174091SUSE bug 1174701CVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ovmf (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ovmf fixes the following issues:
- CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476).
- Use openSUSE CA for the opensuse flavor (bsc#1175674)
ModerateSUSE bug 1175476SUSE bug 1175674CVE-2019-14562 at SUSECVE-2019-14562 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established
a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
(CVE-2020-1472, bsc#1176579).
- Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369).
- Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120);
ImportantSUSE bug 1174120SUSE bug 1174316SUSE bug 1176579CVE-2020-1472 at SUSECVE-2020-1472 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libqt5-qtbase (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315)
- Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515)
ImportantSUSE bug 1172515SUSE bug 1176315CVE-2020-17507 at SUSECVE-2020-17507 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
-Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)
- CVE-2020-15677: Download origin spoofing via redirect
- CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a
contenteditable element
- CVE-2020-15678: When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-free scenario
- CVE-2020-15673: Fixed memory safety bugs
- Enhance fix for wayland-detection (bsc#1174420)
- Attempt to fix langpack-parallelization by introducing separate
obj-dirs for each lang (bsc#1173986, bsc#1167976)
ImportantSUSE bug 1167976SUSE bug 1173986SUSE bug 1174420SUSE bug 1176756CVE-2020-15673 at SUSECVE-2020-15673 at NVDCVE-2020-15676 at SUSECVE-2020-15676 at NVDCVE-2020-15677 at SUSECVE-2020-15677 at NVDCVE-2020-15678 at SUSECVE-2020-15678 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2020-25602: Fixed an issue where there was a crash when
handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)
- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path
(bsc#1176341,XSA-334)
- CVE-2020-25604: Fixed a race condition when migrating timers between x86
HVM vCPU-s (bsc#1176343,XSA-336)
- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)
- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)
- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)
- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)
- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)
- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)
- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)
- CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534).
- Various bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1175534SUSE bug 1176339SUSE bug 1176343SUSE bug 1176344SUSE bug 1176345SUSE bug 1176346SUSE bug 1176347SUSE bug 1176348SUSE bug 1176349SUSE bug 1176350CVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for perl-DBI (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).
- CVE-2013-7490: Fixed memory corruption when using many arguments
to methods for CallbacksUsing (bsc#1176496).
ImportantSUSE bug 1176496SUSE bug 1176764CVE-2013-7490 at SUSECVE-2013-7490 at NVDCVE-2019-20919 at SUSECVE-2019-20919 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_0-openjdk fixes the following issues:
- java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157)
- JDK-8028431, CVE-2020-14579: NullPointerException in
- DerValue.equals(DerValue)
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
- sun.security.util.DerInputStream.getUnalignedBitString()
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8238925: Enhance WAV file playback
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
- JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c
- JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError
- JDK-8077982: GIFLIB upgrade
- JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions
- JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded'
- JDK-8155691: Update GIFlib library to the latest up-to-date
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
- JDK-8203190: SessionId.hashCode generates too many collisions
- JDK-8217676: Upgrade libpng to 1.6.37
- JDK-8220495: Update GIFlib library to the 5.1.8
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- JDK-8229899: Make java.io.File.isInvalid() less racy
- JDK-8230597: Update GIFlib library to the 5.2.1
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
ImportantSUSE bug 1174157CVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tigervnc (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate
authorities, allowing malicious owners of these certificates
to impersonate any server after a client had added an exception
(bsc#1176733)
CriticalSUSE bug 1176733CVE-2020-26117 at SUSECVE-2020-26117 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libproxy (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libproxy fixes the following issues:
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
ImportantSUSE bug 1176410SUSE bug 1177143CVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:sles-espos:12:sp4Recommended update for bind (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bind fixes the following issues:
Bind was updated to version 9.11.22
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
This upgrade also fixes the following security issues:
* 5481. [security] 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM. (CVE-2020-8624 bsc#1175443)
* 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623 bsc#1175443)
* 5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622 bsc#1175443)
- Suppress warning message about missing file. (bsc#1092283, bsc#1127583, bsc#1094236, bsc#1173983)
Added */etc/bind.keys* to *NAMED_CONF_INCLUDE_FILES* in */etc/sysconfig/named*.
ModerateSUSE bug 1092283SUSE bug 1094236SUSE bug 1127583SUSE bug 1173983SUSE bug 1175443CVE-2020-8622 at SUSECVE-2020-8622 at NVDCVE-2020-8623 at SUSECVE-2020-8623 at NVDCVE-2020-8624 at SUSECVE-2020-8624 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bcm43xx-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bcm43xx-firmware fixes the following issues:
- Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631):
ModerateSUSE bug 1176631cpe:/o:suse:sles-espos:12:sp4Security update for freetype2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for freetype2 fixes the following issues:
- CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).
ImportantSUSE bug 1177914CVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libvirt fixes the following issues:
- CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955).
- CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155).
- libxl: Fixed lock manager lock ordering (bsc#1171701).
ImportantSUSE bug 1171701SUSE bug 1174955SUSE bug 1177155CVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.0 ESR
* Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756)
* CVE-2020-15969 Use-after-free in usersctp
* CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
* Fixed: Fixed legacy preferences not being properly applied when set via GPO
ImportantSUSE bug 1176756SUSE bug 1177872CVE-2020-15683 at SUSECVE-2020-15683 at NVDCVE-2020-15969 at SUSECVE-2020-15969 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for spice (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for spice fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for spice-gtk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for spice-gtk fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).
- CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).
- CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).
ImportantSUSE bug 1173902SUSE bug 1173994SUSE bug 1177613CVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sane-backends (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sane-backends fixes the following issues:
- sane-backends version upgrade to 1.0.31:
* sane-backends version upgrade to 1.0.30
fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862,
CVE-2020-12863, CVE-2020-12864, CVE-2020-12865,
CVE-2020-12866, CVE-2020-12867 (bsc#1172524)
* sane-backends version upgrade to 1.0.31
to further improve hardware enablement for scanner devices
(jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)
* The new escl backend cannot be provided for SLE12 because
it requires more additional software (avahi-client, libcurl,
and libpoppler-glib-devel) where in particular for libcurl
the one that is in SLE12 (via libcurl-devel-7.37.0) is likely
too old because with that building the escl backend fails with
'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH'
undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH'
ImportantSUSE bug 1172524CVE-2017-6318 at SUSECVE-2017-6318 at NVDCVE-2020-12861 at SUSECVE-2020-12861 at NVDCVE-2020-12862 at SUSECVE-2020-12862 at NVDCVE-2020-12863 at SUSECVE-2020-12863 at NVDCVE-2020-12864 at SUSECVE-2020-12864 at NVDCVE-2020-12865 at SUSECVE-2020-12865 at NVDCVE-2020-12866 at SUSECVE-2020-12866 at NVDCVE-2020-12867 at SUSECVE-2020-12867 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache-commons-httpclient (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache-commons-httpclient fixes the following issues:
- http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262]
- org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a 'CN=' string in a field in the distinguished name (DN)
of a certificate. [bsc#1178171, CVE-2014-3577]
ImportantSUSE bug 1178171SUSE bug 945190CVE-2014-3577 at SUSECVE-2014-3577 at NVDCVE-2015-5262 at SUSECVE-2015-5262 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
- Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)',
introduced in October 2020 CPU.
- Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU,
bsc#1174157, and October 2020 CPU, bsc#1177943)
* New features
+ JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
+ PR3796: Allow the number of curves supported to be specified
* Security fixes
+ JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue)
+ JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString()
+ JDK-8230613: Better ASCII conversions
+ JDK-8231800: Better listing of arrays
+ JDK-8232014: Expand DTD support
+ JDK-8233255: Better Swing Buttons
+ JDK-8233624: Enhance JNI linkage
+ JDK-8234032: Improve basic calendar services
+ JDK-8234042: Better factory production of certificates
+ JDK-8234418: Better parsing with CertificateFactory
+ JDK-8234836: Improve serialization handling
+ JDK-8236191: Enhance OID processing
+ JDK-8236196: Improve string pooling
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
+ JDK-8237592, CVE-2020-14577: Enhance certificate verification
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8238002, CVE-2020-14581: Better matrix operations
+ JDK-8238804: Enhance key handling process
+ JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
+ JDK-8238843: Enhanced font handing
+ JDK-8238920, CVE-2020-14583: Better Buffer support
+ JDK-8238925: Enhance WAV file playback
+ JDK-8240119, CVE-2020-14593: Less Affine Transformations
+ JDK-8240124: Better VM Interning
+ JDK-8240482: Improved WAV file playback
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8241379: Update JCEKS support
+ JDK-8241522: Manifest improved jar headers redux
+ JDK-8242136, CVE-2020-14621: Better XML namespace handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 8 u262 build 01
+ JDK-4949105: Access Bridge lacks html tags parsing
+ JDK-8003209: JFR events for network utilization
+ JDK-8030680: 292 cleanup from default method code assessment
+ JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java
and some tests failed on windows intermittently
+ JDK-8041626: Shutdown tracing event
+ JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
+ JDK-8149338: JVM Crash caused by Marlin renderer not handling
NaN coordinates
+ JDK-8151582: (ch) test java/nio/channels/
/AsyncCloseAndInterrupt.java failing due to 'Connection
succeeded'
+ JDK-8165675: Trace event for thread park has incorrect unit
for timeout
+ JDK-8176182: 4 security tests are not run
+ JDK-8178910: Problemlist sample tests
+ JDK-8183925: Decouple crash protection from watcher thread
+ JDK-8191393: Random crashes during cfree+0x1c
+ JDK-8195817: JFR.stop should require name of recording
+ JDK-8195818: JFR.start should increase autogenerated name by
one
+ JDK-8195819: Remove recording=x from jcmd JFR.check output
+ JDK-8199712: Flight Recorder
+ JDK-8202578: Revisit location for class unload events
+ JDK-8202835: jfr/event/os/TestSystemProcess.java fails on
missing events
+ JDK-8203287: Zero fails to build after JDK-8199712 (Flight
Recorder)
+ JDK-8203346: JFR: Inconsistent signature of
jfr_add_string_constant
+ JDK-8203664: JFR start failure after AppCDS archive created
with JFR StartFlightRecording
+ JDK-8203921: JFR thread sampling is missing fixes from
JDK-8194552
+ JDK-8203929: Limit amount of data for JFR.dump
+ JDK-8205516: JFR tool
+ JDK-8207392: [PPC64] Implement JFR profiling
+ JDK-8207829: FlightRecorderMXBeanImpl is leaking the first
classloader which calls it
+ JDK-8209960: -Xlog:jfr* doesn't work with the JFR
+ JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
+ JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD
1.0.7
+ JDK-8211239: Build fails without JFR: empty JFR events
signatures mismatch
+ JDK-8212232: Wrong metadata for the configuration of the
cutoff for old object sample events
+ JDK-8213015: Inconsistent settings between JFR.configure and
-XX:FlightRecorderOptions
+ JDK-8213421: Line number information for execution samples
always 0
+ JDK-8213617: JFR should record the PID of the recorded process
+ JDK-8213734: SAXParser.parse(File, ..) does not close
resources when Exception occurs.
+ JDK-8213914: [TESTBUG] Several JFR VM events are not covered
by tests
+ JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by
test
+ JDK-8213966: The ZGC JFR events should be marked as
experimental
+ JDK-8214542: JFR: Old Object Sample event slow on a deep heap
in debug builds
+ JDK-8214750: Unnecessary <p> tags in jfr classes
+ JDK-8214896: JFR Tool left files behind
+ JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java
fails with UnsatisfiedLinkError
+ JDK-8214925: JFR tool fails to execute
+ JDK-8215175: Inconsistencies in JFR event metadata
+ JDK-8215237: jdk.jfr.Recording javadoc does not compile
+ JDK-8215284: Reduce noise induced by periodic task
getFileSize()
+ JDK-8215355: Object monitor deadlock with no threads holding
the monitor (using jemalloc 5.1)
+ JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
+ JDK-8215771: The jfr tool should pretty print reference chains
+ JDK-8216064: -XX:StartFlightRecording:settings= doesn't work
properly
+ JDK-8216486: Possibility of integer overflow in
JfrThreadSampler::run()
+ JDK-8216528: test/jdk/java/rmi/transport/
/runtimeThreadInheritanceLeak/
/RuntimeThreadInheritanceLeak.java failing with Xcomp
+ JDK-8216559: [JFR] Native libraries not correctly parsed from
/proc/self/maps
+ JDK-8216578: Remove unused/obsolete method in JFR code
+ JDK-8216995: Clean up JFR command line processing
+ JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some
systems due to process surviving SIGINT
+ JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR
TestShutdownEvent
+ JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
+ JDK-8223147: JFR Backport
+ JDK-8223689: Add JFR Thread Sampling Support
+ JDK-8223690: Add JFR BiasedLock Event Support
+ JDK-8223691: Add JFR G1 Region Type Change Event Support
+ JDK-8223692: Add JFR G1 Heap Summary Event Support
+ JDK-8224172: assert(jfr_is_event_enabled(id)) failed:
invariant
+ JDK-8224475: JTextPane does not show images in HTML rendering
+ JDK-8226253: JAWS reports wrong number of radio buttons when
buttons are hidden.
+ JDK-8226779: [TESTBUG] Test JFR API from Java agent
+ JDK-8226892: ActionListeners on JRadioButtons don't get
notified when selection is changed with arrow keys
+ JDK-8227011: Starting a JFR recording in response to JVMTI
VMInit and / or Java agent premain corrupts memory
+ JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id()
& (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0))
failed: invariant'
+ JDK-8229366: JFR backport allows unchecked writing to memory
+ JDK-8229401: Fix JFR code cache test failures
+ JDK-8229708: JFR backport code does not initialize
+ JDK-8229873: 8229401 broke jdk8u-jfr-incubator
+ JDK-8230448: [test] JFRSecurityTestSuite.java is failing on
Windows
+ JDK-8230707: JFR related tests are failing
+ JDK-8230782: Robot.createScreenCapture() fails if
'awt.robot.gtk' is set to false
+ JDK-8230856: Java_java_net_NetworkInterface_getByName0 on
unix misses ReleaseStringUTFChars in early return
+ JDK-8230947: TestLookForUntestedEvents.java is failing after
JDK-8230707
+ JDK-8231995: two jtreg tests failed after 8229366 is fixed
+ JDK-8233623: Add classpath exception to copyright in
EventHandlerProxyCreator.java file
+ JDK-8236002: CSR for JFR backport suggests not leaving out
the package-info
+ JDK-8236008: Some backup files were accidentally left in the
hotspot tree
+ JDK-8236074: Missed package-info
+ JDK-8236174: Should update javadoc since tags
+ JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
+ JDK-8238452: Keytool generates wrong expiration date if
validity is set to 2050/01/01
+ JDK-8238555: Allow Initialization of SunPKCS11 with NSS when
there are external FIPS modules in the NSSDB
+ JDK-8238589: Necessary code cleanup in JFR for JDK8u
+ JDK-8238590: Enable JFR by default during compilation in 8u
+ JDK-8239055: Wrong implementation of VMState.hasListener
+ JDK-8239476: JDK-8238589 broke windows build by moving
OrderedPair
+ JDK-8239479: minimal1 and zero builds are failing
+ JDK-8239867: correct over use of INCLUDE_JFR macro
+ JDK-8240375: Disable JFR by default for July 2020 release
+ JDK-8241444: Metaspace::_class_vsm not initialized if
compressed class pointers are disabled
+ JDK-8241902: AIX Build broken after integration of
JDK-8223147 (JFR Backport)
+ JDK-8242788: Non-PCH build is broken after JDK-8191393
* Import of OpenJDK 8 u262 build 02
+ JDK-8130737: AffineTransformOp can't handle child raster with
non-zero x-offset
+ JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation
in java/awt/image/Raster/TestChildRasterOp.java
+ JDK-8230926: [macosx] Two apostrophes are entered instead of
one with 'U.S. International - PC' layout
+ JDK-8240576: JVM crashes after transformation in C2
IdealLoopTree::merge_many_backedges
+ JDK-8242883: Incomplete backport of JDK-8078268: backport
test part
* Import of OpenJDK 8 u262 build 03
+ JDK-8037866: Replace the Fun class in tests with lambdas
+ JDK-8146612: C2: Precedence edges specification violated
+ JDK-8150986: serviceability/sa/jmap-hprof/
/JMapHProfLargeHeapTest.java failing because expects HPROF
JAVA PROFILE 1.0.1 file format
+ JDK-8229888: (zipfs) Updating an existing zip file does not
preserve original permissions
+ JDK-8230597: Update GIFlib library to the 5.2.1
+ JDK-8230769: BufImg_SetupICM add
ReleasePrimitiveArrayCritical call in early return
+ JDK-8233880, PR3798: Support compilers with multi-digit major
version numbers
+ JDK-8239852: java/util/concurrent tests fail with
-XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:
verification should have failed
+ JDK-8241638: launcher time metrics always report 1 on Linux
when _JAVA_LAUNCHER_DEBUG set
+ JDK-8243059: Build fails when --with-vendor-name contains a
comma
+ JDK-8243474: [TESTBUG] removed three tests of 0 bytes
+ JDK-8244461: [JDK 8u] Build fails with glibc 2.32
+ JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion()
returns wrong result
* Import of OpenJDK 8 u262 build 04
+ JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't
throw NPE if timeout is less than, or equal to zero when unit
== null
+ JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
+ JDK-8171934:
ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification()
does not recognize OpenJDK's HotSpot VM
+ JDK-8196969: JTreg Failure:
serviceability/sa/ClhsdbJstack.java causes NPE
+ JDK-8243539: Copyright info (Year) should be updated for fix
of 8241638
+ JDK-8244777: ClassLoaderStats VM Op uses constant hash value
* Import of OpenJDK 8 u262 build 05
+ JDK-7147060: com/sun/org/apache/xml/internal/security/
/transforms/ClassLoaderTest.java doesn't run in agentvm mode
+ JDK-8178374: Problematic ByteBuffer handling in
CipherSpi.bufferCrypt method
+ JDK-8181841: A TSA server returns timestamp with precision
higher than milliseconds
+ JDK-8227269: Slow class loading when running with JDWP
+ JDK-8229899: Make java.io.File.isInvalid() less racy
+ JDK-8236996: Incorrect Roboto font rendering on Windows with
subpixel antialiasing
+ JDK-8241750: x86_32 build failure after JDK-8227269
+ JDK-8244407: JVM crashes after transformation in C2
IdealLoopTree::split_fall_in
+ JDK-8244843: JapanEraNameCompatTest fails
* Import of OpenJDK 8 u262 build 06
+ JDK-8246223: Windows build fails after JDK-8227269
* Import of OpenJDK 8 u262 build 07
+ JDK-8233197: Invert JvmtiExport::post_vm_initialized() and
Jfr:on_vm_start() start-up order for correct option parsing
+ JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
+ JDK-8245167: Top package in method profiling shows null in JMC
+ JDK-8246703: [TESTBUG] Add test for JDK-8233197
* Import of OpenJDK 8 u262 build 08
+ JDK-8220293: Deadlock in JFR string pool
+ JDK-8225068: Remove DocuSign root certificate that is
expiring in May 2020
+ JDK-8225069: Remove Comodo root certificate that is expiring
in May 2020
* Import of OpenJDK 8 u262 build 09
+ JDK-8248399: Build installs jfr binary when JFR is disabled
* Import of OpenJDK 8 u262 build 10
+ JDK-8248715: New JavaTimeSupplementary localisation for 'in'
installed in wrong package
* Import of OpenJDK 8 u265 build 01
+ JDK-8249677: Regression in 8u after JDK-8237117: Better
ForkJoinPool behavior
+ JDK-8250546: Expect changed behaviour reported in JDK-8249846
* Import of OpenJDK 8 u272 build 01
+ JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
test/compiler/7177917/Test7177917.java
+ JDK-8035493: JVMTI PopFrame capability must instruct
compilers not to prune locals
+ JDK-8036088: Replace strtok() with its safe equivalent
strtok_s() in DefaultProxySelector.c
+ JDK-8039082: [TEST_BUG] Test java/awt/dnd/
/BadSerializationTest/BadSerializationTest.java fails
+ JDK-8075774: Small readability and performance improvements
for zipfs
+ JDK-8132206: move ScanTest.java into OpenJDK
+ JDK-8132376: Add @requires os.family to the client tests with
access to internal OS-specific API
+ JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
+ JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/
/appletviewer/IOExceptionIfEncodedURLTest/
/IOExceptionIfEncodedURLTest.sh
+ JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/
/MTGraphicsAccessTest.java hangs on Win. 8
+ JDK-8151788: NullPointerException from ntlm.Client.type3
+ JDK-8151834: Test SmallPrimeExponentP.java times out
intermittently
+ JDK-8153430: jdk regression test MletParserLocaleTest,
ParserInfiniteLoopTest reduce default timeout
+ JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary
public
+ JDK-8156169: Some sound tests rarely hangs because of
incorrect synchronization
+ JDK-8165936: Potential Heap buffer overflow when seaching
timezone info files
+ JDK-8166148: Fix for JDK-8165936 broke solaris builds
+ JDK-8167300: Scheduling failures during gcm should be fatal
+ JDK-8167615: Opensource unit/regression tests for JavaSound
+ JDK-8172012: [TEST_BUG] delays needed in
javax/swing/JTree/4633594/bug4633594.java
+ JDK-8177628: Opensource unit/regression tests for ImageIO
+ JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
+ JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/
/AppletContextTest/BadPluginConfigurationTest.sh
+ JDK-8193137: Nashorn crashes when given an empty script file
+ JDK-8194298: Add support for per Socket configuration of TCP
keepalive
+ JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java
throws error
+ JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java
fails
+ JDK-8210147: adjust some WSAGetLastError usages in windows
network coding
+ JDK-8211714: Need to update vm_version.cpp to recognise
VS2017 minor versions
+ JDK-8214862: assert(proj != __null) at compile.cpp:3251
+ JDK-8217606: LdapContext#reconnect always opens a new
connection
+ JDK-8217647: JFR: recordings on 32-bit systems unreadable
+ JDK-8226697: Several tests which need the @key headful
keyword are missing it.
+ JDK-8229378: jdwp library loader in linker_md.c quietly
truncates on buffer overflow
+ JDK-8230303: JDB hangs when running monitor command
+ JDK-8230711: ConnectionGraph::unique_java_object(Node* N)
return NULL if n is not in the CG
+ JDK-8234617: C1: Incorrect result of field load due to
missing narrowing conversion
+ JDK-8235243: handle VS2017 15.9 and VS2019 in
abstract_vm_version
+ JDK-8235325: build failure on Linux after 8235243
+ JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
+ JDK-8237951: CTW: C2 compilation fails with 'malformed
control flow'
+ JDK-8238225: Issues reported after replacing symlink at
Contents/MacOS/libjli.dylib with binary
+ JDK-8239385: KerberosTicket client name refers wrongly to
sAMAccountName in AD
+ JDK-8239819: XToolkit: Misread of screen information memory
+ JDK-8240295: hs_err elapsed time in seconds is not accurate
enough
+ JDK-8241888: Mirror jdk.security.allowNonCaAnchor system
property with a security one
+ JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads
to JVM crash
+ JDK-8243489: Thread CPU Load event may contain wrong data for
CPU time under certain conditions
+ JDK-8244818: Java2D Queue Flusher crash while moving
application window to external monitor
+ JDK-8246310: Clean commented-out code about ModuleEntry
and PackageEntry in JFR
+ JDK-8246384: Enable JFR by default on supported architectures
for October 2020 release
+ JDK-8248643: Remove extra leading space in JDK-8240295 8u
backport
+ JDK-8249610: Make
sun.security.krb5.Config.getBooleanObject(String... keys)
method public
* Import of OpenJDK 8 u272 build 02
+ JDK-8023697: failed class resolution reports different class
name in detail message for the first and subsequent times
+ JDK-8025886: replace [[ and == bash extensions in regtest
+ JDK-8046274: Removing dependency on jakarta-regexp
+ JDK-8048933: -XX:+TraceExceptions output should include the
message
+ JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/
/fileaccess/FontFile.java fails
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8154313: Generated javadoc scattered all over the place
+ JDK-8163251: Hard coded loop limit prevents reading of smart
card data greater than 8k
+ JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java
fails with compiler.whitebox.SimpleTestCaseHelper(int) must be
compiled
+ JDK-8183349: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
+ JDK-8191678: [TESTBUG] Add keyword headful in java/awt
FocusTransitionTest test.
+ JDK-8201633: Problems with AES-GCM native acceleration
+ JDK-8211049: Second parameter of 'initialize' method is not
used
+ JDK-8219566: JFR did not collect call stacks when
MaxJavaStackTraceDepth is set to zero
+ JDK-8220165: Encryption using GCM results in
RuntimeException- input length out of bound
+ JDK-8220555: JFR tool shows potentially misleading message
when it cannot access a file
+ JDK-8224217: RecordingInfo should use textual representation
of path
+ JDK-8231779: crash
HeapWord*ParallelScavengeHeap::failed_mem_allocate
+ JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c
'multiple definition' link errors with GCC10
+ JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/
/SctpNet.c 'multiple definition' link errors with GCC10
+ JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple
definition' link errors with GCC10
+ JDK-8242556: Cannot load RSASSA-PSS public key with non-null
params from byte array
+ JDK-8250755: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java
* Import of OpenJDK 8 u272 build 03
+ JDK-6574989: TEST_BUG:
javax/sound/sampled/Clip/bug5070081.java fails sometimes
+ JDK-8148754: C2 loop unrolling fails due to unexpected graph
shape
+ JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests
fail with error : revokeall.exe: Permission denied
+ JDK-8203357: Container Metrics
+ JDK-8209113: Use WeakReference for lastFontStrike for created
Fonts
+ JDK-8216283: Allow shorter method sampling interval than 10 ms
+ JDK-8221569: JFR tool produces incorrect output when both
--categories and --events are specified
+ JDK-8233097: Fontmetrics for large Fonts has zero width
+ JDK-8248851: CMS: Missing memory fences between free chunk
check and klass read
+ JDK-8250875: Incorrect parameter type for update_number in
JDK_Version::jdk_update
* Import of OpenJDK 8 u272 build 04
+ JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
IllegalArgumentException for flags of type double
+ JDK-8177334: Update xmldsig implementation to Apache
Santuario 2.1.1
+ JDK-8217878: ENVELOPING XML signature no longer works in JDK
11
+ JDK-8218629: XML Digital Signature throws NAMESPACE_ERR
exception on OpenJDK 11, works 8/9/10
+ JDK-8243138: Enhance BaseLdapServer to support starttls
extended request
* Import of OpenJDK 8 u272 build 05
+ JDK-8026236: Add PrimeTest for BigInteger
+ JDK-8057003: Large reference arrays cause extremely long
synchronization times
+ JDK-8060721: Test runtime/SharedArchiveFile/
/LimitSharedSizes.java fails in jdk 9 fcs new
platforms/compiler
+ JDK-8152077: (cal) Calendar.roll does not always roll the
hours during daylight savings
+ JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
+ JDK-8211163: UNIX version of Java_java_io_Console_echo does
not return a clean boolean
+ JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in
docker container only works with debug JVMs
+ JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
+ JDK-8236645: JDK 8u231 introduces a regression with
incompatible handling of XML messages
+ JDK-8240676: Meet not symmetric failure when running lucene
on jdk8
+ JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA
program
+ JDK-8249158: THREAD_START and THREAD_END event posted in
primordial phase
+ JDK-8250627: Use -XX:+/-UseContainerSupport for
enabling/disabling Java container metrics
+ JDK-8251546: 8u backport of JDK-8194298 breaks AIX and
Solaris builds
+ JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
AgeTableTracer::is_tenuring_distribution_event_enabled
* Import of OpenJDK 8 u272 build 06
+ JDK-8064319: Need to enable -XX:+TraceExceptions in release
builds
+ JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11
v2.40 support
+ JDK-8160768: Add capability to custom resolve host/domain
names within the default JNDI LDAP provider
+ JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions()
not working
+ JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface
license
+ JDK-8184762: ZapStackSegments should use optimized memset
+ JDK-8193234: When using -Xcheck:jni an internally allocated
buffer can leak
+ JDK-8219919: RuntimeStub name lost with
PrintFrameConverterAssembly
+ JDK-8220313: [TESTBUG] Update base image for Docker testing
to OL 7.6
+ JDK-8222079: Don't use memset to initialize fields decode_env
constructor in disassembler.cpp
+ JDK-8225695: 32-bit build failures after JDK-8080462 (Update
SunPKCS11 provider with PKCS11 v2.40 support)
+ JDK-8226575: OperatingSystemMXBean should be made container
aware
+ JDK-8226809: Circular reference in printed stack trace is not
correctly indented & ambiguous
+ JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
+ JDK-8233621: Mismatch in jsse.enableMFLNExtension property
name
+ JDK-8238898, PR3801: Missing hash characters for header on
license file
+ JDK-8243320: Add SSL root certificates to Oracle Root CA
program
+ JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest
release 1.8.26
+ JDK-8245467: Remove 8u TLSv1.2 implementation files
+ JDK-8245469: Remove DTLS protocol implementation
+ JDK-8245470: Fix JDK8 compatibility issues
+ JDK-8245471: Revert JDK-8148188
+ JDK-8245472: Backport JDK-8038893 to JDK8
+ JDK-8245473: OCSP stapling support
+ JDK-8245474: Add TLS_KRB5 cipher suites support according to
RFC-2712
+ JDK-8245476: Disable TLSv1.3 protocol in the ClientHello
message by default
+ JDK-8245477: Adjust TLS tests location
+ JDK-8245653: Remove 8u TLS tests
+ JDK-8245681: Add TLSv1.3 regression test from 11.0.7
+ JDK-8251117: Cannot check P11Key size in P11Cipher and
P11AEADCipher
+ JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is
set to either true or false
+ JDK-8251341: Minimal Java specification change
+ JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
* Import of OpenJDK 8 u272 build 07
+ JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
* Import of OpenJDK 8 u272 build 08
+ JDK-8062947: Fix exception message to correctly represent
LDAP connection failure
+ JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed
due to timeout on DeadServerNoTimeoutTest is incorrect
+ JDK-8252573: 8u: Windows build failed after 8222079 backport
* Import of OpenJDK 8 u272 build 09
+ JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java :
Compilation failed
* Import of OpenJDK 8 u272 build 10
+ JDK-8254673: Call to JvmtiExport::post_vm_start() was removed
by the fix for JDK-8249158
+ JDK-8254937: Revert JDK-8148854 for 8u272
* Backports
+ JDK-8038723, PR3806: Openup some PrinterJob tests
+ JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when
JTable contains certain string
+ JDK-8058779, PR3805: Faster implementation of
String.replace(CharSequence, CharSequence)
+ JDK-8130125, PR3806: [TEST_BUG] add @modules to the several
client tests unaffected by the automated bulk update
+ JDK-8144015, PR3806: [PIT] failures of text layout font tests
+ JDK-8144023, PR3806: [PIT] failure of text measurements in
javax/swing/text/html/parser/Parser/6836089/bug6836089.java
+ JDK-8144240, PR3806: [macosx][PIT] AIOOB in
closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8145542, PR3806: The case failed automatically and thrown
java.lang.ArrayIndexOutOfBoundsException exception
+ JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
displaying Devanagari text in JEditorPane
+ JDK-8152358, PR3800: code and comment cleanups found during
the hunt for 8077392
+ JDK-8152545, PR3804: Use preprocessor instead of compiling a
program to generate native nio constants
+ JDK-8152680, PR3806: Regression in
GlyphVector.getGlyphCharIndex behaviour
+ JDK-8158924, PR3806: Incorrect i18n text document layout
+ JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for
javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8166068, PR3806: test/java/awt/font/GlyphVector/
/GetGlyphCharIndexTest.java does not compile
+ JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/
/GlyphPainter2/6427244/bug6427244.java - compilation failed
+ JDK-8191512, PR3806: T2K font rasterizer code removal
+ JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from
JDK sources
+ JDK-8236512, PR3801: PKCS11 Connection closed after
Cipher.doFinal and NoPadding
+ JDK-8254177, PR3809: (tz) Upgrade time-zone data to
tzdata2020b
* Bug fixes
+ PR3798: Fix format-overflow error on GCC 10, caused by
passing NULL to a '%s' directive
+ PR3795: ECDSAUtils for XML digital signatures should support
the same curve set as the rest of the JDK
+ PR3799: Adapt elliptic curve patches to JDK-8245468: Add
TLSv1.3 implementation classes from 11.0.7
+ PR3808: IcedTea does not install the JFR *.jfc files
+ PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has
fixed its use with Shenandoah
+ PR3811: Don't attempt to install JFR files when JFR is
disabled
* Shenandoah
+ [backport] 8221435: Shenandoah should not mark through weak
roots
+ [backport] 8221629: Shenandoah: Cleanup class unloading logic
+ [backport] 8222992: Shenandoah: Pre-evacuate all roots
+ [backport] 8223215: Shenandoah: Support verifying subset of
roots
+ [backport] 8223774: Shenandoah: Refactor
ShenandoahRootProcessor and family
+ [backport] 8224210: Shenandoah: Refactor
ShenandoahRootScanner to support scanning CSet codecache roots
+ [backport] 8224508: Shenandoah: Need to update thread roots
in final mark for piggyback ref update cycle
+ [backport] 8224579: ResourceMark not declared in
shenandoahRootProcessor.inline.hpp with
--disable-precompiled-headers
+ [backport] 8224679: Shenandoah: Make
ShenandoahParallelCodeCacheIterator noncopyable
+ [backport] 8224751: Shenandoah: Shenandoah Verifier should
select proper roots according to current GC cycle
+ [backport] 8225014: Separate ShenandoahRootScanner method for
object_iterate
+ [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't
work for Shenandoah
+ [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to
ensure roots to-space invariant
+ [backport] 8225590: Shenandoah: Refactor
ShenandoahClassLoaderDataRoots API
+ [backport] 8226413: Shenandoah: Separate root scanner for
SH::object_iterate()
+ [backport] 8230853: Shenandoah: replace leftover
assert(is_in(...)) with rich asserts
+ [backport] 8231198: Shenandoah: heap walking should visit all
roots most of the time
+ [backport] 8231244: Shenandoah: all-roots heap walking misses
some weak roots
+ [backport] 8237632: Shenandoah: accept NULL fwdptr to
cooperate with JVMTI and JFR
+ [backport] 8239786: Shenandoah: print per-cycle statistics
+ [backport] 8239926: Shenandoah: Shenandoah needs to mark
nmethod's metadata
+ [backport] 8240671: Shenandoah: refactor
ShenandoahPhaseTimings
+ [backport] 8240749: Shenandoah: refactor ShenandoahUtils
+ [backport] 8240750: Shenandoah: remove leftover files and
mentions of ShenandoahAllocTracker
+ [backport] 8240868: Shenandoah: remove CM-with-UR
piggybacking cycles
+ [backport] 8240872: Shenandoah: Avoid updating new regions
from start of evacuation
+ [backport] 8240873: Shenandoah: Short-cut arraycopy barriers
+ [backport] 8240915: Shenandoah: Remove unused fields in init
mark tasks
+ [backport] 8240948: Shenandoah: cleanup not-forwarded-objects
paths after JDK-8240868
+ [backport] 8241007: Shenandoah: remove
ShenandoahCriticalControlThreadPriority support
+ [backport] 8241062: Shenandoah: rich asserts trigger 'empty
statement' inspection
+ [backport] 8241081: Shenandoah: Do not modify
update-watermark concurrently
+ [backport] 8241093: Shenandoah: editorial changes in flag
descriptions
+ [backport] 8241139: Shenandoah: distribute mark-compact work
exactly to minimize fragmentation
+ [backport] 8241142: Shenandoah: should not use parallel
reference processing with single GC thread
+ [backport] 8241351: Shenandoah: fragmentation metrics overhaul
+ [backport] 8241435: Shenandoah: avoid disabling pacing with
'aggressive'
+ [backport] 8241520: Shenandoah: simplify region sequence
numbers handling
+ [backport] 8241534: Shenandoah: region status should include
update watermark
+ [backport] 8241574: Shenandoah: remove
ShenandoahAssertToSpaceClosure
+ [backport] 8241583: Shenandoah: turn heap lock asserts into
macros
+ [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not
derive from ContiguousSpace
+ [backport] 8241673: Shenandoah: refactor anti-false-sharing
padding
+ [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
shenandoahSupport.cpp:2858 with
java/util/Collections/FindSubList.java
+ [backport] 8241692: Shenandoah: remove
ShenandoahHeapRegion::_reserved
+ [backport] 8241700: Shenandoah: Fold
ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier
+ [backport] 8241740: Shenandoah: remove
ShenandoahHeapRegion::_heap
+ [backport] 8241743: Shenandoah: refactor and inline
ShenandoahHeap::heap()
+ [backport] 8241748: Shenandoah: inline MarkingContext TAMS
methods
+ [backport] 8241838: Shenandoah: no need to trash cset during
final mark
+ [backport] 8241841: Shenandoah: ditch one of allocation type
counters in ShenandoahHeapRegion
+ [backport] 8241842: Shenandoah: inline
ShenandoahHeapRegion::region_number
+ [backport] 8241844: Shenandoah: rename
ShenandoahHeapRegion::region_number
+ [backport] 8241845: Shenandoah: align ShenandoahHeapRegions
to cache lines
+ [backport] 8241926: Shenandoah: only print heap changes for
operations that directly affect it
+ [backport] 8241983: Shenandoah: simplify FreeSet logging
+ [backport] 8241985: Shenandoah: simplify collectable garbage
logging
+ [backport] 8242040: Shenandoah: print allocation failure type
+ [backport] 8242041: Shenandoah: adaptive heuristics should
account evac reserve in free target
+ [backport] 8242042: Shenandoah: tune down
ShenandoahGarbageThreshold
+ [backport] 8242054: Shenandoah: New incremental-update mode
+ [backport] 8242075: Shenandoah: rename
ShenandoahHeapRegionSize flag
+ [backport] 8242082: Shenandoah: Purge Traversal mode
+ [backport] 8242083: Shenandoah: split 'Prepare Evacuation'
tracking into cset/freeset counters
+ [backport] 8242089: Shenandoah: per-worker stats should be
summed up, not averaged
+ [backport] 8242101: Shenandoah: coalesce and parallelise heap
region walks during the pauses
+ [backport] 8242114: Shenandoah: remove
ShenandoahHeapRegion::reset_alloc_metadata_to_shared
+ [backport] 8242130: Shenandoah: Simplify arraycopy-barrier
dispatching
+ [backport] 8242211: Shenandoah: remove
ShenandoahHeuristics::RegionData::_seqnum_last_alloc
+ [backport] 8242212: Shenandoah: initialize
ShenandoahHeuristics::_region_data eagerly
+ [backport] 8242213: Shenandoah: remove
ShenandoahHeuristics::_bytes_in_cset
+ [backport] 8242217: Shenandoah: Enable GC mode to be
diagnostic/experimental and have a name
+ [backport] 8242227: Shenandoah: transit regions to cset state
when adding to collection set
+ [backport] 8242228: Shenandoah: remove unused
ShenandoahCollectionSet methods
+ [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion
liveness-related methods
+ [backport] 8242267: Shenandoah: regions space needs to be
aligned by os::vm_allocation_granularity()
+ [backport] 8242271: Shenandoah: add test to verify GC mode
unlock
+ [backport] 8242273: Shenandoah: accept either SATB or IU
barriers, but not both
+ [backport] 8242301: Shenandoah: Inline LRB runtime call
+ [backport] 8242316: Shenandoah: Turn NULL-check into assert
in SATB slow-path entry
+ [backport] 8242353: Shenandoah: micro-optimize region
liveness handling
+ [backport] 8242365: Shenandoah: use uint16_t instead of
jushort for liveness cache
+ [backport] 8242375: Shenandoah: Remove
ShenandoahHeuristic::record_gc_start/end methods
+ [backport] 8242641: Shenandoah: clear live data and update
TAMS optimistically
+ [backport] 8243238: Shenandoah: explicit GC request should
wait for a complete GC cycle
+ [backport] 8243301: Shenandoah: ditch
ShenandoahAllowMixedAllocs
+ [backport] 8243307: Shenandoah: remove
ShCollectionSet::live_data
+ [backport] 8243395: Shenandoah: demote guarantee in
ShenandoahPhaseTimings::record_workers_end
+ [backport] 8243463: Shenandoah: ditch total_pause counters
+ [backport] 8243464: Shenandoah: print statistic counters in
time order
+ [backport] 8243465: Shenandoah: ditch unused pause_other,
conc_other counters
+ [backport] 8243487: Shenandoah: make _num_phases illegal
phase type
+ [backport] 8243494: Shenandoah: set counters once per cycle
+ [backport] 8243573: Shenandoah: rename GCParPhases and
related code
+ [backport] 8243848: Shenandoah: Windows build fails after
JDK-8239786
+ [backport] 8244180: Shenandoah: carry Phase to
ShWorkerTimingsTracker explicitly
+ [backport] 8244200: Shenandoah: build breakages after
JDK-8241743
+ [backport] 8244226: Shenandoah: per-cycle statistics contain
worker data from previous cycles
+ [backport] 8244326: Shenandoah: global statistics should not
accept bogus samples
+ [backport] 8244509: Shenandoah: refactor
ShenandoahBarrierC2Support::test_* methods
+ [backport] 8244551: Shenandoah: Fix racy update of
update_watermark
+ [backport] 8244667: Shenandoah: SBC2Support::test_gc_state
takes loop for wrong control
+ [backport] 8244730: Shenandoah: gc/shenandoah/options/
/TestHeuristicsUnlock.java should only verify the heuristics
+ [backport] 8244732: Shenandoah: move heuristics code to
gc/shenandoah/heuristics
+ [backport] 8244737: Shenandoah: move mode code to
gc/shenandoah/mode
+ [backport] 8244739: Shenandoah: break superclass dependency
on ShenandoahNormalMode
+ [backport] 8244740: Shenandoah: rename ShenandoahNormalMode
to ShenandoahSATBMode
+ [backport] 8245461: Shenandoah: refine mode name()-s
+ [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings
constructor arguments
+ [backport] 8245464: Shenandoah: allocate collection set
bitmap at lower addresses
+ [backport] 8245465: Shenandoah: test_in_cset can use more
efficient encoding
+ [backport] 8245726: Shenandoah: lift/cleanup
ShenandoahHeuristics names and properties
+ [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch
+ [backport] 8245757: Shenandoah: AlwaysPreTouch should not
disable heap resizing or uncommits
+ [backport] 8245773: Shenandoah: Windows assertion failure
after JDK-8245464
+ [backport] 8245812: Shenandoah: compute root phase parallelism
+ [backport] 8245814: Shenandoah: reconsider format specifiers
for stats
+ [backport] 8245825: Shenandoah: Remove diagnostic flag
ShenandoahConcurrentScanCodeRoots
+ [backport] 8246162: Shenandoah: full GC does not mark code
roots when class unloading is off
+ [backport] 8247310: Shenandoah: pacer should not affect
interrupt status
+ [backport] 8247358: Shenandoah: reconsider free budget slice
for marking
+ [backport] 8247367: Shenandoah: pacer should wait on lock
instead of exponential backoff
+ [backport] 8247474: Shenandoah: Windows build warning after
JDK-8247310
+ [backport] 8247560: Shenandoah: heap iteration holds root
locks all the time
+ [backport] 8247593: Shenandoah: should not block pacing
reporters
+ [backport] 8247751: Shenandoah: options tests should run with
smaller heaps
+ [backport] 8247754: Shenandoah: mxbeans tests can be shorter
+ [backport] 8247757: Shenandoah: split heavy tests by
heuristics to improve parallelism
+ [backport] 8247860: Shenandoah: add update watermark line in
rich assert failure message
+ [backport] 8248041: Shenandoah: pre-Full GC root updates may
miss some roots
+ [backport] 8248652: Shenandoah: SATB buffer handling may
assume no forwarded objects
+ [backport] 8249560: Shenandoah: Fix racy GC request handling
+ [backport] 8249649: Shenandoah: provide per-cycle pacing stats
+ [backport] 8249801: Shenandoah: Clear soft-refs on requested
GC cycle
+ [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests
should account for corner cases
+ Fix slowdebug build after JDK-8230853 backport
+ JDK-8252096: Shenandoah: adjust SerialPageShiftCount for
x86_32 and JFR
+ JDK-8252366: Shenandoah: revert/cleanup changes in
graphKit.cpp
+ Shenandoah: add JFR roots to root processor after JFR
integration
+ Shenandoah: add root statistics for string dedup table/queues
+ Shenandoah: enable low-frequency STW class unloading
+ Shenandoah: fix build failures after JDK-8244737 backport
+ Shenandoah: Fix build failure with +JFR -PCH
+ Shenandoah: fix forceful pacer claim
+ Shenandoah: fix formats in
ShenandoahStringSymbolTableUnlinkTask
+ Shenandoah: fix runtime linking failure due to non-compiled
shenandoahBarrierSetC1
+ Shenandoah: hook statistics printing to PrintGCDetails, not
PrintGC
+ Shenandoah: JNI weak roots are always cleared before Full GC
mark
+ Shenandoah: missing SystemDictionary roots in
ShenandoahHeapIterationRootScanner
+ Shenandoah: move barrier sets to their proper locations
+ Shenandoah: move parallelCleaning.* to shenandoah/
+ Shenandoah: pacer should use proper Atomics for intptr_t
+ Shenandoah: properly deallocates class loader metadata
+ Shenandoah: specialize String Table scans for better pause
performance
+ Shenandoah: Zero build fails after recent Atomic cleanup in
Pacer
* AArch64 port
+ JDK-8161072, PR3797: AArch64: jtreg
compiler/uncommontrap/TestDeoptOOM failure
+ JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java
generates guarantee failure in C1
+ JDK-8183925, PR3797: [AArch64] Decouple crash protection from
watcher thread
+ JDK-8199712, PR3797: [AArch64] Flight Recorder
+ JDK-8203481, PR3797: Incorrect constraint for unextended_sp
in frame:safe_for_sender
+ JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall
fails with SIGILL on aarch64
+ JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command
+ JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java
fails on AArch64
+ JDK-8216989, PR3797:
CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier()
does not check for zero length on AARCH64
+ JDK-8217368, PR3797: AArch64: C2 recursive stack locking
optimisation not triggered
+ JDK-8221658, PR3797: aarch64: add necessary predicate for
ubfx patterns
+ JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a
BufferBlob
+ JDK-8246482, PR3797: Build failures with +JFR -PCH
+ JDK-8247979, PR3797: aarch64: missing side effect of killing
flags for clearArray_reg_reg
+ JDK-8248219, PR3797: aarch64: missing memory barrier in
fast_storefield and fast_accessfield
- Ignore whitespaces after the header or footer in PEM X.509 cert
(bsc#1171352)
ImportantSUSE bug 1171352SUSE bug 1174157SUSE bug 1177943CVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDCVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for u-boot (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for u-boot fixes the following issues:
Fix CVE-2019-13106 (bsc#1144656), CVE-2019-13104 (bsc#1144675),
CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)
ImportantSUSE bug 1134157SUSE bug 1134853SUSE bug 1143463SUSE bug 1143777SUSE bug 1143817SUSE bug 1143818SUSE bug 1143819SUSE bug 1143820SUSE bug 1143821SUSE bug 1143823SUSE bug 1143824SUSE bug 1143825SUSE bug 1143827SUSE bug 1143828SUSE bug 1143830SUSE bug 1143831SUSE bug 1144656SUSE bug 1144675SUSE bug 1162198SUSE bug 1167209CVE-2019-11059 at SUSECVE-2019-11059 at NVDCVE-2019-11690 at SUSECVE-2019-11690 at NVDCVE-2019-13103 at SUSECVE-2019-13103 at NVDCVE-2019-13104 at SUSECVE-2019-13104 at NVDCVE-2019-13106 at SUSECVE-2019-13106 at NVDCVE-2019-14192 at SUSECVE-2019-14192 at NVDCVE-2019-14193 at SUSECVE-2019-14193 at NVDCVE-2019-14194 at SUSECVE-2019-14194 at NVDCVE-2019-14195 at SUSECVE-2019-14195 at NVDCVE-2019-14196 at SUSECVE-2019-14196 at NVDCVE-2019-14197 at SUSECVE-2019-14197 at NVDCVE-2019-14198 at SUSECVE-2019-14198 at NVDCVE-2019-14199 at SUSECVE-2019-14199 at NVDCVE-2019-14200 at SUSECVE-2019-14200 at NVDCVE-2019-14201 at SUSECVE-2019-14201 at NVDCVE-2019-14202 at SUSECVE-2019-14202 at NVDCVE-2019-14203 at SUSECVE-2019-14203 at NVDCVE-2019-14204 at SUSECVE-2019-14204 at NVDCVE-2020-10648 at SUSECVE-2020-10648 at NVDCVE-2020-8432 at SUSECVE-2020-8432 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gcc10 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gcc10 fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
ModerateSUSE bug 1172798SUSE bug 1172846SUSE bug 1173972SUSE bug 1174753SUSE bug 1174817SUSE bug 1175168CVE-2020-13844 at SUSECVE-2020-13844 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode updated to 20201027 prerelease
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
# New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
# Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173594CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943)
* Security fixes
+ JDK-8233624: Enhance JNI linkage
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8240124: Better VM Interning
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 7 u281 build 1
+ JDK-8145096: Undefined behaviour in HotSpot
+ JDK-8215265: C2: range check elimination may allow illegal
out of bound access
* Backports
+ JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool)
ImportantSUSE bug 1177943CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
ImportantSUSE bug 1178387CVE-2020-25692 at SUSECVE-2020-25692 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.1 ESR
* Fixed: Security fix
MFSA 2020-49 (bsc#1178588)
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted
for
ImportantSUSE bug 1178588CVE-2020-26950 at SUSECVE-2020-26950 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update changes the internal packaging for postgresql, and so contains
all currently maintained postgresql versions across our SUSE Linux Enterprise 12
products.
* postgresql12 is shipped new in version 12.3 (bsc#1171924).
The server and client packages only on SUSE Linux Enterprise Server 12 SP5,
the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/12/release-12-3.html
* postgresql10 is updated to 10.13 (bsc#1171924).
On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/10/release-10-13.html
* postgresql96 is updated to 9.6.18 (bsc#1171924):
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/9.6/release-9-6-18.html
On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only.
* postgresql 9.4 is updated to 9.4.26:
+ https://www.postgresql.org/about/news/2011/
+ https://www.postgresql.org/docs/9.4/release-9-4-26.html
+ https://www.postgresql.org/about/news/1994/
+ https://www.postgresql.org/docs/9.4/release-9-4-25.html
ModerateSUSE bug 1171924cpe:/o:suse:sles-espos:12:sp4Security update for raptor (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for raptor fixes the following issues:
- Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926).
- Update raptor to version 2.0.15
* Made several fixes to Turtle / N-Triples family of parsers and serializers
* Added utility functions for re-entrant sorting of objects and sequences.
* Made other fixes and improvements including fixing reported issues:
0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584.
ImportantSUSE bug 1178593CVE-2017-18926 at SUSECVE-2017-18926 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for kernel-firmware (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for kernel-firmware fixes the following issue:
- CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671).
ImportantSUSE bug 1178671CVE-2020-12321 at SUSECVE-2020-12321 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for krb5 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for krb5 fixes the following security issue:
- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
ModerateSUSE bug 1178512CVE-2020-28196 at SUSECVE-2020-28196 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).
Non-security issue fixed:
- Adjusted help for --max_iters, default is 5 (bsc#1177950).
ImportantSUSE bug 1177950SUSE bug 1178591CVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql10 fixes the following issues:
Upgrade to version 10.15:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/10/release-10-15.html
Update to 10.14:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/10/release-10-14.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb and mariadb-connector-c fixes the following issues:
- Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the
following security vulnerabilities:
CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180
- Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]
ModerateSUSE bug 1172399SUSE bug 1175596SUSE bug 1177472SUSE bug 1178428CVE-2020-14765 at SUSECVE-2020-14765 at NVDCVE-2020-14776 at SUSECVE-2020-14776 at NVDCVE-2020-14789 at SUSECVE-2020-14789 at NVDCVE-2020-14812 at SUSECVE-2020-14812 at NVDCVE-2020-15180 at SUSECVE-2020-15180 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)
- Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
- CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)
- Release notes:
- Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).
- Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).
- Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173592SUSE bug 1173594SUSE bug 1178971CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bluez fixes the following issues:
- CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751).
ImportantSUSE bug 1166751CVE-2020-0556 at SUSECVE-2020-0556 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes.
The following security bugs were fixed:
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
- CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
- CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).
- CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).
- CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011).
- CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206).
- CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
- CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
- CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
- CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
- CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
- CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
- CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).
The following non-security bugs were fixed:
- btrfs: remove root usage from can_overcommit (bsc#1131277).
- hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816).
- hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306).
- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.
- livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability.
- NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
- NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).
- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).
- scsi: qla2xxx: Do not consume srb greedily (bsc#1173233).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).
ImportantSUSE bug 1051510SUSE bug 1058115SUSE bug 1065600SUSE bug 1131277SUSE bug 1160947SUSE bug 1163524SUSE bug 1166965SUSE bug 1168468SUSE bug 1170139SUSE bug 1170232SUSE bug 1170415SUSE bug 1171417SUSE bug 1171675SUSE bug 1172073SUSE bug 1172366SUSE bug 1173115SUSE bug 1173233SUSE bug 1175228SUSE bug 1175306SUSE bug 1175721SUSE bug 1175882SUSE bug 1176011SUSE bug 1176235SUSE bug 1176278SUSE bug 1176381SUSE bug 1176423SUSE bug 1176482SUSE bug 1176485SUSE bug 1176698SUSE bug 1176721SUSE bug 1176722SUSE bug 1176723SUSE bug 1176725SUSE bug 1176732SUSE bug 1176869SUSE bug 1176907SUSE bug 1176922SUSE bug 1176935SUSE bug 1176950SUSE bug 1176990SUSE bug 1177027SUSE bug 1177086SUSE bug 1177121SUSE bug 1177206SUSE bug 1177340SUSE bug 1177410SUSE bug 1177411SUSE bug 1177470SUSE bug 1177511SUSE bug 1177724SUSE bug 1177725SUSE bug 1177766SUSE bug 1177816SUSE bug 1178123SUSE bug 1178330SUSE bug 1178393SUSE bug 1178669SUSE bug 1178765SUSE bug 1178782SUSE bug 1178838CVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0430 at SUSECVE-2020-0430 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14381 at SUSECVE-2020-14381 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
ImportantSUSE bug 1178824CVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2020-16012 at SUSECVE-2020-16012 at NVDCVE-2020-26951 at SUSECVE-2020-26951 at NVDCVE-2020-26953 at SUSECVE-2020-26953 at NVDCVE-2020-26956 at SUSECVE-2020-26956 at NVDCVE-2020-26958 at SUSECVE-2020-26958 at NVDCVE-2020-26959 at SUSECVE-2020-26959 at NVDCVE-2020-26960 at SUSECVE-2020-26960 at NVDCVE-2020-26961 at SUSECVE-2020-26961 at NVDCVE-2020-26965 at SUSECVE-2020-26965 at NVDCVE-2020-26966 at SUSECVE-2020-26966 at NVDCVE-2020-26968 at SUSECVE-2020-26968 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for LibVNCServer (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for LibVNCServer fixes the following issues:
- CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
ImportantSUSE bug 1178682CVE-2020-25708 at SUSECVE-2020-25708 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596).
- CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908).
ImportantSUSE bug 1174908SUSE bug 1177596CVE-2020-14360 at SUSECVE-2020-14360 at NVDCVE-2020-25712 at SUSECVE-2020-25712 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-setuptools (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-setuptools fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gdm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gdm fixes the following issues:
- CVE-2020-16125: Fixed a privilege escalation (bsc#1178150).
ImportantSUSE bug 1178150CVE-2020-16125 at SUSECVE-2020-16125 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-cryptography (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-cryptography fixes the following issues:
- CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).
ModerateSUSE bug 1178168CVE-2020-25659 at SUSECVE-2020-25659 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql12 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql12 fixes the following issues:
Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
The previous postgresql12 update already addressed:
Update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mutt (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mutt fixes the following issues:
- Find and display the content of messages properly. (bsc#1179461)
- CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113)
ImportantSUSE bug 1179035SUSE bug 1179113SUSE bug 1179461CVE-2020-28896 at SUSECVE-2020-28896 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414SUSE bug 1178591SUSE bug 1178963CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssh (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssh fixes the following issues:
- CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513).
- Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684).
- Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566).
ModerateSUSE bug 1148566SUSE bug 1161684SUSE bug 1173513CVE-2020-14145 at SUSECVE-2020-14145 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2020-55 (bsc#1180039)
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
CriticalSUSE bug 1180039CVE-2020-16042 at SUSECVE-2020-16042 at NVDCVE-2020-26971 at SUSECVE-2020-26971 at NVDCVE-2020-26973 at SUSECVE-2020-26973 at NVDCVE-2020-26974 at SUSECVE-2020-26974 at NVDCVE-2020-26978 at SUSECVE-2020-26978 at NVDCVE-2020-35111 at SUSECVE-2020-35111 at NVDCVE-2020-35112 at SUSECVE-2020-35112 at NVDCVE-2020-35113 at SUSECVE-2020-35113 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115).
- CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322).
- CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325).
- CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324).
- CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348).
- CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358).
- CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359).
- CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477).
- Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782).
- Multiple other bugs (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1176782SUSE bug 1179477SUSE bug 1179496SUSE bug 1179498SUSE bug 1179501SUSE bug 1179502SUSE bug 1179506SUSE bug 1179514SUSE bug 1179516CVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for clamav fixes the following issues:
clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.
* clamd can now reload the signature database without blocking
scanning. This multi-threaded database reload improvement was made
possible thanks to a community effort.
- Non-blocking database reloads are now the default behavior. Some
systems that are more constrained on RAM may need to disable
non-blocking reloads as it will temporarily consume two times as
much memory. We added a new clamd config option
ConcurrentDatabaseReload, which may be set to no.
* Fix clamav-milter.service (requires clamd.service to run)
* bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
* Partial sync with SLE15.
Update to version 0.102.4
Accumulated security fixes:
* CVE-2020-3350: Fix a vulnerability wherein a malicious user could
replace a scan target's directory with a symlink to another path
to trick clamscan, clamdscan, or clamonacc into removing or moving
a different file (eg. a critical system file). The issue would
affect users that use the --move or --remove options for clamscan,
clamdscan, and clamonacc. (bsc#1174255)
* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
module in ClamAV 0.102.3 that could cause a Denial-of-Service
(DoS) condition. Improper bounds checking results in an
out-of-bounds read which could cause a crash. The previous fix for
this CVE in 0.102.3 was incomplete. This fix correctly resolves
the issue.
* CVE-2020-3481: Fix a vulnerability in the EGG archive module in
ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)
condition. Improper error handling may result in a crash due to a
NULL pointer dereference. This vulnerability is mitigated for
those using the official ClamAV signature databases because the
file type signatures in daily.cvd will not enable the EGG archive
parser in versions affected by the vulnerability. (bsc#1174250)
* CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
condition. Improper size checking of a buffer used to initialize AES
decryption routines results in an out-of-bounds read which may cause
a crash. (bsc#1171981)
* CVE-2020-3123: A denial-of-service (DoS) condition may occur when
using the optional credit card data-loss-prevention (DLP) feature.
Improper bounds checking of an unsigned variable resulted in an
out-of-bounds read, which causes a crash.
* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may
occur when scanning a specially crafted email file as a result
of excessively long scan times. The issue is resolved by
implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. (bsc#1157763).
* CVE-2019-12900: An out of bounds write in the NSIS bzip2
(bsc#1149458)
* CVE-2019-12625: Introduce a configurable time limit to mitigate
zip bomb vulnerability completely. Default is 2 minutes,
configurable useing the clamscan --max-scantime and for clamd
using the MaxScanTime config option (bsc#1144504)
Update to version 0.101.3:
* ZIP bomb causes extreme CPU spikes (bsc#1144504)
Update to version 0.101.2 (bsc#1118459):
* Support for RAR v5 archive extraction.
* Incompatible changes to the arguments of cl_scandesc,
cl_scandesc_callback, and cl_scanmap_callback.
* Scanning options have been converted from a single flag
bit-field into a structure of multiple categorized flag
bit-fields.
* The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by
2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and
CL_SCAN_HEURISTIC_ENCRYPTED_DOC
* Incompatible clamd.conf and command line interface changes.
* Heuristic Alerts' (aka 'Algorithmic Detection') options have
been changed to make the names more consistent. The original
options are deprecated in 0.101, and will be removed in a
future feature release.
* For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html ImportantSUSE bug 1118459SUSE bug 1119353SUSE bug 1144504SUSE bug 1149458SUSE bug 1157763SUSE bug 1171981SUSE bug 1174250SUSE bug 1174255CVE-2019-12900 at SUSECVE-2019-12900 at NVDCVE-2019-15961 at SUSECVE-2019-15961 at NVDCVE-2020-3123 at SUSECVE-2020-3123 at NVDCVE-2020-3327 at SUSECVE-2020-3327 at NVDCVE-2020-3341 at SUSECVE-2020-3341 at NVDCVE-2020-3350 at SUSECVE-2020-3350 at NVDCVE-2020-3481 at SUSECVE-2020-3481 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cyrus-sasl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cyrus-sasl fixes the following issues:
- CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635).
ImportantSUSE bug 1159635CVE-2019-19906 at SUSECVE-2019-19906 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libzypp (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
ModerateSUSE bug 1158763CVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for fwupdate (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for fwupdate fixes the following issues:
- Add SBAT section to EFI images (bsc#1182057)
ImportantSUSE bug 1182057cpe:/o:suse:sles-espos:12:sp4Security update for spamassassin (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for spamassassin fixes the following issues:
- spamassassin was updated to version 3.4.5
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
ImportantSUSE bug 1159133SUSE bug 1184221CVE-2019-12420 at SUSECVE-2019-12420 at NVDCVE-2020-1946 at SUSECVE-2020-1946 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glibc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for glibc fixes the following issues:
- CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386)
- CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694)
- CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721)
- Check vector support in memmove ifunc-selector (bsc#1184034)
ImportantSUSE bug 1178386SUSE bug 1179694SUSE bug 1179721SUSE bug 1184034CVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128)
ImportantSUSE bug 1180128CVE-2021-3472 at SUSECVE-2021-3472 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for clamav fixes the following issues:
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533)
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)
- Fix errors when scanning files > 4G (bsc#1181256)
- Update clamav.keyring
- Update to 0.103.2
ImportantSUSE bug 1181256SUSE bug 1184532SUSE bug 1184533SUSE bug 1184534CVE-2021-1252 at SUSECVE-2021-1252 at NVDCVE-2021-1404 at SUSECVE-2021-1404 at NVDCVE-2021-1405 at SUSECVE-2021-1405 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for qemu fixes the following issues:
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
ImportantSUSE bug 1112499SUSE bug 1119115SUSE bug 1172383SUSE bug 1172384SUSE bug 1172385SUSE bug 1172386SUSE bug 1172478SUSE bug 1173612SUSE bug 1174386SUSE bug 1174641SUSE bug 1175441SUSE bug 1176673SUSE bug 1176682SUSE bug 1176684SUSE bug 1178174SUSE bug 1178934SUSE bug 1179466SUSE bug 1179467SUSE bug 1179468SUSE bug 1180523SUSE bug 1181108SUSE bug 1181639SUSE bug 1181933SUSE bug 1182137SUSE bug 1182425SUSE bug 1182577SUSE bug 1182968CVE-2020-11947 at SUSECVE-2020-11947 at NVDCVE-2020-12829 at SUSECVE-2020-12829 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13765 at SUSECVE-2020-13765 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15469 at SUSECVE-2020-15469 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-25084 at SUSECVE-2020-25084 at NVDCVE-2020-25624 at SUSECVE-2020-25624 at NVDCVE-2020-25625 at SUSECVE-2020-25625 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27617 at SUSECVE-2020-27617 at NVDCVE-2020-28916 at SUSECVE-2020-28916 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29443 at SUSECVE-2020-29443 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431)
- CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846)
ImportantSUSE bug 1178591SUSE bug 1182431SUSE bug 1182846CVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-27379 at SUSECVE-2021-27379 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sudo fixes the following issues:
- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)
ImportantSUSE bug 1183936CVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.10.0 ESR (bsc#1184960)
* CVE-2021-23994: Out of bound write due to lazy initialization
* CVE-2021-23995: Use-after-free in Responsive Design Mode
* CVE-2021-23998: Secure Lock icon could have been spoofed
* CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
* CVE-2021-23999: Blob URLs may have been granted additional privileges
* CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
* CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
* CVE-2021-29946: Port blocking could be bypassed
ImportantSUSE bug 1184960CVE-2021-23961 at SUSECVE-2021-23961 at NVDCVE-2021-23994 at SUSECVE-2021-23994 at NVDCVE-2021-23995 at SUSECVE-2021-23995 at NVDCVE-2021-23998 at SUSECVE-2021-23998 at NVDCVE-2021-23999 at SUSECVE-2021-23999 at NVDCVE-2021-24002 at SUSECVE-2021-24002 at NVDCVE-2021-29945 at SUSECVE-2021-29945 at NVDCVE-2021-29946 at SUSECVE-2021-29946 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libnettle (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835).
ImportantSUSE bug 1183835SUSE bug 1184401CVE-2021-20305 at SUSECVE-2021-20305 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gdm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gdm fixes the following issues:
- Avoid the signal SIGTRAP when gdm exits (bsc#1184456).
ImportantSUSE bug 1184456cpe:/o:suse:sles-espos:12:sp4Security update for permissions (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for permissions fixes the following issues:
- Update to version 20170707:
* make btmp root:utmp (bsc#1050467, bsc#1182899)
ImportantSUSE bug 1050467SUSE bug 1182899cpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters
* Import of OpenJDK 7 u291 build 1
+ JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
+ JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
+ JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
ModerateSUSE bug 1181239cpe:/o:suse:sles-espos:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cups fixes the following issues:
- CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)
ImportantSUSE bug 1184161CVE-2021-25317 at SUSECVE-2021-25317 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bind fixes the following issues:
- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495).
ImportantSUSE bug 1181495SUSE bug 1185345CVE-2021-25214 at SUSECVE-2021-25214 at NVDCVE-2021-25215 at SUSECVE-2021-25215 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).
ImportantSUSE bug 1178469SUSE bug 1179156SUSE bug 1184677CVE-2021-20254 at SUSECVE-2021-20254 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for avahi (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for avahi fixes the following issues:
- CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521).
ImportantSUSE bug 1184521CVE-2021-3468 at SUSECVE-2021-3468 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).
- CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).
- CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).
- CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
- CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).
- CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).
- CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
- CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
- CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
- CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
- CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).
- CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).
- CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).
- CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
- CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
- CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198).
- CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).
- CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).
- CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).
- CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
- CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).
- CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).
- CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
- CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
- CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).
- CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
- CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).
- CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).
The following non-security bugs were fixed:
- Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194).
- dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
- ext4: check journal inode extents more carefully (bsc#1173485).
- ext4: do not allow overlapping system zones (bsc#1173485).
- ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
- handle also the opposite type of race condition
- hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032).
- hv_netvsc: remove ndo_poll_controller (bsc#1185248).
- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
- ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: enhance resetting status check during module exit (bsc#1065729).
- ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
ImportantSUSE bug 1040855SUSE bug 1044767SUSE bug 1047233SUSE bug 1065729SUSE bug 1094840SUSE bug 1152457SUSE bug 1171078SUSE bug 1173485SUSE bug 1175873SUSE bug 1176700SUSE bug 1176720SUSE bug 1176855SUSE bug 1177411SUSE bug 1177753SUSE bug 1178181SUSE bug 1179454SUSE bug 1181032SUSE bug 1181960SUSE bug 1182194SUSE bug 1182672SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1183022SUSE bug 1183063SUSE bug 1183069SUSE bug 1183509SUSE bug 1183593SUSE bug 1183646SUSE bug 1183686SUSE bug 1183696SUSE bug 1183738SUSE bug 1183775SUSE bug 1184120SUSE bug 1184167SUSE bug 1184168SUSE bug 1184170SUSE bug 1184192SUSE bug 1184193SUSE bug 1184194SUSE bug 1184196SUSE bug 1184198SUSE bug 1184208SUSE bug 1184211SUSE bug 1184388SUSE bug 1184391SUSE bug 1184393SUSE bug 1184397SUSE bug 1184509SUSE bug 1184511SUSE bug 1184512SUSE bug 1184514SUSE bug 1184583SUSE bug 1184650SUSE bug 1184942SUSE bug 1185113SUSE bug 1185244SUSE bug 1185248CVE-2020-0433 at SUSECVE-2020-0433 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2021-20219 at SUSECVE-2021-20219 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
Security issues fixed:
- CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009)
Other fixes:
- Make sure to close the 'import_failed.map' file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block
ImportantCVE-2020-27619 at SUSECVE-2020-27619 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for djvulibre (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
- CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
- CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
ImportantSUSE bug 1185900SUSE bug 1185904SUSE bug 1185905CVE-2019-18804 at SUSECVE-2019-18804 at NVDCVE-2021-32491 at SUSECVE-2021-32491 at NVDCVE-2021-32492 at SUSECVE-2021-32492 at NVDCVE-2021-32493 at SUSECVE-2021-32493 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for graphviz (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for graphviz fixes the following issues:
- CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833).
CriticalSUSE bug 1185833CVE-2020-18032 at SUSECVE-2020-18032 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104)
- Make sure xencommons is in a format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
- A recent systemd update caused a regression in xenstored.service
systemd now fails to track units that use systemd-notify (bsc#1183790)
- Added a delay between the call to systemd-notify and the final exit
of the wrapper script (bsc#1185021, bsc#1185196)
ImportantSUSE bug 1183790SUSE bug 1185021SUSE bug 1185104SUSE bug 1185196SUSE bug 1185682CVE-2021-28689 at SUSECVE-2021-28689 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libxml2 fixes the following issues:
Security issues fixed:
CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
ImportantSUSE bug 1185408SUSE bug 1185409SUSE bug 1185410SUSE bug 1185698CVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dnsmasq (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dnsmasq fixes the following issues:
- bsc#1177077: Fixed DNSpooq vulnerabilities
- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:
Fixed multiple Cache Poisoning attacks.
- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:
Fixed multiple potential Heap-based overflows when DNSSEC is
enabled.
- Retry query to other servers on receipt of SERVFAIL rcode
(bsc#1176076)
ImportantSUSE bug 1176076SUSE bug 1177077CVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for flac (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for flac fixes the following issues:
- CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099).
ModerateSUSE bug 1180099CVE-2020-0499 at SUSECVE-2020-0499 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for curl (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for curl fixes the following issues:
- CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114)
- CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933)
- CVE-2020-8286: Inferior OCSP verification (bsc#1179593)
- CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399)
- CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398)
- CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109)
- Fix: SFTP uploads result in empty uploaded files (bsc#1177976)
ModerateSUSE bug 1175109SUSE bug 1177976SUSE bug 1179398SUSE bug 1179399SUSE bug 1179593SUSE bug 1183933SUSE bug 1186114CVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dovecot22 fixes the following issues:
- CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405).
ImportantSUSE bug 1180405CVE-2020-24386 at SUSECVE-2020-24386 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for djvulibre (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for djvulibre fixes the following issues:
- CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253)
ImportantSUSE bug 1186253CVE-2021-3500 at SUSECVE-2021-3500 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dhcp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dhcp fixes the following issues:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382)
ImportantSUSE bug 1186382CVE-2021-25217 at SUSECVE-2021-25217 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libwebp (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
CriticalSUSE bug 1185652SUSE bug 1185654SUSE bug 1185673SUSE bug 1185674SUSE bug 1185685SUSE bug 1185686SUSE bug 1185690SUSE bug 1185691SUSE bug 1186247CVE-2018-25009 at SUSECVE-2018-25009 at NVDCVE-2018-25010 at SUSECVE-2018-25010 at NVDCVE-2018-25011 at SUSECVE-2018-25011 at NVDCVE-2018-25012 at SUSECVE-2018-25012 at NVDCVE-2018-25013 at SUSECVE-2018-25013 at NVDCVE-2020-36329 at SUSECVE-2020-36329 at NVDCVE-2020-36330 at SUSECVE-2020-36330 at NVDCVE-2020-36331 at SUSECVE-2020-36331 at NVDCVE-2020-36332 at SUSECVE-2020-36332 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for polkit (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for polkit fixes the following issues:
- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).
ImportantSUSE bug 1186497CVE-2021-3560 at SUSECVE-2021-3560 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gstreamer-plugins-bad (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255).
ImportantSUSE bug 1181255CVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.11.0 ESR (bsc#1186696)
* CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29967: Memory safety bugs fixed in Firefox
ImportantSUSE bug 1185633SUSE bug 1186696CVE-2021-29951 at SUSECVE-2021-29951 at NVDCVE-2021-29964 at SUSECVE-2021-29964 at NVDCVE-2021-29967 at SUSECVE-2021-29967 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
- net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081).
- net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
- net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- net: Do not set transport offset to invalid value (bsc#1176081).
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
ImportantSUSE bug 1176081SUSE bug 1180846SUSE bug 1183947SUSE bug 1184611SUSE bug 1184675SUSE bug 1185642SUSE bug 1185677SUSE bug 1185680SUSE bug 1185724SUSE bug 1185859SUSE bug 1185860SUSE bug 1185862SUSE bug 1185863SUSE bug 1185898SUSE bug 1185899SUSE bug 1185901SUSE bug 1185938SUSE bug 1185950SUSE bug 1185987SUSE bug 1186060SUSE bug 1186061SUSE bug 1186062SUSE bug 1186111SUSE bug 1186285SUSE bug 1186390SUSE bug 1186484SUSE bug 1186498CVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2021-23133 at SUSECVE-2021-23133 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libX11 fixes the following issues:
- Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643)
ImportantSUSE bug 1186643CVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781
CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class Libraries:
- Z/OS specific C function send_file is changing the file pointer position
* Security:
- Add the new oracle signer certificate
- Certificate parsing error
- JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider
- Remove check for websphere signed jars
- sessionid.hashcode generates too many collisions
- The Java 8 IBM certpath provider does not honor the user
specified system property for CLR connect timeout
ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2-mod_auth_openidc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291).
ImportantSUSE bug 1186291CVE-2021-20718 at SUSECVE-2021-20718 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for spice (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for spice fixes the following issues:
- CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686)
ImportantSUSE bug 1181686CVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
ImportantSUSE bug 1179833SUSE bug 1179836SUSE bug 1179837SUSE bug 1179839CVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for caribou (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for caribou fixes the following issues:
Security issue fixed:
- CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617).
ImportantSUSE bug 1186617CVE-2021-3567 at SUSECVE-2021-3567 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for qemu fixes the following issues:
- Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382)
- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380)
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,
CVE-2021-3419, bsc#1182975)
ImportantSUSE bug 1149813SUSE bug 1163019SUSE bug 1172380SUSE bug 1172382SUSE bug 1175534SUSE bug 1178683SUSE bug 1178935SUSE bug 1179477SUSE bug 1179484SUSE bug 1182846SUSE bug 1182975CVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-13754 at SUSECVE-2020-13754 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for freeradius-server (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for freeradius-server fixes the following issues:
- Do not log passwords in logfiles (bsc#1184016)
ModerateSUSE bug 1184016cpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u292 (icedtea 3.19.0).
- CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).
ModerateSUSE bug 1185055CVE-2021-2163 at SUSECVE-2021-2163 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ImageMagick (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ImageMagick fixes the following issues:
- CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103).
- CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).
- CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).
- CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).
- CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).
- CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).
- CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
- CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260).
- CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).
- CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).
- CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).
- CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).
- CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).
- CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
- CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).
- CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).
- CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).
- CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).
- CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).
- CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).
- CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).
- CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).
- CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).
- CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
- CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).
- CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).
- CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).
- CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).
- CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).
- CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).
- CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).
- CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).
ImportantSUSE bug 1179103SUSE bug 1179202SUSE bug 1179208SUSE bug 1179212SUSE bug 1179223SUSE bug 1179240SUSE bug 1179244SUSE bug 1179260SUSE bug 1179268SUSE bug 1179269SUSE bug 1179278SUSE bug 1179281SUSE bug 1179285SUSE bug 1179311SUSE bug 1179312SUSE bug 1179313SUSE bug 1179315SUSE bug 1179317SUSE bug 1179321SUSE bug 1179322SUSE bug 1179327SUSE bug 1179333SUSE bug 1179336SUSE bug 1179338SUSE bug 1179339SUSE bug 1179343SUSE bug 1179345SUSE bug 1179346SUSE bug 1179347SUSE bug 1179361SUSE bug 1179362SUSE bug 1179397CVE-2020-19667 at SUSECVE-2020-19667 at NVDCVE-2020-25664 at SUSECVE-2020-25664 at NVDCVE-2020-25665 at SUSECVE-2020-25665 at NVDCVE-2020-25666 at SUSECVE-2020-25666 at NVDCVE-2020-25674 at SUSECVE-2020-25674 at NVDCVE-2020-25675 at SUSECVE-2020-25675 at NVDCVE-2020-25676 at SUSECVE-2020-25676 at NVDCVE-2020-27750 at SUSECVE-2020-27750 at NVDCVE-2020-27751 at SUSECVE-2020-27751 at NVDCVE-2020-27752 at SUSECVE-2020-27752 at NVDCVE-2020-27753 at SUSECVE-2020-27753 at NVDCVE-2020-27754 at SUSECVE-2020-27754 at NVDCVE-2020-27755 at SUSECVE-2020-27755 at NVDCVE-2020-27757 at SUSECVE-2020-27757 at NVDCVE-2020-27759 at SUSECVE-2020-27759 at NVDCVE-2020-27760 at SUSECVE-2020-27760 at NVDCVE-2020-27761 at SUSECVE-2020-27761 at NVDCVE-2020-27762 at SUSECVE-2020-27762 at NVDCVE-2020-27763 at SUSECVE-2020-27763 at NVDCVE-2020-27764 at SUSECVE-2020-27764 at NVDCVE-2020-27765 at SUSECVE-2020-27765 at NVDCVE-2020-27766 at SUSECVE-2020-27766 at NVDCVE-2020-27767 at SUSECVE-2020-27767 at NVDCVE-2020-27768 at SUSECVE-2020-27768 at NVDCVE-2020-27769 at SUSECVE-2020-27769 at NVDCVE-2020-27770 at SUSECVE-2020-27770 at NVDCVE-2020-27771 at SUSECVE-2020-27771 at NVDCVE-2020-27772 at SUSECVE-2020-27772 at NVDCVE-2020-27773 at SUSECVE-2020-27773 at NVDCVE-2020-27774 at SUSECVE-2020-27774 at NVDCVE-2020-27775 at SUSECVE-2020-27775 at NVDCVE-2020-27776 at SUSECVE-2020-27776 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.1:
+ Improve handling of Media Capture devices.
+ Improve WebAudio playback.
+ Improve video orientation handling.
+ Improve seeking support for MSE playback.
+ Improve flush support in EME decryptors.
+ Fix HTTP status codes for requests done through a custom URI handler.
+ Fix the Bubblewrap sandbox in certain 32-bit systems.
+ Fix inconsistencies between the WebKitWebView.is-muted property
state and values returned by
webkit_web_view_is_playing_audio().
+ Fix the build with ENABLE_VIDEO=OFF.
+ Fix wrong timestamps for long-lived cookies.
+ Fix UI process crash when failing to load favicons.
+ Fix several crashes and rendering issues.
- Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871,
CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983,
CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951.
ImportantSUSE bug 1177087SUSE bug 1179122SUSE bug 1179451SUSE bug 1182286SUSE bug 1184155SUSE bug 1184262CVE-2020-13543 at SUSECVE-2020-13543 at NVDCVE-2020-13558 at SUSECVE-2020-13558 at NVDCVE-2020-13584 at SUSECVE-2020-13584 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9983 at SUSECVE-2020-9983 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1789 at SUSECVE-2021-1789 at NVDCVE-2021-1799 at SUSECVE-2021-1799 at NVDCVE-2021-1801 at SUSECVE-2021-1801 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1870 at SUSECVE-2021-1870 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
ImportantSUSE bug 1186922SUSE bug 1186923SUSE bug 1186924SUSE bug 1187017SUSE bug 1187174CVE-2020-35452 at SUSECVE-2020-35452 at NVDCVE-2021-26690 at SUSECVE-2021-26690 at NVDCVE-2021-26691 at SUSECVE-2021-26691 at NVDCVE-2021-30641 at SUSECVE-2021-30641 at NVDCVE-2021-31618 at SUSECVE-2021-31618 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xterm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xterm fixes the following issues:
- CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091)
ImportantSUSE bug 1182091CVE-2021-27135 at SUSECVE-2021-27135 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libnettle (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libnettle fixes the following issues:
- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).
ImportantSUSE bug 1187060CVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ovmf (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ovmf fixes the following issues:
- Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
ImportantSUSE bug 1186151cpe:/o:suse:sles-espos:12:sp4Security update for libgcrypt (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
ImportantSUSE bug 1187212CVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openexr (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openexr fixes the following issues:
- Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer
- Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
- Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
ImportantSUSE bug 1184354SUSE bug 1187310SUSE bug 1187395CVE-2021-3479 at SUSECVE-2021-3479 at NVDCVE-2021-3598 at SUSECVE-2021-3598 at NVDCVE-2021-3605 at SUSECVE-2021-3605 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql, postgresql12, postgresql13 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql, postgresql12, postgresql13 fixes the following issues:
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
Changes in postgresql:
- Bump postgresql major version to 13.
Changes in postgresql12:
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix a DST problem in the test suite.
Changes in postgresql13:
- Add postgresql-icu68.patch: fix build with ICU 68
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
- Fix a DST problem in the test suite.
ImportantSUSE bug 1178666SUSE bug 1178667SUSE bug 1178668SUSE bug 1178961SUSE bug 1179765CVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for arpwatch (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for arpwatch fixes the following issues:
- CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).
ImportantSUSE bug 1186240CVE-2021-25321 at SUSECVE-2021-25321 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libsolv (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libsolv fixes the following issues:
Security issues fixed:
- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)
Other issues fixed:
- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
ImportantSUSE bug 1161510SUSE bug 1186229CVE-2019-20387 at SUSECVE-2019-20387 at NVDCVE-2021-3200 at SUSECVE-2021-3200 at NVDcpe:/o:suse:sles-espos:12:sp4Recommended update for the Azure and AWS SDKs (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for the SLE Public Cloud module provides the following fixes:
Azure SDK update:
This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit).
(bsc#1176784, jsc#ECO-3105)
AWS SDK update:
This update for the AWS SDK updates python-boto3 to version 1.17.9 and aws-cli to 1.19.9.
(bsc#1182421, jsc#ECO-3352)
Security fix for python-urllib3:
- Improve performance of sub-authority splitting in URL. (bsc#1187045, CVE-2021-33503)
ImportantSUSE bug 1125671SUSE bug 1154393SUSE bug 1175289SUSE bug 1176784SUSE bug 1176785SUSE bug 1182421SUSE bug 1187045CVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges
[bsc#1181090,CVE-2021-3156]
- It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
- A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685,
CVE-2021-23240]
- It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
ImportantSUSE bug 1180684SUSE bug 1180685SUSE bug 1180687SUSE bug 1181090CVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-29 (bsc#1188275)
* CVE-2021-29970: Use-after-free in accessibility features of a document
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
ImportantSUSE bug 1188275CVE-2021-29970 at SUSECVE-2021-29970 at NVDCVE-2021-29976 at SUSECVE-2021-29976 at NVDCVE-2021-30547 at SUSECVE-2021-30547 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414)
* CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements
* CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been
* CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC
* CVE-2021-23964: Fixed Memory safety bugs
ImportantSUSE bug 1181414CVE-2020-26976 at SUSECVE-2020-26976 at NVDCVE-2021-23953 at SUSECVE-2021-23953 at NVDCVE-2021-23954 at SUSECVE-2021-23954 at NVDCVE-2021-23960 at SUSECVE-2021-23960 at NVDCVE-2021-23964 at SUSECVE-2021-23964 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116).
- CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062).
- CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215).
- CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554).
- CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601).
- CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595).
- CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463).
- CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452).
- CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463).
- CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861).
- CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484).
The following non-security bugs were fixed:
- block: do not use blocking queue entered for recursive bio (bsc#1104967).
- s390/stack: fix possible register corruption with stack switch helper (git-fixes).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
ImportantSUSE bug 1104967SUSE bug 1174978SUSE bug 1179610SUSE bug 1185701SUSE bug 1185861SUSE bug 1186463SUSE bug 1186484SUSE bug 1187038SUSE bug 1187050SUSE bug 1187215SUSE bug 1187452SUSE bug 1187554SUSE bug 1187595SUSE bug 1187601SUSE bug 1187934SUSE bug 1188062SUSE bug 1188116CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063)
Other fixes:
- mount-util: shorten the loop a bit (#7545)
- mount-util: do not use the official MAX_HANDLE_SZ (#7523)
- mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
- mount-util: fix bad indenting
- mount-util: EOVERFLOW might have other causes than buffer size issues
- mount-util: fix error propagation in fd_fdinfo_mnt_id()
- mount-util: drop exponential buffer growing in name_to_handle_at_loop()
- udev: port udev_has_devtmpfs() to use path_get_mnt_id()
- mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
- mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
- mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
- basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- sysusers: use the usual comment style
- test/TEST-21-SYSUSERS: add tests for new functionality
- sysusers: allow admin/runtime overrides to command-line config
- basic/strv: add function to insert items at position
- sysusers: allow the shell to be specified
- sysusers: move various user credential validity checks to src/basic/
- man: reformat table in sysusers.d(5)
- sysusers: take configuration as positional arguments
- sysusers: emit a bit more info at debug level when locking fails
- sysusers: allow force reusing existing user/group IDs (#8037)
- sysusers: ensure GID in uid:gid syntax exists
- sysusers: make ADD_GROUP always create a group
- test: add TEST-21-SYSUSERS test
- sysuser: use OrderedHashmap
- sysusers: allow uid:gid in sysusers.conf files
- sysusers: fix memleak (#4430)
- These commits implement the option '--replace' for systemd-sysusers
so %sysusers_create_package can be introduced in SLE and packages
can rely on this rpm macro without wondering whether the macro is
available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- systemctl: add --value option
- execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
- rlimit-util: introduce setrlimit_closest_all()
- system-conf: drop reference to ShutdownWatchdogUsec=
- core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
- Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
- write_net_rules: set execute bits (bsc#1178561)
- udev: rework network device renaming
- Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available''
ImportantSUSE bug 1178561SUSE bug 1184761SUSE bug 1184967SUSE bug 1185046SUSE bug 1185331SUSE bug 1185807SUSE bug 1188063CVE-2021-33910 at SUSECVE-2021-33910 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for curl (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
ModerateSUSE bug 1188217SUSE bug 1188218SUSE bug 1188219SUSE bug 1188220CVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for linuxptp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for linuxptp fixes the following issues:
- CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)
ImportantSUSE bug 1187646CVE-2021-3570 at SUSECVE-2021-3570 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)
- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)
- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)
- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)
- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)
ImportantSUSE bug 1187364SUSE bug 1187365SUSE bug 1187366SUSE bug 1187367SUSE bug 1187529CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDCVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dbus-1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dbus-1 fixes the following issues:
- CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105)
- CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505)
ImportantSUSE bug 1172505SUSE bug 1187105CVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.32.3:
- CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697)
- CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697)
- CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697)
- CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697)
- CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697)
- CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697)
- CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
ImportantSUSE bug 1188697CVE-2021-21775 at SUSECVE-2021-21775 at NVDCVE-2021-21779 at SUSECVE-2021-21779 at NVDCVE-2021-30663 at SUSECVE-2021-30663 at NVDCVE-2021-30665 at SUSECVE-2021-30665 at NVDCVE-2021-30689 at SUSECVE-2021-30689 at NVDCVE-2021-30720 at SUSECVE-2021-30720 at NVDCVE-2021-30734 at SUSECVE-2021-30734 at NVDCVE-2021-30744 at SUSECVE-2021-30744 at NVDCVE-2021-30749 at SUSECVE-2021-30749 at NVDCVE-2021-30758 at SUSECVE-2021-30758 at NVDCVE-2021-30795 at SUSECVE-2021-30795 at NVDCVE-2021-30797 at SUSECVE-2021-30797 at NVDCVE-2021-30799 at SUSECVE-2021-30799 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libsndfile (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libsndfile fixes the following issues:
- CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167)
- CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993)
- CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540)
- CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954)
CriticalSUSE bug 1100167SUSE bug 1116993SUSE bug 1117954SUSE bug 1188540CVE-2018-13139 at SUSECVE-2018-13139 at NVDCVE-2018-19432 at SUSECVE-2018-19432 at NVDCVE-2018-19758 at SUSECVE-2018-19758 at NVDCVE-2021-3246 at SUSECVE-2021-3246 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for djvulibre (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for djvulibre fixes the following issues:
- CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869)
ImportantSUSE bug 1187869CVE-2021-3630 at SUSECVE-2021-3630 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb fixes the following issues:
- Update to 10.2.39 (bsc#1182739)
- CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870)
- CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872)
- CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868)
- CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770)
ImportantSUSE bug 1182739SUSE bug 1183770SUSE bug 1185868SUSE bug 1185870SUSE bug 1185872SUSE bug 1188300CVE-2021-2154 at SUSECVE-2021-2154 at NVDCVE-2021-2166 at SUSECVE-2021-2166 at NVDCVE-2021-2180 at SUSECVE-2021-2180 at NVDCVE-2021-27928 at SUSECVE-2021-27928 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cpio (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
ImportantSUSE bug 1189206CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libcares2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libcares2 fixes the following issues:
- CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881).
ImportantSUSE bug 1188881CVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891):
- CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
- CVE-2021-29988: Memory corruption as a result of incorrect style treatment
- CVE-2021-29984: Incorrect instruction reordering during JIT optimization
- CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
- CVE-2021-29985: Use-after-free media channels
- CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
ImportantSUSE bug 1188891CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for fetchmail (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for fetchmail fixes the following issues:
- CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875)
- Change PASSWORDLEN from 64 to 256 [bsc#1188034]
- Set the hostname for SNI when using TLS [bsc#1182807]
- Allow --syslog option in daemon mode. (bsc#1033081)
- Set the hostname for SNI when using TLS. (bsc#1182807)
- Change PASSWORDLEN from 64 to 256 (bsc#1188034)
ModerateSUSE bug 1033081SUSE bug 1182807SUSE bug 1188034SUSE bug 1188875CVE-2021-36386 at SUSECVE-2021-36386 at NVDcpe:/o:suse:sles-espos:12:sp4Recommended update for cpio (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
CriticalSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u302 (icedtea 3.20.0)
- CVE-2021-2341: Improve file transfers. (bsc#1188564)
- CVE-2021-2369: Better jar file validation. (bsc#1188565)
- CVE-2021-2388: Enhance compiler validation. (bsc#1188566)
- CVE-2021-2161: Less ambiguous processing. (bsc#1185056)
ImportantSUSE bug 1185056SUSE bug 1188564SUSE bug 1188565SUSE bug 1188566CVE-2021-2161 at SUSECVE-2021-2161 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2388 at SUSECVE-2021-2388 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cpio (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cpio fixes the following issues:
- A patch previously applied to remedy CVE-2021-38185 introduced a regression
that had the potential to cause a segmentation fault in cpio. [bsc#1189465]
ImportantSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-PyYAML (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-PyYAML fixes the following issues:
- Update to 5.3.1.
- CVE-2020-14343: A vulnerability was discovered in the PyYAML library,
where it was susceptible to arbitrary code execution when it processes
untrusted YAML files through the full_load method or with the FullLoader
loader. Applications that use the library to process untrusted input
may be vulnerable to this flaw. This flaw allows an attacker to
execute arbitrary code on the system by abusing the python/object/new
constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
ImportantSUSE bug 1174514CVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code could
lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189520SUSE bug 1189521CVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for unrar (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
- CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
ModerateSUSE bug 1046882SUSE bug 1054038SUSE bug 1187974CVE-2012-6706 at SUSECVE-2012-6706 at NVDCVE-2017-12938 at SUSECVE-2017-12938 at NVDCVE-2017-12940 at SUSECVE-2017-12940 at NVDCVE-2017-12941 at SUSECVE-2017-12941 at NVDCVE-2017-12942 at SUSECVE-2017-12942 at NVDCVE-2017-20006 at SUSECVE-2017-20006 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for aspell (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for aspell fixes the following issues:
- CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576).
ImportantSUSE bug 1188576CVE-2019-25051 at SUSECVE-2019-25051 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openexr (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
ImportantSUSE bug 1188457SUSE bug 1188458SUSE bug 1188459SUSE bug 1188460SUSE bug 1188461SUSE bug 1188462CVE-2021-20298 at SUSECVE-2021-20298 at NVDCVE-2021-20299 at SUSECVE-2021-20299 at NVDCVE-2021-20300 at SUSECVE-2021-20300 at NVDCVE-2021-20302 at SUSECVE-2021-20302 at NVDCVE-2021-20303 at SUSECVE-2021-20303 at NVDCVE-2021-20304 at SUSECVE-2021-20304 at NVDCVE-2021-3476 at SUSECVE-2021-3476 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libesmtp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libesmtp fixes the following issues:
- CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).
ImportantSUSE bug 1160462SUSE bug 1189097CVE-2019-19977 at SUSECVE-2019-19977 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for file (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for file fixes the following issues:
- CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661).
ImportantSUSE bug 1154661CVE-2019-18218 at SUSECVE-2019-18218 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).
- CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376).
- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
- CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380).
- CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429)
- CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434)
- CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433)
- CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654)
- CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369).
- CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378).
- CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376).
- CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254).
- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
ImportantSUSE bug 1181254SUSE bug 1182654SUSE bug 1186429SUSE bug 1186433SUSE bug 1186434SUSE bug 1187369SUSE bug 1187376SUSE bug 1187378SUSE bug 1189373SUSE bug 1189376SUSE bug 1189378SUSE bug 1189380SUSE bug 1189882CVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-3308 at SUSECVE-2021-3308 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openvswitch (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openvswitch fixes the following issues:
- openvswitch was updated to 2.8.10
- CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345)
A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of
the openvswitch.rpm file in order to obtain a list of all changes.
ImportantSUSE bug 1117483SUSE bug 1181345CVE-2020-27827 at SUSECVE-2020-27827 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Low)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Low)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb fixes the following issues:
Update to version 10.2.40 [bsc#1189320]:
- fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389
ModerateSUSE bug 1182255SUSE bug 1189320CVE-2021-2372 at SUSECVE-2021-2372 at NVDCVE-2021-2389 at SUSECVE-2021-2389 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issue:
- CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602).
ModerateSUSE bug 1179602CVE-2020-17527 at SUSECVE-2020-17527 at NVDcpe:/o:suse:sles-espos:12:sp4Recommended update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ModerateSUSE bug 1029961SUSE bug 1174697SUSE bug 1176206SUSE bug 1176934SUSE bug 1179382SUSE bug 1188891CVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for transfig (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for transfig fixes the following issues:
Update to version 3.2.8, including fixes for
- CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).
- CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325).
- CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346).
- CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345).
- CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343).
- CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293).
- CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).
- CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).
ModerateSUSE bug 1136882SUSE bug 1159130SUSE bug 1159293SUSE bug 1161698SUSE bug 1186329SUSE bug 1189325SUSE bug 1189343SUSE bug 1189345SUSE bug 1189346CVE-2019-19555 at SUSECVE-2019-19555 at NVDCVE-2019-19746 at SUSECVE-2019-19746 at NVDCVE-2019-19797 at SUSECVE-2019-19797 at NVDCVE-2020-21680 at SUSECVE-2020-21680 at NVDCVE-2020-21681 at SUSECVE-2020-21681 at NVDCVE-2020-21682 at SUSECVE-2020-21682 at NVDCVE-2020-21683 at SUSECVE-2020-21683 at NVDCVE-2021-3561 at SUSECVE-2021-3561 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gtk-vnc (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gtk-vnc fixes the following issues:
- CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268).
- CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266).
- Fix crash when opening connection from a GSocketAddress (bsc#1046782).
- Fix possible crash on connection failure (bsc#1188292).
ModerateSUSE bug 1024266SUSE bug 1024268SUSE bug 1046782SUSE bug 1188292CVE-2017-5884 at SUSECVE-2017-5884 at NVDCVE-2017-5885 at SUSECVE-2017-5885 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ghostscript (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ghostscript fixes the following issues:
- CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)
CriticalSUSE bug 1190381CVE-2021-3781 at SUSECVE-2021-3781 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779
CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class libraries:
- SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time
that the set timeout
- Z/OS specific C function send_file is changing the file pointer
position
* Java Virtual Machine:
- Crash on iterate java stack
- Java process hang on SIGTERM
* JIT Compiler:
- JMS performance regression from JDK8 SR5 FP40 TO FP41
* Class Libraries:
- z15 high utilization following Z/VM and Linux migration from
z14 To z15
* Java Virtual Machine:
- Assertion failed when trying to write a class file
- Assertion failure at modronapi.cpp
- Improve the performance of defining and finding classes
* JIT Compiler:
- An assert in ppcbinaryencoding.cpp may trigger when running
with traps disabled on power
- AOT field offset off by n bytes
- Segmentation fault in jit module on ibm z platform ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sqlite3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sqlite3 fixes the following issues:
sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).
The following CVEs have been fixed in upstream releases up to
this point, but were not mentioned in the change log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2020-13434 bsc#1172115: integer overflow in
sqlite3_str_vappendf
* CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow
* CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed
to one of its shadow tables
* CVE-2020-13632 bsc#1172240: NULL pointer dereference via
crafted matchinfo() query
* CVE-2020-13435: Malicious SQL statements could have crashed the
process that is running SQLite (bsc#1172091)
ImportantSUSE bug 1157818SUSE bug 1158812SUSE bug 1158958SUSE bug 1158959SUSE bug 1158960SUSE bug 1159491SUSE bug 1159715SUSE bug 1159847SUSE bug 1159850SUSE bug 1160309SUSE bug 1160438SUSE bug 1160439SUSE bug 1164719SUSE bug 1172091SUSE bug 1172115SUSE bug 1172234SUSE bug 1172236SUSE bug 1172240SUSE bug 1173641SUSE bug 928700SUSE bug 928701CVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2016-6153 at SUSECVE-2016-6153 at NVDCVE-2017-10989 at SUSECVE-2017-10989 at NVDCVE-2017-2518 at SUSECVE-2017-2518 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-8457 at SUSECVE-2019-8457 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-urllib3 fixes the following security issue:
- CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120)
Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking.
ModerateSUSE bug 1177120CVE-2020-26137 at SUSECVE-2020-26137 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glibc (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489)
ModerateSUSE bug 1186489CVE-2021-33574 at SUSECVE-2021-33574 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
ImportantSUSE bug 1188697SUSE bug 1190701CVE-2021-21806 at SUSECVE-2021-21806 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
ImportantSUSE bug 1190666SUSE bug 1190669SUSE bug 1190703CVE-2021-34798 at SUSECVE-2021-34798 at NVDCVE-2021-39275 at SUSECVE-2021-39275 at NVDCVE-2021-40438 at SUSECVE-2021-40438 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for curl (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
ModerateSUSE bug 1190373SUSE bug 1190374CVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-45 (bsc#1191332)
* CVE-2021-38496: Use-after-free in MessageTask
* CVE-2021-38497: Validation message could have been overlaid on another origin
* CVE-2021-38498: Use-after-free of nsLanguageAtomService object
* CVE-2021-32810: Fixed Data race in crossbeam-deque
* CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
* CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
- Fixed crash in FIPS mode (bsc#1190710)
ImportantSUSE bug 1190710SUSE bug 1191332CVE-2021-32810 at SUSECVE-2021-32810 at NVDCVE-2021-38496 at SUSECVE-2021-38496 at NVDCVE-2021-38497 at SUSECVE-2021-38497 at NVDCVE-2021-38498 at SUSECVE-2021-38498 at NVDCVE-2021-38500 at SUSECVE-2021-38500 at NVDCVE-2021-38501 at SUSECVE-2021-38501 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for strongswan (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for strongswan fixes the following issues:
- CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435)
ImportantSUSE bug 1191435CVE-2021-41991 at SUSECVE-2021-41991 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql10 fixes the following issues:
- Fix for build with llvm12 on s390x. (bsc#1185952)
- Re-enable 'icu' for PostgreSQL 10. (bsc#1179945)
- Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751)
- Upgrade to version 10.18. (bsc#1190177)
Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5):
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
- Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961)
- Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix recently-added timetz test case so it works when the USA is not observing daylight savings time.
ImportantSUSE bug 1178961SUSE bug 1179765SUSE bug 1179945SUSE bug 1183118SUSE bug 1183168SUSE bug 1185924SUSE bug 1185925SUSE bug 1185952SUSE bug 1187751SUSE bug 1190177CVE-2021-32027 at SUSECVE-2021-32027 at NVDCVE-2021-32028 at SUSECVE-2021-32028 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for opensc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for opensc fixes the following issues:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
ImportantSUSE bug 1191957SUSE bug 1191992SUSE bug 1192000SUSE bug 1192005CVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for transfig (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for transfig fixes the following issues:
Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)
- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
- bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
- bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
- bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c
ImportantSUSE bug 1190607SUSE bug 1190611SUSE bug 1190612SUSE bug 1190615SUSE bug 1190616SUSE bug 1190617SUSE bug 1190618SUSE bug 1192019CVE-2020-21529 at SUSECVE-2020-21529 at NVDCVE-2020-21530 at SUSECVE-2020-21530 at NVDCVE-2020-21531 at SUSECVE-2020-21531 at NVDCVE-2020-21532 at SUSECVE-2020-21532 at NVDCVE-2020-21533 at SUSECVE-2020-21533 at NVDCVE-2020-21534 at SUSECVE-2020-21534 at NVDCVE-2020-21535 at SUSECVE-2020-21535 at NVDCVE-2021-32280 at SUSECVE-2021-32280 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for binutils (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for binutils fixes the following issues:
Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
--gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
--sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses 'no
symbols' diagnostic.
Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
-march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the 'variable section' from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
--no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
Update to binutils 2.35.1:
* This is a point release over the previous 2.35 version, containing bug
fixes, and as an exception to the usual rule, one new feature. The
new feature is the support for a new directive in the assembler:
'.nop'. This directive creates a single no-op instruction in whatever
encoding is correct for the target architecture. Unlike the .space or
.fill this is a real instruction, and it does affect the generation of
DWARF line number tables, should they be enabled.
Update to binutils 2.35:
* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
* Readelf will now display '[...]' when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to 'no'.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
--dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
--syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
--disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
The following security fixes are addressed by the update:
- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).
- CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768).
- CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770).
- CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826).
- CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829).
- CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831).
- CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126).
- CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609).
- CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649).
ModerateSUSE bug 1126826SUSE bug 1126829SUSE bug 1126831SUSE bug 1140126SUSE bug 1142649SUSE bug 1143609SUSE bug 1153768SUSE bug 1153770SUSE bug 1157755SUSE bug 1160254SUSE bug 1160590SUSE bug 1163333SUSE bug 1163744SUSE bug 1179036SUSE bug 1179341SUSE bug 1179898SUSE bug 1179899SUSE bug 1179900SUSE bug 1179901SUSE bug 1179902SUSE bug 1179903SUSE bug 1180451SUSE bug 1180454SUSE bug 1180461SUSE bug 1181452SUSE bug 1182252SUSE bug 1183511SUSE bug 1184620SUSE bug 1184794CVE-2019-12972 at SUSECVE-2019-12972 at NVDCVE-2019-14250 at SUSECVE-2019-14250 at NVDCVE-2019-14444 at SUSECVE-2019-14444 at NVDCVE-2019-17450 at SUSECVE-2019-17450 at NVDCVE-2019-17451 at SUSECVE-2019-17451 at NVDCVE-2019-9074 at SUSECVE-2019-9074 at NVDCVE-2019-9075 at SUSECVE-2019-9075 at NVDCVE-2019-9077 at SUSECVE-2019-9077 at NVDCVE-2020-16590 at SUSECVE-2020-16590 at NVDCVE-2020-16591 at SUSECVE-2020-16591 at NVDCVE-2020-16592 at SUSECVE-2020-16592 at NVDCVE-2020-16593 at SUSECVE-2020-16593 at NVDCVE-2020-16598 at SUSECVE-2020-16598 at NVDCVE-2020-16599 at SUSECVE-2020-16599 at NVDCVE-2020-35448 at SUSECVE-2020-35448 at NVDCVE-2020-35493 at SUSECVE-2020-35493 at NVDCVE-2020-35496 at SUSECVE-2020-35496 at NVDCVE-2020-35507 at SUSECVE-2020-35507 at NVDCVE-2021-20197 at SUSECVE-2021-20197 at NVDCVE-2021-20284 at SUSECVE-2021-20284 at NVDCVE-2021-3487 at SUSECVE-2021-3487 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat, javapackages-tools fixes the following issue:
Security issue fixed:
- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).
Non-security issues fixed:
- Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476)
- Rebuild javapackages-tools to fix a missing package on s390.
ImportantSUSE bug 1185476SUSE bug 1188278SUSE bug 1188279SUSE bug 1190558CVE-2021-30640 at SUSECVE-2021-30640 at NVDCVE-2021-33037 at SUSECVE-2021-33037 at NVDCVE-2021-41079 at SUSECVE-2021-41079 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for qemu fixes the following issues:
Security issues fixed:
- Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748)
- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713)
- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682)
- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
- NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503)
- eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255)
- usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)
ImportantSUSE bug 1180432SUSE bug 1180433SUSE bug 1180434SUSE bug 1180435SUSE bug 1182651SUSE bug 1186012SUSE bug 1189145SUSE bug 1189702SUSE bug 1189938CVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for binutils (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for binutils fixes the following issues:
- For compatibility on old code stream that expect 'brcl 0,label' to
not be disassembled as 'jgnop label' on s390x. (bsc#1192267)
This reverts IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).
Security issue fixed:
- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)
ModerateSUSE bug 1183909SUSE bug 1184519SUSE bug 1188941SUSE bug 1191473SUSE bug 1192267CVE-2021-20294 at SUSECVE-2021-20294 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for pcre (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).
ModerateSUSE bug 1025709SUSE bug 1030066SUSE bug 1030803SUSE bug 1030805SUSE bug 1030807SUSE bug 1172973SUSE bug 1172974CVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to Extended Support Release 91.3.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-49 (bsc#1192250)
* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
* CVE-2021-38504: Use-after-free in file picker dialog
* CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
* CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
* CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
* CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
* CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
* CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
* MOZ-2021-0008: Use-after-free in HTTP2 Session object
* MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
ImportantSUSE bug 1192250CVE-2021-38503 at SUSECVE-2021-38503 at NVDCVE-2021-38504 at SUSECVE-2021-38504 at NVDCVE-2021-38505 at SUSECVE-2021-38505 at NVDCVE-2021-38506 at SUSECVE-2021-38506 at NVDCVE-2021-38507 at SUSECVE-2021-38507 at NVDCVE-2021-38508 at SUSECVE-2021-38508 at NVDCVE-2021-38509 at SUSECVE-2021-38509 at NVDCVE-2021-38510 at SUSECVE-2021-38510 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
ImportantSUSE bug 1014440SUSE bug 1192284CVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql, postgresql13, postgresql14 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql, postgresql13 and postgresql14 fixes the following issues:
Security issues fixed:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673)
On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants.
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql10 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937).
ImportantSUSE bug 1191937CVE-2021-42762 at SUSECVE-2021-42762 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version OpenJDK 8u312 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191903SUSE bug 1191904SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35567 at SUSECVE-2021-35567 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_0-openjdk fixes the following issues:
Update to OpenJDK 7u321 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ruby2.1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ruby2.1 fixes the following issues:
- CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125).
- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
ImportantSUSE bug 1177125SUSE bug 1188160SUSE bug 1188161SUSE bug 1190375CVE-2020-25613 at SUSECVE-2020-25613 at NVDCVE-2021-31799 at SUSECVE-2021-31799 at NVDCVE-2021-31810 at SUSECVE-2021-31810 at NVDCVE-2021-32066 at SUSECVE-2021-32066 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).
- Integrate bugfixes (bsc#1189373, bsc#1189378)
ModerateSUSE bug 1189373SUSE bug 1189378SUSE bug 1189632SUSE bug 1192554SUSE bug 1192557SUSE bug 1192559CVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for clamav (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for clamav fixes the following issues:
- CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032).
- Update to 0.103.4 (bsc#1192346).
- Update to 0.103.3 (bsc#1188284).
ModerateSUSE bug 1103032SUSE bug 1188284SUSE bug 1192346CVE-2018-14679 at SUSECVE-2018-14679 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
- CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
ImportantSUSE bug 1192063CVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssh (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).
ImportantSUSE bug 1190975CVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
ImportantSUSE bug 1193170CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
The following security bugs were fixed:
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961)
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
- CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351).
- CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898).
- CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374).
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
- CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724).
The following non-security bugs were fixed:
- Add arch-dependent support markers in supported.conf (bsc#1186672)
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- Use /usr/lib/modules as module dir when usermerge is active in the target distro.
- UsrMerge the kernel (boo#1184804)
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- drop debugging statements
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- handle also race conditions in /proc/net/tcp code
- hisax: fix spectre issues (bsc#1192802).
- hv: adjust mana_select_queue to old ndo_select_queue API
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue (bsc#1192802).
- memcg: enable accounting for file lock caches (bsc#1190115).
- mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050).
- mpt3sas: fix spectre issues (bsc#1192802).
- net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855).
- net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802).
- net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
- objtool: Do not fail on missing symbol table (bsc#1192379).
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass (bsc#1190601).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601).
- scripts/git_sort/git_sort.py: add bpf git repo
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802).
- x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400).
- x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
ImportantSUSE bug 1087082SUSE bug 1100416SUSE bug 1108488SUSE bug 1129735SUSE bug 1129898SUSE bug 1133374SUSE bug 1153720SUSE bug 1171420SUSE bug 1176724SUSE bug 1176931SUSE bug 1180624SUSE bug 1181854SUSE bug 1181855SUSE bug 1183050SUSE bug 1183861SUSE bug 1184673SUSE bug 1184804SUSE bug 1185377SUSE bug 1185677SUSE bug 1185726SUSE bug 1185727SUSE bug 1185758SUSE bug 1185973SUSE bug 1186063SUSE bug 1186482SUSE bug 1186483SUSE bug 1186672SUSE bug 1188026SUSE bug 1188172SUSE bug 1188563SUSE bug 1188601SUSE bug 1188613SUSE bug 1188838SUSE bug 1188842SUSE bug 1188876SUSE bug 1188983SUSE bug 1188985SUSE bug 1189057SUSE bug 1189262SUSE bug 1189278SUSE bug 1189291SUSE bug 1189399SUSE bug 1189400SUSE bug 1189418SUSE bug 1189420SUSE bug 1189706SUSE bug 1189846SUSE bug 1189884SUSE bug 1190023SUSE bug 1190025SUSE bug 1190067SUSE bug 1190115SUSE bug 1190117SUSE bug 1190118SUSE bug 1190159SUSE bug 1190276SUSE bug 1190349SUSE bug 1190350SUSE bug 1190351SUSE bug 1190432SUSE bug 1190479SUSE bug 1190534SUSE bug 1190601SUSE bug 1190717SUSE bug 1191193SUSE bug 1191315SUSE bug 1191317SUSE bug 1191318SUSE bug 1191529SUSE bug 1191530SUSE bug 1191628SUSE bug 1191660SUSE bug 1191790SUSE bug 1191801SUSE bug 1191813SUSE bug 1191961SUSE bug 1192036SUSE bug 1192045SUSE bug 1192048SUSE bug 1192267SUSE bug 1192379SUSE bug 1192400SUSE bug 1192444SUSE bug 1192549SUSE bug 1192775SUSE bug 1192781SUSE bug 1192802CVE-2018-13405 at SUSECVE-2018-13405 at NVDCVE-2018-9517 at SUSECVE-2018-9517 at NVDCVE-2019-3874 at SUSECVE-2019-3874 at NVDCVE-2019-3900 at SUSECVE-2019-3900 at NVDCVE-2020-0429 at SUSECVE-2020-0429 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Update to Extended Support Release 91.4.0 (bsc#1193485):
- CVE-2021-43536: URL leakage when navigating while executing asynchronous function
- CVE-2021-43537: Heap buffer overflow when using structured clone
- CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
- CVE-2021-43539: GC rooting failure when calling wasm instance methods
- CVE-2021-43541: External protocol handler parameters were unescaped
- CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
- CVE-2021-43543: Bypass of CSP sandbox directive when embedding
- CVE-2021-43545: Denial of Service when using the Location API in a loop
- CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
- Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)
ImportantSUSE bug 1193321SUSE bug 1193485CVE-2021-43536 at SUSECVE-2021-43536 at NVDCVE-2021-43537 at SUSECVE-2021-43537 at NVDCVE-2021-43538 at SUSECVE-2021-43538 at NVDCVE-2021-43539 at SUSECVE-2021-43539 at NVDCVE-2021-43541 at SUSECVE-2021-43541 at NVDCVE-2021-43542 at SUSECVE-2021-43542 at NVDCVE-2021-43543 at SUSECVE-2021-43543 at NVDCVE-2021-43545 at SUSECVE-2021-43545 at NVDCVE-2021-43546 at SUSECVE-2021-43546 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bcm43xx-firmware (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bcm43xx-firmware fixes the following issues:
- CVE-2019-15126: Fixed a bug which could have allowed unauthorized decryption of some WPA2-encrypted traffic (bsc#1167162).
ImportantSUSE bug 1167162CVE-2019-15126 at SUSECVE-2019-15126 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glib-networking (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for glib-networking fixes the following issues:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
ImportantSUSE bug 1172460CVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030).
ImportantSUSE bug 1193030CVE-2021-4008 at SUSECVE-2021-4008 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for log4j (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for log4j fixes the following issue:
- CVE-2021-4104: Disable the JMSAppender class from log4j to protect against
the log4jshell vulnerability. [bsc#1193662]
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading to out of
bounds memory write. (bsc#1190487)
- CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write. (bsc#1190489)
ImportantSUSE bug 1190487SUSE bug 1190489CVE-2021-4009 at SUSECVE-2021-4009 at NVDCVE-2021-4011 at SUSECVE-2021-4011 at NVDcpe:/o:suse:sles-espos:12:sp4Recommended update for samba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
The username map advice from the CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails (bsc#1192849).
ImportantSUSE bug 1192849CVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for chrony (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for chrony fixes the following issues:
Chrony was updated to 4.1:
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
- Enable syscallfilter unconditionally (bsc#1181826).
Chrony was updated to 4.0:
Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Chrony was updated to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Update clknetsim to version 79ffe44 (fixes bsc#1162964).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272)
- Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.
- Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529)
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*'
- Enable pps support
Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
ModerateSUSE bug 1063704SUSE bug 1069468SUSE bug 1082318SUSE bug 1083597SUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1156884SUSE bug 1159840SUSE bug 1161119SUSE bug 1162964SUSE bug 1171806SUSE bug 1172113SUSE bug 1173277SUSE bug 1173760SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1183783SUSE bug 1184400SUSE bug 1187906SUSE bug 1190926CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb fixes the following issues:
Update to 10.2.41:
- CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497).
ModerateSUSE bug 1192497CVE-2021-35604 at SUSECVE-2021-35604 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- buffer overflow in PyCArg_repr in _ctypes/callproc.c,
which may lead to remote code execution (bsc#1181126, CVE-2021-3177).
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686SUSE bug 1181126CVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).
- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
- CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
- CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).
- CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
- CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
- CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
- CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
- CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
- CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
- CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
- CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).
The following non-security bugs were fixed:
- blk-mq: improve heavily contended tag case (bsc#1178198).
- debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
- epoll: Keep a reference on files added to the check list (bsc#1180031).
- fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).
- HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
- iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191).
- kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
- locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032).
- md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
- md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
- md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
- md/cluster: block reshape with remote resync job (bsc#1163727).
- md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
- md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727).
- md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
- md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
- md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
- Move upstreamed bt fixes into sorted section
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- net/x25: prevent a couple of overflows (bsc#1178590).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).
- s390/dasd: fix hanging device offline processing (bsc#1144912).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
- SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191).
- x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
- x86/traps: Simplify pagefault tracing logic (bsc#1179895).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
ImportantSUSE bug 1144912SUSE bug 1149032SUSE bug 1158775SUSE bug 1163727SUSE bug 1171979SUSE bug 1176395SUSE bug 1176846SUSE bug 1176962SUSE bug 1177304SUSE bug 1177666SUSE bug 1178036SUSE bug 1178182SUSE bug 1178198SUSE bug 1178372SUSE bug 1178589SUSE bug 1178590SUSE bug 1178684SUSE bug 1178886SUSE bug 1179107SUSE bug 1179140SUSE bug 1179141SUSE bug 1179419SUSE bug 1179429SUSE bug 1179508SUSE bug 1179509SUSE bug 1179601SUSE bug 1179616SUSE bug 1179663SUSE bug 1179666SUSE bug 1179745SUSE bug 1179877SUSE bug 1179878SUSE bug 1179895SUSE bug 1179960SUSE bug 1179961SUSE bug 1180008SUSE bug 1180027SUSE bug 1180028SUSE bug 1180029SUSE bug 1180030SUSE bug 1180031SUSE bug 1180032SUSE bug 1180052SUSE bug 1180086SUSE bug 1180559SUSE bug 1180562SUSE bug 1180676SUSE bug 1181001SUSE bug 1181158SUSE bug 1181349SUSE bug 1181504SUSE bug 1181553SUSE bug 1181645CVE-2019-20934 at SUSECVE-2019-20934 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for wpa_supplicant fixes the following issues:
- CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).
- CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)
ImportantSUSE bug 1150934SUSE bug 1181777CVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openvswitch (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openvswitch fixes the following issues:
- CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742).
ImportantSUSE bug 1181742CVE-2020-35498 at SUSECVE-2020-35498 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for jasper (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for jasper fixes the following issues:
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
- bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode
ImportantSUSE bug 1179748SUSE bug 1181483CVE-2020-27828 at SUSECVE-2020-27828 at NVDCVE-2021-3272 at SUSECVE-2021-3272 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for screen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for screen fixes the following issues:
- CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092).
ImportantSUSE bug 1182092CVE-2021-26937 at SUSECVE-2021-26937 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bind fixes the following issues:
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625]
ImportantSUSE bug 1182246CVE-2020-8625 at SUSECVE-2020-8625 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for krb5-appl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for krb5-appl fixes the following issues:
- CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
- CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).
ImportantSUSE bug 1131109CVE-2019-25017 at SUSECVE-2019-25017 at NVDCVE-2019-25018 at SUSECVE-2019-25018 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u282 (icedtea 3.18.0)
* January 2021 CPU (bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)
* Import of OpenJDK 8 u282 build 01
+ JDK-6962725: Regtest javax/swing/JFileChooser/6738668/
/bug6738668.java fails under Linux
+ JDK-8025936: Windows .pdb and .map files does not have proper
dependencies setup
+ JDK-8030350: Enable additional compiler warnings for GCC
+ JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/
/DisposeFrameOnDragTest.java fails by Timeout on Windows
+ JDK-8036122: Fix warning 'format not a string literal'
+ JDK-8051853: new
URI('x/').resolve('..').getSchemeSpecificPart() returns null!
+ JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/
/DefaultNoDrop.java locks on Windows
+ JDK-8134632: Mark javax/sound/midi/Devices/
/InitializationHang.java as headful
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8148916: Mark bug6400879.java as intermittently failing
+ JDK-8148983: Fix extra comma in changes for JDK-8148916
+ JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java
fails
+ JDK-8165808: Add release barriers when allocating objects
with concurrent collection
+ JDK-8185003: JMX: Add a version of
ThreadMXBean.dumpAllThreads with a maxDepth argument
+ JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on
windows with VS2017
+ JDK-8207766: [testbug] Adapt tests for Aix.
+ JDK-8212070: Introduce diagnostic flag to abort VM on failed
JIT compilation
+ JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
+ JDK-8215727: Restore JFR thread sampler loop to old /
previous behavior
+ JDK-8220657: JFR.dump does not work when filename is set
+ JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
+ JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java
fails with access issues and OOM
+ JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes()
can be quicker for self thread
+ JDK-8231968: getCurrentThreadAllocatedBytes default
implementation s/b getThreadAllocatedBytes
+ JDK-8232114: JVM crashed at imjpapi.dll in native code
+ JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect
numbers for Compiler area
+ JDK-8234339: replace JLI_StrTok in java_md_solinux.c
+ JDK-8238448: RSASSA-PSS signature verification fail when
using certain odd key sizes
+ JDK-8242335: Additional Tests for RSASSA-PSS
+ JDK-8244225: stringop-overflow warning on strncpy call from
compile_the_world_in
+ JDK-8245400: Upgrade to LittleCMS 2.11
+ JDK-8248214: Add paddings for TaskQueueSuper to reduce
false-sharing cache contention
+ JDK-8249176: Update GlobalSignR6CA test certificates
+ JDK-8250665: Wrong translation for the month name of May in
ar_JO,LB,SY
+ JDK-8250928: JFR: Improve hash algorithm for stack traces
+ JDK-8251469: Better cleanup for
test/jdk/javax/imageio/SetOutput.java
+ JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData
should not be in make/mapfiles/libawt_xawt/mapfile-vers
+ JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider
rather than JRE
+ JDK-8252395: [8u] --with-native-debug-symbols=external
doesn't include debuginfo files for binaries
+ JDK-8252497: Incorrect numeric currency code for ROL
+ JDK-8252754: Hash code calculation of JfrStackTrace is
inconsistent
+ JDK-8252904: VM crashes when JFR is used and JFR event class
is transformed
+ JDK-8252975: [8u] JDK-8252395 breaks the build for
--with-native-debug-symbols=internal
+ JDK-8253284: Zero OrderAccess barrier mappings are incorrect
+ JDK-8253550: [8u] JDK-8252395 breaks the build for make
STRIP_POLICY=no_strip
+ JDK-8253752: test/sun/management/jmxremote/bootstrap/
/RmiBootstrapTest.java fails randomly
+ JDK-8254081: java/security/cert/PolicyNode/
/GetPolicyQualifiers.java fails due to an expired certificate
+ JDK-8254144: Non-x86 Zero builds fail with return-type
warning in os_linux_zero.cpp
+ JDK-8254166: Zero: return-type warning in
zeroInterpreter_zero.cpp
+ JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/
/WorkerDeadlockTest.java fails
+ JDK-8255003: Build failures on Solaris
ModerateSUSE bug 1181239CVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 25
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for open-iscsi (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for open-iscsi fixes the following issues:
Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):
- check for TCP urgent pointer past end of frame
- check for u8 overflow when processing TCP options
- check for header length underflow during checksum calculation
ImportantSUSE bug 1179908CVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for perl-XML-Twig (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for perl-XML-Twig fixes the following issues:
- Security fix [bsc#1008644, CVE-2016-9180]
* Added: the no_xxe option to XML::Twig::new, which causes the
parse to fail if external entities are used (to prevent
malicious XML to access the filesystem).
* Setting expand_external_ents to 0 or -1 currently doesn't work
as expected; To completely turn off expanding external entities
use no_xxe.
* Update documentation for XML::Twig to mention problems with
expand_external_ents and add information about new no_xxe argument
ModerateSUSE bug 1008644CVE-2016-9180 at SUSECVE-2016-9180 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
ImportantSUSE bug 1182357SUSE bug 1182614CVE-2021-23968 at SUSECVE-2021-23968 at NVDCVE-2021-23969 at SUSECVE-2021-23969 at NVDCVE-2021-23973 at SUSECVE-2021-23973 at NVDCVE-2021-23978 at SUSECVE-2021-23978 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-cryptography (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-cryptography fixes the following issues:
- CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte
values could result in an integer overflow and buffer overflow (bsc#1182066).
ImportantSUSE bug 1182066CVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for grub2 fixes the following issues:
grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)
Following security issues are fixed that can violate secure boot constraints:
- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
- CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)
ImportantSUSE bug 1175970SUSE bug 1176711SUSE bug 1177883SUSE bug 1179264SUSE bug 1179265SUSE bug 1182057SUSE bug 1182262SUSE bug 1182263CVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
ImportantSUSE bug 1182279SUSE bug 1182408SUSE bug 1182411SUSE bug 1182412SUSE bug 1182413SUSE bug 1182415SUSE bug 1182416SUSE bug 1182417SUSE bug 1182418SUSE bug 1182419SUSE bug 1182420CVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- cifs: check all path components in resolved dfs target (bsc#1180906).
- cifs: fix check of tcon dfs in smb1 (bsc#1180906).
- cifs: fix nodfs mount option (bsc#1180906).
- cifs: introduce helper for finding referral server (bsc#1180906).
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
- rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886)
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- scsi: fc: add FPIN ELS definition (bsc#1181441).
- scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441)
- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441).
- scsi: Fix trivial spelling (bsc#1181441).
- scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441).
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441).
- scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441).
- scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441).
- scsi: qla2xxx: Add SLER and PI control support (bsc#1181441).
- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441).
- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441).
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441).
- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441).
- scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441).
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441).
- scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441).
- scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441).
- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441).
- scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441).
- scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441).
- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441).
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441).
- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441).
- scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441).
- scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441).
- scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441).
- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441).
- scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441).
- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441).
- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441).
- scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441).
- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441).
- scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441).
- scsi: qla2xxx: Fix login timeout (bsc#1181441).
- scsi: qla2xxx: Fix memory size truncation (bsc#1181441).
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441).
- scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441).
- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441).
- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441).
- scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441).
- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441).
- scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441).
- scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441).
- scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441).
- scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441).
- scsi: qla2xxx: Fix the return value (bsc#1181441).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441).
- scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441).
- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441).
- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441).
- scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441).
- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441).
- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441).
- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441).
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441).
- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441).
- scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441).
- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441).
- scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441).
- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441).
- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441).
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441).
- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441).
- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441).
- scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441).
- scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441).
- scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441).
- scsi: qla2xxx: Performance tweak (bsc#1181441).
- scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441).
- scsi: qla2xxx: Reduce noisy debug message (bsc#1181441).
- scsi: qla2xxx: Remove an unused function (bsc#1181441).
- scsi: qla2xxx: Remove a superfluous cast (bsc#1181441).
- scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441).
- scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1181441).
- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441).
- scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441).
- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441).
- scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441).
- scsi: qla2xxx: SAN congestion management implementation (bsc#1181441).
- scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441).
- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441).
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441).
- scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441).
- scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441).
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use constant when it is known (bsc#1181441).
- scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441).
- scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441).
- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441).
- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441).
- scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441).
- scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441).
- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441).
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
ImportantSUSE bug 1065600SUSE bug 1163592SUSE bug 1176831SUSE bug 1178401SUSE bug 1178762SUSE bug 1179014SUSE bug 1179015SUSE bug 1179045SUSE bug 1179082SUSE bug 1179428SUSE bug 1179660SUSE bug 1180058SUSE bug 1180906SUSE bug 1181441SUSE bug 1181747SUSE bug 1181753SUSE bug 1181843SUSE bug 1182140SUSE bug 1182175CVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29374 at SUSECVE-2020-29374 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for wpa_supplicant fixes the following issues:
- CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805)
ImportantSUSE bug 1182805CVE-2021-27803 at SUSECVE-2021-27803 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for git fixes the following issues:
- On case-insensitive filesystems, with support for symbolic links,
if Git is configured globally to apply delay-capable clean/smudge
filters (such as Git LFS), Git could be fooled into running
remote code during a clone. (bsc#1183026, CVE-2021-21300)
ImportantSUSE bug 1183026CVE-2021-21300 at SUSECVE-2021-21300 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- python27 was upgraded to 2.7.18
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
ModerateSUSE bug 1182379CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.1 ESR
* Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
* CVE-2020-16044
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
ImportantSUSE bug 1180623CVE-2020-16044 at SUSECVE-2020-16044 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glib2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
ImportantSUSE bug 1182328SUSE bug 1182362CVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for wavpack (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for wavpack fixes the following issues:
- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414).
ImportantSUSE bug 1180414CVE-2020-35738 at SUSECVE-2020-35738 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for nghttp2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
ImportantSUSE bug 1082318SUSE bug 1088639SUSE bug 1112438SUSE bug 1125689SUSE bug 1134616SUSE bug 1146182SUSE bug 1146184SUSE bug 1181358SUSE bug 962914SUSE bug 964140SUSE bug 966514CVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
ImportantSUSE bug 1183852CVE-2021-3449 at SUSECVE-2021-3449 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
- CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
ImportantSUSE bug 1182909SUSE bug 1182912CVE-2021-25122 at SUSECVE-2021-25122 at NVDCVE-2021-25329 at SUSECVE-2021-25329 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
ImportantSUSE bug 1183942CVE-2021-23981 at SUSECVE-2021-23981 at NVDCVE-2021-23982 at SUSECVE-2021-23982 at NVDCVE-2021-23984 at SUSECVE-2021-23984 at NVDCVE-2021-23987 at SUSECVE-2021-23987 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openvpn (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openvpn fixes the following issues:
- CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
ImportantSUSE bug 1197341CVE-2022-0547 at SUSECVE-2022-0547 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
Non-securtiy fix:
- Fixed a broken symlink for javaws (bsc#1195146).
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195146SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for zlib (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
- CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902)
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904)
ImportantSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1191902SUSE bug 1191904SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35560 at SUSECVE-2021-35560 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for util-linux (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for util-linux fixes the following issues:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)
- CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921)
- Prevent outdated pam files (bsc#1082293, bsc#1081947#c68).
- Do not trim read-only volumes (bsc#1106214).
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add `RemainAfterExit=yes` (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196)
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235)
- nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708)
- Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389)
- libblkid: Do not trigger CDROM autoclose. (bsc#1084671)
- Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514)
- Build with libudev support to support non-root users. (bsc#1169006)
- lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to CIFS with mount –a. (bsc#1174942)
ImportantSUSE bug 1081947SUSE bug 1082293SUSE bug 1084671SUSE bug 1085196SUSE bug 1106214SUSE bug 1122417SUSE bug 1125886SUSE bug 1135534SUSE bug 1135708SUSE bug 1151708SUSE bug 1168235SUSE bug 1168389SUSE bug 1169006SUSE bug 1172427SUSE bug 1174942SUSE bug 1175514SUSE bug 1175623SUSE bug 1178236SUSE bug 1178554SUSE bug 1178825SUSE bug 1188921SUSE bug 1194642CVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.8.0 ESR (bsc#1197903):
MFSA 2022-14 (bsc#1197903)
* CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use
* CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions
* CVE-2022-1196: Fixed a use-after-free after VR Process destruction
* CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument
* CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen
* CVE-2022-28286: Fixed that iframe contents could be rendered outside the border
* CVE-2022-24713: Fixed a denial of service via complex regular expressions
* CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-1196 at SUSECVE-2022-1196 at NVDCVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2022-28281 at SUSECVE-2022-28281 at NVDCVE-2022-28282 at SUSECVE-2022-28282 at NVDCVE-2022-28285 at SUSECVE-2022-28285 at NVDCVE-2022-28286 at SUSECVE-2022-28286 at NVDCVE-2022-28289 at SUSECVE-2022-28289 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openjpeg2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openjpeg2 fixes the following issues:
- CVE-2016-1924: Fixed heap buffer overflow (bsc#980504).
- CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617).
- CVE-2016-4797: Fixed heap buffer overflow (bsc#980504).
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016).
- CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
- CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130).
- CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205).
- CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457).
- CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
- CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
ImportantSUSE bug 1102016SUSE bug 1106881SUSE bug 1106882SUSE bug 1140130SUSE bug 1140205SUSE bug 1162090SUSE bug 1173578SUSE bug 1180457SUSE bug 1184774SUSE bug 1197738SUSE bug 971617SUSE bug 980504CVE-2016-1924 at SUSECVE-2016-1924 at NVDCVE-2016-3183 at SUSECVE-2016-3183 at NVDCVE-2016-4797 at SUSECVE-2016-4797 at NVDCVE-2018-14423 at SUSECVE-2018-14423 at NVDCVE-2018-16375 at SUSECVE-2018-16375 at NVDCVE-2018-16376 at SUSECVE-2018-16376 at NVDCVE-2018-20845 at SUSECVE-2018-20845 at NVDCVE-2018-20846 at SUSECVE-2018-20846 at NVDCVE-2020-15389 at SUSECVE-2020-15389 at NVDCVE-2020-27823 at SUSECVE-2020-27823 at NVDCVE-2020-8112 at SUSECVE-2020-8112 at NVDCVE-2021-29338 at SUSECVE-2021-29338 at NVDCVE-2022-1122 at SUSECVE-2022-1122 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python rebuilds python against a symbol versioned openssl 1.0.2
to allow usage with openssl 1.1.1.
Also the following security issues are fixed:
- CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396).
- CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146).
ModerateSUSE bug 1187784SUSE bug 1194146SUSE bug 1195396CVE-2021-4189 at SUSECVE-2021-4189 at NVDCVE-2022-0391 at SUSECVE-2022-0391 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547).
- CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547).
- CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547).
- CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547).
- CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547).
- CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547).
- CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547).
- CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547).
- CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547).
- CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547).
- CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
ImportantSUSE bug 1194547CVE-2021-4140 at SUSECVE-2021-4140 at NVDCVE-2022-22737 at SUSECVE-2022-22737 at NVDCVE-2022-22738 at SUSECVE-2022-22738 at NVDCVE-2022-22739 at SUSECVE-2022-22739 at NVDCVE-2022-22740 at SUSECVE-2022-22740 at NVDCVE-2022-22741 at SUSECVE-2022-22741 at NVDCVE-2022-22742 at SUSECVE-2022-22742 at NVDCVE-2022-22743 at SUSECVE-2022-22743 at NVDCVE-2022-22744 at SUSECVE-2022-22744 at NVDCVE-2022-22745 at SUSECVE-2022-22745 at NVDCVE-2022-22746 at SUSECVE-2022-22746 at NVDCVE-2022-22747 at SUSECVE-2022-22747 at NVDCVE-2022-22748 at SUSECVE-2022-22748 at NVDCVE-2022-22751 at SUSECVE-2022-22751 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xz (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libexif (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libexif fixes the following issues:
- CVE-2020-0181: Fixed an integer overflow that could lead to denial of service
(bsc#1172802).
- CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial
of service (bsc#1172768).
- CVE-2020-0452: Fixed a buffer overflow check that could be optimized away
by the compiler (bsc#1178479).
ImportantSUSE bug 1172768SUSE bug 1172802SUSE bug 1178479CVE-2020-0181 at SUSECVE-2020-0181 at NVDCVE-2020-0198 at SUSECVE-2020-0198 at NVDCVE-2020-0452 at SUSECVE-2020-0452 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1198136cpe:/o:suse:sles-espos:12:sp4Security update for sssd (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sssd fixes the following issues:
- CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492).
- Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773).
Non-security fixes:
- Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564).
ImportantSUSE bug 1183735SUSE bug 1189492SUSE bug 1196564CVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
The following non-security bugs were fixed:
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- sr9700: sanity check for packet length (bsc#1196836).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- x86/tsc: Make calibration refinement more robust (bsc#1196573).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
ImportantSUSE bug 1180153SUSE bug 1189562SUSE bug 1193738SUSE bug 1194943SUSE bug 1195051SUSE bug 1195353SUSE bug 1196018SUSE bug 1196114SUSE bug 1196468SUSE bug 1196488SUSE bug 1196514SUSE bug 1196573SUSE bug 1196639SUSE bug 1196761SUSE bug 1196830SUSE bug 1196836SUSE bug 1196942SUSE bug 1196973SUSE bug 1197211SUSE bug 1197227SUSE bug 1197331SUSE bug 1197366SUSE bug 1197391SUSE bug 1197462SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-39713 at SUSECVE-2021-39713 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gzip (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gzip fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
- CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue
mitigations (bsc#1196915).
ImportantSUSE bug 1196915SUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dnsmasq (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant
outgoing port being used when for certain use cases of the --server option
(bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1183709SUSE bug 1197872CVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for git fixes the following issues:
- CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234).
ImportantSUSE bug 1198234CVE-2022-24765 at SUSECVE-2022-24765 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490)
ImportantSUSE bug 1196490CVE-2022-23308 at SUSECVE-2022-23308 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for SDL (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for SDL fixes the following issues:
- CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202)
- CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201)
- CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001)
ImportantSUSE bug 1181201SUSE bug 1181202SUSE bug 1198001CVE-2020-14409 at SUSECVE-2020-14409 at NVDCVE-2020-14410 at SUSECVE-2020-14410 at NVDCVE-2021-33657 at SUSECVE-2021-33657 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.34.3 (bsc#1194019).
- CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content.
- CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content.
ImportantSUSE bug 1194019CVE-2018-8518 at SUSECVE-2018-8518 at NVDCVE-2018-8523 at SUSECVE-2018-8523 at NVDCVE-2019-8551 at SUSECVE-2019-8551 at NVDCVE-2019-8558 at SUSECVE-2019-8558 at NVDCVE-2019-8559 at SUSECVE-2019-8559 at NVDCVE-2019-8563 at SUSECVE-2019-8563 at NVDCVE-2019-8674 at SUSECVE-2019-8674 at NVDCVE-2019-8681 at SUSECVE-2019-8681 at NVDCVE-2019-8684 at SUSECVE-2019-8684 at NVDCVE-2019-8687 at SUSECVE-2019-8687 at NVDCVE-2019-8688 at SUSECVE-2019-8688 at NVDCVE-2019-8689 at SUSECVE-2019-8689 at NVDCVE-2019-8690 at SUSECVE-2019-8690 at NVDCVE-2019-8707 at SUSECVE-2019-8707 at NVDCVE-2019-8719 at SUSECVE-2019-8719 at NVDCVE-2019-8726 at SUSECVE-2019-8726 at NVDCVE-2019-8733 at SUSECVE-2019-8733 at NVDCVE-2019-8763 at SUSECVE-2019-8763 at NVDCVE-2019-8765 at SUSECVE-2019-8765 at NVDCVE-2019-8766 at SUSECVE-2019-8766 at NVDCVE-2019-8768 at SUSECVE-2019-8768 at NVDCVE-2019-8782 at SUSECVE-2019-8782 at NVDCVE-2019-8808 at SUSECVE-2019-8808 at NVDCVE-2019-8815 at SUSECVE-2019-8815 at NVDCVE-2019-8821 at SUSECVE-2019-8821 at NVDCVE-2019-8822 at SUSECVE-2019-8822 at NVDCVE-2020-10018 at SUSECVE-2020-10018 at NVDCVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-3885 at SUSECVE-2020-3885 at NVDCVE-2020-3894 at SUSECVE-2020-3894 at NVDCVE-2020-3895 at SUSECVE-2020-3895 at NVDCVE-2020-3897 at SUSECVE-2020-3897 at NVDCVE-2020-3900 at SUSECVE-2020-3900 at NVDCVE-2020-3901 at SUSECVE-2020-3901 at NVDCVE-2020-3902 at SUSECVE-2020-3902 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9952 at SUSECVE-2020-9952 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1817 at SUSECVE-2021-1817 at NVDCVE-2021-1820 at SUSECVE-2021-1820 at NVDCVE-2021-1825 at SUSECVE-2021-1825 at NVDCVE-2021-1826 at SUSECVE-2021-1826 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDCVE-2021-30661 at SUSECVE-2021-30661 at NVDCVE-2021-30666 at SUSECVE-2021-30666 at NVDCVE-2021-30682 at SUSECVE-2021-30682 at NVDCVE-2021-30761 at SUSECVE-2021-30761 at NVDCVE-2021-30762 at SUSECVE-2021-30762 at NVDCVE-2021-30809 at SUSECVE-2021-30809 at NVDCVE-2021-30818 at SUSECVE-2021-30818 at NVDCVE-2021-30823 at SUSECVE-2021-30823 at NVDCVE-2021-30836 at SUSECVE-2021-30836 at NVDCVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30848 at SUSECVE-2021-30848 at NVDCVE-2021-30849 at SUSECVE-2021-30849 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDCVE-2021-30884 at SUSECVE-2021-30884 at NVDCVE-2021-30887 at SUSECVE-2021-30887 at NVDCVE-2021-30888 at SUSECVE-2021-30888 at NVDCVE-2021-30889 at SUSECVE-2021-30889 at NVDCVE-2021-30890 at SUSECVE-2021-30890 at NVDCVE-2021-30897 at SUSECVE-2021-30897 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cifs-utils (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cifs-utils fixes the following issues:
- CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).
ImportantSUSE bug 1197216CVE-2022-27239 at SUSECVE-2022-27239 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for aide (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for aide fixes the following issues:
- CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735)
ImportantSUSE bug 1194735CVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for zsh (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for zsh fixes the following issues:
- CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294)
- CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294)
ImportantSUSE bug 1107294SUSE bug 1107296CVE-2018-0502 at SUSECVE-2018-0502 at NVDCVE-2018-13259 at SUSECVE-2018-13259 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 5 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
ModerateSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1188568SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2432 at SUSECVE-2021-2432 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gzip (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gzip fixes the following issues:
- CVE-2022-1271: Add hardening for zgrep. (bsc#1198062)
ImportantCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.0 (bsc#1198290):
- CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution.
- CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error.
Missing CVE reference for the update to 2.34.6 (bsc#1196133):
- CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
ImportantSUSE bug 1196133SUSE bug 1198290CVE-2022-22594 at SUSECVE-2022-22594 at NVDCVE-2022-22624 at SUSECVE-2022-22624 at NVDCVE-2022-22628 at SUSECVE-2022-22628 at NVDCVE-2022-22629 at SUSECVE-2022-22629 at NVDCVE-2022-22637 at SUSECVE-2022-22637 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for e2fsprogs (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423)
Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).
ModerateSUSE bug 1198717SUSE bug 1199423CVE-2022-21151 at SUSECVE-2022-21151 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
ImportantSUSE bug 1198970CVE-2022-29909 at SUSECVE-2022-29909 at NVDCVE-2022-29911 at SUSECVE-2022-29911 at NVDCVE-2022-29912 at SUSECVE-2022-29912 at NVDCVE-2022-29914 at SUSECVE-2022-29914 at NVDCVE-2022-29916 at SUSECVE-2022-29916 at NVDCVE-2022-29917 at SUSECVE-2022-29917 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glib2 (Low)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
- Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383).
ImportantSUSE bug 1198383SUSE bug 1199240CVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
ImportantSUSE bug 1194251SUSE bug 1194362SUSE bug 1194474SUSE bug 1194476SUSE bug 1194477SUSE bug 1194478SUSE bug 1194479SUSE bug 1194480CVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql10 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
ImportantSUSE bug 1199768CVE-2022-1529 at SUSECVE-2022-1529 at NVDCVE-2022-1802 at SUSECVE-2022-1802 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-requests (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-requests fixes the following issues:
- CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI
upon receiving a same-hostname https-to-http redirect. (bsc#1111622)
ModerateSUSE bug 1111622CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libxml2 fixes the following issues:
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132).
- CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689).
ImportantSUSE bug 1069689SUSE bug 1199132CVE-2017-16932 at SUSECVE-2017-16932 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for pcre2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for kernel-firmware fixes the following issues:
Update AMD ucode and SEV firmware
- (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744,
bsc#1199459, bsc#1199470)
ModerateSUSE bug 1199459SUSE bug 1199470CVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733)
- CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777)
- Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805)
- Limit P2P_DEVICE name to appropriate ifname size
- Enable SAE support(jsc#SLE-14992).
- Fix wicked wlan (bsc#1156920)
- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
network. Fix WLAN config on boot with wicked. (bsc#1166933)
- Adjust the service to start after network.target wrt bsc#1165266
Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
- SAE/EAP-pwd side-channel attack update
[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] ImportantSUSE bug 1131644SUSE bug 1131868SUSE bug 1131870SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874SUSE bug 1133640SUSE bug 1144443SUSE bug 1156920SUSE bug 1165266SUSE bug 1166933SUSE bug 1167331SUSE bug 1182805SUSE bug 1194732SUSE bug 1194733CVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql14 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql14 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ImageMagick (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ImageMagick fixes the following issues:
- CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351).
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
ImportantSUSE bug 1198351SUSE bug 1199350CVE-2022-1270 at SUSECVE-2022-1270 at NVDCVE-2022-28463 at SUSECVE-2022-28463 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mailman fixes the following issues:
- CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316).
- CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741).
- CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735).
- CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959).
ImportantSUSE bug 1191959SUSE bug 1192735SUSE bug 1192741SUSE bug 1193316CVE-2021-42096 at SUSECVE-2021-42096 at NVDCVE-2021-43331 at SUSECVE-2021-43331 at NVDCVE-2021-43332 at SUSECVE-2021-43332 at NVDCVE-2021-44227 at SUSECVE-2021-44227 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for polkit (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).
ImportantSUSE bug 1194568CVE-2021-4034 at SUSECVE-2021-4034 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for librelp (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for librelp fixes the following issues:
- CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730).
ModerateSUSE bug 1086730CVE-2018-1000140 at SUSECVE-2018-1000140 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027)
- CVE-2022-31736: Cross-Origin resource's length leaked
- CVE-2022-31737: Heap buffer overflow in WebGL
- CVE-2022-31738: Browser window spoof using fullscreen mode
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
- CVE-2022-31740: Register allocation problem in WASM on arm64
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
- CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
ImportantSUSE bug 1200027CVE-2022-31736 at SUSECVE-2022-31736 at NVDCVE-2022-31737 at SUSECVE-2022-31737 at NVDCVE-2022-31738 at SUSECVE-2022-31738 at NVDCVE-2022-31739 at SUSECVE-2022-31739 at NVDCVE-2022-31740 at SUSECVE-2022-31740 at NVDCVE-2022-31741 at SUSECVE-2022-31741 at NVDCVE-2022-31742 at SUSECVE-2022-31742 at NVDCVE-2022-31747 at SUSECVE-2022-31747 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for strongswan (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for strongswan fixes the following issues:
- CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471)
ImportantSUSE bug 1194471CVE-2021-45079 at SUSECVE-2021-45079 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.4 (bsc#1200027)
* CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
ImportantSUSE bug 1200027CVE-2022-31741 at SUSECVE-2022-31741 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
ImportantSUSE bug 1191184SUSE bug 1191185SUSE bug 1191186SUSE bug 1193282SUSE bug 1197948SUSE bug 1198460SUSE bug 1198493SUSE bug 1198496SUSE bug 1198581CVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for u-boot (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for u-boot fixes the following issues:
- A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code.
(CVE-2022-30552, bsc#1200363)
- A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive.
(CVE-2022-30790, bsc#1200364)
ImportantSUSE bug 1200363SUSE bug 1200364CVE-2022-30552 at SUSECVE-2022-30552 at NVDCVE-2022-30790 at SUSECVE-2022-30790 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
- CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516)
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- debug: Lock down kgdb (bsc#1199426).
- dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
- lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124).
- lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
- linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124).
- linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
- linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
- linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124).
- net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124).
- net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124).
- net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124).
- net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124).
- net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124).
- net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124).
- net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
- net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124).
- net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124).
- net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124).
- net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124).
- net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124).
- net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124).
- net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124).
- net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124).
- net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124).
- net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
- net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
- net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124).
- net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124).
- net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
- net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
- net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124).
- net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124).
- net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124).
- net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124).
- net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124).
- net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124).
- net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124).
- net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124).
- net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124).
- net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124).
- net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124).
- net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124).
- net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124).
- net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124).
- net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
- net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124).
- net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124).
- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124).
- net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
- net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
- net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124).
- net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
- net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124).
- net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124).
- net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124).
- net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
- net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124).
- net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124).
- net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- x86/pm: Save the MSR validity status at context setup (bsc#1114648).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).
ImportantSUSE bug 1028340SUSE bug 1065729SUSE bug 1071995SUSE bug 1114648SUSE bug 1172456SUSE bug 1182171SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1191958SUSE bug 1195651SUSE bug 1196426SUSE bug 1197099SUSE bug 1197219SUSE bug 1197343SUSE bug 1198400SUSE bug 1198516SUSE bug 1198660SUSE bug 1198687SUSE bug 1198742SUSE bug 1198825SUSE bug 1199012SUSE bug 1199063SUSE bug 1199314SUSE bug 1199399SUSE bug 1199426SUSE bug 1199505SUSE bug 1199605SUSE bug 1199650CVE-2019-20811 at SUSECVE-2019-20811 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-39711 at SUSECVE-2021-39711 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
ImportantSUSE bug 1199287SUSE bug 1200106CVE-2022-26700 at SUSECVE-2022-26700 at NVDCVE-2022-26709 at SUSECVE-2022-26709 at NVDCVE-2022-26716 at SUSECVE-2022-26716 at NVDCVE-2022-26717 at SUSECVE-2022-26717 at NVDCVE-2022-26719 at SUSECVE-2022-26719 at NVDCVE-2022-30293 at SUSECVE-2022-30293 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
ImportantSUSE bug 1200338SUSE bug 1200340SUSE bug 1200341SUSE bug 1200345SUSE bug 1200348SUSE bug 1200350SUSE bug 1200352CVE-2022-26377 at SUSECVE-2022-26377 at NVDCVE-2022-28614 at SUSECVE-2022-28614 at NVDCVE-2022-28615 at SUSECVE-2022-28615 at NVDCVE-2022-29404 at SUSECVE-2022-29404 at NVDCVE-2022-30522 at SUSECVE-2022-30522 at NVDCVE-2022-30556 at SUSECVE-2022-30556 at NVDCVE-2022-31813 at SUSECVE-2022-31813 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
ImportantSUSE bug 1199166CVE-2022-1292 at SUSECVE-2022-1292 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for log4j (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for log4j fixes the following issues:
- CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844)
- CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843)
- CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
ImportantSUSE bug 1194842SUSE bug 1194843SUSE bug 1194844CVE-2022-23302 at SUSECVE-2022-23302 at NVDCVE-2022-23305 at SUSECVE-2022-23305 at NVDCVE-2022-23307 at SUSECVE-2022-23307 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for SUSE Manager Client Tools (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update required Go version to 1.16
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error patch that is already included upstream
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
grafana:
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams
API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
ImportantSUSE bug 1181223SUSE bug 1181400SUSE bug 1190462SUSE bug 1190535SUSE bug 1193600SUSE bug 1194873SUSE bug 1195726SUSE bug 1195727SUSE bug 1195728SUSE bug 1196338SUSE bug 1196704SUSE bug 1197507SUSE bug 1197689CVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-39226 at SUSECVE-2021-39226 at NVDCVE-2021-41174 at SUSECVE-2021-41174 at NVDCVE-2021-41244 at SUSECVE-2021-41244 at NVDCVE-2021-43798 at SUSECVE-2021-43798 at NVDCVE-2021-43813 at SUSECVE-2021-43813 at NVDCVE-2021-43815 at SUSECVE-2021-43815 at NVDCVE-2022-21673 at SUSECVE-2022-21673 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-21702 at SUSECVE-2022-21702 at NVDCVE-2022-21703 at SUSECVE-2022-21703 at NVDCVE-2022-21713 at SUSECVE-2022-21713 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for fwupdate (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of fwupdate fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb fixes the following issues:
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-21427 (bsc#1199928)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27445 (bsc#1198629)
ImportantSUSE bug 1198603SUSE bug 1198604SUSE bug 1198606SUSE bug 1198607SUSE bug 1198610SUSE bug 1198611SUSE bug 1198612SUSE bug 1198613SUSE bug 1198629SUSE bug 1199928CVE-2021-46669 at SUSECVE-2021-46669 at NVDCVE-2022-21427 at SUSECVE-2022-21427 at NVDCVE-2022-27377 at SUSECVE-2022-27377 at NVDCVE-2022-27378 at SUSECVE-2022-27378 at NVDCVE-2022-27380 at SUSECVE-2022-27380 at NVDCVE-2022-27381 at SUSECVE-2022-27381 at NVDCVE-2022-27383 at SUSECVE-2022-27383 at NVDCVE-2022-27384 at SUSECVE-2022-27384 at NVDCVE-2022-27386 at SUSECVE-2022-27386 at NVDCVE-2022-27387 at SUSECVE-2022-27387 at NVDCVE-2022-27445 at SUSECVE-2022-27445 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1070738SUSE bug 1198511SUSE bug 1199441CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl fixes the following issues:
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1200550CVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1185637SUSE bug 1199166SUSE bug 1200550CVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for oracleasm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of oracleasm fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-espos:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1198511CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dpdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of dpdk fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793):
- CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381)
- CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604)
- CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537)
- CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951)
- CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123)
- CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717)
- CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595)
- CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246)
- CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651)
ImportantSUSE bug 1200793CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-31744 at SUSECVE-2022-31744 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
ImportantSUSE bug 1201099CVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for crash (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of crash fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-espos:12:sp4Security update for rsyslog (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for rsyslog fixes the following issues:
- CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061)
ImportantSUSE bug 1199061CVE-2022-24903 at SUSECVE-2022-24903 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for pcre (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
- CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
ImportantSUSE bug 1194179SUSE bug 1194181CVE-2022-2319 at SUSECVE-2022-2319 at NVDCVE-2022-2320 at SUSECVE-2022-2320 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for squid fixes the following issues:
- CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436)
- CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921)
- CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907)
ImportantSUSE bug 1183436SUSE bug 1185921SUSE bug 1200907CVE-2020-25097 at SUSECVE-2020-25097 at NVDCVE-2021-28651 at SUSECVE-2021-28651 at NVDCVE-2021-46784 at SUSECVE-2021-46784 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144).
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143).
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577).
- CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426).
- CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266).
The following non-security bugs were fixed:
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- exec: Force single empty string when argv is empty (bsc#1200571).
ImportantSUSE bug 1158266SUSE bug 1162338SUSE bug 1162369SUSE bug 1173871SUSE bug 1177282SUSE bug 1194013SUSE bug 1196901SUSE bug 1198577SUSE bug 1199426SUSE bug 1199487SUSE bug 1199507SUSE bug 1199657SUSE bug 1200059SUSE bug 1200143SUSE bug 1200144SUSE bug 1200249SUSE bug 1200571SUSE bug 1200599SUSE bug 1200604SUSE bug 1200605SUSE bug 1200608SUSE bug 1200619SUSE bug 1200692SUSE bug 1200762SUSE bug 1201050SUSE bug 1201080SUSE bug 1201251CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.4 (bsc#1201221):
- CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information.
- CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted.
- CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantSUSE bug 1201221CVE-2022-22662 at SUSECVE-2022-22662 at NVDCVE-2022-22677 at SUSECVE-2022-22677 at NVDCVE-2022-26710 at SUSECVE-2022-26710 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python-M2Crypto (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).
ImportantSUSE bug 1178829CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gpg2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
ImportantSUSE bug 1201225CVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)
- CVE-2022-21426: Better XPath expression handling (bsc#1198672)
- CVE-2022-21443: Improved Object Identification (bsc#1198675)
- CVE-2022-21434: Better invocation handler handling (bsc#1198674)
- CVE-2022-21476: Improve Santuario processing (bsc#1198671)
- CVE-2022-21496: Improve URL supports (bsc#1198673)
And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes.
ImportantSUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to fix various issues:
FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15.
- FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
- FISP: remove hard disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
Version update to NSS 3.79
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Update to NSS 3.78.1
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
update to NSS 3.78
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Update to NSS 3.77:
- resolve mpitests build failure on Windows.
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Add a CI Target for gcc-11.
- Change to makefiles for gcc-4.8.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
update to NSS 3.76.1
- Remove token member from NSSSlot struct.
NSS 3.76
- Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake message.
update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- real move assignment operator.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Update to NSS 3.74:
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (bsc#1195040)
Update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Update to NSS 3.69.1
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with AES_CBC
NSS 3.69
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
- FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
- Enable FIPS during test certificate creation and disables the library checksum
validation during same.
- FIPS: allow checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132.
- FIPS: update validation string to version-release format. (bsc#1192079).
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086).
- FIPS: Add CSP clearing (bmo#1697303, bsc#1192087).
mozilla-nspr was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
update to 4.33:
* fixes to build system and export of private symbols
ModerateSUSE bug 1191546SUSE bug 1192079SUSE bug 1192080SUSE bug 1192086SUSE bug 1192087SUSE bug 1192228SUSE bug 1193170SUSE bug 1195040SUSE bug 1198486SUSE bug 1198980SUSE bug 1200325SUSE bug 1201298CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for git fixes the following issues:
- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
- Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119)
ImportantSUSE bug 1200119SUSE bug 1201431CVE-2022-29187 at SUSECVE-2022-29187 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
ImportantSUSE bug 1199965SUSE bug 1199966SUSE bug 1200549SUSE bug 1201394SUSE bug 1201469CVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for pcre2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
ImportantSUSE bug 1199235CVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496).
ModerateSUSE bug 1201496CVE-2022-32742 at SUSECVE-2022-32742 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.12.0 ESR (bsc#1201758):
- CVE-2022-36319: Mouse Position spoofing with CSS transforms
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
ImportantSUSE bug 1201758CVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dovecot22 fixes the following issues:
- CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267).
ImportantSUSE bug 1201267CVE-2022-30550 at SUSECVE-2022-30550 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for qpdf (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for qpdf fixes the following issues:
- CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830).
- CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).
ImportantSUSE bug 1188514SUSE bug 1201830CVE-2021-36978 at SUSECVE-2021-36978 at NVDCVE-2022-34503 at SUSECVE-2022-34503 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859)
CriticalSUSE bug 1194859CVE-2021-44142 at SUSECVE-2021-44142 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for u-boot (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for u-boot fixes the following issues:
- CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214).
ImportantSUSE bug 1201214CVE-2022-34835 at SUSECVE-2022-34835 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mokutil (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mokutil fixes the following issues:
- Adds SBAT revocation support to mokutil. (bsc#1198458)
New options added (see manpage):
- mokutil --sbat
List all entries in SBAT.
- mokutil --set-sbat-policy (latest | previous | delete)
To set the SBAT acceptance policy.
- mokutil --list-sbat-revocations
To list the current SBAT revocations.
ModerateSUSE bug 1198458cpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).
- cifs: To match file servers, make sure the server hostname matches (bsc#1201926).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926).
- cifs: set a minimum of 120s for next dns resolution (bsc#1201926).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926).
- kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type.
- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484).
ImportantSUSE bug 1195775SUSE bug 1195926SUSE bug 1198484SUSE bug 1198829SUSE bug 1200442SUSE bug 1201050SUSE bug 1201635SUSE bug 1201636SUSE bug 1201926SUSE bug 1201930CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite
loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223).
- CVE-2022-27782: Fixed an issue where TLS and SSH connections would
be reused even when a related option had been changed (bsc#1199224).
- CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused
by an unbounded number of compression layers (bsc#1200735).
- CVE-2022-32208: Fixed an incorrect message verification issue when
performing FTP transfers using krb5 (bsc#1200737).
ImportantSUSE bug 1199223SUSE bug 1199224SUSE bug 1200735SUSE bug 1200737CVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u345 (icedtea-3.24.0)
- CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694).
- CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692).
- CVE-2022-34169: Fixed an issue where arbitrary bytecode could
be executed via a malicious stylesheet (bsc#1201684).
- Non-security fixes:
- Allowed for customization of PKCS12 keystores (bsc#1195163).
ImportantSUSE bug 1195163SUSE bug 1201684SUSE bug 1201692SUSE bug 1201694CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657).
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
Other fixes:
- Update for functional issues.
See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
| ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
| ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
| ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
ModerateSUSE bug 1201727CVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for zlib (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
ImportantSUSE bug 1202175CVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for rsync (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
ImportantSUSE bug 1201840CVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
- Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bluez fixes the following issues:
- CVE-2019-8922: Fixed a buffer overflow in the implementation of the
Service Discovery Protocol (bsc#1193227).
ImportantSUSE bug 1193227CVE-2019-8922 at SUSECVE-2019-8922 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libcroco (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libcroco fixes the following issues:
- CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685).
ImportantSUSE bug 1171685CVE-2020-12825 at SUSECVE-2020-12825 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for gstreamer-plugins-good (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
ImportantSUSE bug 1201688SUSE bug 1201693SUSE bug 1201702SUSE bug 1201704SUSE bug 1201706SUSE bug 1201707SUSE bug 1201708CVE-2022-1920 at SUSECVE-2022-1920 at NVDCVE-2022-1921 at SUSECVE-2022-1921 at NVDCVE-2022-1922 at SUSECVE-2022-1922 at NVDCVE-2022-1923 at SUSECVE-2022-1923 at NVDCVE-2022-1924 at SUSECVE-2022-1924 at NVDCVE-2022-1925 at SUSECVE-2022-1925 at NVDCVE-2022-2122 at SUSECVE-2022-2122 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql10 fixes the following issues:
- Upgrade to 10.22:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.36.5 (bsc#1201980):
- Add support for PAC proxy in the WebDriver implementation.
- Fix video playback when loaded through custom URIs, this fixes
video playback in the Yelp documentation browser.
- Fix WebKitWebView::context-menu when using GTK4.
- Fix LTO builds with GCC.
- Fix several crashes and rendering issues.
- Security fixes:
- CVE-2022-32792: Fixed processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to
UI spoofing.
ImportantSUSE bug 1201980CVE-2022-32792 at SUSECVE-2022-32792 at NVDCVE-2022-32816 at SUSECVE-2022-32816 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for open-vm-tools (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
ImportantSUSE bug 1202657SUSE bug 1202733CVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for net-snmp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for net-snmp fixes the following issues:
- CVE-2020-15862: Make extended MIB read-only (bsc#1174961)
ImportantSUSE bug 1100146SUSE bug 1145864SUSE bug 1152968SUSE bug 1174961SUSE bug 1178021SUSE bug 1178351SUSE bug 1179009SUSE bug 1179699SUSE bug 1184839CVE-2020-15862 at SUSECVE-2020-15862 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for json-c (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed an integer overflow that could lead to memory
corruption via a large JSON file (bsc#1171479).
Non-security fixes:
- Updated to version 0.12.1 (jsc#PED-1778).
ImportantSUSE bug 1171479CVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
ImportantSUSE bug 1202645CVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libgda (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libgda fixes the following issues:
- CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849).
ImportantSUSE bug 1189849CVE-2021-39359 at SUSECVE-2021-39359 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
- Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when
processing malicious web content and that could lead to arbitrary
code execution.
- Fixed several crashes and rendering issues.
- Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
- Fixed several crashes and rendering issues
ImportantSUSE bug 1202169SUSE bug 1202807CVE-2022-32893 at SUSECVE-2022-32893 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature 'Intermediates' feature.
* Relax constraints on slightly malformed zip archives that
contain overlapping file entries.
ImportantSUSE bug 1202986cpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
Note: the issues listed below were NOT fixed with the previous update (8.0-7.11).
- Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694)..
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for udisks2 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for udisks2 fixes the following issues:
- CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606).
- Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797).
ModerateSUSE bug 1098797SUSE bug 1190606CVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql12 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql12 fixes the following issues:
- Update to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1198166SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql14 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
ImportantSUSE bug 1198166SUSE bug 1200437SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.2.0esr ESR:
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-34 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155)
Address bar spoofing via XSLT error handling
* CVE-2022-38473 (bmo#1771685)
Cross-origin XSLT Documents would have inherited the parent's
permissions
* CVE-2022-38476 (bmo#1760998)
Data race and potential use-after-free in PK11_ChangePW
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658)
Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Firefox Extended Support Release 102.1 ESR
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-30 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722)
Mouse Position spoofing with CSS transforms
* CVE-2022-36318 (bmo#1771774)
Directory indexes for bundled resources reflected URL
parameters
* CVE-2022-36314 (bmo#1773894)
Opening local <code>.lnk</code> files could cause unexpected
network loads
* CVE-2022-2505 (bmo#1769739, bmo#1772824)
Memory safety bugs fixed in Firefox 103 and 102.1
- Firefox Extended Support Release 102.0.1 ESR
* Fixed: Fixed bookmark shortcut creation by dragging to
Windows File Explorer and dropping partially broken
(bmo#1774683)
* Fixed: Fixed bookmarks sidebar flashing white when opened in
dark mode (bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with
content in both English and a non-Latin alphabet
(bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last
visible message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is
closed* checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
Firefox 102.0 ESR:
* New:
- We now provide more secure connections: Firefox can
now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc
headers.
- For added viewing pleasure, full-range color levels are now
supported for video playback on many systems.
- Find it easier now! Mac users can now access the macOS
share options from the Firefox File menu.
- Voil?! Support for images containing ICC v4 profiles is
enabled on macOS.
- Firefox now supports the new AVIF image format, which is
based on the modern and royalty-free AV1 video codec. It
offers significant bandwidth savings for sites compared to
existing image formats. It also supports transparency and
other advanced features.
- Firefox PDF viewer now supports filling more forms (e.g.,
XFA-based forms, used by multiple governments and banks).
Learn more.
- When available system memory is critically low, Firefox on
Windows will automatically unload tabs based on their last
access time, memory usage, and other attributes. This helps
to reduce Firefox out-of-memory crashes. Forgot something?
Switching to an unloaded tab automatically reloads it.
- To prevent session loss for macOS users who are running
Firefox from a mounted .dmg file, they’ll now be prompted to
finish installation. Bear in mind, this permission prompt
only appears the first time these users run Firefox on their
computer.
- For your safety, Firefox now blocks downloads that rely on
insecure connections, protecting against potentially
malicious or unsafe downloads. Learn more and see where to
find downloads in Firefox.
- Improved web compatibility for privacy protections with
SmartBlock 3.0: In Private Browsing and Strict Tracking
Protection, Firefox goes to great lengths to protect your web
browsing activity from trackers. As part of this, the built-
in content blocking will automatically block third-party
scripts, images, and other content from being loaded from
cross-site tracking companies reported by Disconnect. Learn
more.
- Introducing a new referrer tracking protection in Strict
Tracking Protection and Private Browsing. This feature
prevents sites from unknowingly leaking private information
to trackers. Learn more.
- Introducing Firefox Suggest, a feature that provides
website suggestions as you type into the address bar. Learn
more about this faster way to navigate the web and locale-
specific features.
- Firefox macOS now uses Apple's low-power mode for
fullscreen video on sites such as YouTube and Twitch. This
meaningfully extends battery life in long viewing sessions.
Now your kids can find out what the fox says on a loop
without you ever missing a beat…
- With this release, power users can use about:unloads to
release system resources by manually unloading tabs without
closing them.
- On Windows, there will now be fewer interruptions because
Firefox won’t prompt you for updates. Instead, a background
agent will download and install updates even if Firefox is
closed.
- On Linux, we’ve improved WebGL performance and reduced
power consumption for many users.
- To better protect all Firefox users against side-channel
attacks, such as Spectre, we introduced Site Isolation.
- Firefox no longer warns you by default when you exit the
browser or close a window using a menu, button, or three-key
command. This should cut back on unwelcome notifications,
which is always nice—however, if you prefer a bit of notice,
you’ll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox
Settings. No worries! More details here.
- Firefox supports the new Snap Layouts menus when running on
Windows 11.
- RLBox—a new technology that hardens Firefox against
potential security vulnerabilities in third-party
libraries—is now enabled on all platforms.
- We’ve reduced CPU usage on macOS in Firefox and
WindowServer during event processing.
- We’ve also reduced the power usage of software decoded
video on macOS, especially in fullscreen. This includes
streaming sites such as Netflix and Amazon Prime Video.
- You can now move the Picture-in-Picture toggle button to
the opposite side of the video. Simply look for the new
context menu option Move Picture-in-Picture Toggle to Left
(Right) Side.
- We’ve made significant improvements in noise suppression
and auto-gain-control, as well as slight improvements in
echo-cancellation to provide you with a better overall
experience.
- We’ve also significantly reduced main-thread load.
- When printing, you can now choose to print only the
odd/even pages.
- Firefox now supports and displays the new style of
scrollbars on Windows 11.
- Firefox has a new optimized download flow. Instead of
prompting every time, files will download automatically.
However, they can still be opened from the downloads panel
with just one click. Easy! More information
- Firefox no longer asks what to do for each file by default.
You won’t be prompted to choose a helper application or save
to disk before downloading a file unless you have changed
your download action setting for that type of file.
- Any files you download will be immediately saved on your
disk. Depending on the current configuration, they’ll be
saved in your preferred download folder, or you’ll be asked
to select a location for each download. Windows and Linux
users will find their downloaded files in the destination
folder. They’ll no longer be put in the Temp folder.
- Firefox allows users to choose from a number of built-in
search engines to set as their default. In this release, some
users who had previously configured a default engine might
notice their default search engine has changed since Mozilla
was unable to secure formal permission to continue including
certain search engines in Firefox.
- You can now toggle Narrate in ReaderMode with the keyboard
shortcut 'n.'
- You can find added support for search—with or without
diacritics—in the PDF viewer.
- The Linux sandbox has been strengthened: processes exposed
to web content no longer have access to the X Window system
(X11).
- Firefox now supports credit card autofill and capture in
Germany, France, and the United Kingdom.
- We now support captions/subtitles display on YouTube, Prime
Video, and Netflix videos you watch in Picture-in-Picture.
Just turn on the subtitles on the in-page video player, and
they will appear in PiP.
- Picture-in-Picture now also supports video captions on
websites that use Web Video Text Track (WebVTT) format (e.g.,
Coursera.org, Canadian Broadcasting Corporation, and many
more).
- On the first run after install, Firefox detects when its
language does not match the operating system language and
offers the user a choice between the two languages.
- Firefox spell checking now checks spelling in multiple
languages. To enable additional languages, select them in the
text field’s context menu.
- HDR video is now supported in Firefox on Mac—starting with
YouTube! Firefox users on macOS 11+ (with HDR-compatible
screens) can enjoy higher-fidelity video content. No need to
manually flip any preferences to turn HDR video support
on—just make sure battery preferences are NOT set to
“optimize video streaming while on battery”.
- Hardware-accelerated AV1 video decoding is enabled on
Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2
Excluding Navi 24, GeForce 30). Installing the AV1 Video
Extension from the Microsoft Store may also be required.
- Video overlay is enabled on Windows for Intel GPUs,
reducing power usage during video playback.
- Improved fairness between painting and handling other
events. This noticeably improves the performance of the
volume slider on Twitch.
- Scrollbars on Linux and Windows 11 won't take space by
default. On Linux, users can change this in Settings. On
Windows, Firefox follows the system setting (System Settings
> Accessibility > Visual Effects > Always show scrollbars).
- Firefox now ignores less restricted referrer
policies—including unsafe-url, no-referrer-when-downgrade,
and origin-when-cross-origin—for cross-site
subresource/iframe requests to prevent privacy leaks from the
referrer.
- Reading is now easier with the prefers-contrast media
query, which allows sites to detect if the user has requested
that web content is presented with a higher (or lower)
contrast.
- All non-configured MIME types can now be assigned a custom
action upon download completion.
- Firefox now allows users to use as many microphones as they
want, at the same time, during video conferencing. The most
exciting benefit is that you can easily switch your
microphones at any time (if your conferencing service
provider enables this flexibility).
- Print preview has been updated.
* Fixed: Various security fixes.
- MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34483 (bmo#1335845)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34476 (bmo#1387919)
ASN.1 parser could have been tricked into accepting malformed
ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246)
Potential integer overflow in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138)
Sandboxed iframes could redirect to external schemes
* CVE-2022-34469 (bmo#1721220)
TLS certificate errors on HSTS-protected domains could be
bypassed by the user on Firefox for Android
* CVE-2022-34471 (bmo#1766047)
Compromised server could trick a browser into an addon
downgrade
* CVE-2022-34472 (bmo#1770123)
Unavailable PAC file resulted in OCSP requests being blocked
* CVE-2022-34478 (bmo#1773717)
Microsoft protocols can be attacked if a user accepts a
prompt
* CVE-2022-2200 (bmo#1771381)
Undesired attributes could be set as part of prototype
pollution
* CVE-2022-34480 (bmo#1454072)
Free of uninitialized pointer in lg_init
* CVE-2022-34477 (bmo#1731614)
MediaError message property leaked information on cross-
origin same-site pages
* CVE-2022-34475 (bmo#1757210)
HTML Sanitizer could have been bypassed via same-origin
script via use tags
* CVE-2022-34473 (bmo#1770888)
HTML Sanitizer could have been bypassed via use tags
* CVE-2022-34484 (bmo#1763634, bmo#1772651)
Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
* CVE-2022-34485 (bmo#1768409, bmo#1768578)
Memory safety bugs fixed in Firefox 102
ImportantSUSE bug 1200793SUSE bug 1201758SUSE bug 1202645CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-2505 at SUSECVE-2022-2505 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34469 at SUSECVE-2022-34469 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34471 at SUSECVE-2022-34471 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34473 at SUSECVE-2022-34473 at NVDCVE-2022-34474 at SUSECVE-2022-34474 at NVDCVE-2022-34475 at SUSECVE-2022-34475 at NVDCVE-2022-34476 at SUSECVE-2022-34476 at NVDCVE-2022-34477 at SUSECVE-2022-34477 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34480 at SUSECVE-2022-34480 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34482 at SUSECVE-2022-34482 at NVDCVE-2022-34483 at SUSECVE-2022-34483 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDCVE-2022-34485 at SUSECVE-2022-34485 at NVDCVE-2022-36314 at SUSECVE-2022-36314 at NVDCVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDCVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38476 at SUSECVE-2022-38476 at NVDCVE-2022-38477 at SUSECVE-2022-38477 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative (bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
ImportantSUSE bug 1172145SUSE bug 1177440SUSE bug 1188944SUSE bug 1191881SUSE bug 1194535SUSE bug 1196616SUSE bug 1200598SUSE bug 1200770SUSE bug 1200910SUSE bug 1201019SUSE bug 1201420SUSE bug 1201429SUSE bug 1201705SUSE bug 1201726SUSE bug 1201940SUSE bug 1201948SUSE bug 1202096SUSE bug 1202154SUSE bug 1202346SUSE bug 1202347SUSE bug 1202393SUSE bug 1202396SUSE bug 1202672SUSE bug 1202897SUSE bug 1202898SUSE bug 1203098CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21385 at SUSECVE-2022-21385 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
- CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)
ImportantSUSE bug 1194581SUSE bug 1194588CVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libsndfile (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libsndfile fixes the following issues:
- CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that
could potentially lead to heap exploitation (bsc#1194006).
ImportantSUSE bug 1194006CVE-2021-4156 at SUSECVE-2021-4156 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite3 was update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Update to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64.
- CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3.
ImportantSUSE bug 1203477CVE-2022-40956 at SUSECVE-2022-40956 at NVDCVE-2022-40957 at SUSECVE-2022-40957 at NVDCVE-2022-40958 at SUSECVE-2022-40958 at NVDCVE-2022-40959 at SUSECVE-2022-40959 at NVDCVE-2022-40960 at SUSECVE-2022-40960 at NVDCVE-2022-40962 at SUSECVE-2022-40962 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for krb5-appl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for krb5-appl fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530):
- CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution.
- CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution.
ImportantSUSE bug 1203530CVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
ImportantSUSE bug 1203614SUSE bug 1203619SUSE bug 1203620CVE-2022-2795 at SUSECVE-2022-2795 at NVDCVE-2022-38177 at SUSECVE-2022-38177 at NVDCVE-2022-38178 at SUSECVE-2022-38178 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
ImportantSUSE bug 1203677SUSE bug 1203680CVE-2022-41317 at SUSECVE-2022-41317 at NVDCVE-2022-41318 at SUSECVE-2022-41318 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql-jdbc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).
ImportantSUSE bug 1202170CVE-2022-31197 at SUSECVE-2022-31197 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for clamav fixes the following issues:
- CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731)
ImportantSUSE bug 1194731CVE-2022-20698 at SUSECVE-2022-20698 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
- CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
ImportantSUSE bug 1201309SUSE bug 1202097SUSE bug 1202385SUSE bug 1202677SUSE bug 1202960SUSE bug 1203107SUSE bug 1203552CVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).
ImportantSUSE bug 1201723SUSE bug 1201971SUSE bug 1202026SUSE bug 1202466SUSE bug 1202467SUSE bug 1202468SUSE bug 1202968SUSE bug 1202971SUSE bug 1202973CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libksba (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985).
- CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529).
- CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).
- CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727).
- CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207).
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442).
- CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442).
- CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032).
- CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731).
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)
- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162)
- CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575).
The following non-security bugs were fixed:
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- elfcore: fix building with clang (bsc#1169514).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge.
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841).
- kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- net: Using proper atomic helper (bsc#1186222).
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Add XDP support (bsc#1193507).
- net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507).
- net: mana: Improve the HWC error handling (bsc#1193507).
- net: mana: Support hibernation and kexec (bsc#1193507).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- post.sh: detect /usr mountpoint too
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change.
- rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla).
- rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358).
- rpm: use _rpmmacrodir (boo#1191384)
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
- watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
ImportantSUSE bug 1071995SUSE bug 1124431SUSE bug 1167162SUSE bug 1169514SUSE bug 1172073SUSE bug 1177101SUSE bug 1179599SUSE bug 1184804SUSE bug 1185377SUSE bug 1186207SUSE bug 1186222SUSE bug 1187167SUSE bug 1189305SUSE bug 1189841SUSE bug 1190358SUSE bug 1190428SUSE bug 1191229SUSE bug 1191384SUSE bug 1191731SUSE bug 1192032SUSE bug 1192267SUSE bug 1192740SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1193306SUSE bug 1193440SUSE bug 1193442SUSE bug 1193507SUSE bug 1193575SUSE bug 1193669SUSE bug 1193727SUSE bug 1193731SUSE bug 1193767SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194001SUSE bug 1194048SUSE bug 1194087SUSE bug 1194227SUSE bug 1194302SUSE bug 1194516SUSE bug 1194529SUSE bug 1194880SUSE bug 1194888SUSE bug 1194985SUSE bug 1195254CVE-2018-25020 at SUSECVE-2018-25020 at NVDCVE-2019-15126 at SUSECVE-2019-15126 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-0935 at SUSECVE-2021-0935 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-3564 at SUSECVE-2021-3564 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for multipath-tools (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for multipath-tools fixes the following issues:
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
ImportantSUSE bug 1202616SUSE bug 1202739SUSE bug 1204325CVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1201978SUSE bug 1204366SUSE bug 1204367CVE-2016-3709 at SUSECVE-2016-3709 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bluez fixes the following issues:
- CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237).
- CVE-2016-9803: Fixed memory leak (bsc#1013885).
ImportantSUSE bug 1013885SUSE bug 1193237CVE-2016-9803 at SUSECVE-2016-9803 at NVDCVE-2019-8921 at SUSECVE-2019-8921 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Updated to version 102.4.0 ESR (bsc#1204421):
- CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
ImportantSUSE bug 1204421CVE-2022-42927 at SUSECVE-2022-42927 at NVDCVE-2022-42928 at SUSECVE-2022-42928 at NVDCVE-2022-42929 at SUSECVE-2022-42929 at NVDCVE-2022-42932 at SUSECVE-2022-42932 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for telnet (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
golang-github-prometheus-alertmanager:
- Do not include sources (bsc#1200725)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114)
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
* CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
kiwi-desc-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Use salt bundle
* Add support fo VirtIO disks
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
ModerateSUSE bug 1196338SUSE bug 1198903SUSE bug 1200725SUSE bug 1201535SUSE bug 1201539CVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-31097 at SUSECVE-2022-31097 at NVDCVE-2022-31107 at SUSECVE-2022-31107 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593).
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
ImportantSUSE bug 1202593SUSE bug 1204383CVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libtirpc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
ImportantSUSE bug 1200800SUSE bug 1201680CVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openjpeg2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openjpeg2 fixes the following issues:
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789).
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046).
ImportantSUSE bug 1149789SUSE bug 1179821SUSE bug 1180043SUSE bug 1180044SUSE bug 1180046CVE-2018-21010 at SUSECVE-2018-21010 at NVDCVE-2020-27824 at SUSECVE-2020-27824 at NVDCVE-2020-27842 at SUSECVE-2020-27842 at NVDCVE-2020-27843 at SUSECVE-2020-27843 at NVDCVE-2020-27845 at SUSECVE-2020-27845 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dbus-1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libtasn1 (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690).
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412).
- CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416).
ImportantSUSE bug 1204412SUSE bug 1204416CVE-2022-3550 at SUSECVE-2022-3550 at NVDCVE-2022-3551 at SUSECVE-2022-3551 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glibc (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for glibc fixes the following issues:
- CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing
a malformed regexp (bsc#1193625)
- x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852)
- Recognize ppc64p7 arch to build for power7
ModerateSUSE bug 1193625SUSE bug 1196852CVE-2015-8985 at SUSECVE-2015-8985 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876)
ImportantSUSE bug 1192876SUSE bug 1193981SUSE bug 1194041CVE-2021-3975 at SUSECVE-2021-3975 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sudo fixes the following issues:
Security fixes:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).
Other:
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
- Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998).
ImportantSUSE bug 1197998SUSE bug 1203201SUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923)
ImportantSUSE bug 1185104SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2021-28689 at SUSECVE-2021-28689 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270):
- CVE-2022-45403: Service Workers might have learned size of cross-origin media files
- CVE-2022-45404: Fullscreen notification bypass
- CVE-2022-45405: Use-after-free in InputStream implementation
- CVE-2022-45406: Use-after-free of a JavaScript Realm
- CVE-2022-45408: Fullscreen notification bypass via windowName
- CVE-2022-45409: Use-after-free in Garbage Collection
- CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
- CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
- CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
- CVE-2022-45416: Keystroke Side-Channel Leakage
- CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
- CVE-2022-45420: Iframe contents could be rendered outside the iframe
- CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
ImportantSUSE bug 1205270CVE-2022-45403 at SUSECVE-2022-45403 at NVDCVE-2022-45404 at SUSECVE-2022-45404 at NVDCVE-2022-45405 at SUSECVE-2022-45405 at NVDCVE-2022-45406 at SUSECVE-2022-45406 at NVDCVE-2022-45408 at SUSECVE-2022-45408 at NVDCVE-2022-45409 at SUSECVE-2022-45409 at NVDCVE-2022-45410 at SUSECVE-2022-45410 at NVDCVE-2022-45411 at SUSECVE-2022-45411 at NVDCVE-2022-45412 at SUSECVE-2022-45412 at NVDCVE-2022-45416 at SUSECVE-2022-45416 at NVDCVE-2022-45418 at SUSECVE-2022-45418 at NVDCVE-2022-45420 at SUSECVE-2022-45420 at NVDCVE-2022-45421 at SUSECVE-2022-45421 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).
ImportantSUSE bug 1204641SUSE bug 1204643SUSE bug 1204644SUSE bug 1204645SUSE bug 1205392CVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for pixman (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125).
- CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).
ImportantSUSE bug 1203125SUSE bug 1205244CVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for exiv2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for exiv2 fixes the following issues:
- CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681)
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332)
- CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338)
- CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
ImportantSUSE bug 1119562SUSE bug 1142681SUSE bug 1185002SUSE bug 1186231SUSE bug 1188733SUSE bug 1189332SUSE bug 1189337SUSE bug 1189338CVE-2018-20097 at SUSECVE-2018-20097 at NVDCVE-2019-13112 at SUSECVE-2019-13112 at NVDCVE-2021-29457 at SUSECVE-2021-29457 at NVDCVE-2021-29473 at SUSECVE-2021-29473 at NVDCVE-2021-31291 at SUSECVE-2021-31291 at NVDCVE-2021-32815 at SUSECVE-2021-32815 at NVDCVE-2021-34334 at SUSECVE-2021-34334 at NVDCVE-2021-37620 at SUSECVE-2021-37620 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for busybox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for busybox fixes the following issues:
- CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660).
- CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412).
- CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912).
- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663).
- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662).
- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
- CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976).
- CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978).
- CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428).
- CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869).
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263).
- Update to 1.35.0
- awk: fix printf %%, fix read beyond end of buffer
- chrt: silence analyzer warning
- libarchive: remove duplicate forward declaration
- mount: 'mount -o rw ....' should not fall back to RO mount
- ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find,
mktemp, wget and others
- Enable fdisk (jsc#CAR-16)
- Update to 1.34.1:
* build system: use SOURCE_DATE_EPOCH for timestamp if available
* many bug fixes and new features
* touch: make FEATURE_TOUCH_NODEREF unconditional
- update to 1.33.1:
* httpd: fix sendfile
* ash: fix HISTFILE corruptio
* ash: fix unset variable pattern expansion
* traceroute: fix option parsing
* gunzip: fix for archive corruption
- Update to version 1.33.0
- many bug fixes and new features
- Update to version 1.32.1
- fixes a case where in ash, 'wait' never finishes.
- prepare usrmerge (bsc#1029961)
- Enable testsuite and package it for later rerun (for QA, jsc#CAR-15)
- Update to version 1.31.1:
+ Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion
fix), hush, dpkg-deb, telnet and wget.
- Changes from version 1.31.0:
+ many bugfixes and new features.
- Add busybox-no-stime.patch: stime() has been deprecated in glibc
2.31 and replaced with clock_settime().
- update to 1.25.1:
* fixes for hush, gunzip, ip route, ntpd
- includes changes from 1.25.0:
* many added and expanded implementations of command options
- includes changes from 1.24.2:
* fixes for build system (static build with glibc fixed),
truncate, gunzip and unzip.
- Update to version 1.24.1
* for a full list of changes see http://www.busybox.net/news.html
- Refresh busybox.install.patch
- Update to 1.23.2
* for a full list of changes see http://www.busybox.net/news.html
- Cleaned up spec file with spec-cleaner
- Refreshed patches
- update to 1.22.1:
Many updates and fixes for most included tools, see
see http://www.busybox.net/news.html
ImportantSUSE bug 1029961SUSE bug 1064976SUSE bug 1064978SUSE bug 1069412SUSE bug 1099260SUSE bug 1099263SUSE bug 1102912SUSE bug 1121426SUSE bug 1121428SUSE bug 1184522SUSE bug 1191514SUSE bug 1192869SUSE bug 914660SUSE bug 951562SUSE bug 970662SUSE bug 970663SUSE bug 991940CVE-2011-5325 at SUSECVE-2011-5325 at NVDCVE-2014-9645 at SUSECVE-2014-9645 at NVDCVE-2015-9261 at SUSECVE-2015-9261 at NVDCVE-2016-2147 at SUSECVE-2016-2147 at NVDCVE-2016-2148 at SUSECVE-2016-2148 at NVDCVE-2016-6301 at SUSECVE-2016-6301 at NVDCVE-2017-15873 at SUSECVE-2017-15873 at NVDCVE-2017-15874 at SUSECVE-2017-15874 at NVDCVE-2017-16544 at SUSECVE-2017-16544 at NVDCVE-2018-1000500 at SUSECVE-2018-1000500 at NVDCVE-2018-1000517 at SUSECVE-2018-1000517 at NVDCVE-2018-20679 at SUSECVE-2018-20679 at NVDCVE-2019-5747 at SUSECVE-2019-5747 at NVDCVE-2021-28831 at SUSECVE-2021-28831 at NVDCVE-2021-42373 at SUSECVE-2021-42373 at NVDCVE-2021-42374 at SUSECVE-2021-42374 at NVDCVE-2021-42375 at SUSECVE-2021-42375 at NVDCVE-2021-42376 at SUSECVE-2021-42376 at NVDCVE-2021-42377 at SUSECVE-2021-42377 at NVDCVE-2021-42378 at SUSECVE-2021-42378 at NVDCVE-2021-42379 at SUSECVE-2021-42379 at NVDCVE-2021-42380 at SUSECVE-2021-42380 at NVDCVE-2021-42381 at SUSECVE-2021-42381 at NVDCVE-2021-42382 at SUSECVE-2021-42382 at NVDCVE-2021-42383 at SUSECVE-2021-42383 at NVDCVE-2021-42384 at SUSECVE-2021-42384 at NVDCVE-2021-42385 at SUSECVE-2021-42385 at NVDCVE-2021-42386 at SUSECVE-2021-42386 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244).
The following non-security bug was fixed:
- Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171).
ImportantSUSE bug 1202666SUSE bug 1205244CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for binutils (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for binutils fixes the following issues:
The following security bugs were fixed:
- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).
- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).
- CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).
- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).
- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).
- CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).
- CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
- CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).
- CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).
The following non-security bugs were fixed:
- SLE toolchain update of binutils, update to 2.39 from 2.37.
- Update to 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
--weaken-symbols options now works with unique symbols as well.
- Update to 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
--unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
--unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils (bsc#1198458).
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to 'warn' will generate a
warning message whenever any multibyte character is encountered. Using the
option to 'warn-sym-only' will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908).
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
- Add back fix for bsc#1191473, which got lost in the update to 2.38.
- Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
ImportantSUSE bug 1142579SUSE bug 1185597SUSE bug 1185712SUSE bug 1188374SUSE bug 1191473SUSE bug 1191908SUSE bug 1193929SUSE bug 1194783SUSE bug 1197592SUSE bug 1198237SUSE bug 1198458SUSE bug 1202816SUSE bug 1202966SUSE bug 1202967SUSE bug 1202969CVE-2019-1010204 at SUSECVE-2019-1010204 at NVDCVE-2021-3530 at SUSECVE-2021-3530 at NVDCVE-2021-3648 at SUSECVE-2021-3648 at NVDCVE-2021-3826 at SUSECVE-2021-3826 at NVDCVE-2021-45078 at SUSECVE-2021-45078 at NVDCVE-2021-46195 at SUSECVE-2021-46195 at NVDCVE-2022-27943 at SUSECVE-2022-27943 at NVDCVE-2022-38126 at SUSECVE-2022-38126 at NVDCVE-2022-38127 at SUSECVE-2022-38127 at NVDCVE-2022-38533 at SUSECVE-2022-38533 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
Security fixes:
- CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
- CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
- CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
- CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
- CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).
Update to version 2.38.2:
- Fix scrolling issues in some sites having fixed background.
- Fix prolonged buffering during progressive live playback.
- Fix the build with accessibility disabled.
- Fix several crashes and rendering issues.
Update to version 2.38.1:
- Make xdg-dbus-proxy work if host session bus address is an
abstract socket.
- Use a single xdg-dbus-proxy process when sandbox is enabled.
- Fix high resolution video playback due to unimplemented
changeType operation.
- Ensure GSubprocess uses posix_spawn() again and inherit file
descriptors.
- Fix player stucking in buffering (paused) state for progressive
streaming.
- Do not try to preconnect on link click when link preconnect
setting is disabled.
- Fix close status code returned when the client closes a
WebSocket in some cases.
- Fix media player duration calculation.
- Fix several crashes and rendering issues.
Update to version 2.38.0:
- New media controls UI style.
- Add new API to set WebView's Content-Security-Policy for web
extensions support.
- Make it possible to use the remote inspector from other
browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
- MediaSession is enabled by default, allowing remote media
control using MPRIS.
- Add support for PDF documents using PDF.js.
ImportantSUSE bug 1205120SUSE bug 1205121SUSE bug 1205122SUSE bug 1205123SUSE bug 1205124CVE-2022-32888 at SUSECVE-2022-32888 at NVDCVE-2022-32923 at SUSECVE-2022-32923 at NVDCVE-2022-42799 at SUSECVE-2022-42799 at NVDCVE-2022-42823 at SUSECVE-2022-42823 at NVDCVE-2022-42824 at SUSECVE-2022-42824 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
- CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
- CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
- CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
- CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
- CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
- Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302]
* Security:
- The IBM ORB Does Not Support Object-Serialisation Data Filtering
- Large Allocation In CipherSuite
- Avoid Evaluating Sslalgorithmconstraints Twice
- Cache The Results Of Constraint Checks
- An incorrect ShortBufferException is thrown by IBMJCEPlus,
IBMJCEPlusFIPS during cipher update operation
- Disable SHA-1 Signed Jars For Ea
- JSSE Performance Improvement
- Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
* Java 8/Orb:
- Upgrade ibmcfw.jar To Version o2228.02
* Class Libraries:
- Crash In Libjsor.So During An Rdma Failover
- High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
- Update Timezone Information To The Latest tzdata2022c
* Jit Compiler:
- Crash During JIT Compilation
- Incorrect JIT Optimization Of Java Code
- Incorrect Return From Class.isArray()
- Unexpected ClassCastException
- Performance Regression When Calling VM Helper Code On X86
* X/Os Extentions:
- Add RSA-OAEP Cipher Function To IBMJCECCA
- Update to Java 8.0 Service Refresh 7 Fix Pack 16
* Java Virtual Machine
- Assertion failure at ClassLoaderRememberedSet.cpp
- Assertion failure at StandardAccessBarrier.cpp when
-Xgc:concurrentScavenge is set.
- GC can have unflushed ownable synchronizer objects which
can eventually lead to heap corruption and failure when
-Xgc:concurrentScavenge is set.
* JIT Compiler:
- Incorrect JIT optimization of Java code
- JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
* Reliability and Serviceability:
- javacore with 'kill -3' SIGQUIT signal freezes Java process
ModerateSUSE bug 1204468SUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475SUSE bug 1204480SUSE bug 1205302CVE-2022-21618 at SUSECVE-2022-21618 at NVDCVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDCVE-2022-39399 at SUSECVE-2022-39399 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for supportutils (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
ModerateSUSE bug 1203818cpe:/o:suse:sles-espos:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520).
- Remove zfs modules (bsc#1205554).
ImportantSUSE bug 1205178SUSE bug 1205182SUSE bug 1205520SUSE bug 1205554CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- CVE-2022-42252: Fixed a request smuggling (bsc#1204918).
ImportantSUSE bug 1204918CVE-2022-42252 at SUSECVE-2022-42252 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for emacs (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for emacs fixes the following issues:
- CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822).
ImportantSUSE bug 1205822CVE-2022-45939 at SUSECVE-2022-45939 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for krb5 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u352 (icedtea-3.25.0):
- CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475).
- CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471).
- CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472).
ModerateSUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475CVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for glibc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Bugs fixed:
- Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458)
- Allow dlopen of filter object to work (bsc#1192620, BZ #16272)
- x86: fix stack alignment in cancelable syscall stub (bsc#1191835)
ImportantSUSE bug 1191835SUSE bug 1192620SUSE bug 1193478SUSE bug 1194640SUSE bug 1194768SUSE bug 1194770CVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):
- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
ImportantSUSE bug 1206242CVE-2022-46872 at SUSECVE-2022-46872 at NVDCVE-2022-46874 at SUSECVE-2022-46874 at NVDCVE-2022-46875 at SUSECVE-2022-46875 at NVDCVE-2022-46878 at SUSECVE-2022-46878 at NVDCVE-2022-46880 at SUSECVE-2022-46880 at NVDCVE-2022-46881 at SUSECVE-2022-46881 at NVDCVE-2022-46882 at SUSECVE-2022-46882 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for zabbix (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for zabbix fixes the following issues:
- CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083).
ModerateSUSE bug 1206083CVE-2022-43515 at SUSECVE-2022-43515 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
- CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
- CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
- CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
- CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
- CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)
- Xi: return an error from XI property changes if verification failed (bsc#1205875)
ImportantSUSE bug 1205874SUSE bug 1205875SUSE bug 1205876SUSE bug 1205877SUSE bug 1205878SUSE bug 1205879SUSE bug 1206017CVE-2022-4283 at SUSECVE-2022-4283 at NVDCVE-2022-46340 at SUSECVE-2022-46340 at NVDCVE-2022-46341 at SUSECVE-2022-46341 at NVDCVE-2022-46342 at SUSECVE-2022-46342 at NVDCVE-2022-46343 at SUSECVE-2022-46343 at NVDCVE-2022-46344 at SUSECVE-2022-46344 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_7_1-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).
- CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
- CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788).
- CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987).
The following non-security bugs were fixed:
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes).
ImportantSUSE bug 1196018SUSE bug 1198702SUSE bug 1200788SUSE bug 1201455SUSE bug 1202686SUSE bug 1203008SUSE bug 1203183SUSE bug 1203290SUSE bug 1203322SUSE bug 1203514SUSE bug 1203960SUSE bug 1203987SUSE bug 1204166SUSE bug 1204168SUSE bug 1204170SUSE bug 1204354SUSE bug 1204355SUSE bug 1204402SUSE bug 1204414SUSE bug 1204415SUSE bug 1204424SUSE bug 1204431SUSE bug 1204432SUSE bug 1204439SUSE bug 1204479SUSE bug 1204574SUSE bug 1204576SUSE bug 1204631SUSE bug 1204635SUSE bug 1204636SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204868SUSE bug 1205006SUSE bug 1205128SUSE bug 1205130SUSE bug 1205220SUSE bug 1205473SUSE bug 1205514SUSE bug 1205671SUSE bug 1205705SUSE bug 1205709SUSE bug 1205796SUSE bug 1206113SUSE bug 1206114SUSE bug 1206207CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-40307 at SUSECVE-2022-40307 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for vim (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for vim fixes the following issues:
Updated to version 9.0.0814:
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
ModerateSUSE bug 1070955SUSE bug 1173256SUSE bug 1174564SUSE bug 1176549SUSE bug 1182324SUSE bug 1190533SUSE bug 1190570SUSE bug 1191770SUSE bug 1191893SUSE bug 1192167SUSE bug 1192478SUSE bug 1192481SUSE bug 1192902SUSE bug 1192903SUSE bug 1192904SUSE bug 1193294SUSE bug 1193298SUSE bug 1193466SUSE bug 1193905SUSE bug 1194093SUSE bug 1194216SUSE bug 1194217SUSE bug 1194388SUSE bug 1194556SUSE bug 1194872SUSE bug 1194885SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195203SUSE bug 1195332SUSE bug 1195354SUSE bug 1195356SUSE bug 1196361SUSE bug 1198596SUSE bug 1198748SUSE bug 1199331SUSE bug 1199333SUSE bug 1199334SUSE bug 1199651SUSE bug 1199655SUSE bug 1199693SUSE bug 1199745SUSE bug 1199747SUSE bug 1199936SUSE bug 1200010SUSE bug 1200011SUSE bug 1200012SUSE bug 1200270SUSE bug 1200697SUSE bug 1200698SUSE bug 1200700SUSE bug 1200701SUSE bug 1200732SUSE bug 1200884SUSE bug 1200902SUSE bug 1200903SUSE bug 1200904SUSE bug 1201132SUSE bug 1201133SUSE bug 1201134SUSE bug 1201135SUSE bug 1201136SUSE bug 1201150SUSE bug 1201151SUSE bug 1201152SUSE bug 1201153SUSE bug 1201154SUSE bug 1201155SUSE bug 1201249SUSE bug 1201356SUSE bug 1201359SUSE bug 1201363SUSE bug 1201620SUSE bug 1201863SUSE bug 1202046SUSE bug 1202049SUSE bug 1202050SUSE bug 1202051SUSE bug 1202414SUSE bug 1202420SUSE bug 1202421SUSE bug 1202511SUSE bug 1202512SUSE bug 1202515SUSE bug 1202552SUSE bug 1202599SUSE bug 1202687SUSE bug 1202689SUSE bug 1202862SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2016-1248 at SUSECVE-2016-1248 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:sles-espos:12:sp4Security update for virglrenderer (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for virglrenderer fixes the following issues:
- CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389).
ImportantSUSE bug 1195389CVE-2022-0135 at SUSECVE-2022-0135 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
ImportantSUSE bug 1195054SUSE bug 1195217CVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tiff fixes the following issues:
- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).
ImportantSUSE bug 1071031SUSE bug 1154365SUSE bug 1182808SUSE bug 1182809SUSE bug 1182811SUSE bug 1182812SUSE bug 1190312SUSE bug 1194539CVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tcpdump (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tcpdump fixes the following issues:
- CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825).
ModerateSUSE bug 1195825CVE-2018-16301 at SUSECVE-2018-16301 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xerces-j2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xerces-j2 fixes the following issues:
- CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).
ImportantSUSE bug 1195108CVE-2022-23437 at SUSECVE-2022-23437 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682)
- CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service
- CVE-2022-22754: Extensions could have bypassed permission confirmation during update
- CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable
- CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements
- CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types
- CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
- CVE-2022-22763: Script Execution during invalid object state
- CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)
- Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry
ImportantSUSE bug 1195230SUSE bug 1195682CVE-2022-22753 at SUSECVE-2022-22753 at NVDCVE-2022-22754 at SUSECVE-2022-22754 at NVDCVE-2022-22756 at SUSECVE-2022-22756 at NVDCVE-2022-22759 at SUSECVE-2022-22759 at NVDCVE-2022-22760 at SUSECVE-2022-22760 at NVDCVE-2022-22761 at SUSECVE-2022-22761 at NVDCVE-2022-22763 at SUSECVE-2022-22763 at NVDCVE-2022-22764 at SUSECVE-2022-22764 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220207 release.
- CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615)
- CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779)
- CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780)
- CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781)
- Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
- Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
ImportantSUSE bug 1192615SUSE bug 1195779SUSE bug 1195780SUSE bug 1195781CVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943)
- CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942)
ImportantSUSE bug 1193942SUSE bug 1193943CVE-2021-44224 at SUSECVE-2021-44224 at NVDCVE-2021-44790 at SUSECVE-2021-44790 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.5 (bsc#1195735):
- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.
Update to version 2.34.4 (bsc#1195064):
- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The following CVEs were addressed in a previous update:
- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
ImportantSUSE bug 1195064SUSE bug 1195735CVE-2021-30934 at SUSECVE-2021-30934 at NVDCVE-2021-30936 at SUSECVE-2021-30936 at NVDCVE-2021-30951 at SUSECVE-2021-30951 at NVDCVE-2021-30952 at SUSECVE-2021-30952 at NVDCVE-2021-30953 at SUSECVE-2021-30953 at NVDCVE-2021-30954 at SUSECVE-2021-30954 at NVDCVE-2021-30984 at SUSECVE-2021-30984 at NVDCVE-2021-45481 at SUSECVE-2021-45481 at NVDCVE-2021-45482 at SUSECVE-2021-45482 at NVDCVE-2021-45483 at SUSECVE-2021-45483 at NVDCVE-2022-22589 at SUSECVE-2022-22589 at NVDCVE-2022-22590 at SUSECVE-2022-22590 at NVDCVE-2022-22592 at SUSECVE-2022-22592 at NVDCVE-2022-22594 at SUSECVE-2022-22594 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cyrus-sasl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
ImportantSUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
ImportantSUSE bug 1196025SUSE bug 1196026SUSE bug 1196168SUSE bug 1196169SUSE bug 1196171CVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for zsh (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be
executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be
properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-1100: Fixed a potential code execution via a stack-based buffer
overflow in utils.c:checkmailpath() (bsc#1089030).
ImportantSUSE bug 1089030SUSE bug 1163882SUSE bug 1196435CVE-2018-1100 at SUSECVE-2018-1100 at NVDCVE-2019-20044 at SUSECVE-2019-20044 at NVDCVE-2021-45444 at SUSECVE-2021-45444 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
The following non-security bugs were fixed:
- NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934).
- crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).
- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
ImportantSUSE bug 1107207SUSE bug 1114893SUSE bug 1185973SUSE bug 1191580SUSE bug 1194516SUSE bug 1195536SUSE bug 1195543SUSE bug 1195612SUSE bug 1195840SUSE bug 1195897SUSE bug 1195908SUSE bug 1195934SUSE bug 1195949SUSE bug 1195987SUSE bug 1196079SUSE bug 1196155SUSE bug 1196584SUSE bug 1196601SUSE bug 1196612CVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.1 ESR (bsc#1196809):
- CVE-2022-26485: Use-after-free in XSLT parameter processing
- CVE-2022-26486: Use-after-free in WebGPU IPC Framework
ImportantSUSE bug 1196809CVE-2022-26485 at SUSECVE-2022-26485 at NVDCVE-2022-26486 at SUSECVE-2022-26486 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb fixes the following issues:
- Update to 10.2.43 (bsc#1196016):
* 10.2.43: CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
* 10.2.42: CVE-2022-24052
CVE-2022-24051
CVE-2022-24050
CVE-2022-24048
CVE-2021-46659, bsc#1195339
- The following issues have already been fixed in this package but weren't
previously mentioned in the changes file:
CVE-2021-46658, bsc#1195334
CVE-2021-46657, bsc#1195325
ImportantSUSE bug 1195325SUSE bug 1195334SUSE bug 1195339SUSE bug 1196016CVE-2021-46657 at SUSECVE-2021-46657 at NVDCVE-2021-46658 at SUSECVE-2021-46658 at NVDCVE-2021-46659 at SUSECVE-2021-46659 at NVDCVE-2021-46661 at SUSECVE-2021-46661 at NVDCVE-2021-46663 at SUSECVE-2021-46663 at NVDCVE-2021-46664 at SUSECVE-2021-46664 at NVDCVE-2021-46665 at SUSECVE-2021-46665 at NVDCVE-2021-46668 at SUSECVE-2021-46668 at NVDCVE-2022-24048 at SUSECVE-2022-24048 at NVDCVE-2022-24050 at SUSECVE-2022-24050 at NVDCVE-2022-24051 at SUSECVE-2022-24051 at NVDCVE-2022-24052 at SUSECVE-2022-24052 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255)
- Remove log4j dependency, which is currently directly in use (bsc#1196137)
- Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
ImportantSUSE bug 1195255SUSE bug 1196091SUSE bug 1196137CVE-2022-23181 at SUSECVE-2022-23181 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.6 (bsc#1196133):
- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.
ImportantSUSE bug 1196133CVE-2022-22620 at SUSECVE-2022-22620 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libcaca (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libcaca fixes the following issues:
- CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no
data is written and space is allocated for the header only, not taking into
account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752).
ImportantSUSE bug 1184751SUSE bug 1184752CVE-2021-30498 at SUSECVE-2021-30498 at NVDCVE-2021-30499 at SUSECVE-2021-30499 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.7.0 ESR (bsc#1196900):
- CVE-2022-26383: Browser window spoof using fullscreen mode
- CVE-2022-26384: iframe allow-scripts sandbox bypass
- CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
- CVE-2022-26381: Use-after-free in text reflows
- CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users
ImportantSUSE bug 1196900CVE-2022-26381 at SUSECVE-2022-26381 at NVDCVE-2022-26383 at SUSECVE-2022-26383 at NVDCVE-2022-26384 at SUSECVE-2022-26384 at NVDCVE-2022-26386 at SUSECVE-2022-26386 at NVDCVE-2022-26387 at SUSECVE-2022-26387 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249).
ImportantSUSE bug 1196249SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
Non-security issues fixed:
- Fix PAC pointer authentication in ARM. (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
- Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u322 (icedtea-3.22.0)
Including the following security fixes:
- CVE-2022-21248, bsc#1194926: Enhance cross VM serialization
- CVE-2022-21283, bsc#1194937: Better String matching
- CVE-2022-21293, bsc#1194935: Improve String constructions
- CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps
- CVE-2022-21282, bsc#1194933: Better resolution of URIs
- CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management
- CVE-2022-21299, bsc#1194931: Improved scanning of XML entities
- CVE-2022-21305, bsc#1194939: Better array indexing
- CVE-2022-21340, bsc#1194940: Verify Jar Verification
- CVE-2022-21341, bsc#1194941: Improve serial forms for transport
- CVE-2022-21349: Improve Solaris font rendering
- CVE-2022-21360, bsc#1194929: Enhance BMP image support
- CVE-2022-21365, bsc#1194928: Enhanced BMP processing
ImportantSUSE bug 1193314SUSE bug 1193444SUSE bug 1193491SUSE bug 1194926SUSE bug 1194928SUSE bug 1194929SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195163CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bind fixes the following issues:
- CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose
caching rules (bsc#1197135).
ImportantSUSE bug 1197135CVE-2021-25220 at SUSECVE-2021-25220 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for kernel-firmware fixes the following issues:
Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786):
- CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access.
ModerateSUSE bug 1195786CVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
ImportantSUSE bug 1197091SUSE bug 1197095SUSE bug 1197096SUSE bug 1197098CVE-2022-22719 at SUSECVE-2022-22719 at NVDCVE-2022-22720 at SUSECVE-2022-22720 at NVDCVE-2022-22721 at SUSECVE-2022-22721 at NVDCVE-2022-23943 at SUSECVE-2022-23943 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for git fixes the following issues:
- CVE-2022-41903: Fixed a heap overflow in the 'git archive' and
'git log --format' commands (bsc#1207033).
- CVE-2022-23521: Fixed an integer overflow that could be triggered
when parsing a gitattributes file (bsc#1207032).
ImportantSUSE bug 1207032SUSE bug 1207033CVE-2022-23521 at SUSECVE-2022-23521 at NVDCVE-2022-41903 at SUSECVE-2022-41903 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.7.0 ESR (bsc#1207119):
- CVE-2022-46871: Updated an out of date library (libusrsctp) which
contained several vulnerabilities.
- CVE-2023-23598: Fixed an arbitrary file read from GTK drag and
drop on Linux.
- CVE-2023-23601: Fixed a potential spoofing attack when dragging a
URL from a cross-origin iframe into the same tab.
- CVE-2023-23602: Fixed a mishandled security check, which caused
the Content Security Policy header to be ignored for WebSockets
in WebWorkers.
- CVE-2022-46877: Fixed a fullscreen notification bypass which
could be leveraged in spoofing attacks.
- CVE-2023-23603: Fixed a Content Security Policy bypass via format
directives.
- CVE-2023-23605: Fixed several memory safety bugs.
ImportantSUSE bug 1207119CVE-2022-46871 at SUSECVE-2022-46871 at NVDCVE-2022-46877 at SUSECVE-2022-46877 at NVDCVE-2023-23598 at SUSECVE-2023-23598 at NVDCVE-2023-23601 at SUSECVE-2023-23601 at NVDCVE-2023-23602 at SUSECVE-2023-23602 at NVDCVE-2023-23603 at SUSECVE-2023-23603 at NVDCVE-2023-23605 at SUSECVE-2023-23605 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for freeradius-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for freeradius-server fixes the following issues:
- CVE-2022-41859: Fixed an issue in EAP-PWD that could leak
information about the password, which could facilitate dictionary
attacks (bsc#1206204).
- CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually
configured, which could be triggered via a malformed SIM option
(bsc#1206205).
- CVE-2022-41861: Fixed a server crash that could be triggered by
sending malformed data from a system in the RADIUS circle of trust
(bsc#1206206).
ImportantSUSE bug 1206204SUSE bug 1206205SUSE bug 1206206CVE-2022-41859 at SUSECVE-2022-41859 at NVDCVE-2022-41860 at SUSECVE-2022-41860 at NVDCVE-2022-41861 at SUSECVE-2022-41861 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2021-20251: Fixed an issue where the bad password count would
not be properly incremented, which could allow attackers to brute
force a user's password (bsc#1206546).
- CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
Secure channel (bsc#1206504).
- CVE-2022-37966: Fixed an issue where a weak cipher would be
selected to encrypt session keys, which could lead to privilege
escalation (bsc#1205385).
ImportantSUSE bug 1205385SUSE bug 1206504SUSE bug 1206546CVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dpdk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of dpdk fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-espos:12:sp4Security update for libXpm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libXpm fixes the following issues:
- CVE-2022-46285: Fixed an infinite loop that could be triggered
when reading a XPM image with a C-style comment that is never
closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could
be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands
susceptible to PATH environment variable manipulation attacks
(bsc#1207031).
ImportantSUSE bug 1207029SUSE bug 1207030SUSE bug 1207031CVE-2022-44617 at SUSECVE-2022-44617 at NVDCVE-2022-46285 at SUSECVE-2022-46285 at NVDCVE-2022-4883 at SUSECVE-2022-4883 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bluez fixes the following issues:
- CVE-2022-39176: Fixed a memory safety issue that could allow
physically proximate attackers to obtain sensitive information
(bsc#1203121).
- CVE-2022-39177: Fixed a memory safety issue that could allow
physically proximate attackers to cause a denial of service
(bsc#1203120).
ImportantSUSE bug 1203120SUSE bug 1203121CVE-2022-39176 at SUSECVE-2022-39176 at NVDCVE-2022-39177 at SUSECVE-2022-39177 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).
ImportantSUSE bug 1209622CVE-2023-28708 at SUSECVE-2023-28708 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).
ImportantSUSE bug 1209543CVE-2023-1393 at SUSECVE-2023-1393 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.5 (boo#1208328):
- CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.
- CVE-2023-23518: Processing maliciously crafted web content may lead to
Previously fixed inside update to version 2.38.4 (boo#1207997):
- CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.
ImportantSUSE bug 1207997SUSE bug 1208328CVE-2022-42826 at SUSECVE-2022-42826 at NVDCVE-2023-23518 at SUSECVE-2023-23518 at NVDCVE-2023-23529 at SUSECVE-2023-23529 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sudo (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sudo fixes the following issues:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
ModerateSUSE bug 1209361SUSE bug 1209362CVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
Security fixes:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
Other fixes:
- Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062)
ModerateSUSE bug 1202062SUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
Bug fixes:
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
- Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244).
- Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529).
- Fixed 'man' tweak description of auto/noauto (bsc#1191502).
ImportantSUSE bug 1191502SUSE bug 1195529SUSE bug 1197244SUSE bug 1198507SUSE bug 1204423SUSE bug 1204968SUSE bug 1205000SUSE bug 1206985SUSE bug 1208958CVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDCVE-2023-26604 at SUSECVE-2023-26604 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ghostscript fixes the following issues:
- CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062).
ImportantSUSE bug 1210062CVE-2023-28879 at SUSECVE-2023-28879 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 102.10.0 ESR (bsc#1210212)
- CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
- CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
- CVE-2023-29533: Fullscreen notification obscured
- MFSA-TMP-2023-0001: Double-free in libwebp
- CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
- CVE-2023-29536: Invalid free from JavaScript code
- CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download
- CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux
- CVE-2023-29542: Bypass of file download extension restrictions
- CVE-2023-29545: Windows Save As dialog resolved environment variables
- CVE-2023-1945: Memory Corruption in Safe Browsing Code
- CVE-2023-29548: Incorrect optimization result on ARM64
- CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
ImportantSUSE bug 1210212CVE-2023-1945 at SUSECVE-2023-1945 at NVDCVE-2023-29531 at SUSECVE-2023-29531 at NVDCVE-2023-29532 at SUSECVE-2023-29532 at NVDCVE-2023-29533 at SUSECVE-2023-29533 at NVDCVE-2023-29535 at SUSECVE-2023-29535 at NVDCVE-2023-29536 at SUSECVE-2023-29536 at NVDCVE-2023-29539 at SUSECVE-2023-29539 at NVDCVE-2023-29541 at SUSECVE-2023-29541 at NVDCVE-2023-29542 at SUSECVE-2023-29542 at NVDCVE-2023-29545 at SUSECVE-2023-29545 at NVDCVE-2023-29548 at SUSECVE-2023-29548 at NVDCVE-2023-29550 at SUSECVE-2023-29550 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for harfbuzz (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 (bsc#1208480):
* Security fixes:
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
* New Features/Enhancements:
- Add RSA-PSS signature to IBMJCECCA.
* Defect Fixes:
- IJ45437 Service, Build, Packaging and Deliver: Getting
FIPSRUNTIMEEXCEPTION when calling java code:
MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
- IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
- IJ45280 Class Libraries: Update timezone information to the
latest TZDATA2022F
- IJ44896 Class Libraries: Update timezone information to the
latest TZDATA2022G
- IJ45436 Java Virtual Machine: Stack walking code gets into
endless loop, hanging the application
- IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified
multiple times on the same command line the first option takes
precedence instead of the last
- IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT()
due to a NULL pointer
- IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static
final field object properties
- IJ44107 JIT Compiler: JIT publishes new object reference to other
threads without executing a memory flush
- IX90193 ORB: Fix security vulnerability CVE-2023-21830
- IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has
similar error of JDK-8253368
- IJ45148 Security: code changes for tech preview
- IJ44621 Security: Computing Diffie-Hellman secret repeatedly,
using IBMJCEPLUS, causes a small memory leak
- IJ44172 Security: Disable SHA-1 signed jars for EA
- IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly,
using IBMJCEPLUS, Causes a small memory leak
- IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305
crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
- IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA
during signature operations resulting in Java cores
- IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
- IJ45202 Security: KEYTOOL NPE if signing certificate does not contain
a SUBJECTKEYIDENTIFIER extension
- IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY()
method uses SHA1XXXX signature algorithms to match private and public keys
- IJ45203 Security: RSAPSS multiple names for KEYTYPE
- IJ43920 Security: The PKCS12 keystore update and the PBES2 support
- IJ40002 XML: Fix security vulnerability CVE-2022-21426
ModerateSUSE bug 1207246SUSE bug 1207248SUSE bug 1207249SUSE bug 1208480CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21835 at SUSECVE-2023-21835 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for liblouis (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for liblouis fixes the following issues:
- CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429).
- CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431).
- CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432).
ImportantSUSE bug 1209429SUSE bug 1209431SUSE bug 1209432SUSE bug 1209855CVE-2023-26767 at SUSECVE-2023-26767 at NVDCVE-2023-26768 at SUSECVE-2023-26768 at NVDCVE-2023-26769 at SUSECVE-2023-26769 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
backend could cause the response headers to be truncated early,
resulting in some headers being incorporated into the response body
(bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
header could cause memory corruption (bsc#1207247).
ImportantSUSE bug 1207247SUSE bug 1207250SUSE bug 1207251CVE-2006-20001 at SUSECVE-2006-20001 at NVDCVE-2022-36760 at SUSECVE-2022-36760 at NVDCVE-2022-37436 at SUSECVE-2022-37436 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2-mod_auth_openidc (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441).
- CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073).
ImportantSUSE bug 1190855SUSE bug 1206441SUSE bug 1210073CVE-2022-23527 at SUSECVE-2022-23527 at NVDCVE-2023-28625 at SUSECVE-2023-28625 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for shim (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1193315SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ovmf (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ovmf fixes the following issues:
- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246).
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
ImportantSUSE bug 1174246SUSE bug 1196741CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tiff fixes the following issues:
- CVE-2022-48281: Fixed a buffer overflow that could be triggered via
a crafted image (bsc#1207413).
ImportantSUSE bug 1207413CVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sssd (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sssd fixes the following issues:
- CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474)
ImportantSUSE bug 1207474CVE-2022-4254 at SUSECVE-2022-4254 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for dmidecode (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.6 (bsc#1210731):
- CVE-2022-0108: Fixed information leak.
- CVE-2022-32885: Fixed arbitrary code execution.
- CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer.
- CVE-2023-27932: Fixed Same Origin Policy bypass.
- CVE-2023-27954: Fixed sensitive user information tracking.
- CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295).
Already fixed in version 2.38.5:
- CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
ImportantSUSE bug 1210295SUSE bug 1210731CVE-2022-0108 at SUSECVE-2022-0108 at NVDCVE-2022-32885 at SUSECVE-2022-32885 at NVDCVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDCVE-2023-25358 at SUSECVE-2023-25358 at NVDCVE-2023-25360 at SUSECVE-2023-25360 at NVDCVE-2023-25361 at SUSECVE-2023-25361 at NVDCVE-2023-25362 at SUSECVE-2023-25362 at NVDCVE-2023-25363 at SUSECVE-2023-25363 at NVDCVE-2023-27932 at SUSECVE-2023-27932 at NVDCVE-2023-27954 at SUSECVE-2023-27954 at NVDCVE-2023-28205 at SUSECVE-2023-28205 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for git (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for git fixes the following issues:
- CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686).
- CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686).
- CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).
ModerateSUSE bug 1210686CVE-2023-25652 at SUSECVE-2023-25652 at NVDCVE-2023-25815 at SUSECVE-2023-25815 at NVDCVE-2023-29007 at SUSECVE-2023-29007 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for shadow (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for vim (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
- CVE-2022-3491: Fixed an out of bounds memory access that could
cause a crash (bsc#1206028).
- CVE-2022-3520: Fixed an out of bounds memory access that could
cause a crash (bsc#1206071).
- CVE-2022-3591: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206072).
- CVE-2022-4292: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206075).
- CVE-2022-4293: Fixed a floating point exception that could cause
a crash (bsc#1206077).
- CVE-2022-4141: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1205797).
- CVE-2022-3705: Fixed an use-after-free issue that could cause
a crash or memory corruption (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077SUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for shim (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for shim fixes the following issues:
- Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737)
ImportantSUSE bug 1198458CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.11.0 ESR (bsc#1211175):
- CVE-2023-32205: Browser prompts could have been obscured by popups
- CVE-2023-32206: Crash in RLBox Expat driver
- CVE-2023-32207: Potential permissions request bypass via clickjacking
- CVE-2023-32211: Content process crash due to invalid wasm code
- CVE-2023-32212: Potential spoof due to obscured address bar
- CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
- CVE-2023-32214: Potential DoS via exposed protocol handlers
- CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
ImportantSUSE bug 1211175CVE-2023-32205 at SUSECVE-2023-32205 at NVDCVE-2023-32206 at SUSECVE-2023-32206 at NVDCVE-2023-32207 at SUSECVE-2023-32207 at NVDCVE-2023-32211 at SUSECVE-2023-32211 at NVDCVE-2023-32212 at SUSECVE-2023-32212 at NVDCVE-2023-32213 at SUSECVE-2023-32213 at NVDCVE-2023-32214 at SUSECVE-2023-32214 at NVDCVE-2023-32215 at SUSECVE-2023-32215 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for SUSE Manager Client Tools (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051)
prometheus-blackbox_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062)
- Other non-security bugs fixed and changes:
* Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113)
* On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
prometheus-postgres_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)
- Other non-security issues fixed:
* Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and
clones
* Create the prometheus user for Red Hat Linux Enterprise systems and clones
* Fix broken log-level for values other than debug (bsc#1208965)
golang-github-prometheus-node_exporter:
- Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578):
* CVE-2022-27191: Update go/x/crypto (bsc#1197284)
* CVE-2022-27664: Update go/x/net (bsc#1203185)
* CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
- Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578):
* NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU
thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes
with high numbers of CPUs/CPU threads.
* [BUGFIX] Fix hwmon label sanitizer
* [BUGFIX] Use native endianness when encoding InetDiagMsg
* [BUGFIX] Fix btrfs device stats always being zero
* [BUGFIX] Fix diskstats exclude flags
* [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning
* [BUGFIX] Fix concurrency issue in ethtool collector
* [BUGFIX] Fix concurrency issue in netdev collector
* [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes
* [BUGFIX] Fix iostat on macos broken by deprecation warning
* [BUGFIX] Fix NodeFileDescriptorLimit alerts
* [BUGFIX] Sanitize rapl zone names
* [BUGFIX] Add file descriptor close safely in test
* [BUGFIX] Fix race condition in os_release.go
* [BUGFIX] Skip ZFS IO metrics if their paths are missing
* [BUGFIX] Handle nil CPU thermal power status on M1
* [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE
* [BUGFIX] Sanitize UTF-8 in dmi collector
* [CHANGE] Merge metrics descriptions in textfile collector
* [FEATURE] Add multiple listeners and systemd socket listener activation
* [FEATURE] [node-mixin] Add darwin dashboard to mixin
* [FEATURE] Add 'isolated' metric on cpu collector on linux
* [FEATURE] Add cgroup summary collector
* [FEATURE] Add selinux collector
* [FEATURE] Add slab info collector
* [FEATURE] Add sysctl collector
* [FEATURE] Also track the CPU Spin time for OpenBSD systems
* [FEATURE] Add support for MacOS version
* [ENHANCEMENT] Add RTNL version of netclass collector
* [ENHANCEMENT] [node-mixin] Add missing selectors
* [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default
* [ENHANCEMENT] [node-mixin] Change disk graph to disk table
* [ENHANCEMENT] [node-mixin] Change io time units to %util
* [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd
* [ENHANCEMENT] Add additional vm_stat memory metrics for darwin
* [ENHANCEMENT] Add device filter flags to arp collector
* [ENHANCEMENT] Add diskstats include and exclude device flags
* [ENHANCEMENT] Add node_softirqs_total metric
* [ENHANCEMENT] Add rapl zone name label option
* [ENHANCEMENT] Add slabinfo collector
* [ENHANCEMENT] Allow user to select port on NTP server to query
* [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev
* [ENHANCEMENT] Enable builds against older macOS SDK
* [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
* [ENHANCEMENT] systemd: Expose systemd minor version
* [ENHANCEMENT] Use netlink for tcpstat collector
* [ENHANCEMENT] Use netlink to get netdev stats
* [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles
* [ENHANCEMENT] Add btrfs device error stats
golang-github-prometheus-prometheus:
- Security issues fixed in this version update to 2.37.6 (jsc#PED-3576):
* CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
* CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
- Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576):
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
* [BUGFIX] Properly close file descriptor when logging unfinished queries.
* [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
* [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
* [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
* [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
* [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
* [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
* [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
* [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default
configuration values.
* [BUGFIX] Fix serving of static assets like fonts and favicon.
* [BUGFIX] promtool: Add --lint-fatal option.
* [BUGFIX] Changing TotalQueryableSamples from int to int64.
* [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
* [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
* [BUGFIX] Stop rule manager before TSDB is stopped.
* [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
* [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
* [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page.
* [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
* [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
* [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
* [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset.
* [BUGFIX] UI: Fix bug that sets the range input to the resolution.
* [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled.
* [BUGFIX] Parser: Specify type in metadata parser errors.
* [BUGFIX] Scrape: Fix label limit changes not applying.
* [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch.
* [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
* [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
* [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
* [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
* [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s.
* [BUGFIX] Promtool: Make exit codes more consistent.
* [BUGFIX] Promtool: Fix flakiness of rule testing.
* [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write
irrecoverably fails.
* [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
* [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks.
* [BUGFIX] TSDB: Fix logging of exemplar storage size.
* [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
* [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets.
* [BUGFIX] UI: Fix autocompletion when expression is empty.
* [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
* [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
* [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting
in a new exit code (3) for linter errors.
* [CHANGE] UI: Classic UI removed.
* [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
* [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
* [CHANGE] Web: Promote remote-write-receiver to stable.
* [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery.
* [FEATURE] Add lowercase and uppercase relabel action.
* [FEATURE] SD: Add IONOS Cloud integration.
* [FEATURE] SD: Add Vultr integration.
* [FEATURE] SD: Add Linode SD failure count metric.
* [FEATURE] Add prometheus_ready metric.
* [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit.
Enable with the flag `--enable-feature=auto-gomaxprocs`.
* [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query.
Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using
stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`.
* [FEATURE] Config: Add stripPort template function.
* [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended.
* [FEATURE] SD: Enable target discovery in own K8s namespace.
* [FEATURE] SD: Add provider ID label in K8s SD.
* [FEATURE] Web: Add limit field to the rules API.
* [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
* [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
* [ENHANCEMENT] TSDB: Memory optimizations.
* [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
* [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
* [ENHANCEMENT] Add stripDomain to template function.
* [ENHANCEMENT] UI: Enable active search through dropped targets.
* [ENHANCEMENT] promtool: support matchers when querying label
* [ENHANCEMENT] Add agent mode identifier.
* [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup.
* [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
* [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
* [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1
EndpointSlice (previously only discovery.k8s.io/v1beta1
EndpointSlice was supported).
* [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods.
* [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
* [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
* [ENHANCEMENT] Config: Support overriding minimum TLS version.
* [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag
`--storage.tsdb.head-chunks-write-queue-size`.
* [ENHANCEMENT] HTTP SD: Add a failure counter.
* [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
* [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
* [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape.
* [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1.
* [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read.
* [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
* [ENHANCEMENT] UI: Improve graph colors that were hard to see.
* [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels.
* [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces.
* [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver.
* [ENHANCEMENT] Remote-write: Shard up more when backlogged.
* [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance.
* [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap.
* [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write.
* [ENHANCEMENT] TSDB: Improve label matching performance.
* [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
* [ENHANCEMENT] UI: Optimize the target page and add a search bar.
golang-github-prometheus-promu:
- Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576):
* [BUGFIX] Set build date from last changelog modification (bsc#1047218)
* [BUGFIX] Validate environment variable value
* [BUGFIX]Set build date from SOURCE_DATE_EPOCH
* [BUGFIX]Make extldflags extensible by configuration.
* [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine
* [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag
* [BUGFIX] Fix git repository url parsing
* [CHANGE] Remove ioutil
* [CHANGE] Update common Prometheus files
* [FEATURE] Add the ability to override tags per GOOS
* [FEATURE] Adding changes to support s390x
* [FEATURE] Added check_licenses Command to Promu
* [ENHANCEMENT] Allow to customize nested options via env variables
* [ENHANCEMENT] Add warning if promu info is unable to determine repo info
ImportantSUSE bug 1047218SUSE bug 1197284SUSE bug 1203185SUSE bug 1203599SUSE bug 1204023SUSE bug 1208049SUSE bug 1208051SUSE bug 1208060SUSE bug 1208062SUSE bug 1208064SUSE bug 1208965SUSE bug 1209113CVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql15 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql15 fixes the following issues:
Updated to version 15.3:
- CVE-2023-2454: Fixed an issue where a user having permission to
create a schema could hijack the privileges of a security definer
function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or
modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
ImportantSUSE bug 1210303SUSE bug 1211228SUSE bug 1211229CVE-2023-2454 at SUSECVE-2023-2454 at NVDCVE-2023-2455 at SUSECVE-2023-2455 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for curl fixes the following issues:
- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ImportantSUSE bug 1206309SUSE bug 1207992SUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233SUSE bug 1211339CVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- Fix kABI breakage (bsc#1208333)
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353).
- cifs: fix double free in dfs mounts (bsc#1209845).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
- cifs: missing null pointer check in cifs_mount (bsc#1209845).
- cifs: serialize all mount attempts (bsc#1209845).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- k-m-s: Drop Linux 2.6 support
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
ImportantSUSE bug 1076830SUSE bug 1194535SUSE bug 1202353SUSE bug 1205128SUSE bug 1207036SUSE bug 1207125SUSE bug 1207168SUSE bug 1207185SUSE bug 1207795SUSE bug 1207845SUSE bug 1208179SUSE bug 1208333SUSE bug 1208599SUSE bug 1208777SUSE bug 1208837SUSE bug 1208850SUSE bug 1209008SUSE bug 1209052SUSE bug 1209256SUSE bug 1209289SUSE bug 1209291SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209613SUSE bug 1209687SUSE bug 1209777SUSE bug 1209778SUSE bug 1209845SUSE bug 1209871SUSE bug 1209887SUSE bug 1210124SUSE bug 1210202SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210647SUSE bug 1211037CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20567 at SUSECVE-2022-20567 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u372 (icedtea-3.27.0):
- CVE-2023-21930: Fixed an issue in the JSSE component that could
allow an attacker to access critical data without authorization
(bsc#1210628).
- CVE-2023-21937: Fixed an issue in the Networking component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210631).
- CVE-2023-21938: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210632).
- CVE-2023-21939: Fixed an issue in the Swing component that could
allow an attacker to update, insert or delete some data without
authorization (bsc#1210634).
- CVE-2023-21954: Fixed an issue in the Hotspot component that
could allow an attacker to access critical data without
authorization (bsc#1210635).
- CVE-2023-21967: Fixed an issue in the JSSE component that could
allow an attacker to cause a hang or frequently repeatable
crash without authorization (bsc#1210636).
- CVE-2023-21968: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210637).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ctags (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a
crafted filename (bsc#1206543).
ImportantSUSE bug 1206543CVE-2022-4515 at SUSECVE-2022-4515 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382)
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608).
ImportantSUSE bug 1211608CVE-2023-28709 at SUSECVE-2023-28709 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openvswitch (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
- CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865).
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).
ImportantSUSE bug 1188524SUSE bug 1203865SUSE bug 1206580SUSE bug 1206581CVE-2021-36980 at SUSECVE-2021-36980 at NVDCVE-2022-32166 at SUSECVE-2022-32166 at NVDCVE-2022-4337 at SUSECVE-2022-4337 at NVDCVE-2022-4338 at SUSECVE-2022-4338 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.12.0 ESR (bsc#1211922):
- CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
- CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
ImportantSUSE bug 1211922CVE-2023-34414 at SUSECVE-2023-34414 at NVDCVE-2023-34416 at SUSECVE-2023-34416 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637SUSE bug 1210711SUSE bug 1210826SUSE bug 1211615CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDCVE-2023-2597 at SUSECVE-2023-2597 at NVDCVE-2023-30441 at SUSECVE-2023-30441 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libcares2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libcares2 fixes the following issues:
- CVE-2023-32067: Fixed a denial of service that could be triggered by
a 0-byte UDP payload (bsc#1211604).
- CVE-2023-31147: Fixed an insufficient randomness in generation of
DNS query IDs (bsc#1211605).
- CVE-2023-31130: Fixed a buffer underflow when configuring specific
IPv6 addresses (bsc#1211606).
- CVE-2023-31124: Fixed a build issue when cross-compiling that could
lead to insufficient randomness (bsc#1211607).
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287).
- CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
ImportantSUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206878SUSE bug 1209287SUSE bug 1210629SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211105SUSE bug 1211186SUSE bug 1211260SUSE bug 1211592CVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libwebp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libwebp fixes the following issues:
- CVE-2023-1999: Fixed double free (bsc#1210212).
ImportantSUSE bug 1210212CVE-2023-1999 at SUSECVE-2023-1999 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Add security patches (bsc#1211846):
- CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
- CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).
ImportantSUSE bug 1211658SUSE bug 1211659SUSE bug 1211846CVE-2023-28204 at SUSECVE-2023-28204 at NVDCVE-2023-32373 at SUSECVE-2023-32373 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests [bsc#1201627]
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
ModerateSUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python fixes the following issues:
- CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471).
ImportantSUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for bind fixes the following issues:
- CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544).
ImportantSUSE bug 1212544CVE-2023-2828 at SUSECVE-2023-2828 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for installation-images (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-espos:12:sp4Security update for libqt5-qtbase (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408).
- CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798).
ImportantSUSE bug 1189408SUSE bug 1211798CVE-2020-24741 at SUSECVE-2020-24741 at NVDCVE-2023-32763 at SUSECVE-2023-32763 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).
ImportantSUSE bug 1207783CVE-2023-0494 at SUSECVE-2023-0494 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ghostscript fixes the following issues:
- CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711).
ImportantSUSE bug 1212711CVE-2023-36664 at SUSECVE-2023-36664 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
- Required fields are now highlighted in PDF forms.
- Improved performance on high-refresh rate monitors (120Hz+).
- Buttons in the Tabs toolbar can now be reached with Tab,
Shift+Tab, and Arrow keys. View this article for additional
details.
- Windows' 'Make text bigger' accessibility setting now
affects all the UI and content pages, rather than only
applying to system font sizes.
- Non-breaking spaces are now preserved—preventing automatic
line breaks—when copying text from a form control.
- Fixed WebGL performance issues on NVIDIA binary drivers via
DMA-Buf on Linux.
- Fixed an issue in which Firefox startup could be
significantly slowed down by the processing of Web content
local storage. This had the greatest impact on users with
platter hard drives and significant local storage.
- Removed a configuration option to allow SHA-1 signatures in
certificates: SHA-1 signatures in certificates—long since
determined to no longer be secure enough—are now not
supported.
- Highlight color is preserved correctly after typing `Enter`
in the mail composer of Yahoo Mail and Outlook.
After bypassing the https only error page navigating back
would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was
visited.
- Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
plain text contexts, such as input and text area.
- Added an option to print only the current page from the
print preview dialog.
- Swipe to navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) on Windows is now
enabled.
- Stability on Windows is significantly improved as Firefox
handles low-memory situations much better.
- Touchpad scrolling on macOS was made more accessible by
reducing unintended diagonal scrolling opposite of the
intended scroll axis.
- Firefox is less likely to run out of memory on Linux and
performs more efficiently for the rest of the system when
memory runs low.
- It is now possible to edit PDFs: including writing text,
drawing, and adding signatures.
- Setting Firefox as your default browser now also makes it
the default PDF application on Windows systems.
- Swipe-to-navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) now works for Linux
users on Wayland.
- Text Recognition in images allows users on macOS 10.15 and
higher to extract text from the selected image (such as a
meme or screenshot).
- Firefox View helps you get back to content you previously
discovered. A pinned tab allows you to find and open recently
closed tabs on your current device and access tabs from other
devices (via our “Tab Pickup” feature).
- Import maps, which allow web pages to control the behavior
of JavaScript imports, are now enabled by default.
- Processes used for background tabs now use efficiency mode
on Windows 11 to limit resource use.
- The shift+esc keyboard shortcut now opens the Process
Manager, offering a way to quickly identify processes that
are using too many resources.
- Firefox now supports properly color correcting images
tagged with ICCv4 profiles.
- Support for non-English characters when saving and printing
PDF forms.
- The bookmarks toolbar's default 'Only show on New Tab'
state works correctly for blank new tabs. As before, you can
change the bookmark toolbar's behavior using the toolbar
context menu.
- Manifest Version 3 (MV3) extension support is now enabled
by default (MV2 remains enabled/supported). This major update
also ushers an exciting user interface change in the form of
the new extensions button.
- The Arbitrary Code Guard exploit protection has been
enabled in the media playback utility processes, improving
security for Windows users.
- The native HTML date picker for date and datetime inputs
can now be used with a keyboard alone, improving its
accessibility for screen reader users. Users with limited
mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
- Firefox builds in the Spanish from Spain (es-ES) and
Spanish from Argentina (es-AR) locales now come with a built-
in dictionary for the Firefox spellchecker.
- On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls
the page instead of zooming. This avoids accidental zooming
and matches the behavior of other web browsers on macOS.
- It's now possible to import bookmarks, history and
passwords not only from Edge, Chrome or Safari but also from
Opera, Opera GX, and Vivaldi.
- GPU sandboxing has been enabled on Windows.
- On Windows, third-party modules can now be blocked from
injecting themselves into Firefox, which can be helpful if
they are causing crashes or other undesirable behavior.
- Date, time, and datetime-local input fields can now be
cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on
macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and
Linux.
- GPU-accelerated Canvas2D is enabled by default on macOS and
Linux.
- WebGL performance improvement on Windows, MacOS and Linux.
- Enables overlay of hardware-decoded video with non-Intel
GPUs on Windows 10/11, improving video playback performance
and video scaling quality.
- Windows native notifications are now enabled.
- Firefox Relay users can now opt-in to create Relay email
masks directly from the Firefox credential manager. You must
be signed in with your Firefox Account.
- We’ve added two new locales: Silhe Friulian (fur) and
Sardinian (sc).
- Right-clicking on password fields now shows an option to
reveal the password.
- Private windows and ETP set to strict will now include
email tracking protection. This will make it harder for email
trackers to learn the browsing habits of Firefox users. You
can check the Tracking Content in the sub-panel on the shield
icon panel.
- The deprecated U2F Javascript API is now disabled by
default. The U2F protocol remains usable through the WebAuthn
API. The U2F API can be re-enabled using the
`security.webauth.u2f` preference.
- Say hello to enhanced Picture-in-Picture! Rewind, check
video duration, and effortlessly switch to full-screen mode
on the web's most popular video websites.
- Firefox's address bar is already a great place to search
for what you're looking for. Now you'll always be able to see
your web search terms and refine them while viewing your
search's results - no additional scrolling needed! Also, a
new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest
entries.
- Private windows now protect users even better by blocking
third-party cookies and storage of content trackers.
- Passwords automatically generated by Firefox now include
special characters, giving users more secure passwords by
default.
- Firefox 115 introduces a redesigned accessibility engine
which significantly improves the speed, responsiveness, and
stability of Firefox when used with:
- Screen readers, as well as certain other accessibility
software;
- East Asian input methods;
- Enterprise single sign-on software; and
- Other applications which use accessibility frameworks to
access information.
- Firefox 115 now supports AV1 Image Format files containing
animations (AVIS), improving support for AVIF images across
the web.
- The Windows GPU sandbox first shipped in the Firefox 110
release has been tightened to enhance the security benefits
it provides.
- A 13-year-old feature request was fulfilled and Firefox now
supports files being drag-and-dropped directly from Microsoft
Outlook. A special thanks to volunteer contributor Marco
Spiess for helping to get this across the finish line!
- Users on macOS can now access the Services sub-menu
directly from Firefox context menus.
- On Windows, the elastic overscroll effect has been enabled
by default. When two-finger scrolling on the touchpad or
scrolling on the touchscreen, you will now see a bouncing
animation when scrolling past the edge of a scroll container.
- Firefox is now available in the Tajik (tg) language.
- Added UI to manage the DNS over HTTPS exception list.
- Bookmarks can now be searched from the Bookmarks menu. The
Bookmarks menu is accessible by adding the Bookmarks menu
button to the toolbar.
- Restrict searches to your local browsing history by
selecting Search history from the History, Library or
Application menu buttons.
- Mac users can now capture video from their cameras in all
supported native resolutions. This enables resolutions higher
than 1280x720.
- It is now possible to reorder the extensions listed in the
extensions panel.
- Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator.
- Pocket Recommended content can now be seen in France,
Italy, and Spain.
- DNS over HTTPS settings are now part of the Privacy &
Security section of the Settings page and allow the user to
choose from all the supported modes.
- Migrating from another browser? Now you can bring over
payment methods you've saved in Chrome-based browsers to
Firefox.
- Hardware video decoding enabled for Intel GPUs on Linux.
- The Tab Manager dropdown now features close buttons, so you
can close tabs more quickly.
- Windows Magnifier now follows the text cursor correctly
when the Firefox title bar is visible.
- Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions-
using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3
*_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
[6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows
[9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464)
Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002)
Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711)
Potential use-after-free from compartment mismatch in
SpiderMonkey
* CVE-2023-37203 (bmo#291640)
Drag and Drop API may provide access to local system files
* CVE-2023-37204 (bmo#1832195)
Fullscreen notification obscured via option element
* CVE-2023-37205 (bmo#1704420)
URL spoofing in address bar using RTL characters
* CVE-2023-37206 (bmo#1813299)
Insufficient validation of symlinks in the FileSystem API
* CVE-2023-37207 (bmo#1816287)
Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675)
Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993)
Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886)
Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
bmo#1836550, bmo#1837450)
Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,
bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,
bmo#1838587)
Memory safety bugs fixed in Firefox 115
- Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
ImportantSUSE bug 1212101SUSE bug 1212438CVE-2023-3482 at SUSECVE-2023-3482 at NVDCVE-2023-37201 at SUSECVE-2023-37201 at NVDCVE-2023-37202 at SUSECVE-2023-37202 at NVDCVE-2023-37203 at SUSECVE-2023-37203 at NVDCVE-2023-37204 at SUSECVE-2023-37204 at NVDCVE-2023-37205 at SUSECVE-2023-37205 at NVDCVE-2023-37206 at SUSECVE-2023-37206 at NVDCVE-2023-37207 at SUSECVE-2023-37207 at NVDCVE-2023-37208 at SUSECVE-2023-37208 at NVDCVE-2023-37209 at SUSECVE-2023-37209 at NVDCVE-2023-37210 at SUSECVE-2023-37210 at NVDCVE-2023-37211 at SUSECVE-2023-37211 at NVDCVE-2023-37212 at SUSECVE-2023-37212 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000):
- Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection.
ImportantSUSE bug 1213000cpe:/o:suse:sles-espos:12:sp4Security update for perl (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ModerateSUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230)
Security fixes:
- CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703)
Other fixes:
- Fixed a startup crash experienced by some Windows
users by blocking instances of a malicious injected DLL
(bmo#1841751)
- Fixed a bug with displaying a caret in the text editor
on some websites (bmo#1840804)
- Fixed a bug with broken audio rendering on some
websites (bmo#1841982)
- Fixed a bug with patternTransform translate using the
wrong units (bmo#1840746)
- Fixed a crash affecting Windows 7 users related to the
DLL blocklist.
Firefox Extended Support Release 115.0.1 ESR
- Fixed a startup crash for Windows users with Kingsoft
Antivirus software installed (bmo#1837242)
ImportantSUSE bug 1213230CVE-2023-3600 at SUSECVE-2023-3600 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cjose (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cjose fixes the following issues:
- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).
ImportantSUSE bug 1213385CVE-2023-37464 at SUSECVE-2023-37464 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- testsuite: Update further expiring certificates that affect tests [bsc#1201627]
ImportantSUSE bug 1201627SUSE bug 1207533SUSE bug 1207534SUSE bug 1207536CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
ImportantSUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libksba (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ImportantSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mariadb fixes the following issues:
- CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164).
ModerateSUSE bug 1201164CVE-2022-32084 at SUSECVE-2022-32084 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2-mod_security2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2-mod_security2 fixes the following issues:
- CVE-2022-48279: Fixed a potential firewall bypass due to an
incorrect parsing of HTTP multipart requests (bsc#1207378).
ImportantSUSE bug 1207378CVE-2022-48279 at SUSECVE-2022-48279 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137)
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1196137SUSE bug 1198136cpe:/o:suse:sles-espos:12:sp4Security update for libapr-util1 (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libapr-util1 fixes the following issues:
- CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)
CriticalSUSE bug 1207866CVE-2022-25147 at SUSECVE-2022-25147 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xrdp (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xrdp fixes the following issues:
- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
ImportantSUSE bug 1206300SUSE bug 1206303SUSE bug 1206306SUSE bug 1206307SUSE bug 1206310SUSE bug 1206311SUSE bug 1206312CVE-2022-23468 at SUSECVE-2022-23468 at NVDCVE-2022-23479 at SUSECVE-2022-23479 at NVDCVE-2022-23480 at SUSECVE-2022-23480 at NVDCVE-2022-23481 at SUSECVE-2022-23481 at NVDCVE-2022-23482 at SUSECVE-2022-23482 at NVDCVE-2022-23483 at SUSECVE-2022-23483 at NVDCVE-2022-23484 at SUSECVE-2022-23484 at NVDcpe:/o:suse:sles-espos:12:sp4Feature update for LibreOffice (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for LibreOffice fixes the following issues:
libreoffice:
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* For the highlights of changes of version 7.4 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.4
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
* poppler-data version update from 0.4.10 to 0.4.11
* skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
* New build dependencies:
* fixmath-devel
* libwebp-devel
* zlib-devel
* dragonbox-devel
* at-spi2-core-devel
* libtiff-devel
dragonbox:
- New package at version 1.1.3 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
fixmath:
- New package at version 2022.07.20 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
libmwaw:
- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
* Add debug code to read some private rsrc data
* Allow to read some MacWrite which does not have printer informations
* Add a parser for Scoop files
* Add a parser for ScriptWriter files
* Add a parser for ReadySetGo 1-4 files
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
- CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1212230SUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-34241 at SUSECVE-2023-34241 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for postgresql15 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for postgresql15 fixes the following issues:
Update to 15.2:
- CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102).
ImportantSUSE bug 1208102CVE-2022-41862 at SUSECVE-2022-41862 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- Reverted 'constraints: increase disk space for all architectures' (bsc#1203693).
- HID: betop: check shape of output reports (bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186).
- HID: check empty report_list in hid_validate_values() (bsc#1206784).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
ImportantSUSE bug 1203693SUSE bug 1205149SUSE bug 1206073SUSE bug 1206664SUSE bug 1206677SUSE bug 1206784SUSE bug 1207036SUSE bug 1207186SUSE bug 1207237CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ImageMagick (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ImageMagick fixes the following issues:
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).
ImportantSUSE bug 1207982SUSE bug 1207983CVE-2022-44267 at SUSECVE-2022-44267 at NVDCVE-2022-44268 at SUSECVE-2022-44268 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).
ImportantSUSE bug 1208027SUSE bug 1208028CVE-2023-22490 at SUSECVE-2023-22490 at NVDCVE-2023-23946 at SUSECVE-2023-23946 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for java-1_8_0-openjdk fixes the following issues:
Updated to version jdk8u362 (icedtea-3.26.0):
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
ModerateSUSE bug 1207248SUSE bug 1207249CVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for clamav (Critical)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for clamav fixes the following issues:
- CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363).
- CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).
CriticalSUSE bug 1208363SUSE bug 1208365CVE-2023-20032 at SUSECVE-2023-20032 at NVDCVE-2023-20052 at SUSECVE-2023-20052 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Updated to version 102.8.0 ESR (bsc#1208144):
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
- CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus.
- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
- CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers.
- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
- CVE-2023-25729: Fixed extensions opening external schemes without user knowledge.
- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
- CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads.
- CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey.
- CVE-2023-25744: Fixed Memory safety bugs.
- CVE-2023-25746: Fixed Memory safety bugs.
ImportantSUSE bug 1208138SUSE bug 1208144CVE-2023-0767 at SUSECVE-2023-0767 at NVDCVE-2023-25728 at SUSECVE-2023-25728 at NVDCVE-2023-25729 at SUSECVE-2023-25729 at NVDCVE-2023-25730 at SUSECVE-2023-25730 at NVDCVE-2023-25732 at SUSECVE-2023-25732 at NVDCVE-2023-25734 at SUSECVE-2023-25734 at NVDCVE-2023-25735 at SUSECVE-2023-25735 at NVDCVE-2023-25737 at SUSECVE-2023-25737 at NVDCVE-2023-25738 at SUSECVE-2023-25738 at NVDCVE-2023-25739 at SUSECVE-2023-25739 at NVDCVE-2023-25742 at SUSECVE-2023-25742 at NVDCVE-2023-25743 at SUSECVE-2023-25743 at NVDCVE-2023-25744 at SUSECVE-2023-25744 at NVDCVE-2023-25746 at SUSECVE-2023-25746 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for poppler (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).
- CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).
ImportantSUSE bug 1140877SUSE bug 1202692CVE-2019-13283 at SUSECVE-2019-13283 at NVDCVE-2022-38784 at SUSECVE-2022-38784 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for libxslt (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xterm (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xterm fixes the following issues:
- CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305).
ImportantSUSE bug 1205305CVE-2022-45063 at SUSECVE-2022-45063 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for nrpe (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for nrpe fixes the following issues:
- CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906).
ModerateSUSE bug 931600SUSE bug 938906CVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for emacs (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for emacs fixes the following issues:
- CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515).
- CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512).
ImportantSUSE bug 1208512SUSE bug 1208515CVE-2022-48337 at SUSECVE-2022-48337 at NVDCVE-2022-48339 at SUSECVE-2022-48339 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.3 (bnc#1206750):
- CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
- CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474).
- CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
- CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
- CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
- CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
- CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
ImportantSUSE bug 1206474SUSE bug 1206750CVE-2022-42852 at SUSECVE-2022-42852 at NVDCVE-2022-42856 at SUSECVE-2022-42856 at NVDCVE-2022-42863 at SUSECVE-2022-42863 at NVDCVE-2022-42867 at SUSECVE-2022-42867 at NVDCVE-2022-46691 at SUSECVE-2022-46691 at NVDCVE-2022-46692 at SUSECVE-2022-46692 at NVDCVE-2022-46698 at SUSECVE-2022-46698 at NVDCVE-2022-46699 at SUSECVE-2022-46699 at NVDCVE-2022-46700 at SUSECVE-2022-46700 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xorg-x11-server fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874).
ImportantSUSE bug 1205874CVE-2022-46340 at SUSECVE-2022-46340 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
- CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673).
ImportantSUSE bug 1206673SUSE bug 1208471CVE-2022-40899 at SUSECVE-2022-40899 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513CVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for jakarta-commons-fileupload (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513SUSE bug 986359CVE-2016-3092 at SUSECVE-2016-3092 at NVDCVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for vim (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for MozillaFirefox fixes the following issues:
Update to version 102.9.0 ESR (bsc#1209173):
- CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
- CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
- CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
- CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28160: Redirect to Web Extension files may have leaked local path
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- CVE-2023-28177: Memory safety bugs fixed in Firefox 111
ImportantSUSE bug 1209173CVE-2023-25748 at SUSECVE-2023-25748 at NVDCVE-2023-25749 at SUSECVE-2023-25749 at NVDCVE-2023-25750 at SUSECVE-2023-25750 at NVDCVE-2023-25751 at SUSECVE-2023-25751 at NVDCVE-2023-25752 at SUSECVE-2023-25752 at NVDCVE-2023-28159 at SUSECVE-2023-28159 at NVDCVE-2023-28160 at SUSECVE-2023-28160 at NVDCVE-2023-28161 at SUSECVE-2023-28161 at NVDCVE-2023-28162 at SUSECVE-2023-28162 at NVDCVE-2023-28163 at SUSECVE-2023-28163 at NVDCVE-2023-28164 at SUSECVE-2023-28164 at NVDCVE-2023-28176 at SUSECVE-2023-28176 at NVDCVE-2023-28177 at SUSECVE-2023-28177 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for apache2 fixes the following issues:
- CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).
The following non-security bugs were fixed:
- Fixed passing health check does not recover worker from its error state (bsc#1208708).
ImportantSUSE bug 1208708SUSE bug 1209047CVE-2023-25690 at SUSECVE-2023-25690 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).
The following non-security bugs were fixed:
- kabi/severities: add l2tp local symbols
ImportantSUSE bug 1191881SUSE bug 1194535SUSE bug 1201420SUSE bug 1203331SUSE bug 1203332SUSE bug 1205711SUSE bug 1207051SUSE bug 1207773SUSE bug 1207795SUSE bug 1208700SUSE bug 1209188CVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-2991 at SUSECVE-2022-2991 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for oracleasm (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of oracleasm fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-espos:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:sles-espos:12:sp4Security update for grub2 (Moderate)SUSE Linux Enterprise Server 12 SP4-ESPOS
This update of grub2 fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-espos:12:sp4Security update for mozilla-nspr, mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53.1
- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
- Fixed an issue where Firefox tab was crashing (bsc#1170908).
Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
ImportantSUSE bug 1159819SUSE bug 1168669SUSE bug 1169746SUSE bug 1170908SUSE bug 1171978SUSE bug 1173022CVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).
- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).
- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).
- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).
ImportantSUSE bug 1173376SUSE bug 1173377SUSE bug 1173378SUSE bug 1173380CVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues:
Security issues fixed:
- CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576).
- CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).
- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576).
- CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576).
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576).
- CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576).
- CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576).
- CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576).
- CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576).
- CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576).
- CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).
- CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).
- FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).
Non-security issues fixed:
- Fixed interaction with freetype6 (bsc#1173613).
ImportantSUSE bug 1167231SUSE bug 1173576SUSE bug 1173613CVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12415 at SUSECVE-2020-12415 at NVDCVE-2020-12416 at SUSECVE-2020-12416 at NVDCVE-2020-12417 at SUSECVE-2020-12417 at NVDCVE-2020-12418 at SUSECVE-2020-12418 at NVDCVE-2020-12419 at SUSECVE-2020-12419 at NVDCVE-2020-12420 at SUSECVE-2020-12420 at NVDCVE-2020-12421 at SUSECVE-2020-12421 at NVDCVE-2020-12422 at SUSECVE-2020-12422 at NVDCVE-2020-12423 at SUSECVE-2020-12423 at NVDCVE-2020-12424 at SUSECVE-2020-12424 at NVDCVE-2020-12425 at SUSECVE-2020-12425 at NVDCVE-2020-12426 at SUSECVE-2020-12426 at NVDCVE-2020-6813 at SUSECVE-2020-6813 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for squid fixes the following issues:
- CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling
attack (CVE-2020-15049, bsc#1173455)
ImportantSUSE bug 1173455CVE-2020-15049 at SUSECVE-2020-15049 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
Tomcat was updated to 9.0.36 See changelog at
- CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU
usage for several seconds making potentially the server unresponsive (bsc#1173389).
ImportantSUSE bug 1173389CVE-2020-11996 at SUSECVE-2020-11996 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update fixes the following issues:
cobbler:
- Calculate relative path for kernel and inited when generating
grub entry (bsc#1170231)
Added: fix-grub2-entry-paths.diff
- Fix os-release version detection for SUSE
Modified: sles15.patch
- Jinja2 template library fix (bsc#1141661)
- Removes string replace for textmode fix (bsc#1134195)
golang-github-prometheus-node_exporter:
- Update to 0.18.1
* [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345
* [BUGFIX] Fix rollover bug in mountstats collector #1364
* Renamed interface label to device in netclass collector for consistency with
* other network metrics #1224
* The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248
* The labels for the network_up metric have changed, see issue #1236
* Bonding collector now uses mii_status instead of operstatus #1124
* Several systemd metrics have been turned off by default to improve performance #1254
* These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds
* The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255
* [CHANGE] Bonding state uses mii_status #1124
* [CHANGE] Add a limit to the number of in-flight requests #1166
* [CHANGE] Renamed interface label to device in netclass collector #1224
* [CHANGE] Add separate cpufreq and scaling metrics #1248
* [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254
* [CHANGE] Expand systemd collector blacklist #1255
* [CHANGE] Split cpufreq metrics into a separate collector #1253
* [FEATURE] Add a flag to disable exporter metrics #1148
* [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197
* [FEATURE] Add uname collector for FreeBSD #1239
* [FEATURE] Add diskstats collector for OpenBSD #1250
* [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174
* [FEATURE] Add perf exporter for Linux #1274
* [ENHANCEMENT] Add Infiniband counters #1120
* [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143
* [ENHANCEMENT] Move network_up labels into new metric network_info #1236
* [ENHANCEMENT] Use 64-bit counters for Darwin netstat
* [BUGFIX] Add fallback for missing /proc/1/mounts #1172
* [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326
- Add network-online (Wants and After) dependency to systemd unit bsc#1143913
golang-github-prometheus-prometheus:
- Update change log and spec file
+ Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS.
+ Rebase and update patches for version 2.18.0
+ Changed:
* 0002-Default-settings.patch Changed
- Update to 2.18.0
+ Features
* Tracing: Added experimental Jaeger support #7148
+ Changes
* Federation: Only use local TSDB for federation (ignore remote read). #7096
* Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094
+ Enhancements
* TSDB: Significantly reduce WAL size kept around after a block cut. #7098
* Discovery: Add `architecture` meta label for EC2. #7000
+ Bug fixes
* UI: Fixed wrong MinTime reported by /status. #7182
* React UI: Fixed multiselect legend on OSX. #6880
* Remote Write: Fixed blocked resharding edge case. #7122
* Remote Write: Fixed remote write not updating on relabel configs change. #7073
- Changes from 2.17.2
+ Bug fixes
* Federation: Register federation metrics #7081
* PromQL: Fix panic in parser error handling #7132
* Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138
* TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135
* TSDB: Make isolation more robust to panics in web handlers #7129 #7136
- Changes from 2.17.1
+ Bug fixes
* TSDB: Fix query performance regression that increased memory and CPU usage #7051
- Changes from 2.17.0
+ Features
* TSDB: Support isolation #6841
* This release implements isolation in TSDB. API queries and recording rules are
guaranteed to only see full scrapes and full recording rules. This comes with a
certain overhead in resource usage. Depending on the situation, there might be
some increase in memory usage, CPU usage, or query latency.
+ Enhancements
* PromQL: Allow more keywords as metric names #6933
* React UI: Add normalization of localhost URLs in targets page #6794
* Remote read: Read from remote storage concurrently #6770
* Rules: Mark deleted rule series as stale after a reload #6745
* Scrape: Log scrape append failures as debug rather than warn #6852
* TSDB: Improve query performance for queries that partially hit the head #6676
* Consul SD: Expose service health as meta label #5313
* EC2 SD: Expose EC2 instance lifecycle as meta label #6914
* Kubernetes SD: Expose service type as meta label for K8s service role #6684
* Kubernetes SD: Expose label_selector and field_selector #6807
* Openstack SD: Expose hypervisor id as meta label #6962
+ Bug fixes
* PromQL: Do not escape HTML-like chars in query log #6834 #6795
* React UI: Fix data table matrix values #6896
* React UI: Fix new targets page not loading when using non-ASCII characters #6892
* Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018
* Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998
* Scrape: Prevent removal of metric names upon relabeling #6891
* Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986
* Scrape: Fix crash when reloads are separated by two scrape intervals #7011
- Changes from 2.16.0
+ Features
* React UI: Support local timezone on /graph #6692
* PromQL: add absent_over_time query function #6490
* Adding optional logging of queries to their own file #6520
+ Enhancements
* React UI: Add support for rules page and 'Xs ago' duration displays #6503
* React UI: alerts page, replace filtering togglers tabs with checkboxes #6543
* TSDB: Export metric for WAL write errors #6647
* TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651
* PromQL: Refactoring in parser errors to improve error messages #6634
* PromQL: Support trailing commas in grouping opts #6480
* Scrape: Reduce memory usage on reloads by reusing scrape cache #6670
* Scrape: Add metrics to track bytes and entries in the metadata cache #6675
* promtool: Add support for line-column numbers for invalid rules output #6533
* Avoid restarting rule groups when it is unnecessary #6450
+ Bug fixes
* React UI: Send cookies on fetch() on older browsers #6553
* React UI: adopt grafana flot fix for stacked graphs #6603
* React UI: broken graph page browser history so that back button works as expected #6659
* TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616
* TSDB: return an error on ingesting series with duplicate labels #6664
* PromQL: Fix unary operator precedence #6579
* PromQL: Respect query.timeout even when we reach query.max-concurrency #6712
* PromQL: Fix string and parentheses handling in engine, which affected React UI #6612
* PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493
* Scrape: Validate that OpenMetrics input ends with `# EOF` #6505
* Remote read: return the correct error if configs can't be marshal'd to JSON #6622
* Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673
* Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511
* Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693
- Changes from 2.15.2
+ Bug fixes
* TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564
* TSDB: Fixed block compaction issues on Windows. #6547
- Changes from 2.15.1
+ Bug fixes
* TSDB: Fixed race on concurrent queries against same data. #6512
- Changes from 2.15.0
+ Features
* API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442
+ Changes
* Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393
* Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043
+ Enhancements
* TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461
* TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475
* TSDB: Improve replay latency. #6230
* TSDB: WAL size is now used for size based retention calculation. #5886
* Remote read: Added query grouping and range hints to the remote read request #6401
* Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344
* promql: Improved PromQL parser performance. #6356
* React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements.
* promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065
+ Bug fixes
* Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455
* Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378
* Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469
* API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303
- Changes from 2.14.0
+ Features
* API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243
* React UI: implement the new experimental React based UI. #5694 and many more
* Can be found by under `/new`.
* Not all pages are implemented yet.
* Status: Cardinality statistics added to the Runtime & Build Information page. #6125
+ Enhancements
* Remote write: fix delays in remote write after a compaction. #6021
* UI: Alerts can be filtered by state. #5758
+ Bug fixes
* Ensure warnings from the API are escaped. #6279
* API: lifecycle endpoints return 403 when not enabled. #6057
* Build: Fix Solaris build. #6149
* Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270
* Remote write: restore use of deduplicating logger in remote write. #6113
* Remote write: do not reshard when unable to send samples. #6111
* Service discovery: errors are no longer logged on context cancellation. #6116, #6133
* UI: handle null response from API properly. #6071
- Changes from 2.13.1
+ Bug fixes
* Fix panic in ARM builds of Prometheus. #6110
* promql: fix potential panic in the query logger. #6094
* Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145
- Changes from 2.13.0
+ Enhancements
* Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254
* Include the tsdb tool in builds. #6089
* Service discovery: add new node address types for kubernetes. #5902
* UI: show warnings if query have returned some warnings. #5964
* Remote write: reduce memory usage of the series cache. #5849
* Remote read: use remote read streaming to reduce memory usage. #5703
* Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787
* Promtool: show the warnings during label query. #5924
* Promtool: improve error messages when parsing bad rules. #5965
* Promtool: more promlint rules. #5515
+ Bug fixes
* UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098
* Promtool: fix recording inconsistency due to duplicate labels. #6026
* UI: fixes service-discovery view when accessed from unhealthy targets. #5915
* Metrics format: OpenMetrics parser crashes on short input. #5939
* UI: avoid truncated Y-axis values. #6014
- Changes from 2.12.0
+ Features
* Track currently active PromQL queries in a log file. #5794
* Enable and provide binaries for `mips64` / `mips64le` architectures. #5792
+ Enhancements
* Improve responsiveness of targets web UI and API endpoint. #5740
* Improve remote write desired shards calculation. #5763
* Flush TSDB pages more precisely. tsdb#660
* Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667
* Add logging during TSDB WAL replay on startup. tsdb#662
* Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627
+ Bug fixes
* Check for duplicate label names in remote read. #5829
* Mark deleted rules' series as stale on next evaluation. #5759
* Fix JavaScript error when showing warning about out-of-sync server time. #5833
* Fix `promtool test rules` panic when providing empty `exp_labels`. #5774
* Only check last directory when discovering checkpoint number. #5756
* Fix error propagation in WAL watcher helper functions. #5741
* Correctly handle empty labels from alert templates. #5845
- Update Uyuni/SUSE Manager service discovery patch
+ Modified 0003-Add-Uyuni-service-discovery.patch:
+ Adapt service discovery to the new Uyuni API endpoints
+ Modified spec file: force golang 1.12 to fix build issues in SLE15SP2
- Update to Prometheus 2.11.2
grafana:
- Update to version 7.0.3
* Features / Enhancements
- Stats: include all fields. #24829, @ryantxu
- Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff
* Bug fixes
- Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian
- Configuration: Fix env var override of sections containing hyphen. #25178, @marefr
- Dashboard: Get panels in collapsed rows. #25079, @peterholmberg
- Do not show alerts tab when alerting is disabled. #25285, @dprokop
- Jaeger: fixes cascader option label duration value. #25129, @Estrax
- Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo
- Update to version 7.0.2
* Bug fixes
- Security: Urgent security patch release to fix CVE-2020-13379
- Update to version 7.0.1
* Features / Enhancements
- Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney
- Download CSV: Add date and time formatting. #24992, @ryantxu
- Table: Make last cell value visible when right aligned. #24921, @peterholmberg
- TablePanel: Adding sort order persistance. #24705, @torkelo
- Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg
- Transformations: Allow custom number input for binary operations. #24752, @ryantxu
* Bug fixes
- Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani
- Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani
- Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark
- DataLinks: Bring back variables interpolation in title. #24970, @dprokop
- Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney
- Explore/Table: Keep existing field types if possible. #24944, @kaydelaney
- Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova
- Explore: fix undo in query editor. #24797, @zoltanbedi
- Explore: fix word break in type head info. #25014, @zoltanbedi
- Graph: Legend decimals now work as expected. #24931, @torkelo
- LoginPage: Fix hover color for service buttons. #25009, @tskarhed
- LogsPanel: Fix scrollbar. #24850, @ivanahuckova
- MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo
- Organize transformer: Use display name in field order comparer. #24984, @dprokop
- Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark
- PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop
- PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo
- PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark
- PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark
- PanelMenu: Make menu disappear on button press. #25015, @tskarhed
- Postgres: Fix add button. #25087, @phemmer
- Prometheus: Fix recording rules expansion. #24977, @ivanahuckova
- Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian
- Update to version 7.0.0
* Breaking changes
- Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin.
- Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds.
- Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10.
- Datasource/Loki: Support for deprecated Loki endpoints has been removed.
- Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information.
- @grafana/ui: Forms migration notice, see @grafana/ui changelog
- @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog
+ Deprecation warnings
- Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059
- The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins.
* Features / Enhancements
- Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr
- Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal
- Loki: Allow multiple derived fields with the same name. #24437, @aocenas
- Orgs: Add future deprecation notice. #24502, @torkelo
* Bug Fixes
- @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi
- Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark
- Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop
- Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo
- Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn
- Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo
- Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg
- Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop
- Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet
- Data source: Fixes async mount errors. #24579, @Estrax
- Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1
- Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova
- Explore: Fix rendering of react query editors. #24593, @ivanahuckova
- Explore: Fixes loading more logs in logs context view. #24135, @Estrax
- Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo
- Graphite: Makes query annotations work again. #24556, @hugohaggmark
- Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney
- Logs: Fix total bytes process calculation. #24691, @davkal
- Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet
- Plugins: Fix manifest validation. #24573, @aknuds1
- Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist
- Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed
- Search: Save folder expanded state. #24496, @Clarity-89
- Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss
- Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo
- Table: Fixed persisting column resize for time series fields. #24505, @torkelo
- Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark
- Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn
- Transformations: Make transform dropdowns not cropped. #24615, @dprokop
- Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark
- Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark
- Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark
- Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark
- Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas
- SAML: Switch from email to login for user login attribute mapping (Enterprise)
- Update Makefile and spec file
* Remove phantomJS patch from Makefile
* Fix multiline strings in Makefile
* Exclude s390 from SLE12 builds, golang 1.14 is not built for s390
- Add instructions for patching the Grafana javascript frontend.
- BuildRequires golang(API) instead of go metapackage version range
* BuildRequires: golang(API) >= 1.14 from
BuildRequires: ( go >= 1.14 with go < 1.15 )
- Update to version 6.7.3
- This version fixes bsc#1170557 and its corresponding CVE-2020-12245
- Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin
- Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark
- AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken
- Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg
- Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan
- DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo
- Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh
- Security: Fix annotation popup XSS vulnerability. #23813, @torkelo
- Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1
- TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo
- Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark
- Update to version 6.7.2:
(see installed changelog for the full list of changes)
- BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo
- Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop
- DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn
- Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn
- Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo
- Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo
- Plugins: Expose promiseToDigest. #23249, @torkelo
- Reporting (Enterprise): Fixes issue updating a report created by someone else
- Update to 6.7.1:
(see installed changelog for the full list of changes)
Bug Fixes
- Azure: Fixed dropdowns not showing current value. #22914, @torkelo
- BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark
- Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo
- Reporting: fixes migrations compatibility with mysql (Enterprise)
- Reporting: Reduce default concurrency limit to 4 (Enterprise)
- Update to 6.7.0:
(see installed changelog for the full list of changes)
Bug Fixes
- AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo
- BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark
- Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo
- Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo
- Rich History: UX adjustments and fixes. #22729, @ivanahuckova
- Update to 6.7.0-beta1:
Breaking changes
- Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked.
- Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338
- Notice about changes in backendSrv for plugin authors
In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv.
Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI.
To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv.
Bug Fixes
API: Fix redirect issues. #22285, @papagian
Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1
Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal
Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal
Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek
BackendSrv: Fixes POST body for form data. gmark
CloudWatch: Credentials cache invalidation fix. #22473, @sunker
CloudWatch: Expand alias variables when query yields no result. #22695, @sunker
Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk
Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing
Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d
Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo
StatPanel: Fixes base color is being used for null values .
#22646, @torkelo
- Update to version 6.6.2:
(see installed changelog for the full list of changes)
- Update to version 6.6.1:
(see installed changelog for the full list of changes)
- Update to version 6.6.0:
(see installed changelog for the full list of changes)
- Update to version 6.5.3:
(see installed changelog for the full list of changes)
- Update to version 6.5.2:
(see installed changelog for the full list of changes)
- Update to version 6.5.1:
(see installed changelog for the full list of changes)
- Update to version 6.5.0
(see installed changelog for the full list of changes)
- Update to version 6.4.5:
* Create version 6.4.5
* CloudWatch: Fix high CPU load (#20579)
- Add obs-service-go_modules to download required modules into vendor.tar.gz
- Adjusted spec file to use vendor.tar.gz
- Adjusted Makefile to work with new filenames
- BuildRequire go1.14
- Update to version 6.4.4:
* DataLinks: Fix blur issues. #19883, @aocenas
* Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson
* LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen
* LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson
* Singlestat: Fix no data / null value mapping . #19951, @ryantxu
- Revert the spec file and make script
- Remove PhantomJS dependency
- Update to 6.4.3
* Bug Fixes
- Alerting: All notification channels should send even if one fails to send. #19807, @jan25
- AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas
- ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal
- DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop
- DataLinks: Fix url field not releasing focus. #19804, @aocenas
- Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas
- Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark
- Singlestat: Fixed issue with mapping null to text. #19689, @torkelo
- @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop
- @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang
- Update to 6.4.2
* Bug Fixes
- CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron
- Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark
- Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo
- Graph: Switching to series mode should re-render graph. #19623, @torkelo
- Loki: Fix autocomplete on label values. #19579, @aocenas
- Loki: Removes live option for logs panel. #19533, @davkal
- Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha
- Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark
- sted keys in YAML provisioning caused a server crash, #19547
- ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise)
- Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise).
- Changes from 6.4.0
* Features / Enhancements
- Build: Upgrade go to 1.12.10. #19499, @marefr
- DataLinks: Suggestions menu improvements. #19396, @dprokop
- Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova
- Explore: Update broken link to logql docs. #19510, @ivanahuckova
- Logs: Adds Logs Panel as a visualization. #19504, @davkal
* Bug Fixes
- CLI: Fix version selection for plugin install. #19498, @aocenas
- Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo
- Changes from 6.4.0 Beta 2
* Features / Enhancements
- Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker
- Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr
- Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo
- grafana/toolkit: Add plugin creation task. #19207, @dprokop
* Bug Fixes
- Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark
- Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm
- Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz
- Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu
- MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr
- Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh
- MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr
- MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr
- MySQL: Limit datasource error details returned from the backend. #19373, @marefr
- Changes from 6.4.0 Beta 1
* Features / Enhancements
- API: Readonly datasources should not be created via the API. #19006, @papagian
- Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar
- Annotations: Add annotations support to Loki. #18949, @aocenas
- Annotations: Use a single row to represent a region. #17673, @ryantxu
- Auth: Allow inviting existing users when login form is disabled. #19048, @548017
- Azure Monitor: Add support for cross resource queries. #19115, @sunker
- CLI: Allow installing custom binary plugins. #17551, @aocenas
- Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark
- Dashboard: Reuse query results between panels . #16660, @ryantxu
- Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod
- DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu
- DataLinks: Enable access to labels & field names. #18918, @torkelo
- DataLinks: Enable multiple data links per panel. #18434, @dprokop
- Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech
- Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery
- Explore: Add throttling when doing live queries. #19085, @aocenas
- Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney
- Explore: Reduce default time range to last hour. #18212, @davkal
- Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu
- Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal
- Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian
- InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code
- LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh
- Ldap: Add ldap debug page. #18759, @peterholmberg
- Loki: Remove prefetching of default label values. #18213, @davkal
- Metrics: Add failed alert notifications metric. #18089, @koorgoo
- OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon
- OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin
- Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh
- Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati
- Plugins: better warning when plugins fail to load. #18671, @ryantxu
- Postgres: Add support for scram sha 256 authentication. #18397, @nonamef
- RemoteCache: Support SSL with Redis. #18511, @kylebrandt
- SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu
- Stackdriver: Add extra alignment period options. #18909, @sunker
- Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon
- Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar
* Bug Fixes
- Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian
- Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt
- Alerting: fix response popover prompt when add notification channels. #18967, @lzdw
- CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger
- Explore: Fix auto completion on label values for Loki. #18988, @aocenas
- Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark
- Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark
- MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold
- MSSQL: Fix memory leak when debug enabled. #19049, @briangann
- Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt
- TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark
* Breaking changes
+ Annotations
There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented
using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details.
+ Docker
Grafana is now using Alpine 3.10 as docker base image.
+ HTTP API
- GET /api/alert-notifications now requires at least editor access.
New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user.
- GET /api/alert-notifiers now requires at least editor access
- GET /api/org/users now requires org admin role.
New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins,
admin in any folder or admin of any team.
- GET /api/annotations no longer returns regionId property.
- POST /api/annotations no longer supports isRegion property.
- PUT /api/annotations/:id no longer supports isRegion property.
- PATCH /api/annotations/:id no longer supports isRegion property.
- DELETE /api/annotations/region/:id has been removed.
* Deprecation notes
+ PhantomJS
- PhantomJS, which is used for rendering images of dashboards and panels,
is deprecated and will be removed in a future Grafana release.
A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use.
Please consider migrating from PhantomJS to the Grafana Image Renderer plugin.
- Changes from 6.3.6
* Features / Enhancements
- Metrics: Adds setting for turning off total stats metrics. #19142, @marefr
* Bug Fixes
- Database: Rewrite system statistics query to perform better. #19178, @papagian
- Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney
- Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors.
- Add missing directories provisioning/datasources and provisioning/notifiers
and sample.yaml as described in packaging/rpm/control from upstream.
Missing directories are shown in logfiles.
- Version 6.3.5
* Upgrades
+ Build: Upgrade to go 1.12.9.
* Bug Fixes
+ Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties.
+ Editor: Fixes issue where only entire lines were being copied.
+ Explore: Fixes query field layout in splitted view for Safari browsers.
+ LDAP: multildap + ldap integration.
+ Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds.
+ Prometheus: Prevents panel editor crash when switching to Prometheus datasource.
+ Prometheus: Changes brace-insertion behavior to be less annoying.
- Version 6.3.4
* Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use.
- Version 6.3.3
* Bug Fixes
+ Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1
+ Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3
+ DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1
+ DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1
+ DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1
+ Explore: Fix loading error for empty queries. #18488 1, @davkal
+ Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2
+ Graphite: Avoid glob of single-value array variables . #18420, @gotjosh
+ Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3
+ Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2
+ TimeSeries: Assume values are all numbers. #18540 4, @ryantxu
- Version 6.3.2
* Bug Fixes
+ Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12
- Version 6.3.1
* Bug Fixes
+ PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2
- Version 6.3.0
* Features / Enhancements
+ OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3
+ Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh
+ Build grafana images consistently. #18224 12, @hassanfarid
+ Docs: SAML. #18069 11, @gotjosh
+ Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas
+ TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2
+ Alerting: Add tags to alert rules. #10989 13, @Thib17 1
+ Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng
+ Alerting: Improve alert rule testing. #16286 2, @marefr
+ Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25
+ Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1
+ Auth: Allow expiration of API keys. #17678, @papagian 3
+ Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1
+ Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1
+ AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1
+ CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu
+ Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu
+ Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax
+ Data links. #17267 11, @torkelo 2
+ Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1
+ Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr
+ Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3
+ Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2
+ Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2
+ Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2
+ Explore: Allow switching between metrics and logs . #16959 2, @marefr
+ Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3
+ Explore: Display log lines context . #17097, @dprokop 1
+ Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr
+ Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2
+ Explore: Support for new LogQL filtering syntax. #16674 4, @davkal
+ Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3
+ Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1
+ Graph: Added new fill gradient option. #17528 3, @torkelo 2
+ GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1
+ InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3
+ Logging: Login and Logout actions (#17760). #17883 1, @ATTron
+ Logging: Move log package to pkg/infra. #17023, @zhulongcheng
+ Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1
+ MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd
+ MySQL: Add support for periodically reloading client certs. #14892, @tpetr
+ Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu
+ Prometheus: Take timezone into account for step alignment. #17477, @fxmiii
+ Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246
+ Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA
+ Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis
+ Refresh picker: Handle empty intervals. #17585 1, @dehrax
+ Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr
+ Snapshot: use given key and deleteKey. #16876, @zhulongcheng
+ Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev
+ Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad
+ Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway
+ Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin
* Bug Fixes
+ PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax
+ OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3
+ cli: fix for recognizing when in dev mode… #18334, @xlson
+ DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2
+ Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2
+ PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson
+ TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2
+ Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2
+ remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke
+ AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax
+ CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr
+ Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr
+ Explore: Fix browsing back to dashboard panel. #17061, @jschill
+ Explore: Fix filter by series level in logs graph. #17798, @marefr
+ Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr
+ Explore: Fix selection/copy of log lines. #17121, @marefr
+ Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas
+ Frontend: Fix for Json tree component not working. #17608, @srid12
+ Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2
+ Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2
+ Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3
+ HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25
+ InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki
+ Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess
+ Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi
+ SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri
- Make phantomjs dependency configurable
- Create plugin directory and clean up (create in %install,
add to %files) handling of /var/lib/grafana/* and
mgr-cfg:
- Remove commented code in test files
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Add mgr manpage links
mgr-custom-info:
- Bump version to 4.1.0 (bsc#1154940)
mgr-daemon:
- Bump version to 4.1.0 (bsc#1154940)
- Fix systemd timer configuration on SLE12 (bsc#1142038)
mgr-osad:
- Separate osa-dispatcher and jabberd so it can be disabled independently
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Move /usr/share/rhn/config-defaults to uyuni-base-common
- Require uyuni-base-common for /etc/rhn (for osa-dispatcher)
- Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-push:
- Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
mgr-virtualization:
- Replace spacewalk-usix with uyuni-common-libs
- Bump version to 4.1.0 (bsc#1154940)
- Fix mgr-virtualization timer
rhnlib:
- Fix building
- Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)
- Bump version to 4.1.0 (bsc#1154940)
- Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)
spacecmd:
- Only report real error, not result (bsc#1171687)
- Use defined return values for spacecmd methods so scripts can
check for failure (bsc#1171687)
- Disable globbing for api subcommand to allow wildcards in filter
settings (bsc#1163871)
- Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
- Bump version to 4.1.0 (bsc#1154940)
- Prevent error when piping stdout in Python 2 (bsc#1153090)
- Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277)
- Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
- Add unit test for schedule, errata, user, utils, misc, configchannel
and kickstart modules
- Multiple minor bugfixes alongside the unit tests
- Bugfix: referenced variable before assignment.
- Add unit test for report, package, org, repo and group
spacewalk-client-tools:
- Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921)
- Spell correctly 'successful' and 'successfully'
- Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)
- Replace spacewalk-usix with uyuni-common-libs
- Return a non-zero exit status on errors in rhn_check
- Bump version to 4.1.0 (bsc#1154940)
- Make a explicit requirement to systemd for spacewalk-client-tools
when rhnsd timer is installed
spacewalk-koan:
- Bump version to 4.1.0 (bsc#1154940)
- Require commands we use in merge-rd.sh
spacewalk-oscap:
- Bump version to 4.1.0 (bsc#1154940)
spacewalk-remote-utils:
- Update spacewalk-create-channel with RHEL 7.7 channel definitions
- Bump version to 4.1.0 (bsc#1154940)
supportutils-plugin-susemanager-client:
- Bump version to 4.1.0 (bsc#1154940)
suseRegisterInfo:
- SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310)
- Bump version to 4.1.0 (bsc#1154940)
zypp-plugin-spacewalk:
- Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462)
ModerateSUSE bug 1113160SUSE bug 1134195SUSE bug 1138822SUSE bug 1141661SUSE bug 1142038SUSE bug 1143913SUSE bug 1148177SUSE bug 1153090SUSE bug 1153277SUSE bug 1154940SUSE bug 1154968SUSE bug 1155372SUSE bug 1163871SUSE bug 1165921SUSE bug 1168310SUSE bug 1170231SUSE bug 1170557SUSE bug 1171687SUSE bug 1172462CVE-2019-10215 at SUSECVE-2019-10215 at NVDCVE-2019-15043 at SUSECVE-2019-15043 at NVDCVE-2020-12245 at SUSECVE-2020-12245 at NVDCVE-2020-13379 at SUSECVE-2020-13379 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xrdp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xrdp fixes the following issues:
- Security fixes (bsc#1173580, CVE-2020-4044):
+ Add patches:
* xrdp-cve-2020-4044-fix-0.patch
* xrdp-cve-2020-4044-fix-1.patch
+ Rebase SLE patch:
* xrdp-fate318398-change-expired-password.patch
- Update patch:
+ xrdp-Allow-sessions-with-32-bpp.patch.patch
ImportantSUSE bug 1173580CVE-2020-4044 at SUSECVE-2020-4044 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
ImportantSUSE bug 1174117SUSE bug 1174121CVE-2020-13934 at SUSECVE-2020-13934 at NVDCVE-2020-13935 at SUSECVE-2020-13935 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mailman fixes the following issues:
- CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369).
ImportantSUSE bug 1173369CVE-2020-15011 at SUSECVE-2020-15011 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160).
ModerateSUSE bug 1173160CVE-2020-10745 at SUSECVE-2020-10745 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.3 (bsc#1173998):
+ Enable kinetic scrolling with async scrolling.
+ Fix web process hangs on large GitHub pages.
+ Bubblewrap sandbox should not attempt to bind empty paths.
+ Fix threading issues in the media player.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805,
CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,
CVE-2020-13753.
ImportantSUSE bug 1173998CVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9806 at SUSECVE-2020-9806 at NVDCVE-2020-9807 at SUSECVE-2020-9807 at NVDCVE-2020-9843 at SUSECVE-2020-9843 at NVDCVE-2020-9850 at SUSECVE-2020-9850 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for grub2 fixes the following issues:
- Fix for CVE-2020-10713 (bsc#1168994)
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
(bsc#1173812)
- Fix for CVE-2020-15706 (bsc#1174463)
- Fix for CVE-2020-15707 (bsc#1174570)
- Use overflow checking primitives where the arithmetic expression for buffer
allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur
- Use gcc-9 compiler for overflow check builtins
- Backport gcc-9 build fixes
ImportantSUSE bug 1168994SUSE bug 1173812SUSE bug 1174463SUSE bug 1174570CVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ghostscript fixes the following issues:
- fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout)
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
(bsc#1174415)
ImportantSUSE bug 1174415CVE-2020-15900 at SUSECVE-2020-15900 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.1.0 ESR
* Fixed: Various stability, functionality, and security fixes (bsc#1174538)
* CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514: WebRTC data channel leaks internal address to peer
* CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653: Bypassing iframe sandbox when allowing popups
* CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656: Type confusion for special arguments in IonMonkey
* CVE-2020-15658: Overriding file type when saving to disk
* CVE-2020-15657: DLL hijacking due to incorrect loading path
* CVE-2020-15654: Custom cursor can overlay user interface
* CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
ModerateSUSE bug 1173948SUSE bug 1174538CVE-2020-15652 at SUSECVE-2020-15652 at NVDCVE-2020-15653 at SUSECVE-2020-15653 at NVDCVE-2020-15654 at SUSECVE-2020-15654 at NVDCVE-2020-15655 at SUSECVE-2020-15655 at NVDCVE-2020-15656 at SUSECVE-2020-15656 at NVDCVE-2020-15657 at SUSECVE-2020-15657 at NVDCVE-2020-15658 at SUSECVE-2020-15658 at NVDCVE-2020-15659 at SUSECVE-2020-15659 at NVDCVE-2020-6463 at SUSECVE-2020-6463 at NVDCVE-2020-6514 at SUSECVE-2020-6514 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628)
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
- CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
- CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
- CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
- CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).
- CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).
- CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
- CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
- CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
- CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
- CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783).
- CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781).
- CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782).
- CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775).
- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458).
The following non-security bugs were fixed:
- ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510).
- ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
- bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
- block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673).
- block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673).
- block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
- block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)).
- btrfs: always wait on ordered extents at fsync time (bsc#1171761).
- btrfs: clean up the left over logged_list usage (bsc#1171761).
- btrfs: do not zero f_bavail if we have available space (bsc#1168081).
- btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761).
- btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761).
- btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761).
- btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761).
- btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761).
- btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761).
- btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761).
- btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761).
- btrfs: remove no longer used logged range variables when logging extents (bsc#1171761).
- btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761).
- btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761).
- btrfs: remove the logged extents infrastructure (bsc#1171761).
- btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761).
- btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
- CDC-ACM: heed quirk also in error handling (git-fixes).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016).
- clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
- clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
- clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)).
- compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)).
- copy_{to,from}_user(): consolidate object size checks (git fixes).
- crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes).
- dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)).
- dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)).
- dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)).
- dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)).
- dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)).
- dm: various cleanups to md->queue initialization code (git fixes).
- dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)).
- dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)).
- Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618).
- drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510).
- drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes
- drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
- drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes
- drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472)
- drm/radeon: fix double free (bsc#1152472)
- drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)
- e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
- e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510).
- EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
- evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
- evm: Fix a small race in init_desc() (bsc#1051510).
- extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510).
- gpiolib: Document that GPIO line names are not globally unique (bsc#1051510).
- HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
- ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
- ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
- ibmvnic: Flush existing work items before device removal (bsc#1065729).
- ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
- iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510).
- iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
- ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510).
- ima: Fix ima digest hash table key calculation (bsc#1051510).
- include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868).
- intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
- KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279).
- kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
- KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904).
- KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
- libceph: do not omit recovery_deletes in target_copy() (bsc#1173462).
- livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
- livepatch: Disallow vmlinux.ko (bsc#1071995).
- livepatch: Make klp_apply_object_relocs static (bsc#1071995).
- livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
- livepatch: Remove .klp.arch (bsc#1071995).
- md: Avoid namespace collision with bitmap API (git fixes (block drivers)).
- md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)).
- mmc: fix compilation of user API (bsc#1051510).
- netfilter: connlabels: prefer static lock initialiser (git-fixes).
- netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
- netfilter: not mark a spinlock as __read_mostly (git-fixes).
- net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484).
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592).
- NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
- nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058).
- nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058).
- objtool: Clean instruction state before each function validation (bsc#1169514).
- objtool: Ignore empty alternatives (bsc#1169514).
- overflow: Fix -Wtype-limits compilation warnings (git fixes).
- overflow.h: Add arithmetic shift helper (git fixes).
- p54usb: add AirVasT USB stick device-id (bsc#1051510).
- PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
- PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510).
- PCI: Program MPS for RCiEP devices (bsc#1051510).
- PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510).
- perf: Allocate context task_ctx_data for child event (git-fixes).
- perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
- perf: Copy parent's address filter offsets on clone (git-fixes).
- perf/core: Add sanity check to deal with pinned event failure (git-fixes).
- perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
- perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
- perf/core: Fix bad use of igrab() (git fixes (dependent patch)).
- perf/core: Fix crash when using HW tracing kernel filters (git-fixes).
- perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
- perf/core: Fix error handling in perf_event_alloc() (git-fixes).
- perf/core: Fix exclusive events' grouping (git-fixes).
- perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
- perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
- perf/core: Fix locking for children siblings group read (git-fixes).
- perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)).
- perf/core: Fix perf_event_read_value() locking (git-fixes).
- perf/core: Fix perf_pmu_unregister() locking (git-fixes).
- perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)).
- perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
- perf/core: Fix race between close() and fork() (git-fixes).
- perf/core: Fix the address filtering fix (git-fixes).
- perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
- perf/core: Force USER_DS when recording user stack data (git-fixes).
- perf/core: Restore mmap record type correctly (git-fixes).
- perf: Fix header.size for namespace events (git-fixes).
- perf/ioctl: Add check for the sample_period value (git-fixes).
- perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes).
- perf: Return proper values for user stack errors (git-fixes).
- perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
- perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes).
- perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
- perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes).
- perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes).
- perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable).
- perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
- perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable).
- perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
- perf/x86: Fix incorrect PEBS_REGS (git-fixes).
- perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes).
- perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes).
- perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
- perf/x86/intel: Fix PT PMI handling (git-fixes).
- perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes).
- perf/x86/intel/uncore: Add Node ID mask (git-fixes).
- perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
- perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)).
- perf/x86/uncore: Fix event group support (git-fixes).
- pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)).
- pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510).
- pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510).
- pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510).
- pnp: Use list_for_each_entry() instead of open coding (git fixes).
- powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
- powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729).
- powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
- power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510).
- power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510).
- power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
- raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)).
- resolve KABI warning for perf-pt-coresight (git-fixes).
- Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)).
- Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)).
- Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove'
- rpm/kernel-docs.spec.in: Require python-packaging for build.
- s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
- s390: fix syscall_get_error for compat processes (git-fixes).
- s390/qdio: consistently restore the IRQ handler (git-fixes).
- s390/qdio: lock device while installing IRQ handler (git-fixes).
- s390/qdio: put thinint indicator after early error (git-fixes).
- s390/qdio: tear down thinint indicator after early error (git-fixes).
- s390/qeth: fix error handling for isolation mode cmds (git-fixes).
- scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814).
- scsi: qedf: Add port_id getter (bsc#1150660).
- scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).
- spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510).
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
- staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
- SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624).
- tracing: Fix event trigger to accept redundant spaces (git-fixes).
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
- tty: n_gsm: Fix SOF skipping (bsc#1051510).
- tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510).
- usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510).
- usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510).
- usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510).
- usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510).
- usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
- usb: musb: start session in resume for host port (bsc#1051510).
- usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
- usb: serial: qcserial: add DW5816e QDL support (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510).
- usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes).
- virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)).
- vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
- vmxnet3: add support to get/set rx flow hash (bsc#1172484).
- vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
- vmxnet3: avoid format strint overflow warning (bsc#1172484).
- vmxnet3: prepare for version 4 changes (bsc#1172484).
- vmxnet3: Remove always false conditional statement (bsc#1172484).
- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484).
- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
- vmxnet3: update to version 4 (bsc#1172484).
- vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484).
- w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510).
- work around mvfs bug (bsc#1162063).
- x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
- x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes).
- x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
- x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
- xfrm: fix error in comment (git fixes).
ImportantSUSE bug 1051510SUSE bug 1065729SUSE bug 1071995SUSE bug 1085030SUSE bug 1104967SUSE bug 1114279SUSE bug 1144333SUSE bug 1148868SUSE bug 1150660SUSE bug 1152107SUSE bug 1152472SUSE bug 1152624SUSE bug 1158983SUSE bug 1159058SUSE bug 1161016SUSE bug 1162002SUSE bug 1162063SUSE bug 1168081SUSE bug 1169194SUSE bug 1169514SUSE bug 1169795SUSE bug 1170011SUSE bug 1170592SUSE bug 1170618SUSE bug 1171124SUSE bug 1171424SUSE bug 1171558SUSE bug 1171673SUSE bug 1171732SUSE bug 1171761SUSE bug 1171868SUSE bug 1171904SUSE bug 1172257SUSE bug 1172344SUSE bug 1172458SUSE bug 1172484SUSE bug 1172759SUSE bug 1172775SUSE bug 1172781SUSE bug 1172782SUSE bug 1172783SUSE bug 1172999SUSE bug 1173265SUSE bug 1173280SUSE bug 1173428SUSE bug 1173462SUSE bug 1173514SUSE bug 1173567SUSE bug 1173573SUSE bug 1174115SUSE bug 1174462SUSE bug 1174543CVE-2019-16746 at SUSECVE-2019-16746 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20908 at SUSECVE-2019-20908 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10769 at SUSECVE-2020-10769 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- bsc#1174543 - secure boot related fixes
- bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages
ImportantSUSE bug 1163019SUSE bug 1174543CVE-2020-8608 at SUSECVE-2020-8608 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-ipaddress (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-ipaddress fixes the following issues:
- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing
CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions
in IPv4Interface and IPv6Interface could lead to DOS.
ImportantSUSE bug 1173274CVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for LibVNCServer (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for LibVNCServer fixes the following issues:
- security update
fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings.
fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
ImportantSUSE bug 1173477SUSE bug 1173691SUSE bug 1173694SUSE bug 1173700SUSE bug 1173701SUSE bug 1173743SUSE bug 1173874SUSE bug 1173875SUSE bug 1173876SUSE bug 1173880CVE-2017-18922 at SUSECVE-2017-18922 at NVDCVE-2018-21247 at SUSECVE-2018-21247 at NVDCVE-2019-20839 at SUSECVE-2019-20839 at NVDCVE-2019-20840 at SUSECVE-2019-20840 at NVDCVE-2020-14397 at SUSECVE-2020-14397 at NVDCVE-2020-14398 at SUSECVE-2020-14398 at NVDCVE-2020-14399 at SUSECVE-2020-14399 at NVDCVE-2020-14400 at SUSECVE-2020-14400 at NVDCVE-2020-14401 at SUSECVE-2020-14401 at NVDCVE-2020-14402 at SUSECVE-2020-14402 at NVDCVE-2020-14403 at SUSECVE-2020-14403 at NVDCVE-2020-14404 at SUSECVE-2020-14404 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libX11 fixes the following issues:
- Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628).
ImportantSUSE bug 1174628CVE-2020-14344 at SUSECVE-2020-14344 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xerces-c (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xerces-c fixes the following issues:
- CVE-2017-12627: Processing of external DTD paths could have resulted in a
null pointer dereference under certain conditions (bsc#1083630)
ModerateSUSE bug 1083630CVE-2017-12627 at SUSECVE-2017-12627 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.28.4 (bsc#1174662):
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894,
CVE-2020-9895, CVE-2020-9915, CVE-2020-9925.
ImportantSUSE bug 1174662CVE-2020-9862 at SUSECVE-2020-9862 at NVDCVE-2020-9893 at SUSECVE-2020-9893 at NVDCVE-2020-9894 at SUSECVE-2020-9894 at NVDCVE-2020-9895 at SUSECVE-2020-9895 at NVDCVE-2020-9915 at SUSECVE-2020-9915 at NVDCVE-2020-9925 at SUSECVE-2020-9925 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dovecot22 fixes the following issues:
- CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922).
- CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923).
ImportantSUSE bug 1174922SUSE bug 1174923CVE-2020-12673 at SUSECVE-2020-12673 at NVDCVE-2020-12674 at SUSECVE-2020-12674 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for grub2 fixes the following issues:
- CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).
- Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745).
ImportantSUSE bug 1172745SUSE bug 1174421CVE-2020-15705 at SUSECVE-2020-15705 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
- CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
- CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).
ImportantSUSE bug 1174633SUSE bug 1174635SUSE bug 1174638CVE-2020-14345 at SUSECVE-2020-14345 at NVDCVE-2020-14346 at SUSECVE-2020-14346 at NVDCVE-2020-14347 at SUSECVE-2020-14347 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573).
- CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574).
ImportantSUSE bug 1174910SUSE bug 1174913CVE-2020-14361 at SUSECVE-2020-14361 at NVDCVE-2020-14362 at SUSECVE-2020-14362 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).
ModerateSUSE bug 1175070SUSE bug 1175071SUSE bug 1175072CVE-2020-11985 at SUSECVE-2020-11985 at NVDCVE-2020-11993 at SUSECVE-2020-11993 at NVDCVE-2020-9490 at SUSECVE-2020-9490 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
CVE-2019-17639
* Class Libraries:
- JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
- JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
- TRANSLATION MESSAGES UPDATE FOR JCL
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Java Virtual Machine:
- IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
- LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
* JIT Compiler:
- CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
IN DEBUGGING MODE
- INTERMITTENT ASSERTION FAILURE REPORTED
- CRASH IN RESOLVECLASSREF() DURING AOT LOAD
- JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
- SEGMENTATION FAULT WHILE COMPILING A METHOD
- UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
APPLICATION ON IBM Z PLATFORM
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
- CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
- IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH
DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
- IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
KEYFACTORY CLASS
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for squid (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for squid fixes the following issues:
- CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671).
- CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665).
- CVE-2020-15810: Enforce token characters for field-name (bsc#1175664).
CriticalSUSE bug 1175664SUSE bug 1175665SUSE bug 1175671CVE-2020-15810 at SUSECVE-2020-15810 at NVDCVE-2020-15811 at SUSECVE-2020-15811 at NVDCVE-2020-24606 at SUSECVE-2020-24606 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libX11 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libX11 fixes the following issues:
- CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239).
ModerateSUSE bug 1175239CVE-2020-14363 at SUSECVE-2020-14363 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157]
CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621
CVE-2020-14593 CVE-2020-14583 CVE-2019-17639
* Class Libraries:
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
NON DEFAULT VALUE
ModerateSUSE bug 1174157SUSE bug 1175259CVE-2019-17639 at SUSECVE-2019-17639 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
- Mozilla Firefox ESR 78.2
MFSA 2020-38 (bsc#1175686)
* CVE-2020-15663 (bmo#1643199)
Downgrade attack on the Mozilla Maintenance Service could
have resulted in escalation of privilege
* CVE-2020-15664 (bmo#1658214)
Attacker-induced prompt for extension installation
* CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
bmo#1656957)
Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- Fixed Firefox tab crash in FIPS mode (bsc#1174284).
- Fix broken translation-loading. (bsc#1173991)
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes
- Google API key is not usable for geolocation service any more
ModerateSUSE bug 1173991SUSE bug 1174284SUSE bug 1175686CVE-2020-15663 at SUSECVE-2020-15663 at NVDCVE-2020-15664 at SUSECVE-2020-15664 at NVDCVE-2020-15670 at SUSECVE-2020-15670 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The following non-security bugs were fixed:
- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
- cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
- cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
- cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127).
- ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
- ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
- ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
- ipvs: fix the connection sync failed in some cases (bsc#1174699).
- kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
- kabi: mask changes to struct ipv6_stub (bsc#1165629).
- mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
- ocfs2: add trimfs dlm lock resource (bsc#1175228).
- ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix remounting needed after setfacl command (bsc#1173954).
- ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
- ocfs2: load global_inode_alloc (bsc#1172963).
- ocfs2: load global_inode_alloc (bsc#1172963).
- powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
- powerpc/pseries: PCIE PHB reset (bsc#1174689).
- Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b.
- Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47.
- scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978).
- selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
- Update patch reference for a tipc fix patch (bsc#1175515)
- x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
- xen: do not reschedule in preemption off sections (bsc#1175749).
ImportantSUSE bug 1058115SUSE bug 1071995SUSE bug 1144333SUSE bug 1154366SUSE bug 1165629SUSE bug 1171988SUSE bug 1172428SUSE bug 1172963SUSE bug 1173798SUSE bug 1173954SUSE bug 1174205SUSE bug 1174689SUSE bug 1174699SUSE bug 1174757SUSE bug 1174784SUSE bug 1174978SUSE bug 1175112SUSE bug 1175127SUSE bug 1175213SUSE bug 1175228SUSE bug 1175515SUSE bug 1175518SUSE bug 1175691SUSE bug 1175749SUSE bug 1176069CVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24394 at SUSECVE-2020-24394 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for shim (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for shim fixes the following issues:
- Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994)
This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by
disallowing binaries signed by the previous SUSE UEFI signing key from booting.
This update should only be installed after updates of grub2, the Linux kernel and (if used)
Xen from July / August 2020 are applied.
Additional fixes:
+ shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
ModerateSUSE bug 1168994SUSE bug 1175626SUSE bug 1175656CVE-2020-10713 at SUSECVE-2020-10713 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libsolv (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libsolv fixes the following issues:
This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.
libsolv was updated to version 0.6.36 fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
ModerateSUSE bug 1120629SUSE bug 1120630SUSE bug 1120631SUSE bug 1127155SUSE bug 1131823SUSE bug 1137977CVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for perl-DBI (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for perl-DBI fixes the following issues:
Security issues fixed:
- CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412).
- CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409).
ImportantSUSE bug 1176409SUSE bug 1176412CVE-2020-14392 at SUSECVE-2020-14392 at NVDCVE-2020-14393 at SUSECVE-2020-14393 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091).
- CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface
could have led to denial of service (bsc#1173274).
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
- CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).
- If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).
ImportantSUSE bug 1088004SUSE bug 1088009SUSE bug 1130840SUSE bug 1141853SUSE bug 1149955SUSE bug 1153238SUSE bug 1162423SUSE bug 1173274SUSE bug 1174091SUSE bug 1174701CVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ovmf (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ovmf fixes the following issues:
- CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476).
- Use openSUSE CA for the opensuse flavor (bsc#1175674)
ModerateSUSE bug 1175476SUSE bug 1175674CVE-2019-14562 at SUSECVE-2019-14562 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established
a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
(CVE-2020-1472, bsc#1176579).
- Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369).
- Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120);
ImportantSUSE bug 1174120SUSE bug 1174316SUSE bug 1176579CVE-2020-1472 at SUSECVE-2020-1472 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libqt5-qtbase (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315)
- Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515)
ImportantSUSE bug 1172515SUSE bug 1176315CVE-2020-17507 at SUSECVE-2020-17507 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
-Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)
- CVE-2020-15677: Download origin spoofing via redirect
- CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a
contenteditable element
- CVE-2020-15678: When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-free scenario
- CVE-2020-15673: Fixed memory safety bugs
- Enhance fix for wayland-detection (bsc#1174420)
- Attempt to fix langpack-parallelization by introducing separate
obj-dirs for each lang (bsc#1173986, bsc#1167976)
ImportantSUSE bug 1167976SUSE bug 1173986SUSE bug 1174420SUSE bug 1176756CVE-2020-15673 at SUSECVE-2020-15673 at NVDCVE-2020-15676 at SUSECVE-2020-15676 at NVDCVE-2020-15677 at SUSECVE-2020-15677 at NVDCVE-2020-15678 at SUSECVE-2020-15678 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2020-25602: Fixed an issue where there was a crash when
handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)
- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path
(bsc#1176341,XSA-334)
- CVE-2020-25604: Fixed a race condition when migrating timers between x86
HVM vCPU-s (bsc#1176343,XSA-336)
- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)
- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)
- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)
- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)
- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)
- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)
- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)
- CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534).
- Various bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1175534SUSE bug 1176339SUSE bug 1176343SUSE bug 1176344SUSE bug 1176345SUSE bug 1176346SUSE bug 1176347SUSE bug 1176348SUSE bug 1176349SUSE bug 1176350CVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for perl-DBI (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).
- CVE-2013-7490: Fixed memory corruption when using many arguments
to methods for CallbacksUsing (bsc#1176496).
ImportantSUSE bug 1176496SUSE bug 1176764CVE-2013-7490 at SUSECVE-2013-7490 at NVDCVE-2019-20919 at SUSECVE-2019-20919 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_0-openjdk fixes the following issues:
- java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157)
- JDK-8028431, CVE-2020-14579: NullPointerException in
- DerValue.equals(DerValue)
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
- sun.security.util.DerInputStream.getUnalignedBitString()
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8238925: Enhance WAV file playback
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
- JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c
- JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError
- JDK-8077982: GIFLIB upgrade
- JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions
- JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded'
- JDK-8155691: Update GIFlib library to the latest up-to-date
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
- JDK-8203190: SessionId.hashCode generates too many collisions
- JDK-8217676: Upgrade libpng to 1.6.37
- JDK-8220495: Update GIFlib library to the 5.1.8
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- JDK-8229899: Make java.io.File.isInvalid() less racy
- JDK-8230597: Update GIFlib library to the 5.2.1
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
ImportantSUSE bug 1174157CVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tigervnc (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate
authorities, allowing malicious owners of these certificates
to impersonate any server after a client had added an exception
(bsc#1176733)
CriticalSUSE bug 1176733CVE-2020-26117 at SUSECVE-2020-26117 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libproxy (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libproxy fixes the following issues:
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
ImportantSUSE bug 1176410SUSE bug 1177143CVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:sles-ltss:12:sp4Recommended update for bind (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bind fixes the following issues:
Bind was updated to version 9.11.22
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
This upgrade also fixes the following security issues:
* 5481. [security] 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM. (CVE-2020-8624 bsc#1175443)
* 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623 bsc#1175443)
* 5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622 bsc#1175443)
- Suppress warning message about missing file. (bsc#1092283, bsc#1127583, bsc#1094236, bsc#1173983)
Added */etc/bind.keys* to *NAMED_CONF_INCLUDE_FILES* in */etc/sysconfig/named*.
ModerateSUSE bug 1092283SUSE bug 1094236SUSE bug 1127583SUSE bug 1173983SUSE bug 1175443CVE-2020-8622 at SUSECVE-2020-8622 at NVDCVE-2020-8623 at SUSECVE-2020-8623 at NVDCVE-2020-8624 at SUSECVE-2020-8624 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bcm43xx-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bcm43xx-firmware fixes the following issues:
- Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631):
ModerateSUSE bug 1176631cpe:/o:suse:sles-ltss:12:sp4Security update for freetype2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for freetype2 fixes the following issues:
- CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).
ImportantSUSE bug 1177914CVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libvirt fixes the following issues:
- CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955).
- CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155).
- libxl: Fixed lock manager lock ordering (bsc#1171701).
ImportantSUSE bug 1171701SUSE bug 1174955SUSE bug 1177155CVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.0 ESR
* Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756)
* CVE-2020-15969 Use-after-free in usersctp
* CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
* Fixed: Fixed legacy preferences not being properly applied when set via GPO
ImportantSUSE bug 1176756SUSE bug 1177872CVE-2020-15683 at SUSECVE-2020-15683 at NVDCVE-2020-15969 at SUSECVE-2020-15969 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for spice (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for spice fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for spice-gtk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for spice-gtk fixes the following issues:
- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).
ModerateSUSE bug 1177158CVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).
- CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).
- CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).
ImportantSUSE bug 1173902SUSE bug 1173994SUSE bug 1177613CVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sane-backends (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sane-backends fixes the following issues:
- sane-backends version upgrade to 1.0.31:
* sane-backends version upgrade to 1.0.30
fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862,
CVE-2020-12863, CVE-2020-12864, CVE-2020-12865,
CVE-2020-12866, CVE-2020-12867 (bsc#1172524)
* sane-backends version upgrade to 1.0.31
to further improve hardware enablement for scanner devices
(jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)
* The new escl backend cannot be provided for SLE12 because
it requires more additional software (avahi-client, libcurl,
and libpoppler-glib-devel) where in particular for libcurl
the one that is in SLE12 (via libcurl-devel-7.37.0) is likely
too old because with that building the escl backend fails with
'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH'
undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH'
ImportantSUSE bug 1172524CVE-2017-6318 at SUSECVE-2017-6318 at NVDCVE-2020-12861 at SUSECVE-2020-12861 at NVDCVE-2020-12862 at SUSECVE-2020-12862 at NVDCVE-2020-12863 at SUSECVE-2020-12863 at NVDCVE-2020-12864 at SUSECVE-2020-12864 at NVDCVE-2020-12865 at SUSECVE-2020-12865 at NVDCVE-2020-12866 at SUSECVE-2020-12866 at NVDCVE-2020-12867 at SUSECVE-2020-12867 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache-commons-httpclient (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache-commons-httpclient fixes the following issues:
- http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262]
- org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a 'CN=' string in a field in the distinguished name (DN)
of a certificate. [bsc#1178171, CVE-2014-3577]
ImportantSUSE bug 1178171SUSE bug 945190CVE-2014-3577 at SUSECVE-2014-3577 at NVDCVE-2015-5262 at SUSECVE-2015-5262 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
- Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)',
introduced in October 2020 CPU.
- Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU,
bsc#1174157, and October 2020 CPU, bsc#1177943)
* New features
+ JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
+ PR3796: Allow the number of curves supported to be specified
* Security fixes
+ JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue)
+ JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString()
+ JDK-8230613: Better ASCII conversions
+ JDK-8231800: Better listing of arrays
+ JDK-8232014: Expand DTD support
+ JDK-8233255: Better Swing Buttons
+ JDK-8233624: Enhance JNI linkage
+ JDK-8234032: Improve basic calendar services
+ JDK-8234042: Better factory production of certificates
+ JDK-8234418: Better parsing with CertificateFactory
+ JDK-8234836: Improve serialization handling
+ JDK-8236191: Enhance OID processing
+ JDK-8236196: Improve string pooling
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
+ JDK-8237592, CVE-2020-14577: Enhance certificate verification
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8238002, CVE-2020-14581: Better matrix operations
+ JDK-8238804: Enhance key handling process
+ JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
+ JDK-8238843: Enhanced font handing
+ JDK-8238920, CVE-2020-14583: Better Buffer support
+ JDK-8238925: Enhance WAV file playback
+ JDK-8240119, CVE-2020-14593: Less Affine Transformations
+ JDK-8240124: Better VM Interning
+ JDK-8240482: Improved WAV file playback
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8241379: Update JCEKS support
+ JDK-8241522: Manifest improved jar headers redux
+ JDK-8242136, CVE-2020-14621: Better XML namespace handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 8 u262 build 01
+ JDK-4949105: Access Bridge lacks html tags parsing
+ JDK-8003209: JFR events for network utilization
+ JDK-8030680: 292 cleanup from default method code assessment
+ JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java
and some tests failed on windows intermittently
+ JDK-8041626: Shutdown tracing event
+ JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
+ JDK-8149338: JVM Crash caused by Marlin renderer not handling
NaN coordinates
+ JDK-8151582: (ch) test java/nio/channels/
/AsyncCloseAndInterrupt.java failing due to 'Connection
succeeded'
+ JDK-8165675: Trace event for thread park has incorrect unit
for timeout
+ JDK-8176182: 4 security tests are not run
+ JDK-8178910: Problemlist sample tests
+ JDK-8183925: Decouple crash protection from watcher thread
+ JDK-8191393: Random crashes during cfree+0x1c
+ JDK-8195817: JFR.stop should require name of recording
+ JDK-8195818: JFR.start should increase autogenerated name by
one
+ JDK-8195819: Remove recording=x from jcmd JFR.check output
+ JDK-8199712: Flight Recorder
+ JDK-8202578: Revisit location for class unload events
+ JDK-8202835: jfr/event/os/TestSystemProcess.java fails on
missing events
+ JDK-8203287: Zero fails to build after JDK-8199712 (Flight
Recorder)
+ JDK-8203346: JFR: Inconsistent signature of
jfr_add_string_constant
+ JDK-8203664: JFR start failure after AppCDS archive created
with JFR StartFlightRecording
+ JDK-8203921: JFR thread sampling is missing fixes from
JDK-8194552
+ JDK-8203929: Limit amount of data for JFR.dump
+ JDK-8205516: JFR tool
+ JDK-8207392: [PPC64] Implement JFR profiling
+ JDK-8207829: FlightRecorderMXBeanImpl is leaking the first
classloader which calls it
+ JDK-8209960: -Xlog:jfr* doesn't work with the JFR
+ JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
+ JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD
1.0.7
+ JDK-8211239: Build fails without JFR: empty JFR events
signatures mismatch
+ JDK-8212232: Wrong metadata for the configuration of the
cutoff for old object sample events
+ JDK-8213015: Inconsistent settings between JFR.configure and
-XX:FlightRecorderOptions
+ JDK-8213421: Line number information for execution samples
always 0
+ JDK-8213617: JFR should record the PID of the recorded process
+ JDK-8213734: SAXParser.parse(File, ..) does not close
resources when Exception occurs.
+ JDK-8213914: [TESTBUG] Several JFR VM events are not covered
by tests
+ JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by
test
+ JDK-8213966: The ZGC JFR events should be marked as
experimental
+ JDK-8214542: JFR: Old Object Sample event slow on a deep heap
in debug builds
+ JDK-8214750: Unnecessary <p> tags in jfr classes
+ JDK-8214896: JFR Tool left files behind
+ JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java
fails with UnsatisfiedLinkError
+ JDK-8214925: JFR tool fails to execute
+ JDK-8215175: Inconsistencies in JFR event metadata
+ JDK-8215237: jdk.jfr.Recording javadoc does not compile
+ JDK-8215284: Reduce noise induced by periodic task
getFileSize()
+ JDK-8215355: Object monitor deadlock with no threads holding
the monitor (using jemalloc 5.1)
+ JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
+ JDK-8215771: The jfr tool should pretty print reference chains
+ JDK-8216064: -XX:StartFlightRecording:settings= doesn't work
properly
+ JDK-8216486: Possibility of integer overflow in
JfrThreadSampler::run()
+ JDK-8216528: test/jdk/java/rmi/transport/
/runtimeThreadInheritanceLeak/
/RuntimeThreadInheritanceLeak.java failing with Xcomp
+ JDK-8216559: [JFR] Native libraries not correctly parsed from
/proc/self/maps
+ JDK-8216578: Remove unused/obsolete method in JFR code
+ JDK-8216995: Clean up JFR command line processing
+ JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some
systems due to process surviving SIGINT
+ JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR
TestShutdownEvent
+ JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
+ JDK-8223147: JFR Backport
+ JDK-8223689: Add JFR Thread Sampling Support
+ JDK-8223690: Add JFR BiasedLock Event Support
+ JDK-8223691: Add JFR G1 Region Type Change Event Support
+ JDK-8223692: Add JFR G1 Heap Summary Event Support
+ JDK-8224172: assert(jfr_is_event_enabled(id)) failed:
invariant
+ JDK-8224475: JTextPane does not show images in HTML rendering
+ JDK-8226253: JAWS reports wrong number of radio buttons when
buttons are hidden.
+ JDK-8226779: [TESTBUG] Test JFR API from Java agent
+ JDK-8226892: ActionListeners on JRadioButtons don't get
notified when selection is changed with arrow keys
+ JDK-8227011: Starting a JFR recording in response to JVMTI
VMInit and / or Java agent premain corrupts memory
+ JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id()
& (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0))
failed: invariant'
+ JDK-8229366: JFR backport allows unchecked writing to memory
+ JDK-8229401: Fix JFR code cache test failures
+ JDK-8229708: JFR backport code does not initialize
+ JDK-8229873: 8229401 broke jdk8u-jfr-incubator
+ JDK-8230448: [test] JFRSecurityTestSuite.java is failing on
Windows
+ JDK-8230707: JFR related tests are failing
+ JDK-8230782: Robot.createScreenCapture() fails if
'awt.robot.gtk' is set to false
+ JDK-8230856: Java_java_net_NetworkInterface_getByName0 on
unix misses ReleaseStringUTFChars in early return
+ JDK-8230947: TestLookForUntestedEvents.java is failing after
JDK-8230707
+ JDK-8231995: two jtreg tests failed after 8229366 is fixed
+ JDK-8233623: Add classpath exception to copyright in
EventHandlerProxyCreator.java file
+ JDK-8236002: CSR for JFR backport suggests not leaving out
the package-info
+ JDK-8236008: Some backup files were accidentally left in the
hotspot tree
+ JDK-8236074: Missed package-info
+ JDK-8236174: Should update javadoc since tags
+ JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
+ JDK-8238452: Keytool generates wrong expiration date if
validity is set to 2050/01/01
+ JDK-8238555: Allow Initialization of SunPKCS11 with NSS when
there are external FIPS modules in the NSSDB
+ JDK-8238589: Necessary code cleanup in JFR for JDK8u
+ JDK-8238590: Enable JFR by default during compilation in 8u
+ JDK-8239055: Wrong implementation of VMState.hasListener
+ JDK-8239476: JDK-8238589 broke windows build by moving
OrderedPair
+ JDK-8239479: minimal1 and zero builds are failing
+ JDK-8239867: correct over use of INCLUDE_JFR macro
+ JDK-8240375: Disable JFR by default for July 2020 release
+ JDK-8241444: Metaspace::_class_vsm not initialized if
compressed class pointers are disabled
+ JDK-8241902: AIX Build broken after integration of
JDK-8223147 (JFR Backport)
+ JDK-8242788: Non-PCH build is broken after JDK-8191393
* Import of OpenJDK 8 u262 build 02
+ JDK-8130737: AffineTransformOp can't handle child raster with
non-zero x-offset
+ JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation
in java/awt/image/Raster/TestChildRasterOp.java
+ JDK-8230926: [macosx] Two apostrophes are entered instead of
one with 'U.S. International - PC' layout
+ JDK-8240576: JVM crashes after transformation in C2
IdealLoopTree::merge_many_backedges
+ JDK-8242883: Incomplete backport of JDK-8078268: backport
test part
* Import of OpenJDK 8 u262 build 03
+ JDK-8037866: Replace the Fun class in tests with lambdas
+ JDK-8146612: C2: Precedence edges specification violated
+ JDK-8150986: serviceability/sa/jmap-hprof/
/JMapHProfLargeHeapTest.java failing because expects HPROF
JAVA PROFILE 1.0.1 file format
+ JDK-8229888: (zipfs) Updating an existing zip file does not
preserve original permissions
+ JDK-8230597: Update GIFlib library to the 5.2.1
+ JDK-8230769: BufImg_SetupICM add
ReleasePrimitiveArrayCritical call in early return
+ JDK-8233880, PR3798: Support compilers with multi-digit major
version numbers
+ JDK-8239852: java/util/concurrent tests fail with
-XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:
verification should have failed
+ JDK-8241638: launcher time metrics always report 1 on Linux
when _JAVA_LAUNCHER_DEBUG set
+ JDK-8243059: Build fails when --with-vendor-name contains a
comma
+ JDK-8243474: [TESTBUG] removed three tests of 0 bytes
+ JDK-8244461: [JDK 8u] Build fails with glibc 2.32
+ JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion()
returns wrong result
* Import of OpenJDK 8 u262 build 04
+ JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't
throw NPE if timeout is less than, or equal to zero when unit
== null
+ JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
+ JDK-8171934:
ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification()
does not recognize OpenJDK's HotSpot VM
+ JDK-8196969: JTreg Failure:
serviceability/sa/ClhsdbJstack.java causes NPE
+ JDK-8243539: Copyright info (Year) should be updated for fix
of 8241638
+ JDK-8244777: ClassLoaderStats VM Op uses constant hash value
* Import of OpenJDK 8 u262 build 05
+ JDK-7147060: com/sun/org/apache/xml/internal/security/
/transforms/ClassLoaderTest.java doesn't run in agentvm mode
+ JDK-8178374: Problematic ByteBuffer handling in
CipherSpi.bufferCrypt method
+ JDK-8181841: A TSA server returns timestamp with precision
higher than milliseconds
+ JDK-8227269: Slow class loading when running with JDWP
+ JDK-8229899: Make java.io.File.isInvalid() less racy
+ JDK-8236996: Incorrect Roboto font rendering on Windows with
subpixel antialiasing
+ JDK-8241750: x86_32 build failure after JDK-8227269
+ JDK-8244407: JVM crashes after transformation in C2
IdealLoopTree::split_fall_in
+ JDK-8244843: JapanEraNameCompatTest fails
* Import of OpenJDK 8 u262 build 06
+ JDK-8246223: Windows build fails after JDK-8227269
* Import of OpenJDK 8 u262 build 07
+ JDK-8233197: Invert JvmtiExport::post_vm_initialized() and
Jfr:on_vm_start() start-up order for correct option parsing
+ JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
+ JDK-8245167: Top package in method profiling shows null in JMC
+ JDK-8246703: [TESTBUG] Add test for JDK-8233197
* Import of OpenJDK 8 u262 build 08
+ JDK-8220293: Deadlock in JFR string pool
+ JDK-8225068: Remove DocuSign root certificate that is
expiring in May 2020
+ JDK-8225069: Remove Comodo root certificate that is expiring
in May 2020
* Import of OpenJDK 8 u262 build 09
+ JDK-8248399: Build installs jfr binary when JFR is disabled
* Import of OpenJDK 8 u262 build 10
+ JDK-8248715: New JavaTimeSupplementary localisation for 'in'
installed in wrong package
* Import of OpenJDK 8 u265 build 01
+ JDK-8249677: Regression in 8u after JDK-8237117: Better
ForkJoinPool behavior
+ JDK-8250546: Expect changed behaviour reported in JDK-8249846
* Import of OpenJDK 8 u272 build 01
+ JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
test/compiler/7177917/Test7177917.java
+ JDK-8035493: JVMTI PopFrame capability must instruct
compilers not to prune locals
+ JDK-8036088: Replace strtok() with its safe equivalent
strtok_s() in DefaultProxySelector.c
+ JDK-8039082: [TEST_BUG] Test java/awt/dnd/
/BadSerializationTest/BadSerializationTest.java fails
+ JDK-8075774: Small readability and performance improvements
for zipfs
+ JDK-8132206: move ScanTest.java into OpenJDK
+ JDK-8132376: Add @requires os.family to the client tests with
access to internal OS-specific API
+ JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
+ JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/
/appletviewer/IOExceptionIfEncodedURLTest/
/IOExceptionIfEncodedURLTest.sh
+ JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/
/MTGraphicsAccessTest.java hangs on Win. 8
+ JDK-8151788: NullPointerException from ntlm.Client.type3
+ JDK-8151834: Test SmallPrimeExponentP.java times out
intermittently
+ JDK-8153430: jdk regression test MletParserLocaleTest,
ParserInfiniteLoopTest reduce default timeout
+ JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary
public
+ JDK-8156169: Some sound tests rarely hangs because of
incorrect synchronization
+ JDK-8165936: Potential Heap buffer overflow when seaching
timezone info files
+ JDK-8166148: Fix for JDK-8165936 broke solaris builds
+ JDK-8167300: Scheduling failures during gcm should be fatal
+ JDK-8167615: Opensource unit/regression tests for JavaSound
+ JDK-8172012: [TEST_BUG] delays needed in
javax/swing/JTree/4633594/bug4633594.java
+ JDK-8177628: Opensource unit/regression tests for ImageIO
+ JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
+ JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/
/AppletContextTest/BadPluginConfigurationTest.sh
+ JDK-8193137: Nashorn crashes when given an empty script file
+ JDK-8194298: Add support for per Socket configuration of TCP
keepalive
+ JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java
throws error
+ JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java
fails
+ JDK-8210147: adjust some WSAGetLastError usages in windows
network coding
+ JDK-8211714: Need to update vm_version.cpp to recognise
VS2017 minor versions
+ JDK-8214862: assert(proj != __null) at compile.cpp:3251
+ JDK-8217606: LdapContext#reconnect always opens a new
connection
+ JDK-8217647: JFR: recordings on 32-bit systems unreadable
+ JDK-8226697: Several tests which need the @key headful
keyword are missing it.
+ JDK-8229378: jdwp library loader in linker_md.c quietly
truncates on buffer overflow
+ JDK-8230303: JDB hangs when running monitor command
+ JDK-8230711: ConnectionGraph::unique_java_object(Node* N)
return NULL if n is not in the CG
+ JDK-8234617: C1: Incorrect result of field load due to
missing narrowing conversion
+ JDK-8235243: handle VS2017 15.9 and VS2019 in
abstract_vm_version
+ JDK-8235325: build failure on Linux after 8235243
+ JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
+ JDK-8237951: CTW: C2 compilation fails with 'malformed
control flow'
+ JDK-8238225: Issues reported after replacing symlink at
Contents/MacOS/libjli.dylib with binary
+ JDK-8239385: KerberosTicket client name refers wrongly to
sAMAccountName in AD
+ JDK-8239819: XToolkit: Misread of screen information memory
+ JDK-8240295: hs_err elapsed time in seconds is not accurate
enough
+ JDK-8241888: Mirror jdk.security.allowNonCaAnchor system
property with a security one
+ JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads
to JVM crash
+ JDK-8243489: Thread CPU Load event may contain wrong data for
CPU time under certain conditions
+ JDK-8244818: Java2D Queue Flusher crash while moving
application window to external monitor
+ JDK-8246310: Clean commented-out code about ModuleEntry
and PackageEntry in JFR
+ JDK-8246384: Enable JFR by default on supported architectures
for October 2020 release
+ JDK-8248643: Remove extra leading space in JDK-8240295 8u
backport
+ JDK-8249610: Make
sun.security.krb5.Config.getBooleanObject(String... keys)
method public
* Import of OpenJDK 8 u272 build 02
+ JDK-8023697: failed class resolution reports different class
name in detail message for the first and subsequent times
+ JDK-8025886: replace [[ and == bash extensions in regtest
+ JDK-8046274: Removing dependency on jakarta-regexp
+ JDK-8048933: -XX:+TraceExceptions output should include the
message
+ JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/
/fileaccess/FontFile.java fails
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8154313: Generated javadoc scattered all over the place
+ JDK-8163251: Hard coded loop limit prevents reading of smart
card data greater than 8k
+ JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java
fails with compiler.whitebox.SimpleTestCaseHelper(int) must be
compiled
+ JDK-8183349: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
+ JDK-8191678: [TESTBUG] Add keyword headful in java/awt
FocusTransitionTest test.
+ JDK-8201633: Problems with AES-GCM native acceleration
+ JDK-8211049: Second parameter of 'initialize' method is not
used
+ JDK-8219566: JFR did not collect call stacks when
MaxJavaStackTraceDepth is set to zero
+ JDK-8220165: Encryption using GCM results in
RuntimeException- input length out of bound
+ JDK-8220555: JFR tool shows potentially misleading message
when it cannot access a file
+ JDK-8224217: RecordingInfo should use textual representation
of path
+ JDK-8231779: crash
HeapWord*ParallelScavengeHeap::failed_mem_allocate
+ JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c
'multiple definition' link errors with GCC10
+ JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/
/SctpNet.c 'multiple definition' link errors with GCC10
+ JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple
definition' link errors with GCC10
+ JDK-8242556: Cannot load RSASSA-PSS public key with non-null
params from byte array
+ JDK-8250755: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java
* Import of OpenJDK 8 u272 build 03
+ JDK-6574989: TEST_BUG:
javax/sound/sampled/Clip/bug5070081.java fails sometimes
+ JDK-8148754: C2 loop unrolling fails due to unexpected graph
shape
+ JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests
fail with error : revokeall.exe: Permission denied
+ JDK-8203357: Container Metrics
+ JDK-8209113: Use WeakReference for lastFontStrike for created
Fonts
+ JDK-8216283: Allow shorter method sampling interval than 10 ms
+ JDK-8221569: JFR tool produces incorrect output when both
--categories and --events are specified
+ JDK-8233097: Fontmetrics for large Fonts has zero width
+ JDK-8248851: CMS: Missing memory fences between free chunk
check and klass read
+ JDK-8250875: Incorrect parameter type for update_number in
JDK_Version::jdk_update
* Import of OpenJDK 8 u272 build 04
+ JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
IllegalArgumentException for flags of type double
+ JDK-8177334: Update xmldsig implementation to Apache
Santuario 2.1.1
+ JDK-8217878: ENVELOPING XML signature no longer works in JDK
11
+ JDK-8218629: XML Digital Signature throws NAMESPACE_ERR
exception on OpenJDK 11, works 8/9/10
+ JDK-8243138: Enhance BaseLdapServer to support starttls
extended request
* Import of OpenJDK 8 u272 build 05
+ JDK-8026236: Add PrimeTest for BigInteger
+ JDK-8057003: Large reference arrays cause extremely long
synchronization times
+ JDK-8060721: Test runtime/SharedArchiveFile/
/LimitSharedSizes.java fails in jdk 9 fcs new
platforms/compiler
+ JDK-8152077: (cal) Calendar.roll does not always roll the
hours during daylight savings
+ JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
+ JDK-8211163: UNIX version of Java_java_io_Console_echo does
not return a clean boolean
+ JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in
docker container only works with debug JVMs
+ JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
+ JDK-8236645: JDK 8u231 introduces a regression with
incompatible handling of XML messages
+ JDK-8240676: Meet not symmetric failure when running lucene
on jdk8
+ JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA
program
+ JDK-8249158: THREAD_START and THREAD_END event posted in
primordial phase
+ JDK-8250627: Use -XX:+/-UseContainerSupport for
enabling/disabling Java container metrics
+ JDK-8251546: 8u backport of JDK-8194298 breaks AIX and
Solaris builds
+ JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
AgeTableTracer::is_tenuring_distribution_event_enabled
* Import of OpenJDK 8 u272 build 06
+ JDK-8064319: Need to enable -XX:+TraceExceptions in release
builds
+ JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11
v2.40 support
+ JDK-8160768: Add capability to custom resolve host/domain
names within the default JNDI LDAP provider
+ JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions()
not working
+ JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface
license
+ JDK-8184762: ZapStackSegments should use optimized memset
+ JDK-8193234: When using -Xcheck:jni an internally allocated
buffer can leak
+ JDK-8219919: RuntimeStub name lost with
PrintFrameConverterAssembly
+ JDK-8220313: [TESTBUG] Update base image for Docker testing
to OL 7.6
+ JDK-8222079: Don't use memset to initialize fields decode_env
constructor in disassembler.cpp
+ JDK-8225695: 32-bit build failures after JDK-8080462 (Update
SunPKCS11 provider with PKCS11 v2.40 support)
+ JDK-8226575: OperatingSystemMXBean should be made container
aware
+ JDK-8226809: Circular reference in printed stack trace is not
correctly indented & ambiguous
+ JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
+ JDK-8233621: Mismatch in jsse.enableMFLNExtension property
name
+ JDK-8238898, PR3801: Missing hash characters for header on
license file
+ JDK-8243320: Add SSL root certificates to Oracle Root CA
program
+ JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest
release 1.8.26
+ JDK-8245467: Remove 8u TLSv1.2 implementation files
+ JDK-8245469: Remove DTLS protocol implementation
+ JDK-8245470: Fix JDK8 compatibility issues
+ JDK-8245471: Revert JDK-8148188
+ JDK-8245472: Backport JDK-8038893 to JDK8
+ JDK-8245473: OCSP stapling support
+ JDK-8245474: Add TLS_KRB5 cipher suites support according to
RFC-2712
+ JDK-8245476: Disable TLSv1.3 protocol in the ClientHello
message by default
+ JDK-8245477: Adjust TLS tests location
+ JDK-8245653: Remove 8u TLS tests
+ JDK-8245681: Add TLSv1.3 regression test from 11.0.7
+ JDK-8251117: Cannot check P11Key size in P11Cipher and
P11AEADCipher
+ JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is
set to either true or false
+ JDK-8251341: Minimal Java specification change
+ JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
* Import of OpenJDK 8 u272 build 07
+ JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
* Import of OpenJDK 8 u272 build 08
+ JDK-8062947: Fix exception message to correctly represent
LDAP connection failure
+ JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed
due to timeout on DeadServerNoTimeoutTest is incorrect
+ JDK-8252573: 8u: Windows build failed after 8222079 backport
* Import of OpenJDK 8 u272 build 09
+ JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java :
Compilation failed
* Import of OpenJDK 8 u272 build 10
+ JDK-8254673: Call to JvmtiExport::post_vm_start() was removed
by the fix for JDK-8249158
+ JDK-8254937: Revert JDK-8148854 for 8u272
* Backports
+ JDK-8038723, PR3806: Openup some PrinterJob tests
+ JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when
JTable contains certain string
+ JDK-8058779, PR3805: Faster implementation of
String.replace(CharSequence, CharSequence)
+ JDK-8130125, PR3806: [TEST_BUG] add @modules to the several
client tests unaffected by the automated bulk update
+ JDK-8144015, PR3806: [PIT] failures of text layout font tests
+ JDK-8144023, PR3806: [PIT] failure of text measurements in
javax/swing/text/html/parser/Parser/6836089/bug6836089.java
+ JDK-8144240, PR3806: [macosx][PIT] AIOOB in
closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8145542, PR3806: The case failed automatically and thrown
java.lang.ArrayIndexOutOfBoundsException exception
+ JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
displaying Devanagari text in JEditorPane
+ JDK-8152358, PR3800: code and comment cleanups found during
the hunt for 8077392
+ JDK-8152545, PR3804: Use preprocessor instead of compiling a
program to generate native nio constants
+ JDK-8152680, PR3806: Regression in
GlyphVector.getGlyphCharIndex behaviour
+ JDK-8158924, PR3806: Incorrect i18n text document layout
+ JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for
javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8166068, PR3806: test/java/awt/font/GlyphVector/
/GetGlyphCharIndexTest.java does not compile
+ JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/
/GlyphPainter2/6427244/bug6427244.java - compilation failed
+ JDK-8191512, PR3806: T2K font rasterizer code removal
+ JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from
JDK sources
+ JDK-8236512, PR3801: PKCS11 Connection closed after
Cipher.doFinal and NoPadding
+ JDK-8254177, PR3809: (tz) Upgrade time-zone data to
tzdata2020b
* Bug fixes
+ PR3798: Fix format-overflow error on GCC 10, caused by
passing NULL to a '%s' directive
+ PR3795: ECDSAUtils for XML digital signatures should support
the same curve set as the rest of the JDK
+ PR3799: Adapt elliptic curve patches to JDK-8245468: Add
TLSv1.3 implementation classes from 11.0.7
+ PR3808: IcedTea does not install the JFR *.jfc files
+ PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has
fixed its use with Shenandoah
+ PR3811: Don't attempt to install JFR files when JFR is
disabled
* Shenandoah
+ [backport] 8221435: Shenandoah should not mark through weak
roots
+ [backport] 8221629: Shenandoah: Cleanup class unloading logic
+ [backport] 8222992: Shenandoah: Pre-evacuate all roots
+ [backport] 8223215: Shenandoah: Support verifying subset of
roots
+ [backport] 8223774: Shenandoah: Refactor
ShenandoahRootProcessor and family
+ [backport] 8224210: Shenandoah: Refactor
ShenandoahRootScanner to support scanning CSet codecache roots
+ [backport] 8224508: Shenandoah: Need to update thread roots
in final mark for piggyback ref update cycle
+ [backport] 8224579: ResourceMark not declared in
shenandoahRootProcessor.inline.hpp with
--disable-precompiled-headers
+ [backport] 8224679: Shenandoah: Make
ShenandoahParallelCodeCacheIterator noncopyable
+ [backport] 8224751: Shenandoah: Shenandoah Verifier should
select proper roots according to current GC cycle
+ [backport] 8225014: Separate ShenandoahRootScanner method for
object_iterate
+ [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't
work for Shenandoah
+ [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to
ensure roots to-space invariant
+ [backport] 8225590: Shenandoah: Refactor
ShenandoahClassLoaderDataRoots API
+ [backport] 8226413: Shenandoah: Separate root scanner for
SH::object_iterate()
+ [backport] 8230853: Shenandoah: replace leftover
assert(is_in(...)) with rich asserts
+ [backport] 8231198: Shenandoah: heap walking should visit all
roots most of the time
+ [backport] 8231244: Shenandoah: all-roots heap walking misses
some weak roots
+ [backport] 8237632: Shenandoah: accept NULL fwdptr to
cooperate with JVMTI and JFR
+ [backport] 8239786: Shenandoah: print per-cycle statistics
+ [backport] 8239926: Shenandoah: Shenandoah needs to mark
nmethod's metadata
+ [backport] 8240671: Shenandoah: refactor
ShenandoahPhaseTimings
+ [backport] 8240749: Shenandoah: refactor ShenandoahUtils
+ [backport] 8240750: Shenandoah: remove leftover files and
mentions of ShenandoahAllocTracker
+ [backport] 8240868: Shenandoah: remove CM-with-UR
piggybacking cycles
+ [backport] 8240872: Shenandoah: Avoid updating new regions
from start of evacuation
+ [backport] 8240873: Shenandoah: Short-cut arraycopy barriers
+ [backport] 8240915: Shenandoah: Remove unused fields in init
mark tasks
+ [backport] 8240948: Shenandoah: cleanup not-forwarded-objects
paths after JDK-8240868
+ [backport] 8241007: Shenandoah: remove
ShenandoahCriticalControlThreadPriority support
+ [backport] 8241062: Shenandoah: rich asserts trigger 'empty
statement' inspection
+ [backport] 8241081: Shenandoah: Do not modify
update-watermark concurrently
+ [backport] 8241093: Shenandoah: editorial changes in flag
descriptions
+ [backport] 8241139: Shenandoah: distribute mark-compact work
exactly to minimize fragmentation
+ [backport] 8241142: Shenandoah: should not use parallel
reference processing with single GC thread
+ [backport] 8241351: Shenandoah: fragmentation metrics overhaul
+ [backport] 8241435: Shenandoah: avoid disabling pacing with
'aggressive'
+ [backport] 8241520: Shenandoah: simplify region sequence
numbers handling
+ [backport] 8241534: Shenandoah: region status should include
update watermark
+ [backport] 8241574: Shenandoah: remove
ShenandoahAssertToSpaceClosure
+ [backport] 8241583: Shenandoah: turn heap lock asserts into
macros
+ [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not
derive from ContiguousSpace
+ [backport] 8241673: Shenandoah: refactor anti-false-sharing
padding
+ [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
shenandoahSupport.cpp:2858 with
java/util/Collections/FindSubList.java
+ [backport] 8241692: Shenandoah: remove
ShenandoahHeapRegion::_reserved
+ [backport] 8241700: Shenandoah: Fold
ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier
+ [backport] 8241740: Shenandoah: remove
ShenandoahHeapRegion::_heap
+ [backport] 8241743: Shenandoah: refactor and inline
ShenandoahHeap::heap()
+ [backport] 8241748: Shenandoah: inline MarkingContext TAMS
methods
+ [backport] 8241838: Shenandoah: no need to trash cset during
final mark
+ [backport] 8241841: Shenandoah: ditch one of allocation type
counters in ShenandoahHeapRegion
+ [backport] 8241842: Shenandoah: inline
ShenandoahHeapRegion::region_number
+ [backport] 8241844: Shenandoah: rename
ShenandoahHeapRegion::region_number
+ [backport] 8241845: Shenandoah: align ShenandoahHeapRegions
to cache lines
+ [backport] 8241926: Shenandoah: only print heap changes for
operations that directly affect it
+ [backport] 8241983: Shenandoah: simplify FreeSet logging
+ [backport] 8241985: Shenandoah: simplify collectable garbage
logging
+ [backport] 8242040: Shenandoah: print allocation failure type
+ [backport] 8242041: Shenandoah: adaptive heuristics should
account evac reserve in free target
+ [backport] 8242042: Shenandoah: tune down
ShenandoahGarbageThreshold
+ [backport] 8242054: Shenandoah: New incremental-update mode
+ [backport] 8242075: Shenandoah: rename
ShenandoahHeapRegionSize flag
+ [backport] 8242082: Shenandoah: Purge Traversal mode
+ [backport] 8242083: Shenandoah: split 'Prepare Evacuation'
tracking into cset/freeset counters
+ [backport] 8242089: Shenandoah: per-worker stats should be
summed up, not averaged
+ [backport] 8242101: Shenandoah: coalesce and parallelise heap
region walks during the pauses
+ [backport] 8242114: Shenandoah: remove
ShenandoahHeapRegion::reset_alloc_metadata_to_shared
+ [backport] 8242130: Shenandoah: Simplify arraycopy-barrier
dispatching
+ [backport] 8242211: Shenandoah: remove
ShenandoahHeuristics::RegionData::_seqnum_last_alloc
+ [backport] 8242212: Shenandoah: initialize
ShenandoahHeuristics::_region_data eagerly
+ [backport] 8242213: Shenandoah: remove
ShenandoahHeuristics::_bytes_in_cset
+ [backport] 8242217: Shenandoah: Enable GC mode to be
diagnostic/experimental and have a name
+ [backport] 8242227: Shenandoah: transit regions to cset state
when adding to collection set
+ [backport] 8242228: Shenandoah: remove unused
ShenandoahCollectionSet methods
+ [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion
liveness-related methods
+ [backport] 8242267: Shenandoah: regions space needs to be
aligned by os::vm_allocation_granularity()
+ [backport] 8242271: Shenandoah: add test to verify GC mode
unlock
+ [backport] 8242273: Shenandoah: accept either SATB or IU
barriers, but not both
+ [backport] 8242301: Shenandoah: Inline LRB runtime call
+ [backport] 8242316: Shenandoah: Turn NULL-check into assert
in SATB slow-path entry
+ [backport] 8242353: Shenandoah: micro-optimize region
liveness handling
+ [backport] 8242365: Shenandoah: use uint16_t instead of
jushort for liveness cache
+ [backport] 8242375: Shenandoah: Remove
ShenandoahHeuristic::record_gc_start/end methods
+ [backport] 8242641: Shenandoah: clear live data and update
TAMS optimistically
+ [backport] 8243238: Shenandoah: explicit GC request should
wait for a complete GC cycle
+ [backport] 8243301: Shenandoah: ditch
ShenandoahAllowMixedAllocs
+ [backport] 8243307: Shenandoah: remove
ShCollectionSet::live_data
+ [backport] 8243395: Shenandoah: demote guarantee in
ShenandoahPhaseTimings::record_workers_end
+ [backport] 8243463: Shenandoah: ditch total_pause counters
+ [backport] 8243464: Shenandoah: print statistic counters in
time order
+ [backport] 8243465: Shenandoah: ditch unused pause_other,
conc_other counters
+ [backport] 8243487: Shenandoah: make _num_phases illegal
phase type
+ [backport] 8243494: Shenandoah: set counters once per cycle
+ [backport] 8243573: Shenandoah: rename GCParPhases and
related code
+ [backport] 8243848: Shenandoah: Windows build fails after
JDK-8239786
+ [backport] 8244180: Shenandoah: carry Phase to
ShWorkerTimingsTracker explicitly
+ [backport] 8244200: Shenandoah: build breakages after
JDK-8241743
+ [backport] 8244226: Shenandoah: per-cycle statistics contain
worker data from previous cycles
+ [backport] 8244326: Shenandoah: global statistics should not
accept bogus samples
+ [backport] 8244509: Shenandoah: refactor
ShenandoahBarrierC2Support::test_* methods
+ [backport] 8244551: Shenandoah: Fix racy update of
update_watermark
+ [backport] 8244667: Shenandoah: SBC2Support::test_gc_state
takes loop for wrong control
+ [backport] 8244730: Shenandoah: gc/shenandoah/options/
/TestHeuristicsUnlock.java should only verify the heuristics
+ [backport] 8244732: Shenandoah: move heuristics code to
gc/shenandoah/heuristics
+ [backport] 8244737: Shenandoah: move mode code to
gc/shenandoah/mode
+ [backport] 8244739: Shenandoah: break superclass dependency
on ShenandoahNormalMode
+ [backport] 8244740: Shenandoah: rename ShenandoahNormalMode
to ShenandoahSATBMode
+ [backport] 8245461: Shenandoah: refine mode name()-s
+ [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings
constructor arguments
+ [backport] 8245464: Shenandoah: allocate collection set
bitmap at lower addresses
+ [backport] 8245465: Shenandoah: test_in_cset can use more
efficient encoding
+ [backport] 8245726: Shenandoah: lift/cleanup
ShenandoahHeuristics names and properties
+ [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch
+ [backport] 8245757: Shenandoah: AlwaysPreTouch should not
disable heap resizing or uncommits
+ [backport] 8245773: Shenandoah: Windows assertion failure
after JDK-8245464
+ [backport] 8245812: Shenandoah: compute root phase parallelism
+ [backport] 8245814: Shenandoah: reconsider format specifiers
for stats
+ [backport] 8245825: Shenandoah: Remove diagnostic flag
ShenandoahConcurrentScanCodeRoots
+ [backport] 8246162: Shenandoah: full GC does not mark code
roots when class unloading is off
+ [backport] 8247310: Shenandoah: pacer should not affect
interrupt status
+ [backport] 8247358: Shenandoah: reconsider free budget slice
for marking
+ [backport] 8247367: Shenandoah: pacer should wait on lock
instead of exponential backoff
+ [backport] 8247474: Shenandoah: Windows build warning after
JDK-8247310
+ [backport] 8247560: Shenandoah: heap iteration holds root
locks all the time
+ [backport] 8247593: Shenandoah: should not block pacing
reporters
+ [backport] 8247751: Shenandoah: options tests should run with
smaller heaps
+ [backport] 8247754: Shenandoah: mxbeans tests can be shorter
+ [backport] 8247757: Shenandoah: split heavy tests by
heuristics to improve parallelism
+ [backport] 8247860: Shenandoah: add update watermark line in
rich assert failure message
+ [backport] 8248041: Shenandoah: pre-Full GC root updates may
miss some roots
+ [backport] 8248652: Shenandoah: SATB buffer handling may
assume no forwarded objects
+ [backport] 8249560: Shenandoah: Fix racy GC request handling
+ [backport] 8249649: Shenandoah: provide per-cycle pacing stats
+ [backport] 8249801: Shenandoah: Clear soft-refs on requested
GC cycle
+ [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests
should account for corner cases
+ Fix slowdebug build after JDK-8230853 backport
+ JDK-8252096: Shenandoah: adjust SerialPageShiftCount for
x86_32 and JFR
+ JDK-8252366: Shenandoah: revert/cleanup changes in
graphKit.cpp
+ Shenandoah: add JFR roots to root processor after JFR
integration
+ Shenandoah: add root statistics for string dedup table/queues
+ Shenandoah: enable low-frequency STW class unloading
+ Shenandoah: fix build failures after JDK-8244737 backport
+ Shenandoah: Fix build failure with +JFR -PCH
+ Shenandoah: fix forceful pacer claim
+ Shenandoah: fix formats in
ShenandoahStringSymbolTableUnlinkTask
+ Shenandoah: fix runtime linking failure due to non-compiled
shenandoahBarrierSetC1
+ Shenandoah: hook statistics printing to PrintGCDetails, not
PrintGC
+ Shenandoah: JNI weak roots are always cleared before Full GC
mark
+ Shenandoah: missing SystemDictionary roots in
ShenandoahHeapIterationRootScanner
+ Shenandoah: move barrier sets to their proper locations
+ Shenandoah: move parallelCleaning.* to shenandoah/
+ Shenandoah: pacer should use proper Atomics for intptr_t
+ Shenandoah: properly deallocates class loader metadata
+ Shenandoah: specialize String Table scans for better pause
performance
+ Shenandoah: Zero build fails after recent Atomic cleanup in
Pacer
* AArch64 port
+ JDK-8161072, PR3797: AArch64: jtreg
compiler/uncommontrap/TestDeoptOOM failure
+ JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java
generates guarantee failure in C1
+ JDK-8183925, PR3797: [AArch64] Decouple crash protection from
watcher thread
+ JDK-8199712, PR3797: [AArch64] Flight Recorder
+ JDK-8203481, PR3797: Incorrect constraint for unextended_sp
in frame:safe_for_sender
+ JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall
fails with SIGILL on aarch64
+ JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command
+ JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java
fails on AArch64
+ JDK-8216989, PR3797:
CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier()
does not check for zero length on AARCH64
+ JDK-8217368, PR3797: AArch64: C2 recursive stack locking
optimisation not triggered
+ JDK-8221658, PR3797: aarch64: add necessary predicate for
ubfx patterns
+ JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a
BufferBlob
+ JDK-8246482, PR3797: Build failures with +JFR -PCH
+ JDK-8247979, PR3797: aarch64: missing side effect of killing
flags for clearArray_reg_reg
+ JDK-8248219, PR3797: aarch64: missing memory barrier in
fast_storefield and fast_accessfield
- Ignore whitespaces after the header or footer in PEM X.509 cert
(bsc#1171352)
ImportantSUSE bug 1171352SUSE bug 1174157SUSE bug 1177943CVE-2020-14556 at SUSECVE-2020-14556 at NVDCVE-2020-14577 at SUSECVE-2020-14577 at NVDCVE-2020-14578 at SUSECVE-2020-14578 at NVDCVE-2020-14579 at SUSECVE-2020-14579 at NVDCVE-2020-14581 at SUSECVE-2020-14581 at NVDCVE-2020-14583 at SUSECVE-2020-14583 at NVDCVE-2020-14593 at SUSECVE-2020-14593 at NVDCVE-2020-14621 at SUSECVE-2020-14621 at NVDCVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for u-boot (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for u-boot fixes the following issues:
Fix CVE-2019-13106 (bsc#1144656), CVE-2019-13104 (bsc#1144675),
CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)
ImportantSUSE bug 1134157SUSE bug 1134853SUSE bug 1143463SUSE bug 1143777SUSE bug 1143817SUSE bug 1143818SUSE bug 1143819SUSE bug 1143820SUSE bug 1143821SUSE bug 1143823SUSE bug 1143824SUSE bug 1143825SUSE bug 1143827SUSE bug 1143828SUSE bug 1143830SUSE bug 1143831SUSE bug 1144656SUSE bug 1144675SUSE bug 1162198SUSE bug 1167209CVE-2019-11059 at SUSECVE-2019-11059 at NVDCVE-2019-11690 at SUSECVE-2019-11690 at NVDCVE-2019-13103 at SUSECVE-2019-13103 at NVDCVE-2019-13104 at SUSECVE-2019-13104 at NVDCVE-2019-13106 at SUSECVE-2019-13106 at NVDCVE-2019-14192 at SUSECVE-2019-14192 at NVDCVE-2019-14193 at SUSECVE-2019-14193 at NVDCVE-2019-14194 at SUSECVE-2019-14194 at NVDCVE-2019-14195 at SUSECVE-2019-14195 at NVDCVE-2019-14196 at SUSECVE-2019-14196 at NVDCVE-2019-14197 at SUSECVE-2019-14197 at NVDCVE-2019-14198 at SUSECVE-2019-14198 at NVDCVE-2019-14199 at SUSECVE-2019-14199 at NVDCVE-2019-14200 at SUSECVE-2019-14200 at NVDCVE-2019-14201 at SUSECVE-2019-14201 at NVDCVE-2019-14202 at SUSECVE-2019-14202 at NVDCVE-2019-14203 at SUSECVE-2019-14203 at NVDCVE-2019-14204 at SUSECVE-2019-14204 at NVDCVE-2020-10648 at SUSECVE-2020-10648 at NVDCVE-2020-8432 at SUSECVE-2020-8432 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gcc10 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gcc10 fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
ModerateSUSE bug 1172798SUSE bug 1172846SUSE bug 1173972SUSE bug 1174753SUSE bug 1174817SUSE bug 1175168CVE-2020-13844 at SUSECVE-2020-13844 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode updated to 20201027 prerelease
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
# New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
# Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173594CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943)
* Security fixes
+ JDK-8233624: Enhance JNI linkage
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8240124: Better VM Interning
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 7 u281 build 1
+ JDK-8145096: Undefined behaviour in HotSpot
+ JDK-8215265: C2: range check elimination may allow illegal
out of bound access
* Backports
+ JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool)
ImportantSUSE bug 1177943CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
ImportantSUSE bug 1178387CVE-2020-25692 at SUSECVE-2020-25692 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.4.1 ESR
* Fixed: Security fix
MFSA 2020-49 (bsc#1178588)
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted
for
ImportantSUSE bug 1178588CVE-2020-26950 at SUSECVE-2020-26950 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update changes the internal packaging for postgresql, and so contains
all currently maintained postgresql versions across our SUSE Linux Enterprise 12
products.
* postgresql12 is shipped new in version 12.3 (bsc#1171924).
The server and client packages only on SUSE Linux Enterprise Server 12 SP5,
the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/12/release-12-3.html
* postgresql10 is updated to 10.13 (bsc#1171924).
On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5.
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/10/release-10-13.html
* postgresql96 is updated to 9.6.18 (bsc#1171924):
+ https://www.postgresql.org/about/news/2038/
+ https://www.postgresql.org/docs/9.6/release-9-6-18.html
On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only.
* postgresql 9.4 is updated to 9.4.26:
+ https://www.postgresql.org/about/news/2011/
+ https://www.postgresql.org/docs/9.4/release-9-4-26.html
+ https://www.postgresql.org/about/news/1994/
+ https://www.postgresql.org/docs/9.4/release-9-4-25.html
ModerateSUSE bug 1171924cpe:/o:suse:sles-ltss:12:sp4Security update for raptor (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for raptor fixes the following issues:
- Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926).
- Update raptor to version 2.0.15
* Made several fixes to Turtle / N-Triples family of parsers and serializers
* Added utility functions for re-entrant sorting of objects and sequences.
* Made other fixes and improvements including fixing reported issues:
0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584.
ImportantSUSE bug 1178593CVE-2017-18926 at SUSECVE-2017-18926 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for kernel-firmware (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for kernel-firmware fixes the following issue:
- CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671).
ImportantSUSE bug 1178671CVE-2020-12321 at SUSECVE-2020-12321 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for krb5 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for krb5 fixes the following security issue:
- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
ModerateSUSE bug 1178512CVE-2020-28196 at SUSECVE-2020-28196 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).
Non-security issue fixed:
- Adjusted help for --max_iters, default is 5 (bsc#1177950).
ImportantSUSE bug 1177950SUSE bug 1178591CVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql10 fixes the following issues:
Upgrade to version 10.15:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/10/release-10-15.html
Update to 10.14:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/10/release-10-14.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb and mariadb-connector-c fixes the following issues:
- Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the
following security vulnerabilities:
CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180
- Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]
ModerateSUSE bug 1172399SUSE bug 1175596SUSE bug 1177472SUSE bug 1178428CVE-2020-14765 at SUSECVE-2020-14765 at NVDCVE-2020-14776 at SUSECVE-2020-14776 at NVDCVE-2020-14789 at SUSECVE-2020-14789 at NVDCVE-2020-14812 at SUSECVE-2020-14812 at NVDCVE-2020-15180 at SUSECVE-2020-15180 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)
- Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.
- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)
- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)
- CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)
- Release notes:
- Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).
- Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).
- Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3
| LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology
| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile
| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10
| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile
| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2
| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5
| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile
| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile
| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile
ModerateSUSE bug 1170446SUSE bug 1173592SUSE bug 1173594SUSE bug 1178971CVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bluez fixes the following issues:
- CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751).
ImportantSUSE bug 1166751CVE-2020-0556 at SUSECVE-2020-0556 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes.
The following security bugs were fixed:
- CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
- CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
- CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).
- CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).
- CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011).
- CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206).
- CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
- CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
- CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
- CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
- CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
- CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
- CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).
The following non-security bugs were fixed:
- btrfs: remove root usage from can_overcommit (bsc#1131277).
- hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816).
- hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306).
- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.
- livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability.
- NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
- NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).
- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).
- scsi: qla2xxx: Do not consume srb greedily (bsc#1173233).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233).
- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).
ImportantSUSE bug 1051510SUSE bug 1058115SUSE bug 1065600SUSE bug 1131277SUSE bug 1160947SUSE bug 1163524SUSE bug 1166965SUSE bug 1168468SUSE bug 1170139SUSE bug 1170232SUSE bug 1170415SUSE bug 1171417SUSE bug 1171675SUSE bug 1172073SUSE bug 1172366SUSE bug 1173115SUSE bug 1173233SUSE bug 1175228SUSE bug 1175306SUSE bug 1175721SUSE bug 1175882SUSE bug 1176011SUSE bug 1176235SUSE bug 1176278SUSE bug 1176381SUSE bug 1176423SUSE bug 1176482SUSE bug 1176485SUSE bug 1176698SUSE bug 1176721SUSE bug 1176722SUSE bug 1176723SUSE bug 1176725SUSE bug 1176732SUSE bug 1176869SUSE bug 1176907SUSE bug 1176922SUSE bug 1176935SUSE bug 1176950SUSE bug 1176990SUSE bug 1177027SUSE bug 1177086SUSE bug 1177121SUSE bug 1177206SUSE bug 1177340SUSE bug 1177410SUSE bug 1177411SUSE bug 1177470SUSE bug 1177511SUSE bug 1177724SUSE bug 1177725SUSE bug 1177766SUSE bug 1177816SUSE bug 1178123SUSE bug 1178330SUSE bug 1178393SUSE bug 1178669SUSE bug 1178765SUSE bug 1178782SUSE bug 1178838CVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0430 at SUSECVE-2020-0430 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14381 at SUSECVE-2020-14381 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
ImportantSUSE bug 1178824CVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2020-16012 at SUSECVE-2020-16012 at NVDCVE-2020-26951 at SUSECVE-2020-26951 at NVDCVE-2020-26953 at SUSECVE-2020-26953 at NVDCVE-2020-26956 at SUSECVE-2020-26956 at NVDCVE-2020-26958 at SUSECVE-2020-26958 at NVDCVE-2020-26959 at SUSECVE-2020-26959 at NVDCVE-2020-26960 at SUSECVE-2020-26960 at NVDCVE-2020-26961 at SUSECVE-2020-26961 at NVDCVE-2020-26965 at SUSECVE-2020-26965 at NVDCVE-2020-26966 at SUSECVE-2020-26966 at NVDCVE-2020-26968 at SUSECVE-2020-26968 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for LibVNCServer (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for LibVNCServer fixes the following issues:
- CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
ImportantSUSE bug 1178682CVE-2020-25708 at SUSECVE-2020-25708 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596).
- CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908).
ImportantSUSE bug 1174908SUSE bug 1177596CVE-2020-14360 at SUSECVE-2020-14360 at NVDCVE-2020-25712 at SUSECVE-2020-25712 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-setuptools (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-setuptools fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gdm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gdm fixes the following issues:
- CVE-2020-16125: Fixed a privilege escalation (bsc#1178150).
ImportantSUSE bug 1178150CVE-2020-16125 at SUSECVE-2020-16125 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-cryptography (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-cryptography fixes the following issues:
- CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).
ModerateSUSE bug 1178168CVE-2020-25659 at SUSECVE-2020-25659 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql12 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql12 fixes the following issues:
Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
The previous postgresql12 update already addressed:
Update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
ImportantSUSE bug 1175193SUSE bug 1175194SUSE bug 1178666SUSE bug 1178667SUSE bug 1178668CVE-2020-14349 at SUSECVE-2020-14349 at NVDCVE-2020-14350 at SUSECVE-2020-14350 at NVDCVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mutt (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mutt fixes the following issues:
- Find and display the content of messages properly. (bsc#1179461)
- CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113)
ImportantSUSE bug 1179035SUSE bug 1179113SUSE bug 1179461CVE-2020-28896 at SUSECVE-2020-28896 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
ImportantSUSE bug 1177409SUSE bug 1177412SUSE bug 1177413SUSE bug 1177414SUSE bug 1178591SUSE bug 1178963CVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
ImportantSUSE bug 1179491CVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)
ImportantSUSE bug 1176262CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssh (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssh fixes the following issues:
- CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513).
- Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684).
- Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566).
ModerateSUSE bug 1148566SUSE bug 1161684SUSE bug 1173513CVE-2020-14145 at SUSECVE-2020-14145 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2020-55 (bsc#1180039)
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
CriticalSUSE bug 1180039CVE-2020-16042 at SUSECVE-2020-16042 at NVDCVE-2020-26971 at SUSECVE-2020-26971 at NVDCVE-2020-26973 at SUSECVE-2020-26973 at NVDCVE-2020-26974 at SUSECVE-2020-26974 at NVDCVE-2020-26978 at SUSECVE-2020-26978 at NVDCVE-2020-35111 at SUSECVE-2020-35111 at NVDCVE-2020-35112 at SUSECVE-2020-35112 at NVDCVE-2020-35113 at SUSECVE-2020-35113 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115).
- CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322).
- CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325).
- CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324).
- CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348).
- CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358).
- CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359).
- CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477).
- Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782).
- Multiple other bugs (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1176782SUSE bug 1179477SUSE bug 1179496SUSE bug 1179498SUSE bug 1179501SUSE bug 1179502SUSE bug 1179506SUSE bug 1179514SUSE bug 1179516CVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for clamav fixes the following issues:
clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.
* clamd can now reload the signature database without blocking
scanning. This multi-threaded database reload improvement was made
possible thanks to a community effort.
- Non-blocking database reloads are now the default behavior. Some
systems that are more constrained on RAM may need to disable
non-blocking reloads as it will temporarily consume two times as
much memory. We added a new clamd config option
ConcurrentDatabaseReload, which may be set to no.
* Fix clamav-milter.service (requires clamd.service to run)
* bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
* Partial sync with SLE15.
Update to version 0.102.4
Accumulated security fixes:
* CVE-2020-3350: Fix a vulnerability wherein a malicious user could
replace a scan target's directory with a symlink to another path
to trick clamscan, clamdscan, or clamonacc into removing or moving
a different file (eg. a critical system file). The issue would
affect users that use the --move or --remove options for clamscan,
clamdscan, and clamonacc. (bsc#1174255)
* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
module in ClamAV 0.102.3 that could cause a Denial-of-Service
(DoS) condition. Improper bounds checking results in an
out-of-bounds read which could cause a crash. The previous fix for
this CVE in 0.102.3 was incomplete. This fix correctly resolves
the issue.
* CVE-2020-3481: Fix a vulnerability in the EGG archive module in
ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)
condition. Improper error handling may result in a crash due to a
NULL pointer dereference. This vulnerability is mitigated for
those using the official ClamAV signature databases because the
file type signatures in daily.cvd will not enable the EGG archive
parser in versions affected by the vulnerability. (bsc#1174250)
* CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
condition. Improper size checking of a buffer used to initialize AES
decryption routines results in an out-of-bounds read which may cause
a crash. (bsc#1171981)
* CVE-2020-3123: A denial-of-service (DoS) condition may occur when
using the optional credit card data-loss-prevention (DLP) feature.
Improper bounds checking of an unsigned variable resulted in an
out-of-bounds read, which causes a crash.
* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may
occur when scanning a specially crafted email file as a result
of excessively long scan times. The issue is resolved by
implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. (bsc#1157763).
* CVE-2019-12900: An out of bounds write in the NSIS bzip2
(bsc#1149458)
* CVE-2019-12625: Introduce a configurable time limit to mitigate
zip bomb vulnerability completely. Default is 2 minutes,
configurable useing the clamscan --max-scantime and for clamd
using the MaxScanTime config option (bsc#1144504)
Update to version 0.101.3:
* ZIP bomb causes extreme CPU spikes (bsc#1144504)
Update to version 0.101.2 (bsc#1118459):
* Support for RAR v5 archive extraction.
* Incompatible changes to the arguments of cl_scandesc,
cl_scandesc_callback, and cl_scanmap_callback.
* Scanning options have been converted from a single flag
bit-field into a structure of multiple categorized flag
bit-fields.
* The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by
2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and
CL_SCAN_HEURISTIC_ENCRYPTED_DOC
* Incompatible clamd.conf and command line interface changes.
* Heuristic Alerts' (aka 'Algorithmic Detection') options have
been changed to make the names more consistent. The original
options are deprecated in 0.101, and will be removed in a
future feature release.
* For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html ImportantSUSE bug 1118459SUSE bug 1119353SUSE bug 1144504SUSE bug 1149458SUSE bug 1157763SUSE bug 1171981SUSE bug 1174250SUSE bug 1174255CVE-2019-12900 at SUSECVE-2019-12900 at NVDCVE-2019-15961 at SUSECVE-2019-15961 at NVDCVE-2020-3123 at SUSECVE-2020-3123 at NVDCVE-2020-3327 at SUSECVE-2020-3327 at NVDCVE-2020-3341 at SUSECVE-2020-3341 at NVDCVE-2020-3350 at SUSECVE-2020-3350 at NVDCVE-2020-3481 at SUSECVE-2020-3481 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cyrus-sasl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cyrus-sasl fixes the following issues:
- CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635).
ImportantSUSE bug 1159635CVE-2019-19906 at SUSECVE-2019-19906 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libzypp (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
ModerateSUSE bug 1158763CVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for fwupdate (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for fwupdate fixes the following issues:
- Add SBAT section to EFI images (bsc#1182057)
ImportantSUSE bug 1182057cpe:/o:suse:sles-ltss:12:sp4Security update for spamassassin (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for spamassassin fixes the following issues:
- spamassassin was updated to version 3.4.5
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
ImportantSUSE bug 1159133SUSE bug 1184221CVE-2019-12420 at SUSECVE-2019-12420 at NVDCVE-2020-1946 at SUSECVE-2020-1946 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glibc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for glibc fixes the following issues:
- CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386)
- CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694)
- CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721)
- Check vector support in memmove ifunc-selector (bsc#1184034)
ImportantSUSE bug 1178386SUSE bug 1179694SUSE bug 1179721SUSE bug 1184034CVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128)
ImportantSUSE bug 1180128CVE-2021-3472 at SUSECVE-2021-3472 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for clamav fixes the following issues:
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533)
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)
- Fix errors when scanning files > 4G (bsc#1181256)
- Update clamav.keyring
- Update to 0.103.2
ImportantSUSE bug 1181256SUSE bug 1184532SUSE bug 1184533SUSE bug 1184534CVE-2021-1252 at SUSECVE-2021-1252 at NVDCVE-2021-1404 at SUSECVE-2021-1404 at NVDCVE-2021-1405 at SUSECVE-2021-1405 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for qemu fixes the following issues:
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386)
- Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478)
- Fix qemu-testsuite failure
- Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933)
- Fix slowness in arm32 emulation (bsc#1112499)
ImportantSUSE bug 1112499SUSE bug 1119115SUSE bug 1172383SUSE bug 1172384SUSE bug 1172385SUSE bug 1172386SUSE bug 1172478SUSE bug 1173612SUSE bug 1174386SUSE bug 1174641SUSE bug 1175441SUSE bug 1176673SUSE bug 1176682SUSE bug 1176684SUSE bug 1178174SUSE bug 1178934SUSE bug 1179466SUSE bug 1179467SUSE bug 1179468SUSE bug 1180523SUSE bug 1181108SUSE bug 1181639SUSE bug 1181933SUSE bug 1182137SUSE bug 1182425SUSE bug 1182577SUSE bug 1182968CVE-2020-11947 at SUSECVE-2020-11947 at NVDCVE-2020-12829 at SUSECVE-2020-12829 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13765 at SUSECVE-2020-13765 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15469 at SUSECVE-2020-15469 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-25084 at SUSECVE-2020-25084 at NVDCVE-2020-25624 at SUSECVE-2020-25624 at NVDCVE-2020-25625 at SUSECVE-2020-25625 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27617 at SUSECVE-2020-27617 at NVDCVE-2020-28916 at SUSECVE-2020-28916 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29443 at SUSECVE-2020-29443 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431)
- CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846)
ImportantSUSE bug 1178591SUSE bug 1182431SUSE bug 1182846CVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-27379 at SUSECVE-2021-27379 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sudo fixes the following issues:
- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)
ImportantSUSE bug 1183936CVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.10.0 ESR (bsc#1184960)
* CVE-2021-23994: Out of bound write due to lazy initialization
* CVE-2021-23995: Use-after-free in Responsive Design Mode
* CVE-2021-23998: Secure Lock icon could have been spoofed
* CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
* CVE-2021-23999: Blob URLs may have been granted additional privileges
* CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
* CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
* CVE-2021-29946: Port blocking could be bypassed
ImportantSUSE bug 1184960CVE-2021-23961 at SUSECVE-2021-23961 at NVDCVE-2021-23994 at SUSECVE-2021-23994 at NVDCVE-2021-23995 at SUSECVE-2021-23995 at NVDCVE-2021-23998 at SUSECVE-2021-23998 at NVDCVE-2021-23999 at SUSECVE-2021-23999 at NVDCVE-2021-24002 at SUSECVE-2021-24002 at NVDCVE-2021-29945 at SUSECVE-2021-29945 at NVDCVE-2021-29946 at SUSECVE-2021-29946 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libnettle (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835).
ImportantSUSE bug 1183835SUSE bug 1184401CVE-2021-20305 at SUSECVE-2021-20305 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gdm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gdm fixes the following issues:
- Avoid the signal SIGTRAP when gdm exits (bsc#1184456).
ImportantSUSE bug 1184456cpe:/o:suse:sles-ltss:12:sp4Security update for permissions (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for permissions fixes the following issues:
- Update to version 20170707:
* make btmp root:utmp (bsc#1050467, bsc#1182899)
ImportantSUSE bug 1050467SUSE bug 1182899cpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters
* Import of OpenJDK 7 u291 build 1
+ JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
+ JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
+ JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
ModerateSUSE bug 1181239cpe:/o:suse:sles-ltss:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cups fixes the following issues:
- CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)
ImportantSUSE bug 1184161CVE-2021-25317 at SUSECVE-2021-25317 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bind fixes the following issues:
- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495).
ImportantSUSE bug 1181495SUSE bug 1185345CVE-2021-25214 at SUSECVE-2021-25214 at NVDCVE-2021-25215 at SUSECVE-2021-25215 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).
ImportantSUSE bug 1178469SUSE bug 1179156SUSE bug 1184677CVE-2021-20254 at SUSECVE-2021-20254 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for avahi (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for avahi fixes the following issues:
- CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521).
ImportantSUSE bug 1184521CVE-2021-3468 at SUSECVE-2021-3468 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).
- CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).
- CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).
- CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).
- CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
- CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).
- CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).
- CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).
- CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
- CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
- CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
- CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
- CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
- CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).
- CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).
- CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).
- CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
- CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
- CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198).
- CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).
- CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).
- CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).
- CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
- CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).
- CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).
- CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
- CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
- CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).
- CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
- CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).
- CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).
The following non-security bugs were fixed:
- Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194).
- dm: fix redundant IO accounting for bios that need splitting (bsc#1183738).
- ext4: check journal inode extents more carefully (bsc#1173485).
- ext4: do not allow overlapping system zones (bsc#1173485).
- ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
- handle also the opposite type of race condition
- hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032).
- hv_netvsc: remove ndo_poll_controller (bsc#1185248).
- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
- ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: enhance resetting status check during module exit (bsc#1065729).
- ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
ImportantSUSE bug 1040855SUSE bug 1044767SUSE bug 1047233SUSE bug 1065729SUSE bug 1094840SUSE bug 1152457SUSE bug 1171078SUSE bug 1173485SUSE bug 1175873SUSE bug 1176700SUSE bug 1176720SUSE bug 1176855SUSE bug 1177411SUSE bug 1177753SUSE bug 1178181SUSE bug 1179454SUSE bug 1181032SUSE bug 1181960SUSE bug 1182194SUSE bug 1182672SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1183022SUSE bug 1183063SUSE bug 1183069SUSE bug 1183509SUSE bug 1183593SUSE bug 1183646SUSE bug 1183686SUSE bug 1183696SUSE bug 1183738SUSE bug 1183775SUSE bug 1184120SUSE bug 1184167SUSE bug 1184168SUSE bug 1184170SUSE bug 1184192SUSE bug 1184193SUSE bug 1184194SUSE bug 1184196SUSE bug 1184198SUSE bug 1184208SUSE bug 1184211SUSE bug 1184388SUSE bug 1184391SUSE bug 1184393SUSE bug 1184397SUSE bug 1184509SUSE bug 1184511SUSE bug 1184512SUSE bug 1184514SUSE bug 1184583SUSE bug 1184650SUSE bug 1184942SUSE bug 1185113SUSE bug 1185244SUSE bug 1185248CVE-2020-0433 at SUSECVE-2020-0433 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2021-20219 at SUSECVE-2021-20219 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
Security issues fixed:
- CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009)
Other fixes:
- Make sure to close the 'import_failed.map' file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block
ImportantCVE-2020-27619 at SUSECVE-2020-27619 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for djvulibre (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
- CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
- CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
ImportantSUSE bug 1185900SUSE bug 1185904SUSE bug 1185905CVE-2019-18804 at SUSECVE-2019-18804 at NVDCVE-2021-32491 at SUSECVE-2021-32491 at NVDCVE-2021-32492 at SUSECVE-2021-32492 at NVDCVE-2021-32493 at SUSECVE-2021-32493 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for graphviz (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for graphviz fixes the following issues:
- CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833).
CriticalSUSE bug 1185833CVE-2020-18032 at SUSECVE-2020-18032 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
Security issue fixed:
- CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104)
- Make sure xencommons is in a format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
- A recent systemd update caused a regression in xenstored.service
systemd now fails to track units that use systemd-notify (bsc#1183790)
- Added a delay between the call to systemd-notify and the final exit
of the wrapper script (bsc#1185021, bsc#1185196)
ImportantSUSE bug 1183790SUSE bug 1185021SUSE bug 1185104SUSE bug 1185196SUSE bug 1185682CVE-2021-28689 at SUSECVE-2021-28689 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libxml2 fixes the following issues:
Security issues fixed:
CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
ImportantSUSE bug 1185408SUSE bug 1185409SUSE bug 1185410SUSE bug 1185698CVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dnsmasq (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dnsmasq fixes the following issues:
- bsc#1177077: Fixed DNSpooq vulnerabilities
- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:
Fixed multiple Cache Poisoning attacks.
- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:
Fixed multiple potential Heap-based overflows when DNSSEC is
enabled.
- Retry query to other servers on receipt of SERVFAIL rcode
(bsc#1176076)
ImportantSUSE bug 1176076SUSE bug 1177077CVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for flac (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for flac fixes the following issues:
- CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099).
ModerateSUSE bug 1180099CVE-2020-0499 at SUSECVE-2020-0499 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for curl (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for curl fixes the following issues:
- CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114)
- CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933)
- CVE-2020-8286: Inferior OCSP verification (bsc#1179593)
- CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399)
- CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398)
- CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109)
- Fix: SFTP uploads result in empty uploaded files (bsc#1177976)
ModerateSUSE bug 1175109SUSE bug 1177976SUSE bug 1179398SUSE bug 1179399SUSE bug 1179593SUSE bug 1183933SUSE bug 1186114CVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dovecot22 fixes the following issues:
- CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405).
ImportantSUSE bug 1180405CVE-2020-24386 at SUSECVE-2020-24386 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for djvulibre (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for djvulibre fixes the following issues:
- CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253)
ImportantSUSE bug 1186253CVE-2021-3500 at SUSECVE-2021-3500 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dhcp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dhcp fixes the following issues:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382)
ImportantSUSE bug 1186382CVE-2021-25217 at SUSECVE-2021-25217 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libwebp (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
CriticalSUSE bug 1185652SUSE bug 1185654SUSE bug 1185673SUSE bug 1185674SUSE bug 1185685SUSE bug 1185686SUSE bug 1185690SUSE bug 1185691SUSE bug 1186247CVE-2018-25009 at SUSECVE-2018-25009 at NVDCVE-2018-25010 at SUSECVE-2018-25010 at NVDCVE-2018-25011 at SUSECVE-2018-25011 at NVDCVE-2018-25012 at SUSECVE-2018-25012 at NVDCVE-2018-25013 at SUSECVE-2018-25013 at NVDCVE-2020-36329 at SUSECVE-2020-36329 at NVDCVE-2020-36330 at SUSECVE-2020-36330 at NVDCVE-2020-36331 at SUSECVE-2020-36331 at NVDCVE-2020-36332 at SUSECVE-2020-36332 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for polkit (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for polkit fixes the following issues:
- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).
ImportantSUSE bug 1186497CVE-2021-3560 at SUSECVE-2021-3560 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gstreamer-plugins-bad (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255).
ImportantSUSE bug 1181255CVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.11.0 ESR (bsc#1186696)
* CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29967: Memory safety bugs fixed in Firefox
ImportantSUSE bug 1185633SUSE bug 1186696CVE-2021-29951 at SUSECVE-2021-29951 at NVDCVE-2021-29964 at SUSECVE-2021-29964 at NVDCVE-2021-29967 at SUSECVE-2021-29967 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724).
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- net/ethernet: Add parse_protocol header_ops support (bsc#1176081).
- net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081).
- net/mlx5e: Trust kernel regarding transport offset (bsc#1176081).
- net/packet: Ask driver for protocol if not provided by user (bsc#1176081).
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- net: Do not set transport offset to invalid value (bsc#1176081).
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
ImportantSUSE bug 1176081SUSE bug 1180846SUSE bug 1183947SUSE bug 1184611SUSE bug 1184675SUSE bug 1185642SUSE bug 1185677SUSE bug 1185680SUSE bug 1185724SUSE bug 1185859SUSE bug 1185860SUSE bug 1185862SUSE bug 1185863SUSE bug 1185898SUSE bug 1185899SUSE bug 1185901SUSE bug 1185938SUSE bug 1185950SUSE bug 1185987SUSE bug 1186060SUSE bug 1186061SUSE bug 1186062SUSE bug 1186111SUSE bug 1186285SUSE bug 1186390SUSE bug 1186484SUSE bug 1186498CVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2021-23133 at SUSECVE-2021-23133 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libX11 fixes the following issues:
- Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643)
ImportantSUSE bug 1186643CVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781
CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class Libraries:
- Z/OS specific C function send_file is changing the file pointer position
* Security:
- Add the new oracle signer certificate
- Certificate parsing error
- JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider
- Remove check for websphere signed jars
- sessionid.hashcode generates too many collisions
- The Java 8 IBM certpath provider does not honor the user
specified system property for CLR connect timeout
ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14782 at SUSECVE-2020-14782 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2-mod_auth_openidc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291).
ImportantSUSE bug 1186291CVE-2021-20718 at SUSECVE-2021-20718 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for spice (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for spice fixes the following issues:
- CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686)
ImportantSUSE bug 1181686CVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
ImportantSUSE bug 1179833SUSE bug 1179836SUSE bug 1179837SUSE bug 1179839CVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for caribou (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for caribou fixes the following issues:
Security issue fixed:
- CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617).
ImportantSUSE bug 1186617CVE-2021-3567 at SUSECVE-2021-3567 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for qemu fixes the following issues:
- Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382)
- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380)
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,
CVE-2021-3419, bsc#1182975)
ImportantSUSE bug 1149813SUSE bug 1163019SUSE bug 1172380SUSE bug 1172382SUSE bug 1175534SUSE bug 1178683SUSE bug 1178935SUSE bug 1179477SUSE bug 1179484SUSE bug 1182846SUSE bug 1182975CVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-13754 at SUSECVE-2020-13754 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for freeradius-server (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for freeradius-server fixes the following issues:
- Do not log passwords in logfiles (bsc#1184016)
ModerateSUSE bug 1184016cpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u292 (icedtea 3.19.0).
- CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).
ModerateSUSE bug 1185055CVE-2021-2163 at SUSECVE-2021-2163 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ImageMagick (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ImageMagick fixes the following issues:
- CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103).
- CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).
- CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).
- CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).
- CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).
- CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).
- CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
- CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260).
- CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).
- CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).
- CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).
- CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).
- CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).
- CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
- CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).
- CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).
- CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).
- CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).
- CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).
- CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).
- CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).
- CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).
- CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).
- CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
- CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).
- CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).
- CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).
- CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).
- CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).
- CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).
- CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).
- CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).
ImportantSUSE bug 1179103SUSE bug 1179202SUSE bug 1179208SUSE bug 1179212SUSE bug 1179223SUSE bug 1179240SUSE bug 1179244SUSE bug 1179260SUSE bug 1179268SUSE bug 1179269SUSE bug 1179278SUSE bug 1179281SUSE bug 1179285SUSE bug 1179311SUSE bug 1179312SUSE bug 1179313SUSE bug 1179315SUSE bug 1179317SUSE bug 1179321SUSE bug 1179322SUSE bug 1179327SUSE bug 1179333SUSE bug 1179336SUSE bug 1179338SUSE bug 1179339SUSE bug 1179343SUSE bug 1179345SUSE bug 1179346SUSE bug 1179347SUSE bug 1179361SUSE bug 1179362SUSE bug 1179397CVE-2020-19667 at SUSECVE-2020-19667 at NVDCVE-2020-25664 at SUSECVE-2020-25664 at NVDCVE-2020-25665 at SUSECVE-2020-25665 at NVDCVE-2020-25666 at SUSECVE-2020-25666 at NVDCVE-2020-25674 at SUSECVE-2020-25674 at NVDCVE-2020-25675 at SUSECVE-2020-25675 at NVDCVE-2020-25676 at SUSECVE-2020-25676 at NVDCVE-2020-27750 at SUSECVE-2020-27750 at NVDCVE-2020-27751 at SUSECVE-2020-27751 at NVDCVE-2020-27752 at SUSECVE-2020-27752 at NVDCVE-2020-27753 at SUSECVE-2020-27753 at NVDCVE-2020-27754 at SUSECVE-2020-27754 at NVDCVE-2020-27755 at SUSECVE-2020-27755 at NVDCVE-2020-27757 at SUSECVE-2020-27757 at NVDCVE-2020-27759 at SUSECVE-2020-27759 at NVDCVE-2020-27760 at SUSECVE-2020-27760 at NVDCVE-2020-27761 at SUSECVE-2020-27761 at NVDCVE-2020-27762 at SUSECVE-2020-27762 at NVDCVE-2020-27763 at SUSECVE-2020-27763 at NVDCVE-2020-27764 at SUSECVE-2020-27764 at NVDCVE-2020-27765 at SUSECVE-2020-27765 at NVDCVE-2020-27766 at SUSECVE-2020-27766 at NVDCVE-2020-27767 at SUSECVE-2020-27767 at NVDCVE-2020-27768 at SUSECVE-2020-27768 at NVDCVE-2020-27769 at SUSECVE-2020-27769 at NVDCVE-2020-27770 at SUSECVE-2020-27770 at NVDCVE-2020-27771 at SUSECVE-2020-27771 at NVDCVE-2020-27772 at SUSECVE-2020-27772 at NVDCVE-2020-27773 at SUSECVE-2020-27773 at NVDCVE-2020-27774 at SUSECVE-2020-27774 at NVDCVE-2020-27775 at SUSECVE-2020-27775 at NVDCVE-2020-27776 at SUSECVE-2020-27776 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.1:
+ Improve handling of Media Capture devices.
+ Improve WebAudio playback.
+ Improve video orientation handling.
+ Improve seeking support for MSE playback.
+ Improve flush support in EME decryptors.
+ Fix HTTP status codes for requests done through a custom URI handler.
+ Fix the Bubblewrap sandbox in certain 32-bit systems.
+ Fix inconsistencies between the WebKitWebView.is-muted property
state and values returned by
webkit_web_view_is_playing_audio().
+ Fix the build with ENABLE_VIDEO=OFF.
+ Fix wrong timestamps for long-lived cookies.
+ Fix UI process crash when failing to load favicons.
+ Fix several crashes and rendering issues.
- Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871,
CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799,
CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983,
CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951.
ImportantSUSE bug 1177087SUSE bug 1179122SUSE bug 1179451SUSE bug 1182286SUSE bug 1184155SUSE bug 1184262CVE-2020-13543 at SUSECVE-2020-13543 at NVDCVE-2020-13558 at SUSECVE-2020-13558 at NVDCVE-2020-13584 at SUSECVE-2020-13584 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9983 at SUSECVE-2020-9983 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1789 at SUSECVE-2021-1789 at NVDCVE-2021-1799 at SUSECVE-2021-1799 at NVDCVE-2021-1801 at SUSECVE-2021-1801 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1870 at SUSECVE-2021-1870 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
ImportantSUSE bug 1186922SUSE bug 1186923SUSE bug 1186924SUSE bug 1187017SUSE bug 1187174CVE-2020-35452 at SUSECVE-2020-35452 at NVDCVE-2021-26690 at SUSECVE-2021-26690 at NVDCVE-2021-26691 at SUSECVE-2021-26691 at NVDCVE-2021-30641 at SUSECVE-2021-30641 at NVDCVE-2021-31618 at SUSECVE-2021-31618 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xterm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xterm fixes the following issues:
- CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091)
ImportantSUSE bug 1182091CVE-2021-27135 at SUSECVE-2021-27135 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libnettle (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libnettle fixes the following issues:
- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).
ImportantSUSE bug 1187060CVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ovmf (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ovmf fixes the following issues:
- Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
ImportantSUSE bug 1186151cpe:/o:suse:sles-ltss:12:sp4Security update for libgcrypt (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
ImportantSUSE bug 1187212CVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openexr (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openexr fixes the following issues:
- Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer
- Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
- Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
ImportantSUSE bug 1184354SUSE bug 1187310SUSE bug 1187395CVE-2021-3479 at SUSECVE-2021-3479 at NVDCVE-2021-3598 at SUSECVE-2021-3598 at NVDCVE-2021-3605 at SUSECVE-2021-3605 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql, postgresql12, postgresql13 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql, postgresql12, postgresql13 fixes the following issues:
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
Changes in postgresql:
- Bump postgresql major version to 13.
Changes in postgresql12:
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix a DST problem in the test suite.
Changes in postgresql13:
- Add postgresql-icu68.patch: fix build with ICU 68
- %ghost the symlinks to pg_config and ecpg. (bsc#1178961)
- BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765)
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
- Fix a DST problem in the test suite.
ImportantSUSE bug 1178666SUSE bug 1178667SUSE bug 1178668SUSE bug 1178961SUSE bug 1179765CVE-2020-25694 at SUSECVE-2020-25694 at NVDCVE-2020-25695 at SUSECVE-2020-25695 at NVDCVE-2020-25696 at SUSECVE-2020-25696 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for arpwatch (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for arpwatch fixes the following issues:
- CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).
ImportantSUSE bug 1186240CVE-2021-25321 at SUSECVE-2021-25321 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libsolv (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libsolv fixes the following issues:
Security issues fixed:
- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)
Other issues fixed:
- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
ImportantSUSE bug 1161510SUSE bug 1186229CVE-2019-20387 at SUSECVE-2019-20387 at NVDCVE-2021-3200 at SUSECVE-2021-3200 at NVDcpe:/o:suse:sles-ltss:12:sp4Recommended update for the Azure and AWS SDKs (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for the SLE Public Cloud module provides the following fixes:
Azure SDK update:
This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit).
(bsc#1176784, jsc#ECO-3105)
AWS SDK update:
This update for the AWS SDK updates python-boto3 to version 1.17.9 and aws-cli to 1.19.9.
(bsc#1182421, jsc#ECO-3352)
Security fix for python-urllib3:
- Improve performance of sub-authority splitting in URL. (bsc#1187045, CVE-2021-33503)
ImportantSUSE bug 1125671SUSE bug 1154393SUSE bug 1175289SUSE bug 1176784SUSE bug 1176785SUSE bug 1182421SUSE bug 1187045CVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges
[bsc#1181090,CVE-2021-3156]
- It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
- A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685,
CVE-2021-23240]
- It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
ImportantSUSE bug 1180684SUSE bug 1180685SUSE bug 1180687SUSE bug 1181090CVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-29 (bsc#1188275)
* CVE-2021-29970: Use-after-free in accessibility features of a document
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
ImportantSUSE bug 1188275CVE-2021-29970 at SUSECVE-2021-29970 at NVDCVE-2021-29976 at SUSECVE-2021-29976 at NVDCVE-2021-30547 at SUSECVE-2021-30547 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414)
* CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements
* CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been
* CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC
* CVE-2021-23964: Fixed Memory safety bugs
ImportantSUSE bug 1181414CVE-2020-26976 at SUSECVE-2020-26976 at NVDCVE-2021-23953 at SUSECVE-2021-23953 at NVDCVE-2021-23954 at SUSECVE-2021-23954 at NVDCVE-2021-23960 at SUSECVE-2021-23960 at NVDCVE-2021-23964 at SUSECVE-2021-23964 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116).
- CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062).
- CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215).
- CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554).
- CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601).
- CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595).
- CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463).
- CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452).
- CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463).
- CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861).
- CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484).
The following non-security bugs were fixed:
- block: do not use blocking queue entered for recursive bio (bsc#1104967).
- s390/stack: fix possible register corruption with stack switch helper (git-fixes).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
ImportantSUSE bug 1104967SUSE bug 1174978SUSE bug 1179610SUSE bug 1185701SUSE bug 1185861SUSE bug 1186463SUSE bug 1186484SUSE bug 1187038SUSE bug 1187050SUSE bug 1187215SUSE bug 1187452SUSE bug 1187554SUSE bug 1187595SUSE bug 1187601SUSE bug 1187934SUSE bug 1188062SUSE bug 1188116CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063)
Other fixes:
- mount-util: shorten the loop a bit (#7545)
- mount-util: do not use the official MAX_HANDLE_SZ (#7523)
- mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
- mount-util: fix bad indenting
- mount-util: EOVERFLOW might have other causes than buffer size issues
- mount-util: fix error propagation in fd_fdinfo_mnt_id()
- mount-util: drop exponential buffer growing in name_to_handle_at_loop()
- udev: port udev_has_devtmpfs() to use path_get_mnt_id()
- mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
- mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
- mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
- basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- sysusers: use the usual comment style
- test/TEST-21-SYSUSERS: add tests for new functionality
- sysusers: allow admin/runtime overrides to command-line config
- basic/strv: add function to insert items at position
- sysusers: allow the shell to be specified
- sysusers: move various user credential validity checks to src/basic/
- man: reformat table in sysusers.d(5)
- sysusers: take configuration as positional arguments
- sysusers: emit a bit more info at debug level when locking fails
- sysusers: allow force reusing existing user/group IDs (#8037)
- sysusers: ensure GID in uid:gid syntax exists
- sysusers: make ADD_GROUP always create a group
- test: add TEST-21-SYSUSERS test
- sysuser: use OrderedHashmap
- sysusers: allow uid:gid in sysusers.conf files
- sysusers: fix memleak (#4430)
- These commits implement the option '--replace' for systemd-sysusers
so %sysusers_create_package can be introduced in SLE and packages
can rely on this rpm macro without wondering whether the macro is
available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- systemctl: add --value option
- execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
- rlimit-util: introduce setrlimit_closest_all()
- system-conf: drop reference to ShutdownWatchdogUsec=
- core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
- Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
- write_net_rules: set execute bits (bsc#1178561)
- udev: rework network device renaming
- Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available''
ImportantSUSE bug 1178561SUSE bug 1184761SUSE bug 1184967SUSE bug 1185046SUSE bug 1185331SUSE bug 1185807SUSE bug 1188063CVE-2021-33910 at SUSECVE-2021-33910 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for curl (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
ModerateSUSE bug 1188217SUSE bug 1188218SUSE bug 1188219SUSE bug 1188220CVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for linuxptp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for linuxptp fixes the following issues:
- CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)
ImportantSUSE bug 1187646CVE-2021-3570 at SUSECVE-2021-3570 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)
- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)
- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)
- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)
- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)
ImportantSUSE bug 1187364SUSE bug 1187365SUSE bug 1187366SUSE bug 1187367SUSE bug 1187529CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDCVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dbus-1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dbus-1 fixes the following issues:
- CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105)
- CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505)
ImportantSUSE bug 1172505SUSE bug 1187105CVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.32.3:
- CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697)
- CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697)
- CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697)
- CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697)
- CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697)
- CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697)
- CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
ImportantSUSE bug 1188697CVE-2021-21775 at SUSECVE-2021-21775 at NVDCVE-2021-21779 at SUSECVE-2021-21779 at NVDCVE-2021-30663 at SUSECVE-2021-30663 at NVDCVE-2021-30665 at SUSECVE-2021-30665 at NVDCVE-2021-30689 at SUSECVE-2021-30689 at NVDCVE-2021-30720 at SUSECVE-2021-30720 at NVDCVE-2021-30734 at SUSECVE-2021-30734 at NVDCVE-2021-30744 at SUSECVE-2021-30744 at NVDCVE-2021-30749 at SUSECVE-2021-30749 at NVDCVE-2021-30758 at SUSECVE-2021-30758 at NVDCVE-2021-30795 at SUSECVE-2021-30795 at NVDCVE-2021-30797 at SUSECVE-2021-30797 at NVDCVE-2021-30799 at SUSECVE-2021-30799 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libsndfile (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libsndfile fixes the following issues:
- CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167)
- CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993)
- CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540)
- CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954)
CriticalSUSE bug 1100167SUSE bug 1116993SUSE bug 1117954SUSE bug 1188540CVE-2018-13139 at SUSECVE-2018-13139 at NVDCVE-2018-19432 at SUSECVE-2018-19432 at NVDCVE-2018-19758 at SUSECVE-2018-19758 at NVDCVE-2021-3246 at SUSECVE-2021-3246 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for djvulibre (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for djvulibre fixes the following issues:
- CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869)
ImportantSUSE bug 1187869CVE-2021-3630 at SUSECVE-2021-3630 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb fixes the following issues:
- Update to 10.2.39 (bsc#1182739)
- CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870)
- CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872)
- CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868)
- CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770)
ImportantSUSE bug 1182739SUSE bug 1183770SUSE bug 1185868SUSE bug 1185870SUSE bug 1185872SUSE bug 1188300CVE-2021-2154 at SUSECVE-2021-2154 at NVDCVE-2021-2166 at SUSECVE-2021-2166 at NVDCVE-2021-2180 at SUSECVE-2021-2180 at NVDCVE-2021-27928 at SUSECVE-2021-27928 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cpio (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
ImportantSUSE bug 1189206CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libcares2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libcares2 fixes the following issues:
- CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881).
ImportantSUSE bug 1188881CVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891):
- CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
- CVE-2021-29988: Memory corruption as a result of incorrect style treatment
- CVE-2021-29984: Incorrect instruction reordering during JIT optimization
- CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
- CVE-2021-29985: Use-after-free media channels
- CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
ImportantSUSE bug 1188891CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for fetchmail (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for fetchmail fixes the following issues:
- CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875)
- Change PASSWORDLEN from 64 to 256 [bsc#1188034]
- Set the hostname for SNI when using TLS [bsc#1182807]
- Allow --syslog option in daemon mode. (bsc#1033081)
- Set the hostname for SNI when using TLS. (bsc#1182807)
- Change PASSWORDLEN from 64 to 256 (bsc#1188034)
ModerateSUSE bug 1033081SUSE bug 1182807SUSE bug 1188034SUSE bug 1188875CVE-2021-36386 at SUSECVE-2021-36386 at NVDcpe:/o:suse:sles-ltss:12:sp4Recommended update for cpio (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
CriticalSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u302 (icedtea 3.20.0)
- CVE-2021-2341: Improve file transfers. (bsc#1188564)
- CVE-2021-2369: Better jar file validation. (bsc#1188565)
- CVE-2021-2388: Enhance compiler validation. (bsc#1188566)
- CVE-2021-2161: Less ambiguous processing. (bsc#1185056)
ImportantSUSE bug 1185056SUSE bug 1188564SUSE bug 1188565SUSE bug 1188566CVE-2021-2161 at SUSECVE-2021-2161 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2388 at SUSECVE-2021-2388 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cpio (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cpio fixes the following issues:
- A patch previously applied to remedy CVE-2021-38185 introduced a regression
that had the potential to cause a segmentation fault in cpio. [bsc#1189465]
ImportantSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-PyYAML (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-PyYAML fixes the following issues:
- Update to 5.3.1.
- CVE-2020-14343: A vulnerability was discovered in the PyYAML library,
where it was susceptible to arbitrary code execution when it processes
untrusted YAML files through the full_load method or with the FullLoader
loader. Applications that use the library to process untrusted input
may be vulnerable to this flaw. This flaw allows an attacker to
execute arbitrary code on the system by abusing the python/object/new
constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
ImportantSUSE bug 1174514CVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code could
lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189520SUSE bug 1189521CVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for unrar (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
- CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
ModerateSUSE bug 1046882SUSE bug 1054038SUSE bug 1187974CVE-2012-6706 at SUSECVE-2012-6706 at NVDCVE-2017-12938 at SUSECVE-2017-12938 at NVDCVE-2017-12940 at SUSECVE-2017-12940 at NVDCVE-2017-12941 at SUSECVE-2017-12941 at NVDCVE-2017-12942 at SUSECVE-2017-12942 at NVDCVE-2017-20006 at SUSECVE-2017-20006 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for aspell (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for aspell fixes the following issues:
- CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576).
ImportantSUSE bug 1188576CVE-2019-25051 at SUSECVE-2019-25051 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openexr (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
ImportantSUSE bug 1188457SUSE bug 1188458SUSE bug 1188459SUSE bug 1188460SUSE bug 1188461SUSE bug 1188462CVE-2021-20298 at SUSECVE-2021-20298 at NVDCVE-2021-20299 at SUSECVE-2021-20299 at NVDCVE-2021-20300 at SUSECVE-2021-20300 at NVDCVE-2021-20302 at SUSECVE-2021-20302 at NVDCVE-2021-20303 at SUSECVE-2021-20303 at NVDCVE-2021-20304 at SUSECVE-2021-20304 at NVDCVE-2021-3476 at SUSECVE-2021-3476 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libesmtp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libesmtp fixes the following issues:
- CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).
ImportantSUSE bug 1160462SUSE bug 1189097CVE-2019-19977 at SUSECVE-2019-19977 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for file (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for file fixes the following issues:
- CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661).
ImportantSUSE bug 1154661CVE-2019-18218 at SUSECVE-2019-18218 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).
- CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376).
- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
- CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380).
- CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429)
- CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434)
- CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433)
- CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654)
- CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369).
- CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378).
- CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376).
- CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254).
- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
ImportantSUSE bug 1181254SUSE bug 1182654SUSE bug 1186429SUSE bug 1186433SUSE bug 1186434SUSE bug 1187369SUSE bug 1187376SUSE bug 1187378SUSE bug 1189373SUSE bug 1189376SUSE bug 1189378SUSE bug 1189380SUSE bug 1189882CVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-3308 at SUSECVE-2021-3308 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openvswitch (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openvswitch fixes the following issues:
- openvswitch was updated to 2.8.10
- CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345)
A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of
the openvswitch.rpm file in order to obtain a list of all changes.
ImportantSUSE bug 1117483SUSE bug 1181345CVE-2020-27827 at SUSECVE-2020-27827 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Low)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Low)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb fixes the following issues:
Update to version 10.2.40 [bsc#1189320]:
- fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389
ModerateSUSE bug 1182255SUSE bug 1189320CVE-2021-2372 at SUSECVE-2021-2372 at NVDCVE-2021-2389 at SUSECVE-2021-2389 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issue:
- CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602).
ModerateSUSE bug 1179602CVE-2020-17527 at SUSECVE-2020-17527 at NVDcpe:/o:suse:sles-ltss:12:sp4Recommended update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ModerateSUSE bug 1029961SUSE bug 1174697SUSE bug 1176206SUSE bug 1176934SUSE bug 1179382SUSE bug 1188891CVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for transfig (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for transfig fixes the following issues:
Update to version 3.2.8, including fixes for
- CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).
- CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325).
- CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346).
- CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345).
- CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343).
- CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293).
- CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).
- CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).
ModerateSUSE bug 1136882SUSE bug 1159130SUSE bug 1159293SUSE bug 1161698SUSE bug 1186329SUSE bug 1189325SUSE bug 1189343SUSE bug 1189345SUSE bug 1189346CVE-2019-19555 at SUSECVE-2019-19555 at NVDCVE-2019-19746 at SUSECVE-2019-19746 at NVDCVE-2019-19797 at SUSECVE-2019-19797 at NVDCVE-2020-21680 at SUSECVE-2020-21680 at NVDCVE-2020-21681 at SUSECVE-2020-21681 at NVDCVE-2020-21682 at SUSECVE-2020-21682 at NVDCVE-2020-21683 at SUSECVE-2020-21683 at NVDCVE-2021-3561 at SUSECVE-2021-3561 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gtk-vnc (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gtk-vnc fixes the following issues:
- CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268).
- CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266).
- Fix crash when opening connection from a GSocketAddress (bsc#1046782).
- Fix possible crash on connection failure (bsc#1188292).
ModerateSUSE bug 1024266SUSE bug 1024268SUSE bug 1046782SUSE bug 1188292CVE-2017-5884 at SUSECVE-2017-5884 at NVDCVE-2017-5885 at SUSECVE-2017-5885 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ghostscript (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ghostscript fixes the following issues:
- CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)
CriticalSUSE bug 1190381CVE-2021-3781 at SUSECVE-2021-3781 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779
CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class libraries:
- SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time
that the set timeout
- Z/OS specific C function send_file is changing the file pointer
position
* Java Virtual Machine:
- Crash on iterate java stack
- Java process hang on SIGTERM
* JIT Compiler:
- JMS performance regression from JDK8 SR5 FP40 TO FP41
* Class Libraries:
- z15 high utilization following Z/VM and Linux migration from
z14 To z15
* Java Virtual Machine:
- Assertion failed when trying to write a class file
- Assertion failure at modronapi.cpp
- Improve the performance of defining and finding classes
* JIT Compiler:
- An assert in ppcbinaryencoding.cpp may trigger when running
with traps disabled on power
- AOT field offset off by n bytes
- Segmentation fault in jit module on ibm z platform ModerateSUSE bug 1177943SUSE bug 1180063CVE-2020-14779 at SUSECVE-2020-14779 at NVDCVE-2020-14781 at SUSECVE-2020-14781 at NVDCVE-2020-14792 at SUSECVE-2020-14792 at NVDCVE-2020-14796 at SUSECVE-2020-14796 at NVDCVE-2020-14797 at SUSECVE-2020-14797 at NVDCVE-2020-14798 at SUSECVE-2020-14798 at NVDCVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sqlite3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sqlite3 fixes the following issues:
sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032).
The following CVEs have been fixed in upstream releases up to
this point, but were not mentioned in the change log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2020-13434 bsc#1172115: integer overflow in
sqlite3_str_vappendf
* CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow
* CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed
to one of its shadow tables
* CVE-2020-13632 bsc#1172240: NULL pointer dereference via
crafted matchinfo() query
* CVE-2020-13435: Malicious SQL statements could have crashed the
process that is running SQLite (bsc#1172091)
ImportantSUSE bug 1157818SUSE bug 1158812SUSE bug 1158958SUSE bug 1158959SUSE bug 1158960SUSE bug 1159491SUSE bug 1159715SUSE bug 1159847SUSE bug 1159850SUSE bug 1160309SUSE bug 1160438SUSE bug 1160439SUSE bug 1164719SUSE bug 1172091SUSE bug 1172115SUSE bug 1172234SUSE bug 1172236SUSE bug 1172240SUSE bug 1173641SUSE bug 928700SUSE bug 928701CVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2016-6153 at SUSECVE-2016-6153 at NVDCVE-2017-10989 at SUSECVE-2017-10989 at NVDCVE-2017-2518 at SUSECVE-2017-2518 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-8457 at SUSECVE-2019-8457 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-urllib3 fixes the following security issue:
- CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120)
Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking.
ModerateSUSE bug 1177120CVE-2020-26137 at SUSECVE-2020-26137 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glibc (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489)
ModerateSUSE bug 1186489CVE-2021-33574 at SUSECVE-2021-33574 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
ImportantSUSE bug 1188697SUSE bug 1190701CVE-2021-21806 at SUSECVE-2021-21806 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
ImportantSUSE bug 1190666SUSE bug 1190669SUSE bug 1190703CVE-2021-34798 at SUSECVE-2021-34798 at NVDCVE-2021-39275 at SUSECVE-2021-39275 at NVDCVE-2021-40438 at SUSECVE-2021-40438 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for curl (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
ModerateSUSE bug 1190373SUSE bug 1190374CVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686CVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.2.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-45 (bsc#1191332)
* CVE-2021-38496: Use-after-free in MessageTask
* CVE-2021-38497: Validation message could have been overlaid on another origin
* CVE-2021-38498: Use-after-free of nsLanguageAtomService object
* CVE-2021-32810: Fixed Data race in crossbeam-deque
* CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
* CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
- Fixed crash in FIPS mode (bsc#1190710)
ImportantSUSE bug 1190710SUSE bug 1191332CVE-2021-32810 at SUSECVE-2021-32810 at NVDCVE-2021-38496 at SUSECVE-2021-38496 at NVDCVE-2021-38497 at SUSECVE-2021-38497 at NVDCVE-2021-38498 at SUSECVE-2021-38498 at NVDCVE-2021-38500 at SUSECVE-2021-38500 at NVDCVE-2021-38501 at SUSECVE-2021-38501 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for strongswan (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for strongswan fixes the following issues:
- CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435)
ImportantSUSE bug 1191435CVE-2021-41991 at SUSECVE-2021-41991 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql10 fixes the following issues:
- Fix for build with llvm12 on s390x. (bsc#1185952)
- Re-enable 'icu' for PostgreSQL 10. (bsc#1179945)
- Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751)
- Upgrade to version 10.18. (bsc#1190177)
Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5):
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
- Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961)
- Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765)
- Fix recently-added timetz test case so it works when the USA is not observing daylight savings time.
ImportantSUSE bug 1178961SUSE bug 1179765SUSE bug 1179945SUSE bug 1183118SUSE bug 1183168SUSE bug 1185924SUSE bug 1185925SUSE bug 1185952SUSE bug 1187751SUSE bug 1190177CVE-2021-32027 at SUSECVE-2021-32027 at NVDCVE-2021-32028 at SUSECVE-2021-32028 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for opensc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for opensc fixes the following issues:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
ImportantSUSE bug 1191957SUSE bug 1191992SUSE bug 1192000SUSE bug 1192005CVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for transfig (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for transfig fixes the following issues:
Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)
- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
- bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
- bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
- bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c
ImportantSUSE bug 1190607SUSE bug 1190611SUSE bug 1190612SUSE bug 1190615SUSE bug 1190616SUSE bug 1190617SUSE bug 1190618SUSE bug 1192019CVE-2020-21529 at SUSECVE-2020-21529 at NVDCVE-2020-21530 at SUSECVE-2020-21530 at NVDCVE-2020-21531 at SUSECVE-2020-21531 at NVDCVE-2020-21532 at SUSECVE-2020-21532 at NVDCVE-2020-21533 at SUSECVE-2020-21533 at NVDCVE-2020-21534 at SUSECVE-2020-21534 at NVDCVE-2020-21535 at SUSECVE-2020-21535 at NVDCVE-2021-32280 at SUSECVE-2021-32280 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for binutils (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for binutils fixes the following issues:
Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
--gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
--sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses 'no
symbols' diagnostic.
Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
-march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the 'variable section' from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
--no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
Update to binutils 2.35.1:
* This is a point release over the previous 2.35 version, containing bug
fixes, and as an exception to the usual rule, one new feature. The
new feature is the support for a new directive in the assembler:
'.nop'. This directive creates a single no-op instruction in whatever
encoding is correct for the target architecture. Unlike the .space or
.fill this is a real instruction, and it does affect the generation of
DWARF line number tables, should they be enabled.
Update to binutils 2.35:
* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
* Readelf will now display '[...]' when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to 'no'.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
--dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
--syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
--disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
The following security fixes are addressed by the update:
- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).
- CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768).
- CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770).
- CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826).
- CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829).
- CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831).
- CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126).
- CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609).
- CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649).
ModerateSUSE bug 1126826SUSE bug 1126829SUSE bug 1126831SUSE bug 1140126SUSE bug 1142649SUSE bug 1143609SUSE bug 1153768SUSE bug 1153770SUSE bug 1157755SUSE bug 1160254SUSE bug 1160590SUSE bug 1163333SUSE bug 1163744SUSE bug 1179036SUSE bug 1179341SUSE bug 1179898SUSE bug 1179899SUSE bug 1179900SUSE bug 1179901SUSE bug 1179902SUSE bug 1179903SUSE bug 1180451SUSE bug 1180454SUSE bug 1180461SUSE bug 1181452SUSE bug 1182252SUSE bug 1183511SUSE bug 1184620SUSE bug 1184794CVE-2019-12972 at SUSECVE-2019-12972 at NVDCVE-2019-14250 at SUSECVE-2019-14250 at NVDCVE-2019-14444 at SUSECVE-2019-14444 at NVDCVE-2019-17450 at SUSECVE-2019-17450 at NVDCVE-2019-17451 at SUSECVE-2019-17451 at NVDCVE-2019-9074 at SUSECVE-2019-9074 at NVDCVE-2019-9075 at SUSECVE-2019-9075 at NVDCVE-2019-9077 at SUSECVE-2019-9077 at NVDCVE-2020-16590 at SUSECVE-2020-16590 at NVDCVE-2020-16591 at SUSECVE-2020-16591 at NVDCVE-2020-16592 at SUSECVE-2020-16592 at NVDCVE-2020-16593 at SUSECVE-2020-16593 at NVDCVE-2020-16598 at SUSECVE-2020-16598 at NVDCVE-2020-16599 at SUSECVE-2020-16599 at NVDCVE-2020-35448 at SUSECVE-2020-35448 at NVDCVE-2020-35493 at SUSECVE-2020-35493 at NVDCVE-2020-35496 at SUSECVE-2020-35496 at NVDCVE-2020-35507 at SUSECVE-2020-35507 at NVDCVE-2021-20197 at SUSECVE-2021-20197 at NVDCVE-2021-20284 at SUSECVE-2021-20284 at NVDCVE-2021-3487 at SUSECVE-2021-3487 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat, javapackages-tools fixes the following issue:
Security issue fixed:
- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).
Non-security issues fixed:
- Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476)
- Rebuild javapackages-tools to fix a missing package on s390.
ImportantSUSE bug 1185476SUSE bug 1188278SUSE bug 1188279SUSE bug 1190558CVE-2021-30640 at SUSECVE-2021-30640 at NVDCVE-2021-33037 at SUSECVE-2021-33037 at NVDCVE-2021-41079 at SUSECVE-2021-41079 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for qemu (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for qemu fixes the following issues:
Security issues fixed:
- Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748)
- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713)
- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682)
- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
- NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503)
- eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255)
- usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)
ImportantSUSE bug 1180432SUSE bug 1180433SUSE bug 1180434SUSE bug 1180435SUSE bug 1182651SUSE bug 1186012SUSE bug 1189145SUSE bug 1189702SUSE bug 1189938CVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for binutils (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for binutils fixes the following issues:
- For compatibility on old code stream that expect 'brcl 0,label' to
not be disassembled as 'jgnop label' on s390x. (bsc#1192267)
This reverts IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).
Security issue fixed:
- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)
ModerateSUSE bug 1183909SUSE bug 1184519SUSE bug 1188941SUSE bug 1191473SUSE bug 1192267CVE-2021-20294 at SUSECVE-2021-20294 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for pcre (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).
ModerateSUSE bug 1025709SUSE bug 1030066SUSE bug 1030803SUSE bug 1030805SUSE bug 1030807SUSE bug 1172973SUSE bug 1172974CVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to Extended Support Release 91.3.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-49 (bsc#1192250)
* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
* CVE-2021-38504: Use-after-free in file picker dialog
* CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
* CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
* CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
* CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
* CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
* CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
* MOZ-2021-0008: Use-after-free in HTTP2 Session object
* MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
ImportantSUSE bug 1192250CVE-2021-38503 at SUSECVE-2021-38503 at NVDCVE-2021-38504 at SUSECVE-2021-38504 at NVDCVE-2021-38505 at SUSECVE-2021-38505 at NVDCVE-2021-38506 at SUSECVE-2021-38506 at NVDCVE-2021-38507 at SUSECVE-2021-38507 at NVDCVE-2021-38508 at SUSECVE-2021-38508 at NVDCVE-2021-38509 at SUSECVE-2021-38509 at NVDCVE-2021-38510 at SUSECVE-2021-38510 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
ImportantSUSE bug 1014440SUSE bug 1192284CVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql, postgresql13, postgresql14 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql, postgresql13 and postgresql14 fixes the following issues:
Security issues fixed:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673)
On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants.
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql10 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
ImportantSUSE bug 1192516CVE-2021-23214 at SUSECVE-2021-23214 at NVDCVE-2021-23222 at SUSECVE-2021-23222 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937).
ImportantSUSE bug 1191937CVE-2021-42762 at SUSECVE-2021-42762 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version OpenJDK 8u312 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191903SUSE bug 1191904SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35567 at SUSECVE-2021-35567 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_0-openjdk fixes the following issues:
Update to OpenJDK 7u321 (October 2021 CPU):
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
ImportantSUSE bug 1191901SUSE bug 1191905SUSE bug 1191906SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191912SUSE bug 1191913SUSE bug 1191914CVE-2021-35550 at SUSECVE-2021-35550 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-35603 at SUSECVE-2021-35603 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ruby2.1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ruby2.1 fixes the following issues:
- CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125).
- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
ImportantSUSE bug 1177125SUSE bug 1188160SUSE bug 1188161SUSE bug 1190375CVE-2020-25613 at SUSECVE-2020-25613 at NVDCVE-2021-31799 at SUSECVE-2021-31799 at NVDCVE-2021-31810 at SUSECVE-2021-31810 at NVDCVE-2021-32066 at SUSECVE-2021-32066 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).
- Integrate bugfixes (bsc#1189373, bsc#1189378)
ModerateSUSE bug 1189373SUSE bug 1189378SUSE bug 1189632SUSE bug 1192554SUSE bug 1192557SUSE bug 1192559CVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for clamav (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for clamav fixes the following issues:
- CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032).
- Update to 0.103.4 (bsc#1192346).
- Update to 0.103.3 (bsc#1188284).
ModerateSUSE bug 1103032SUSE bug 1188284SUSE bug 1192346CVE-2018-14679 at SUSECVE-2018-14679 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
- CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
ImportantSUSE bug 1192063CVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssh (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).
ImportantSUSE bug 1190975CVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
ImportantSUSE bug 1193170CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
The following security bugs were fixed:
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961)
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
- CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601).
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351).
- CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898).
- CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374).
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
- CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724).
The following non-security bugs were fixed:
- Add arch-dependent support markers in supported.conf (bsc#1186672)
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- Use /usr/lib/modules as module dir when usermerge is active in the target distro.
- UsrMerge the kernel (boo#1184804)
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22913).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- drop debugging statements
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- handle also race conditions in /proc/net/tcp code
- hisax: fix spectre issues (bsc#1192802).
- hv: adjust mana_select_queue to old ndo_select_queue API
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue (bsc#1192802).
- memcg: enable accounting for file lock caches (bsc#1190115).
- mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050).
- mpt3sas: fix spectre issues (bsc#1192802).
- net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855).
- net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802).
- net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
- objtool: Do not fail on missing symbol table (bsc#1192379).
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass (bsc#1190601).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- s390/vtime: fix increased steal time accounting (bsc#1183861).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601).
- scripts/git_sort/git_sort.py: add bpf git repo
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802).
- x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400).
- x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
ImportantSUSE bug 1087082SUSE bug 1100416SUSE bug 1108488SUSE bug 1129735SUSE bug 1129898SUSE bug 1133374SUSE bug 1153720SUSE bug 1171420SUSE bug 1176724SUSE bug 1176931SUSE bug 1180624SUSE bug 1181854SUSE bug 1181855SUSE bug 1183050SUSE bug 1183861SUSE bug 1184673SUSE bug 1184804SUSE bug 1185377SUSE bug 1185677SUSE bug 1185726SUSE bug 1185727SUSE bug 1185758SUSE bug 1185973SUSE bug 1186063SUSE bug 1186482SUSE bug 1186483SUSE bug 1186672SUSE bug 1188026SUSE bug 1188172SUSE bug 1188563SUSE bug 1188601SUSE bug 1188613SUSE bug 1188838SUSE bug 1188842SUSE bug 1188876SUSE bug 1188983SUSE bug 1188985SUSE bug 1189057SUSE bug 1189262SUSE bug 1189278SUSE bug 1189291SUSE bug 1189399SUSE bug 1189400SUSE bug 1189418SUSE bug 1189420SUSE bug 1189706SUSE bug 1189846SUSE bug 1189884SUSE bug 1190023SUSE bug 1190025SUSE bug 1190067SUSE bug 1190115SUSE bug 1190117SUSE bug 1190118SUSE bug 1190159SUSE bug 1190276SUSE bug 1190349SUSE bug 1190350SUSE bug 1190351SUSE bug 1190432SUSE bug 1190479SUSE bug 1190534SUSE bug 1190601SUSE bug 1190717SUSE bug 1191193SUSE bug 1191315SUSE bug 1191317SUSE bug 1191318SUSE bug 1191529SUSE bug 1191530SUSE bug 1191628SUSE bug 1191660SUSE bug 1191790SUSE bug 1191801SUSE bug 1191813SUSE bug 1191961SUSE bug 1192036SUSE bug 1192045SUSE bug 1192048SUSE bug 1192267SUSE bug 1192379SUSE bug 1192400SUSE bug 1192444SUSE bug 1192549SUSE bug 1192775SUSE bug 1192781SUSE bug 1192802CVE-2018-13405 at SUSECVE-2018-13405 at NVDCVE-2018-9517 at SUSECVE-2018-9517 at NVDCVE-2019-3874 at SUSECVE-2019-3874 at NVDCVE-2019-3900 at SUSECVE-2019-3900 at NVDCVE-2020-0429 at SUSECVE-2020-0429 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Update to Extended Support Release 91.4.0 (bsc#1193485):
- CVE-2021-43536: URL leakage when navigating while executing asynchronous function
- CVE-2021-43537: Heap buffer overflow when using structured clone
- CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
- CVE-2021-43539: GC rooting failure when calling wasm instance methods
- CVE-2021-43541: External protocol handler parameters were unescaped
- CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
- CVE-2021-43543: Bypass of CSP sandbox directive when embedding
- CVE-2021-43545: Denial of Service when using the Location API in a loop
- CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
- Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
- Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321)
ImportantSUSE bug 1193321SUSE bug 1193485CVE-2021-43536 at SUSECVE-2021-43536 at NVDCVE-2021-43537 at SUSECVE-2021-43537 at NVDCVE-2021-43538 at SUSECVE-2021-43538 at NVDCVE-2021-43539 at SUSECVE-2021-43539 at NVDCVE-2021-43541 at SUSECVE-2021-43541 at NVDCVE-2021-43542 at SUSECVE-2021-43542 at NVDCVE-2021-43543 at SUSECVE-2021-43543 at NVDCVE-2021-43545 at SUSECVE-2021-43545 at NVDCVE-2021-43546 at SUSECVE-2021-43546 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bcm43xx-firmware (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bcm43xx-firmware fixes the following issues:
- CVE-2019-15126: Fixed a bug which could have allowed unauthorized decryption of some WPA2-encrypted traffic (bsc#1167162).
ImportantSUSE bug 1167162CVE-2019-15126 at SUSECVE-2019-15126 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glib-networking (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for glib-networking fixes the following issues:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
ImportantSUSE bug 1172460CVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030).
ImportantSUSE bug 1193030CVE-2021-4008 at SUSECVE-2021-4008 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for log4j (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for log4j fixes the following issue:
- CVE-2021-4104: Disable the JMSAppender class from log4j to protect against
the log4jshell vulnerability. [bsc#1193662]
ImportantSUSE bug 1193662CVE-2021-4104 at SUSECVE-2021-4104 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading to out of
bounds memory write. (bsc#1190487)
- CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write. (bsc#1190489)
ImportantSUSE bug 1190487SUSE bug 1190489CVE-2021-4009 at SUSECVE-2021-4009 at NVDCVE-2021-4011 at SUSECVE-2021-4011 at NVDcpe:/o:suse:sles-ltss:12:sp4Recommended update for samba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
The username map advice from the CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails (bsc#1192849).
ImportantSUSE bug 1192849CVE-2020-25717 at SUSECVE-2020-25717 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for chrony (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for chrony fixes the following issues:
Chrony was updated to 4.1:
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
- Enable syscallfilter unconditionally (bsc#1181826).
Chrony was updated to 4.0:
Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Chrony was updated to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Update clknetsim to version 79ffe44 (fixes bsc#1162964).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272)
- Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.
- Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529)
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*'
- Enable pps support
Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
ModerateSUSE bug 1063704SUSE bug 1069468SUSE bug 1082318SUSE bug 1083597SUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1156884SUSE bug 1159840SUSE bug 1161119SUSE bug 1162964SUSE bug 1171806SUSE bug 1172113SUSE bug 1173277SUSE bug 1173760SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1183783SUSE bug 1184400SUSE bug 1187906SUSE bug 1190926CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb fixes the following issues:
Update to 10.2.41:
- CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497).
ModerateSUSE bug 1192497CVE-2021-35604 at SUSECVE-2021-35604 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- buffer overflow in PyCArg_repr in _ctypes/callproc.c,
which may lead to remote code execution (bsc#1181126, CVE-2021-3177).
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
ImportantSUSE bug 1176262SUSE bug 1180686SUSE bug 1181126CVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).
- CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).
- CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
- CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).
- CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).
- CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).
- CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).
- CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).
- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
- CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
- CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
- CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).
- CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
- CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
- CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).
The following non-security bugs were fixed:
- blk-mq: improve heavily contended tag case (bsc#1178198).
- debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
- epoll: Keep a reference on files added to the check list (bsc#1180031).
- fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032).
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032).
- HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
- iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191).
- kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191).
- locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032).
- md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
- md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
- md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
- md/cluster: block reshape with remote resync job (bsc#1163727).
- md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
- md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727).
- md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
- md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
- md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
- Move upstreamed bt fixes into sorted section
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- net/x25: prevent a couple of overflows (bsc#1178590).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032).
- s390/dasd: fix hanging device offline processing (bsc#1144912).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
- SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036).
- x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191).
- x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
- x86/traps: Simplify pagefault tracing logic (bsc#1179895).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
ImportantSUSE bug 1144912SUSE bug 1149032SUSE bug 1158775SUSE bug 1163727SUSE bug 1171979SUSE bug 1176395SUSE bug 1176846SUSE bug 1176962SUSE bug 1177304SUSE bug 1177666SUSE bug 1178036SUSE bug 1178182SUSE bug 1178198SUSE bug 1178372SUSE bug 1178589SUSE bug 1178590SUSE bug 1178684SUSE bug 1178886SUSE bug 1179107SUSE bug 1179140SUSE bug 1179141SUSE bug 1179419SUSE bug 1179429SUSE bug 1179508SUSE bug 1179509SUSE bug 1179601SUSE bug 1179616SUSE bug 1179663SUSE bug 1179666SUSE bug 1179745SUSE bug 1179877SUSE bug 1179878SUSE bug 1179895SUSE bug 1179960SUSE bug 1179961SUSE bug 1180008SUSE bug 1180027SUSE bug 1180028SUSE bug 1180029SUSE bug 1180030SUSE bug 1180031SUSE bug 1180032SUSE bug 1180052SUSE bug 1180086SUSE bug 1180559SUSE bug 1180562SUSE bug 1180676SUSE bug 1181001SUSE bug 1181158SUSE bug 1181349SUSE bug 1181504SUSE bug 1181553SUSE bug 1181645CVE-2019-20934 at SUSECVE-2019-20934 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for wpa_supplicant fixes the following issues:
- CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).
- CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)
ImportantSUSE bug 1150934SUSE bug 1181777CVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openvswitch (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openvswitch fixes the following issues:
- CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742).
ImportantSUSE bug 1181742CVE-2020-35498 at SUSECVE-2020-35498 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for jasper (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for jasper fixes the following issues:
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
- bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode
ImportantSUSE bug 1179748SUSE bug 1181483CVE-2020-27828 at SUSECVE-2020-27828 at NVDCVE-2021-3272 at SUSECVE-2021-3272 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for screen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for screen fixes the following issues:
- CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092).
ImportantSUSE bug 1182092CVE-2021-26937 at SUSECVE-2021-26937 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bind fixes the following issues:
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625]
ImportantSUSE bug 1182246CVE-2020-8625 at SUSECVE-2020-8625 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for krb5-appl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for krb5-appl fixes the following issues:
- CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
- CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).
ImportantSUSE bug 1131109CVE-2019-25017 at SUSECVE-2019-25017 at NVDCVE-2019-25018 at SUSECVE-2019-25018 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
- Update to version jdk8u282 (icedtea 3.18.0)
* January 2021 CPU (bsc#1181239)
* Security fixes
+ JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)
* Import of OpenJDK 8 u282 build 01
+ JDK-6962725: Regtest javax/swing/JFileChooser/6738668/
/bug6738668.java fails under Linux
+ JDK-8025936: Windows .pdb and .map files does not have proper
dependencies setup
+ JDK-8030350: Enable additional compiler warnings for GCC
+ JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/
/DisposeFrameOnDragTest.java fails by Timeout on Windows
+ JDK-8036122: Fix warning 'format not a string literal'
+ JDK-8051853: new
URI('x/').resolve('..').getSchemeSpecificPart() returns null!
+ JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/
/DefaultNoDrop.java locks on Windows
+ JDK-8134632: Mark javax/sound/midi/Devices/
/InitializationHang.java as headful
+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'
treated by JVM as an equivalent
+ JDK-8148916: Mark bug6400879.java as intermittently failing
+ JDK-8148983: Fix extra comma in changes for JDK-8148916
+ JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java
fails
+ JDK-8165808: Add release barriers when allocating objects
with concurrent collection
+ JDK-8185003: JMX: Add a version of
ThreadMXBean.dumpAllThreads with a maxDepth argument
+ JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on
windows with VS2017
+ JDK-8207766: [testbug] Adapt tests for Aix.
+ JDK-8212070: Introduce diagnostic flag to abort VM on failed
JIT compilation
+ JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
+ JDK-8215727: Restore JFR thread sampler loop to old /
previous behavior
+ JDK-8220657: JFR.dump does not work when filename is set
+ JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
+ JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java
fails with access issues and OOM
+ JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes()
can be quicker for self thread
+ JDK-8231968: getCurrentThreadAllocatedBytes default
implementation s/b getThreadAllocatedBytes
+ JDK-8232114: JVM crashed at imjpapi.dll in native code
+ JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect
numbers for Compiler area
+ JDK-8234339: replace JLI_StrTok in java_md_solinux.c
+ JDK-8238448: RSASSA-PSS signature verification fail when
using certain odd key sizes
+ JDK-8242335: Additional Tests for RSASSA-PSS
+ JDK-8244225: stringop-overflow warning on strncpy call from
compile_the_world_in
+ JDK-8245400: Upgrade to LittleCMS 2.11
+ JDK-8248214: Add paddings for TaskQueueSuper to reduce
false-sharing cache contention
+ JDK-8249176: Update GlobalSignR6CA test certificates
+ JDK-8250665: Wrong translation for the month name of May in
ar_JO,LB,SY
+ JDK-8250928: JFR: Improve hash algorithm for stack traces
+ JDK-8251469: Better cleanup for
test/jdk/javax/imageio/SetOutput.java
+ JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData
should not be in make/mapfiles/libawt_xawt/mapfile-vers
+ JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider
rather than JRE
+ JDK-8252395: [8u] --with-native-debug-symbols=external
doesn't include debuginfo files for binaries
+ JDK-8252497: Incorrect numeric currency code for ROL
+ JDK-8252754: Hash code calculation of JfrStackTrace is
inconsistent
+ JDK-8252904: VM crashes when JFR is used and JFR event class
is transformed
+ JDK-8252975: [8u] JDK-8252395 breaks the build for
--with-native-debug-symbols=internal
+ JDK-8253284: Zero OrderAccess barrier mappings are incorrect
+ JDK-8253550: [8u] JDK-8252395 breaks the build for make
STRIP_POLICY=no_strip
+ JDK-8253752: test/sun/management/jmxremote/bootstrap/
/RmiBootstrapTest.java fails randomly
+ JDK-8254081: java/security/cert/PolicyNode/
/GetPolicyQualifiers.java fails due to an expired certificate
+ JDK-8254144: Non-x86 Zero builds fail with return-type
warning in os_linux_zero.cpp
+ JDK-8254166: Zero: return-type warning in
zeroInterpreter_zero.cpp
+ JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/
/WorkerDeadlockTest.java fails
+ JDK-8255003: Build failures on Solaris
ModerateSUSE bug 1181239CVE-2020-14803 at SUSECVE-2020-14803 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 6 Fix Pack 25
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
ImportantSUSE bug 1181239SUSE bug 1182186CVE-2020-14803 at SUSECVE-2020-14803 at NVDCVE-2020-27221 at SUSECVE-2020-27221 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for open-iscsi (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for open-iscsi fixes the following issues:
Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):
- check for TCP urgent pointer past end of frame
- check for u8 overflow when processing TCP options
- check for header length underflow during checksum calculation
ImportantSUSE bug 1179908CVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for perl-XML-Twig (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for perl-XML-Twig fixes the following issues:
- Security fix [bsc#1008644, CVE-2016-9180]
* Added: the no_xxe option to XML::Twig::new, which causes the
parse to fail if external entities are used (to prevent
malicious XML to access the filesystem).
* Setting expand_external_ents to 0 or -1 currently doesn't work
as expected; To completely turn off expanding external entities
use no_xxe.
* Update documentation for XML::Twig to mention problems with
expand_external_ents and add information about new no_xxe argument
ModerateSUSE bug 1008644CVE-2016-9180 at SUSECVE-2016-9180 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
ImportantSUSE bug 1182357SUSE bug 1182614CVE-2021-23968 at SUSECVE-2021-23968 at NVDCVE-2021-23969 at SUSECVE-2021-23969 at NVDCVE-2021-23973 at SUSECVE-2021-23973 at NVDCVE-2021-23978 at SUSECVE-2021-23978 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-cryptography (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-cryptography fixes the following issues:
- CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte
values could result in an integer overflow and buffer overflow (bsc#1182066).
ImportantSUSE bug 1182066CVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for grub2 fixes the following issues:
grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)
Following security issues are fixed that can violate secure boot constraints:
- CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)
- CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)
- CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264)
- CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)
- CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)
- CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)
ImportantSUSE bug 1175970SUSE bug 1176711SUSE bug 1177883SUSE bug 1179264SUSE bug 1179265SUSE bug 1182057SUSE bug 1182262SUSE bug 1182263CVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
ImportantSUSE bug 1182279SUSE bug 1182408SUSE bug 1182411SUSE bug 1182412SUSE bug 1182413SUSE bug 1182415SUSE bug 1182416SUSE bug 1182417SUSE bug 1182418SUSE bug 1182419SUSE bug 1182420CVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- cifs: check all path components in resolved dfs target (bsc#1180906).
- cifs: fix check of tcon dfs in smb1 (bsc#1180906).
- cifs: fix nodfs mount option (bsc#1180906).
- cifs: introduce helper for finding referral server (bsc#1180906).
- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)
- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.
- rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886)
- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)
- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).
- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
- scsi: fc: add FPIN ELS definition (bsc#1181441).
- scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441)
- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441).
- scsi: Fix trivial spelling (bsc#1181441).
- scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441).
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441).
- scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441).
- scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441).
- scsi: qla2xxx: Add SLER and PI control support (bsc#1181441).
- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441).
- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441).
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441).
- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441).
- scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441).
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441).
- scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441).
- scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441).
- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441).
- scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441).
- scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441).
- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441).
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441).
- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441).
- scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441).
- scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441).
- scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441).
- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441).
- scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441).
- scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441).
- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441).
- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441).
- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441).
- scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441).
- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441).
- scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441).
- scsi: qla2xxx: Fix login timeout (bsc#1181441).
- scsi: qla2xxx: Fix memory size truncation (bsc#1181441).
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441).
- scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441).
- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441).
- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441).
- scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441).
- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441).
- scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441).
- scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441).
- scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441).
- scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441).
- scsi: qla2xxx: Fix the return value (bsc#1181441).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441).
- scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441).
- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441).
- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441).
- scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441).
- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441).
- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441).
- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441).
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441).
- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441).
- scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441).
- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441).
- scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441).
- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441).
- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441).
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441).
- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441).
- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441).
- scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441).
- scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441).
- scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441).
- scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441).
- scsi: qla2xxx: Performance tweak (bsc#1181441).
- scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441).
- scsi: qla2xxx: Reduce noisy debug message (bsc#1181441).
- scsi: qla2xxx: Remove an unused function (bsc#1181441).
- scsi: qla2xxx: Remove a superfluous cast (bsc#1181441).
- scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441).
- scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1181441).
- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441).
- scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441).
- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441).
- scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441).
- scsi: qla2xxx: SAN congestion management implementation (bsc#1181441).
- scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441).
- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441).
- scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441).
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441).
- scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441).
- scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441).
- scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441).
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use constant when it is known (bsc#1181441).
- scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441).
- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441).
- scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441).
- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441).
- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441).
- scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441).
- scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441).
- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441).
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
ImportantSUSE bug 1065600SUSE bug 1163592SUSE bug 1176831SUSE bug 1178401SUSE bug 1178762SUSE bug 1179014SUSE bug 1179015SUSE bug 1179045SUSE bug 1179082SUSE bug 1179428SUSE bug 1179660SUSE bug 1180058SUSE bug 1180906SUSE bug 1181441SUSE bug 1181747SUSE bug 1181753SUSE bug 1181843SUSE bug 1182140SUSE bug 1182175CVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29374 at SUSECVE-2020-29374 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for wpa_supplicant fixes the following issues:
- CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805)
ImportantSUSE bug 1182805CVE-2021-27803 at SUSECVE-2021-27803 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
ModerateSUSE bug 1182331SUSE bug 1182333CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for git fixes the following issues:
- On case-insensitive filesystems, with support for symbolic links,
if Git is configured globally to apply delay-capable clean/smudge
filters (such as Git LFS), Git could be fooled into running
remote code during a clone. (bsc#1183026, CVE-2021-21300)
ImportantSUSE bug 1183026CVE-2021-21300 at SUSECVE-2021-21300 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- python27 was upgraded to 2.7.18
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
ModerateSUSE bug 1182379CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.1 ESR
* Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
* CVE-2020-16044
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
ImportantSUSE bug 1180623CVE-2020-16044 at SUSECVE-2020-16044 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glib2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
ImportantSUSE bug 1182328SUSE bug 1182362CVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for wavpack (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for wavpack fixes the following issues:
- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414).
ImportantSUSE bug 1180414CVE-2020-35738 at SUSECVE-2020-35738 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for nghttp2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
ImportantSUSE bug 1082318SUSE bug 1088639SUSE bug 1112438SUSE bug 1125689SUSE bug 1134616SUSE bug 1146182SUSE bug 1146184SUSE bug 1181358SUSE bug 962914SUSE bug 964140SUSE bug 966514CVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
ImportantSUSE bug 1183852CVE-2021-3449 at SUSECVE-2021-3449 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
- CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
ImportantSUSE bug 1182909SUSE bug 1182912CVE-2021-25122 at SUSECVE-2021-25122 at NVDCVE-2021-25329 at SUSECVE-2021-25329 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
ImportantSUSE bug 1183942CVE-2021-23981 at SUSECVE-2021-23981 at NVDCVE-2021-23982 at SUSECVE-2021-23982 at NVDCVE-2021-23984 at SUSECVE-2021-23984 at NVDCVE-2021-23987 at SUSECVE-2021-23987 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openvpn (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openvpn fixes the following issues:
- CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
ImportantSUSE bug 1197341CVE-2022-0547 at SUSECVE-2022-0547 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126).
Including fixes for the following vulnerabilities:
CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
CVE-2022-21271.
Non-securtiy fix:
- Fixed a broken symlink for javaws (bsc#1195146).
ImportantSUSE bug 1194925SUSE bug 1194926SUSE bug 1194927SUSE bug 1194928SUSE bug 1194929SUSE bug 1194930SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195146SUSE bug 1196500SUSE bug 1197126CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21271 at SUSECVE-2022-21271 at NVDCVE-2022-21277 at SUSECVE-2022-21277 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21291 at SUSECVE-2022-21291 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDCVE-2022-21366 at SUSECVE-2022-21366 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for zlib (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
- CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902)
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904)
ImportantSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1191902SUSE bug 1191904SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35560 at SUSECVE-2021-35560 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35578 at SUSECVE-2021-35578 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for util-linux (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for util-linux fixes the following issues:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)
- CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921)
- Prevent outdated pam files (bsc#1082293, bsc#1081947#c68).
- Do not trim read-only volumes (bsc#1106214).
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add `RemainAfterExit=yes` (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196)
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235)
- nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708)
- Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389)
- libblkid: Do not trigger CDROM autoclose. (bsc#1084671)
- Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514)
- Build with libudev support to support non-root users. (bsc#1169006)
- lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to CIFS with mount –a. (bsc#1174942)
ImportantSUSE bug 1081947SUSE bug 1082293SUSE bug 1084671SUSE bug 1085196SUSE bug 1106214SUSE bug 1122417SUSE bug 1125886SUSE bug 1135534SUSE bug 1135708SUSE bug 1151708SUSE bug 1168235SUSE bug 1168389SUSE bug 1169006SUSE bug 1172427SUSE bug 1174942SUSE bug 1175514SUSE bug 1175623SUSE bug 1178236SUSE bug 1178554SUSE bug 1178825SUSE bug 1188921SUSE bug 1194642CVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.8.0 ESR (bsc#1197903):
MFSA 2022-14 (bsc#1197903)
* CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use
* CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions
* CVE-2022-1196: Fixed a use-after-free after VR Process destruction
* CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument
* CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen
* CVE-2022-28286: Fixed that iframe contents could be rendered outside the border
* CVE-2022-24713: Fixed a denial of service via complex regular expressions
* CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-1196 at SUSECVE-2022-1196 at NVDCVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2022-28281 at SUSECVE-2022-28281 at NVDCVE-2022-28282 at SUSECVE-2022-28282 at NVDCVE-2022-28285 at SUSECVE-2022-28285 at NVDCVE-2022-28286 at SUSECVE-2022-28286 at NVDCVE-2022-28289 at SUSECVE-2022-28289 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openjpeg2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openjpeg2 fixes the following issues:
- CVE-2016-1924: Fixed heap buffer overflow (bsc#980504).
- CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617).
- CVE-2016-4797: Fixed heap buffer overflow (bsc#980504).
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016).
- CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
- CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130).
- CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205).
- CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457).
- CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
- CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
ImportantSUSE bug 1102016SUSE bug 1106881SUSE bug 1106882SUSE bug 1140130SUSE bug 1140205SUSE bug 1162090SUSE bug 1173578SUSE bug 1180457SUSE bug 1184774SUSE bug 1197738SUSE bug 971617SUSE bug 980504CVE-2016-1924 at SUSECVE-2016-1924 at NVDCVE-2016-3183 at SUSECVE-2016-3183 at NVDCVE-2016-4797 at SUSECVE-2016-4797 at NVDCVE-2018-14423 at SUSECVE-2018-14423 at NVDCVE-2018-16375 at SUSECVE-2018-16375 at NVDCVE-2018-16376 at SUSECVE-2018-16376 at NVDCVE-2018-20845 at SUSECVE-2018-20845 at NVDCVE-2018-20846 at SUSECVE-2018-20846 at NVDCVE-2020-15389 at SUSECVE-2020-15389 at NVDCVE-2020-27823 at SUSECVE-2020-27823 at NVDCVE-2020-8112 at SUSECVE-2020-8112 at NVDCVE-2021-29338 at SUSECVE-2021-29338 at NVDCVE-2022-1122 at SUSECVE-2022-1122 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python rebuilds python against a symbol versioned openssl 1.0.2
to allow usage with openssl 1.1.1.
Also the following security issues are fixed:
- CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396).
- CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146).
ModerateSUSE bug 1187784SUSE bug 1194146SUSE bug 1195396CVE-2021-4189 at SUSECVE-2021-4189 at NVDCVE-2022-0391 at SUSECVE-2022-0391 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547).
- CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547).
- CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547).
- CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547).
- CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547).
- CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547).
- CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547).
- CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547).
- CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547).
- CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547).
- CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547).
- CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
ImportantSUSE bug 1194547CVE-2021-4140 at SUSECVE-2021-4140 at NVDCVE-2022-22737 at SUSECVE-2022-22737 at NVDCVE-2022-22738 at SUSECVE-2022-22738 at NVDCVE-2022-22739 at SUSECVE-2022-22739 at NVDCVE-2022-22740 at SUSECVE-2022-22740 at NVDCVE-2022-22741 at SUSECVE-2022-22741 at NVDCVE-2022-22742 at SUSECVE-2022-22742 at NVDCVE-2022-22743 at SUSECVE-2022-22743 at NVDCVE-2022-22744 at SUSECVE-2022-22744 at NVDCVE-2022-22745 at SUSECVE-2022-22745 at NVDCVE-2022-22746 at SUSECVE-2022-22746 at NVDCVE-2022-22747 at SUSECVE-2022-22747 at NVDCVE-2022-22748 at SUSECVE-2022-22748 at NVDCVE-2022-22751 at SUSECVE-2022-22751 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xz (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libexif (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libexif fixes the following issues:
- CVE-2020-0181: Fixed an integer overflow that could lead to denial of service
(bsc#1172802).
- CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial
of service (bsc#1172768).
- CVE-2020-0452: Fixed a buffer overflow check that could be optimized away
by the compiler (bsc#1178479).
ImportantSUSE bug 1172768SUSE bug 1172802SUSE bug 1178479CVE-2020-0181 at SUSECVE-2020-0181 at NVDCVE-2020-0198 at SUSECVE-2020-0198 at NVDCVE-2020-0452 at SUSECVE-2020-0452 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1198136cpe:/o:suse:sles-ltss:12:sp4Security update for sssd (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sssd fixes the following issues:
- CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492).
- Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773).
Non-security fixes:
- Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564).
ImportantSUSE bug 1183735SUSE bug 1189492SUSE bug 1196564CVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
The following non-security bugs were fixed:
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- sr9700: sanity check for packet length (bsc#1196836).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- x86/tsc: Make calibration refinement more robust (bsc#1196573).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
ImportantSUSE bug 1180153SUSE bug 1189562SUSE bug 1193738SUSE bug 1194943SUSE bug 1195051SUSE bug 1195353SUSE bug 1196018SUSE bug 1196114SUSE bug 1196468SUSE bug 1196488SUSE bug 1196514SUSE bug 1196573SUSE bug 1196639SUSE bug 1196761SUSE bug 1196830SUSE bug 1196836SUSE bug 1196942SUSE bug 1196973SUSE bug 1197211SUSE bug 1197227SUSE bug 1197331SUSE bug 1197366SUSE bug 1197391SUSE bug 1197462SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-39713 at SUSECVE-2021-39713 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gzip (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gzip fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
- CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue
mitigations (bsc#1196915).
ImportantSUSE bug 1196915SUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dnsmasq (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant
outgoing port being used when for certain use cases of the --server option
(bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1183709SUSE bug 1197872CVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for git fixes the following issues:
- CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234).
ImportantSUSE bug 1198234CVE-2022-24765 at SUSECVE-2022-24765 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490)
ImportantSUSE bug 1196490CVE-2022-23308 at SUSECVE-2022-23308 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for SDL (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for SDL fixes the following issues:
- CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202)
- CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201)
- CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001)
ImportantSUSE bug 1181201SUSE bug 1181202SUSE bug 1198001CVE-2020-14409 at SUSECVE-2020-14409 at NVDCVE-2020-14410 at SUSECVE-2020-14410 at NVDCVE-2021-33657 at SUSECVE-2021-33657 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.34.3 (bsc#1194019).
- CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content.
- CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content.
ImportantSUSE bug 1194019CVE-2018-8518 at SUSECVE-2018-8518 at NVDCVE-2018-8523 at SUSECVE-2018-8523 at NVDCVE-2019-8551 at SUSECVE-2019-8551 at NVDCVE-2019-8558 at SUSECVE-2019-8558 at NVDCVE-2019-8559 at SUSECVE-2019-8559 at NVDCVE-2019-8563 at SUSECVE-2019-8563 at NVDCVE-2019-8674 at SUSECVE-2019-8674 at NVDCVE-2019-8681 at SUSECVE-2019-8681 at NVDCVE-2019-8684 at SUSECVE-2019-8684 at NVDCVE-2019-8687 at SUSECVE-2019-8687 at NVDCVE-2019-8688 at SUSECVE-2019-8688 at NVDCVE-2019-8689 at SUSECVE-2019-8689 at NVDCVE-2019-8690 at SUSECVE-2019-8690 at NVDCVE-2019-8707 at SUSECVE-2019-8707 at NVDCVE-2019-8719 at SUSECVE-2019-8719 at NVDCVE-2019-8726 at SUSECVE-2019-8726 at NVDCVE-2019-8733 at SUSECVE-2019-8733 at NVDCVE-2019-8763 at SUSECVE-2019-8763 at NVDCVE-2019-8765 at SUSECVE-2019-8765 at NVDCVE-2019-8766 at SUSECVE-2019-8766 at NVDCVE-2019-8768 at SUSECVE-2019-8768 at NVDCVE-2019-8782 at SUSECVE-2019-8782 at NVDCVE-2019-8808 at SUSECVE-2019-8808 at NVDCVE-2019-8815 at SUSECVE-2019-8815 at NVDCVE-2019-8821 at SUSECVE-2019-8821 at NVDCVE-2019-8822 at SUSECVE-2019-8822 at NVDCVE-2020-10018 at SUSECVE-2020-10018 at NVDCVE-2020-13753 at SUSECVE-2020-13753 at NVDCVE-2020-27918 at SUSECVE-2020-27918 at NVDCVE-2020-29623 at SUSECVE-2020-29623 at NVDCVE-2020-3885 at SUSECVE-2020-3885 at NVDCVE-2020-3894 at SUSECVE-2020-3894 at NVDCVE-2020-3895 at SUSECVE-2020-3895 at NVDCVE-2020-3897 at SUSECVE-2020-3897 at NVDCVE-2020-3900 at SUSECVE-2020-3900 at NVDCVE-2020-3901 at SUSECVE-2020-3901 at NVDCVE-2020-3902 at SUSECVE-2020-3902 at NVDCVE-2020-9802 at SUSECVE-2020-9802 at NVDCVE-2020-9803 at SUSECVE-2020-9803 at NVDCVE-2020-9805 at SUSECVE-2020-9805 at NVDCVE-2020-9947 at SUSECVE-2020-9947 at NVDCVE-2020-9948 at SUSECVE-2020-9948 at NVDCVE-2020-9951 at SUSECVE-2020-9951 at NVDCVE-2020-9952 at SUSECVE-2020-9952 at NVDCVE-2021-1765 at SUSECVE-2021-1765 at NVDCVE-2021-1788 at SUSECVE-2021-1788 at NVDCVE-2021-1817 at SUSECVE-2021-1817 at NVDCVE-2021-1820 at SUSECVE-2021-1820 at NVDCVE-2021-1825 at SUSECVE-2021-1825 at NVDCVE-2021-1826 at SUSECVE-2021-1826 at NVDCVE-2021-1844 at SUSECVE-2021-1844 at NVDCVE-2021-1871 at SUSECVE-2021-1871 at NVDCVE-2021-30661 at SUSECVE-2021-30661 at NVDCVE-2021-30666 at SUSECVE-2021-30666 at NVDCVE-2021-30682 at SUSECVE-2021-30682 at NVDCVE-2021-30761 at SUSECVE-2021-30761 at NVDCVE-2021-30762 at SUSECVE-2021-30762 at NVDCVE-2021-30809 at SUSECVE-2021-30809 at NVDCVE-2021-30818 at SUSECVE-2021-30818 at NVDCVE-2021-30823 at SUSECVE-2021-30823 at NVDCVE-2021-30836 at SUSECVE-2021-30836 at NVDCVE-2021-30846 at SUSECVE-2021-30846 at NVDCVE-2021-30848 at SUSECVE-2021-30848 at NVDCVE-2021-30849 at SUSECVE-2021-30849 at NVDCVE-2021-30851 at SUSECVE-2021-30851 at NVDCVE-2021-30858 at SUSECVE-2021-30858 at NVDCVE-2021-30884 at SUSECVE-2021-30884 at NVDCVE-2021-30887 at SUSECVE-2021-30887 at NVDCVE-2021-30888 at SUSECVE-2021-30888 at NVDCVE-2021-30889 at SUSECVE-2021-30889 at NVDCVE-2021-30890 at SUSECVE-2021-30890 at NVDCVE-2021-30897 at SUSECVE-2021-30897 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cifs-utils (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cifs-utils fixes the following issues:
- CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).
ImportantSUSE bug 1197216CVE-2022-27239 at SUSECVE-2022-27239 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for aide (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for aide fixes the following issues:
- CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735)
ImportantSUSE bug 1194735CVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.1.0 ESR.
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-40 (bsc#1190269, bsc#1190274):
* CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
Firefox 91.0.1esr ESR
* Fixed: Fixed an issue causing buttons on the tab bar to be
resized when loading certain websites (bug 1704404)
* Fixed: Fixed an issue which caused tabs from private windows
to be visible in non-private windows when viewing switch-to-
tab results in the address bar panel (bug 1720369)
* Fixed: Various stability fixes
* Fixed: Security fix MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
Firefox Extended Support Release 91.0 ESR
* New: Some of the highlights of the new Extended Support Release are:
- A number of user interface changes. For more information,
see the Firefox 89 release notes.
- Firefox now supports logging into Microsoft, work, and
school accounts using Windows single sign-on. Learn more
- On Windows, updates can now be applied in the background
while Firefox is not running.
- Firefox for Windows now offers a new page about:third-party
to help identify compatibility issues caused by third-party
applications
- Version 2 of Firefox's SmartBlock feature further improves
private browsing. Third party Facebook scripts are blocked to
prevent you from being tracked, but are now automatically
loaded 'just in time' if you decide to 'Log in with Facebook'
on any website.
- Enhanced the privacy of the Firefox Browser's Private
Browsing mode with Total Cookie Protection, which confines
cookies to the site where they were created, preventing
companis from using cookies to track your browsing across
sites. This feature was originally launched in Firefox's ETP
Strict mode.
- PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features.
- You'll encounter less website breakage in Private Browsing
and Strict Enhanced Tracking Protection with SmartBlock,
which provides stand-in scripts so that websites load
properly.
- Improved Print functionality with a cleaner design and
better integration with your computer's printer settings.
- Firefox now protects you from supercookies, a type of
tracker that can stay hidden in your browser and track you
online, even after you clear cookies. By isolating
supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
- Firefox now remembers your preferred location for saved
bookmarks, displays the bookmarks toolbar by default on new
tabs, and gives you easy access to all of your bookmarks via
a toolbar folder.
- Native support for macOS devices built with Apple Silicon
CPUs brings dramatic performance improvements over the non-
native build that was shipped in Firefox 83: Firefox launches
over 2.5 times faster and web apps are now twice as
responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest
Firefox.
- Pinch zooming will now be supported for our users with
Windows touchscreen devices and touchpads on Mac devices.
Firefox users may now use pinch to zoom on touch-capable
devices to zoom in and out of webpages.
- We’ve improved functionality and design for a number of
Firefox search features:
* Selecting a search engine at the bottom of the search
panel now enters search mode for that engine, allowing you to
see suggestions (if available) for your search terms. The old
behavior (immediately performing a search) is available with
a shift-click.
* When Firefox autocompletes the URL of one of your search
engines, you can now search with that engine directly in the
address bar by selecting the shortcut in the address bar
results.
* We’ve added buttons at the bottom of the search panel to
allow you to search your bookmarks, open tabs, and history.
- Firefox supports AcroForm, which will allow you to fill in,
print, and save supported PDF forms and the PDF viewer also
has a new fresh look.
- For our users in the US and Canada, Firefox can now save,
manage, and auto-fill credit card information for you, making
shopping on Firefox ever more convenient.
- In addition to our default, dark and light themes, with
this release, Firefox introduces the Alpenglow theme: a
colorful appearance for buttons, menus, and windows. You can
update your Firefox themes under settings or preferences.
* Changed: Firefox no longer supports Adobe Flash. There is no
setting available to re-enable Flash support.
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. See more
details in the Firefox for Enterprise 91 Release Notes.
MFSA 2021-33 (bsc#1188891):
* CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981: Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988: Memory corruption as a result of incorrect style treatment
* CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984: Incorrect instruction reordering during JIT optimization
* CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
* CVE-2021-29985: Use-after-free media channels
* CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
* CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990: Memory safety bugs fixed in Firefox 91
ImportantSUSE bug 1188891SUSE bug 1189547SUSE bug 1190269SUSE bug 1190274CVE-2021-29980 at SUSECVE-2021-29980 at NVDCVE-2021-29981 at SUSECVE-2021-29981 at NVDCVE-2021-29982 at SUSECVE-2021-29982 at NVDCVE-2021-29983 at SUSECVE-2021-29983 at NVDCVE-2021-29984 at SUSECVE-2021-29984 at NVDCVE-2021-29985 at SUSECVE-2021-29985 at NVDCVE-2021-29986 at SUSECVE-2021-29986 at NVDCVE-2021-29987 at SUSECVE-2021-29987 at NVDCVE-2021-29988 at SUSECVE-2021-29988 at NVDCVE-2021-29989 at SUSECVE-2021-29989 at NVDCVE-2021-29990 at SUSECVE-2021-29990 at NVDCVE-2021-29991 at SUSECVE-2021-29991 at NVDCVE-2021-38492 at SUSECVE-2021-38492 at NVDCVE-2021-38495 at SUSECVE-2021-38495 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for zsh (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for zsh fixes the following issues:
- CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294)
- CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294)
ImportantSUSE bug 1107294SUSE bug 1107296CVE-2018-0502 at SUSECVE-2018-0502 at NVDCVE-2018-13259 at SUSECVE-2018-13259 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 5 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
ModerateSUSE bug 1185055SUSE bug 1188564SUSE bug 1188565SUSE bug 1188568SUSE bug 1191905SUSE bug 1191909SUSE bug 1191910SUSE bug 1191911SUSE bug 1191913SUSE bug 1191914SUSE bug 1192052SUSE bug 1194198SUSE bug 1194232CVE-2021-2163 at SUSECVE-2021-2163 at NVDCVE-2021-2341 at SUSECVE-2021-2341 at NVDCVE-2021-2369 at SUSECVE-2021-2369 at NVDCVE-2021-2432 at SUSECVE-2021-2432 at NVDCVE-2021-35556 at SUSECVE-2021-35556 at NVDCVE-2021-35559 at SUSECVE-2021-35559 at NVDCVE-2021-35564 at SUSECVE-2021-35564 at NVDCVE-2021-35565 at SUSECVE-2021-35565 at NVDCVE-2021-35586 at SUSECVE-2021-35586 at NVDCVE-2021-35588 at SUSECVE-2021-35588 at NVDCVE-2021-41035 at SUSECVE-2021-41035 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gzip (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gzip fixes the following issues:
- CVE-2022-1271: Add hardening for zgrep. (bsc#1198062)
ImportantCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.0 (bsc#1198290):
- CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution.
- CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error.
Missing CVE reference for the update to 2.34.6 (bsc#1196133):
- CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
ImportantSUSE bug 1196133SUSE bug 1198290CVE-2022-22594 at SUSECVE-2022-22594 at NVDCVE-2022-22624 at SUSECVE-2022-22624 at NVDCVE-2022-22628 at SUSECVE-2022-22628 at NVDCVE-2022-22629 at SUSECVE-2022-22629 at NVDCVE-2022-22637 at SUSECVE-2022-22637 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for e2fsprogs (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423)
Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).
ModerateSUSE bug 1198717SUSE bug 1199423CVE-2022-21151 at SUSECVE-2022-21151 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
ImportantSUSE bug 1198970CVE-2022-29909 at SUSECVE-2022-29909 at NVDCVE-2022-29911 at SUSECVE-2022-29911 at NVDCVE-2022-29912 at SUSECVE-2022-29912 at NVDCVE-2022-29914 at SUSECVE-2022-29914 at NVDCVE-2022-29916 at SUSECVE-2022-29916 at NVDCVE-2022-29917 at SUSECVE-2022-29917 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glib2 (Low)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openldap2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
- Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383).
ImportantSUSE bug 1198383SUSE bug 1199240CVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
ImportantSUSE bug 1194251SUSE bug 1194362SUSE bug 1194474SUSE bug 1194476SUSE bug 1194477SUSE bug 1194478SUSE bug 1194479SUSE bug 1194480CVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql10 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
ImportantSUSE bug 1199768CVE-2022-1529 at SUSECVE-2022-1529 at NVDCVE-2022-1802 at SUSECVE-2022-1802 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-requests (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-requests fixes the following issues:
- CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI
upon receiving a same-hostname https-to-http redirect. (bsc#1111622)
ModerateSUSE bug 1111622CVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libxml2 fixes the following issues:
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132).
- CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689).
ImportantSUSE bug 1069689SUSE bug 1199132CVE-2017-16932 at SUSECVE-2017-16932 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for pcre2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for kernel-firmware fixes the following issues:
Update AMD ucode and SEV firmware
- (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744,
bsc#1199459, bsc#1199470)
ModerateSUSE bug 1199459SUSE bug 1199470CVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733)
- CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777)
- Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805)
- Limit P2P_DEVICE name to appropriate ifname size
- Enable SAE support(jsc#SLE-14992).
- Fix wicked wlan (bsc#1156920)
- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
network. Fix WLAN config on boot with wicked. (bsc#1166933)
- Adjust the service to start after network.target wrt bsc#1165266
Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
- SAE/EAP-pwd side-channel attack update
[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] ImportantSUSE bug 1131644SUSE bug 1131868SUSE bug 1131870SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874SUSE bug 1133640SUSE bug 1144443SUSE bug 1156920SUSE bug 1165266SUSE bug 1166933SUSE bug 1167331SUSE bug 1182805SUSE bug 1194732SUSE bug 1194733CVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql14 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql14 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
ImportantSUSE bug 1199475CVE-2022-1552 at SUSECVE-2022-1552 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ImageMagick (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ImageMagick fixes the following issues:
- CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351).
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
ImportantSUSE bug 1198351SUSE bug 1199350CVE-2022-1270 at SUSECVE-2022-1270 at NVDCVE-2022-28463 at SUSECVE-2022-28463 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mailman (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mailman fixes the following issues:
- CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316).
- CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741).
- CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735).
- CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959).
ImportantSUSE bug 1191959SUSE bug 1192735SUSE bug 1192741SUSE bug 1193316CVE-2021-42096 at SUSECVE-2021-42096 at NVDCVE-2021-43331 at SUSECVE-2021-43331 at NVDCVE-2021-43332 at SUSECVE-2021-43332 at NVDCVE-2021-44227 at SUSECVE-2021-44227 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for polkit (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).
ImportantSUSE bug 1194568CVE-2021-4034 at SUSECVE-2021-4034 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for librelp (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for librelp fixes the following issues:
- CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730).
ModerateSUSE bug 1086730CVE-2018-1000140 at SUSECVE-2018-1000140 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027)
- CVE-2022-31736: Cross-Origin resource's length leaked
- CVE-2022-31737: Heap buffer overflow in WebGL
- CVE-2022-31738: Browser window spoof using fullscreen mode
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
- CVE-2022-31740: Register allocation problem in WASM on arm64
- CVE-2022-31741: Uninitialized variable leads to invalid memory read
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
- CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
ImportantSUSE bug 1200027CVE-2022-31736 at SUSECVE-2022-31736 at NVDCVE-2022-31737 at SUSECVE-2022-31737 at NVDCVE-2022-31738 at SUSECVE-2022-31738 at NVDCVE-2022-31739 at SUSECVE-2022-31739 at NVDCVE-2022-31740 at SUSECVE-2022-31740 at NVDCVE-2022-31741 at SUSECVE-2022-31741 at NVDCVE-2022-31742 at SUSECVE-2022-31742 at NVDCVE-2022-31747 at SUSECVE-2022-31747 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for strongswan (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for strongswan fixes the following issues:
- CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471)
ImportantSUSE bug 1194471CVE-2021-45079 at SUSECVE-2021-45079 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.4 (bsc#1200027)
* CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
ImportantSUSE bug 1200027CVE-2022-31741 at SUSECVE-2022-31741 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
ImportantSUSE bug 1191184SUSE bug 1191185SUSE bug 1191186SUSE bug 1193282SUSE bug 1197948SUSE bug 1198460SUSE bug 1198493SUSE bug 1198496SUSE bug 1198581CVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for u-boot (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for u-boot fixes the following issues:
- A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code.
(CVE-2022-30552, bsc#1200363)
- A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive.
(CVE-2022-30790, bsc#1200364)
ImportantSUSE bug 1200363SUSE bug 1200364CVE-2022-30552 at SUSECVE-2022-30552 at NVDCVE-2022-30790 at SUSECVE-2022-30790 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
- CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516)
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399).
- debug: Lock down kgdb (bsc#1199426).
- dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
- lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124).
- lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124).
- linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124).
- linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124).
- linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124).
- linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
- linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124).
- net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124).
- net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124).
- net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124).
- net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124).
- net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124).
- net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124).
- net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124).
- net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124).
- net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124).
- net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124).
- net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124).
- net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124).
- net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124).
- net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124).
- net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124).
- net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124).
- net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124).
- net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124).
- net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124).
- net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124).
- net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124).
- net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
- net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124).
- net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124).
- net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124).
- net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124).
- net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124).
- net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124).
- net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124).
- net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124).
- net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124).
- net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124).
- net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124).
- net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124).
- net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124).
- net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124).
- net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124).
- net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124).
- net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124).
- net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
- net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124).
- net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124).
- net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124).
- net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124).
- net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
- net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124).
- net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124).
- net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124).
- net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124).
- net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124).
- net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124).
- net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124).
- net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124).
- net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124).
- net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- x86/pm: Save the MSR validity status at context setup (bsc#1114648).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648).
ImportantSUSE bug 1028340SUSE bug 1065729SUSE bug 1071995SUSE bug 1114648SUSE bug 1172456SUSE bug 1182171SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1191958SUSE bug 1195651SUSE bug 1196426SUSE bug 1197099SUSE bug 1197219SUSE bug 1197343SUSE bug 1198400SUSE bug 1198516SUSE bug 1198660SUSE bug 1198687SUSE bug 1198742SUSE bug 1198825SUSE bug 1199012SUSE bug 1199063SUSE bug 1199314SUSE bug 1199399SUSE bug 1199426SUSE bug 1199505SUSE bug 1199605SUSE bug 1199650CVE-2019-20811 at SUSECVE-2019-20811 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-39711 at SUSECVE-2021-39711 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
ImportantSUSE bug 1199287SUSE bug 1200106CVE-2022-26700 at SUSECVE-2022-26700 at NVDCVE-2022-26709 at SUSECVE-2022-26709 at NVDCVE-2022-26716 at SUSECVE-2022-26716 at NVDCVE-2022-26717 at SUSECVE-2022-26717 at NVDCVE-2022-26719 at SUSECVE-2022-26719 at NVDCVE-2022-30293 at SUSECVE-2022-30293 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
ImportantSUSE bug 1200338SUSE bug 1200340SUSE bug 1200341SUSE bug 1200345SUSE bug 1200348SUSE bug 1200350SUSE bug 1200352CVE-2022-26377 at SUSECVE-2022-26377 at NVDCVE-2022-28614 at SUSECVE-2022-28614 at NVDCVE-2022-28615 at SUSECVE-2022-28615 at NVDCVE-2022-29404 at SUSECVE-2022-29404 at NVDCVE-2022-30522 at SUSECVE-2022-30522 at NVDCVE-2022-30556 at SUSECVE-2022-30556 at NVDCVE-2022-31813 at SUSECVE-2022-31813 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
ImportantSUSE bug 1199166CVE-2022-1292 at SUSECVE-2022-1292 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for log4j (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for log4j fixes the following issues:
- CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844)
- CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843)
- CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
ImportantSUSE bug 1194842SUSE bug 1194843SUSE bug 1194844CVE-2022-23302 at SUSECVE-2022-23302 at NVDCVE-2022-23305 at SUSECVE-2022-23305 at NVDCVE-2022-23307 at SUSECVE-2022-23307 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for SUSE Manager Client Tools (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update required Go version to 1.16
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error patch that is already included upstream
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
grafana:
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams
API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
ImportantSUSE bug 1181223SUSE bug 1181400SUSE bug 1190462SUSE bug 1190535SUSE bug 1193600SUSE bug 1194873SUSE bug 1195726SUSE bug 1195727SUSE bug 1195728SUSE bug 1196338SUSE bug 1196704SUSE bug 1197507SUSE bug 1197689CVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-39226 at SUSECVE-2021-39226 at NVDCVE-2021-41174 at SUSECVE-2021-41174 at NVDCVE-2021-41244 at SUSECVE-2021-41244 at NVDCVE-2021-43798 at SUSECVE-2021-43798 at NVDCVE-2021-43813 at SUSECVE-2021-43813 at NVDCVE-2021-43815 at SUSECVE-2021-43815 at NVDCVE-2022-21673 at SUSECVE-2022-21673 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-21702 at SUSECVE-2022-21702 at NVDCVE-2022-21703 at SUSECVE-2022-21703 at NVDCVE-2022-21713 at SUSECVE-2022-21713 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for fwupdate (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of fwupdate fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb fixes the following issues:
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-21427 (bsc#1199928)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27445 (bsc#1198629)
ImportantSUSE bug 1198603SUSE bug 1198604SUSE bug 1198606SUSE bug 1198607SUSE bug 1198610SUSE bug 1198611SUSE bug 1198612SUSE bug 1198613SUSE bug 1198629SUSE bug 1199928CVE-2021-46669 at SUSECVE-2021-46669 at NVDCVE-2022-21427 at SUSECVE-2022-21427 at NVDCVE-2022-27377 at SUSECVE-2022-27377 at NVDCVE-2022-27378 at SUSECVE-2022-27378 at NVDCVE-2022-27380 at SUSECVE-2022-27380 at NVDCVE-2022-27381 at SUSECVE-2022-27381 at NVDCVE-2022-27383 at SUSECVE-2022-27383 at NVDCVE-2022-27384 at SUSECVE-2022-27384 at NVDCVE-2022-27386 at SUSECVE-2022-27386 at NVDCVE-2022-27387 at SUSECVE-2022-27387 at NVDCVE-2022-27445 at SUSECVE-2022-27445 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1070738SUSE bug 1198511SUSE bug 1199441CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl fixes the following issues:
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1200550CVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1185637SUSE bug 1199166SUSE bug 1200550CVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for oracleasm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of oracleasm fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-ltss:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1198511CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dpdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of dpdk fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793):
- CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381)
- CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604)
- CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537)
- CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951)
- CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123)
- CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717)
- CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595)
- CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246)
- CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651)
ImportantSUSE bug 1200793CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-31744 at SUSECVE-2022-31744 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
ImportantSUSE bug 1201099CVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for crash (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of crash fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:sles-ltss:12:sp4Security update for rsyslog (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for rsyslog fixes the following issues:
- CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061)
ImportantSUSE bug 1199061CVE-2022-24903 at SUSECVE-2022-24903 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for pcre (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
- CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
ImportantSUSE bug 1194179SUSE bug 1194181CVE-2022-2319 at SUSECVE-2022-2319 at NVDCVE-2022-2320 at SUSECVE-2022-2320 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for squid fixes the following issues:
- CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436)
- CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921)
- CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907)
ImportantSUSE bug 1183436SUSE bug 1185921SUSE bug 1200907CVE-2020-25097 at SUSECVE-2020-25097 at NVDCVE-2021-28651 at SUSECVE-2021-28651 at NVDCVE-2021-46784 at SUSECVE-2021-46784 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144).
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143).
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577).
- CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426).
- CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266).
The following non-security bugs were fixed:
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- exec: Force single empty string when argv is empty (bsc#1200571).
ImportantSUSE bug 1158266SUSE bug 1162338SUSE bug 1162369SUSE bug 1173871SUSE bug 1177282SUSE bug 1194013SUSE bug 1196901SUSE bug 1198577SUSE bug 1199426SUSE bug 1199487SUSE bug 1199507SUSE bug 1199657SUSE bug 1200059SUSE bug 1200143SUSE bug 1200144SUSE bug 1200249SUSE bug 1200571SUSE bug 1200599SUSE bug 1200604SUSE bug 1200605SUSE bug 1200608SUSE bug 1200619SUSE bug 1200692SUSE bug 1200762SUSE bug 1201050SUSE bug 1201080SUSE bug 1201251CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.4 (bsc#1201221):
- CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information.
- CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted.
- CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantSUSE bug 1201221CVE-2022-22662 at SUSECVE-2022-22662 at NVDCVE-2022-22677 at SUSECVE-2022-22677 at NVDCVE-2022-26710 at SUSECVE-2022-26710 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python-M2Crypto (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).
ImportantSUSE bug 1178829CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gpg2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
ImportantSUSE bug 1201225CVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)
- CVE-2022-21426: Better XPath expression handling (bsc#1198672)
- CVE-2022-21443: Improved Object Identification (bsc#1198675)
- CVE-2022-21434: Better invocation handler handling (bsc#1198674)
- CVE-2022-21476: Improve Santuario processing (bsc#1198671)
- CVE-2022-21496: Improve URL supports (bsc#1198673)
And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes.
ImportantSUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to fix various issues:
FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15.
- FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
- FISP: remove hard disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
Version update to NSS 3.79
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Update to NSS 3.78.1
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
update to NSS 3.78
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Update to NSS 3.77:
- resolve mpitests build failure on Windows.
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Add a CI Target for gcc-11.
- Change to makefiles for gcc-4.8.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
update to NSS 3.76.1
- Remove token member from NSSSlot struct.
NSS 3.76
- Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake message.
update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- real move assignment operator.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Update to NSS 3.74:
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (bsc#1195040)
Update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Update to NSS 3.69.1
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with AES_CBC
NSS 3.69
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
- FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
- Enable FIPS during test certificate creation and disables the library checksum
validation during same.
- FIPS: allow checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132.
- FIPS: update validation string to version-release format. (bsc#1192079).
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086).
- FIPS: Add CSP clearing (bmo#1697303, bsc#1192087).
mozilla-nspr was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
update to 4.33:
* fixes to build system and export of private symbols
ModerateSUSE bug 1191546SUSE bug 1192079SUSE bug 1192080SUSE bug 1192086SUSE bug 1192087SUSE bug 1192228SUSE bug 1193170SUSE bug 1195040SUSE bug 1198486SUSE bug 1198980SUSE bug 1200325SUSE bug 1201298CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for git fixes the following issues:
- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
- Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119)
ImportantSUSE bug 1200119SUSE bug 1201431CVE-2022-29187 at SUSECVE-2022-29187 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for:
- CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670),
CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674),
CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675),
CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).
ImportantSUSE bug 1191912SUSE bug 1194931SUSE bug 1198670SUSE bug 1198671SUSE bug 1198672SUSE bug 1198673SUSE bug 1198674SUSE bug 1198675SUSE bug 1201643CVE-2021-35561 at SUSECVE-2021-35561 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2022-21434 at SUSECVE-2022-21434 at NVDCVE-2022-21443 at SUSECVE-2022-21443 at NVDCVE-2022-21449 at SUSECVE-2022-21449 at NVDCVE-2022-21476 at SUSECVE-2022-21476 at NVDCVE-2022-21496 at SUSECVE-2022-21496 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
ImportantSUSE bug 1199965SUSE bug 1199966SUSE bug 1200549SUSE bug 1201394SUSE bug 1201469CVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for pcre2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
ImportantSUSE bug 1199235CVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496).
ModerateSUSE bug 1201496CVE-2022-32742 at SUSECVE-2022-32742 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.12.0 ESR (bsc#1201758):
- CVE-2022-36319: Mouse Position spoofing with CSS transforms
- CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
ImportantSUSE bug 1201758CVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dovecot22 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dovecot22 fixes the following issues:
- CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267).
ImportantSUSE bug 1201267CVE-2022-30550 at SUSECVE-2022-30550 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for qpdf (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for qpdf fixes the following issues:
- CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830).
- CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).
ImportantSUSE bug 1188514SUSE bug 1201830CVE-2021-36978 at SUSECVE-2021-36978 at NVDCVE-2022-34503 at SUSECVE-2022-34503 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859)
CriticalSUSE bug 1194859CVE-2021-44142 at SUSECVE-2021-44142 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for u-boot (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for u-boot fixes the following issues:
- CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214).
ImportantSUSE bug 1201214CVE-2022-34835 at SUSECVE-2022-34835 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mokutil (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mokutil fixes the following issues:
- Adds SBAT revocation support to mokutil. (bsc#1198458)
New options added (see manpage):
- mokutil --sbat
List all entries in SBAT.
- mokutil --set-sbat-policy (latest | previous | delete)
To set the SBAT acceptance policy.
- mokutil --list-sbat-revocations
To list the current SBAT revocations.
ModerateSUSE bug 1198458cpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).
- cifs: To match file servers, make sure the server hostname matches (bsc#1201926).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926).
- cifs: set a minimum of 120s for next dns resolution (bsc#1201926).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926).
- kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type.
- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484).
ImportantSUSE bug 1195775SUSE bug 1195926SUSE bug 1198484SUSE bug 1198829SUSE bug 1200442SUSE bug 1201050SUSE bug 1201635SUSE bug 1201636SUSE bug 1201926SUSE bug 1201930CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite
loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223).
- CVE-2022-27782: Fixed an issue where TLS and SSH connections would
be reused even when a related option had been changed (bsc#1199224).
- CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused
by an unbounded number of compression layers (bsc#1200735).
- CVE-2022-32208: Fixed an incorrect message verification issue when
performing FTP transfers using krb5 (bsc#1200737).
ImportantSUSE bug 1199223SUSE bug 1199224SUSE bug 1200735SUSE bug 1200737CVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u345 (icedtea-3.24.0)
- CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694).
- CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692).
- CVE-2022-34169: Fixed an issue where arbitrary bytecode could
be executed via a malicious stylesheet (bsc#1201684).
- Non-security fixes:
- Allowed for customization of PKCS12 keystores (bsc#1195163).
ImportantSUSE bug 1195163SUSE bug 1201684SUSE bug 1201692SUSE bug 1201694CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657).
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
Other fixes:
- Update for functional issues.
See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
| ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
| ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
| ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
ModerateSUSE bug 1201727CVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for zlib (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
ImportantSUSE bug 1202175CVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for rsync (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
ImportantSUSE bug 1201840CVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
- Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694).
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bluez fixes the following issues:
- CVE-2019-8922: Fixed a buffer overflow in the implementation of the
Service Discovery Protocol (bsc#1193227).
ImportantSUSE bug 1193227CVE-2019-8922 at SUSECVE-2019-8922 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libcroco (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libcroco fixes the following issues:
- CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685).
ImportantSUSE bug 1171685CVE-2020-12825 at SUSECVE-2020-12825 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for gstreamer-plugins-good (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
ImportantSUSE bug 1201688SUSE bug 1201693SUSE bug 1201702SUSE bug 1201704SUSE bug 1201706SUSE bug 1201707SUSE bug 1201708CVE-2022-1920 at SUSECVE-2022-1920 at NVDCVE-2022-1921 at SUSECVE-2022-1921 at NVDCVE-2022-1922 at SUSECVE-2022-1922 at NVDCVE-2022-1923 at SUSECVE-2022-1923 at NVDCVE-2022-1924 at SUSECVE-2022-1924 at NVDCVE-2022-1925 at SUSECVE-2022-1925 at NVDCVE-2022-2122 at SUSECVE-2022-2122 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql10 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql10 fixes the following issues:
- Upgrade to 10.22:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.36.5 (bsc#1201980):
- Add support for PAC proxy in the WebDriver implementation.
- Fix video playback when loaded through custom URIs, this fixes
video playback in the Yelp documentation browser.
- Fix WebKitWebView::context-menu when using GTK4.
- Fix LTO builds with GCC.
- Fix several crashes and rendering issues.
- Security fixes:
- CVE-2022-32792: Fixed processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to
UI spoofing.
ImportantSUSE bug 1201980CVE-2022-32792 at SUSECVE-2022-32792 at NVDCVE-2022-32816 at SUSECVE-2022-32816 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for open-vm-tools (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
ImportantSUSE bug 1202657SUSE bug 1202733CVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for net-snmp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for net-snmp fixes the following issues:
- CVE-2020-15862: Make extended MIB read-only (bsc#1174961)
ImportantSUSE bug 1100146SUSE bug 1145864SUSE bug 1152968SUSE bug 1174961SUSE bug 1178021SUSE bug 1178351SUSE bug 1179009SUSE bug 1179699SUSE bug 1184839CVE-2020-15862 at SUSECVE-2020-15862 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for json-c (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed an integer overflow that could lead to memory
corruption via a large JSON file (bsc#1171479).
Non-security fixes:
- Updated to version 0.12.1 (jsc#PED-1778).
ImportantSUSE bug 1171479CVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
ImportantSUSE bug 1202645CVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libgda (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libgda fixes the following issues:
- CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849).
ImportantSUSE bug 1189849CVE-2021-39359 at SUSECVE-2021-39359 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
- Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when
processing malicious web content and that could lead to arbitrary
code execution.
- Fixed several crashes and rendering issues.
- Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
- Fixed several crashes and rendering issues
ImportantSUSE bug 1202169SUSE bug 1202807CVE-2022-32893 at SUSECVE-2022-32893 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature 'Intermediates' feature.
* Relax constraints on slightly malformed zip archives that
contain overlapping file entries.
ImportantSUSE bug 1202986cpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
Note: the issues listed below were NOT fixed with the previous update (8.0-7.11).
- Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan
Java XSLT library that occurred when processing malicious
stylesheets (bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing
negative random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions
in the Hotspot component (bsc#1201694)..
ImportantSUSE bug 1201684SUSE bug 1201685SUSE bug 1201692SUSE bug 1201694SUSE bug 1202427CVE-2022-21540 at SUSECVE-2022-21540 at NVDCVE-2022-21541 at SUSECVE-2022-21541 at NVDCVE-2022-21549 at SUSECVE-2022-21549 at NVDCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for udisks2 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for udisks2 fixes the following issues:
- CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606).
- Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797).
ModerateSUSE bug 1098797SUSE bug 1190606CVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql12 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql12 fixes the following issues:
- Update to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
ImportantSUSE bug 1198166SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql14 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
ImportantSUSE bug 1198166SUSE bug 1200437SUSE bug 1202368CVE-2022-2625 at SUSECVE-2022-2625 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.2.0esr ESR:
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-34 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155)
Address bar spoofing via XSLT error handling
* CVE-2022-38473 (bmo#1771685)
Cross-origin XSLT Documents would have inherited the parent's
permissions
* CVE-2022-38476 (bmo#1760998)
Data race and potential use-after-free in PK11_ChangePW
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658)
Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Firefox Extended Support Release 102.1 ESR
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-30 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722)
Mouse Position spoofing with CSS transforms
* CVE-2022-36318 (bmo#1771774)
Directory indexes for bundled resources reflected URL
parameters
* CVE-2022-36314 (bmo#1773894)
Opening local <code>.lnk</code> files could cause unexpected
network loads
* CVE-2022-2505 (bmo#1769739, bmo#1772824)
Memory safety bugs fixed in Firefox 103 and 102.1
- Firefox Extended Support Release 102.0.1 ESR
* Fixed: Fixed bookmark shortcut creation by dragging to
Windows File Explorer and dropping partially broken
(bmo#1774683)
* Fixed: Fixed bookmarks sidebar flashing white when opened in
dark mode (bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with
content in both English and a non-Latin alphabet
(bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last
visible message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is
closed* checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
Firefox 102.0 ESR:
* New:
- We now provide more secure connections: Firefox can
now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc
headers.
- For added viewing pleasure, full-range color levels are now
supported for video playback on many systems.
- Find it easier now! Mac users can now access the macOS
share options from the Firefox File menu.
- Voil?! Support for images containing ICC v4 profiles is
enabled on macOS.
- Firefox now supports the new AVIF image format, which is
based on the modern and royalty-free AV1 video codec. It
offers significant bandwidth savings for sites compared to
existing image formats. It also supports transparency and
other advanced features.
- Firefox PDF viewer now supports filling more forms (e.g.,
XFA-based forms, used by multiple governments and banks).
Learn more.
- When available system memory is critically low, Firefox on
Windows will automatically unload tabs based on their last
access time, memory usage, and other attributes. This helps
to reduce Firefox out-of-memory crashes. Forgot something?
Switching to an unloaded tab automatically reloads it.
- To prevent session loss for macOS users who are running
Firefox from a mounted .dmg file, they’ll now be prompted to
finish installation. Bear in mind, this permission prompt
only appears the first time these users run Firefox on their
computer.
- For your safety, Firefox now blocks downloads that rely on
insecure connections, protecting against potentially
malicious or unsafe downloads. Learn more and see where to
find downloads in Firefox.
- Improved web compatibility for privacy protections with
SmartBlock 3.0: In Private Browsing and Strict Tracking
Protection, Firefox goes to great lengths to protect your web
browsing activity from trackers. As part of this, the built-
in content blocking will automatically block third-party
scripts, images, and other content from being loaded from
cross-site tracking companies reported by Disconnect. Learn
more.
- Introducing a new referrer tracking protection in Strict
Tracking Protection and Private Browsing. This feature
prevents sites from unknowingly leaking private information
to trackers. Learn more.
- Introducing Firefox Suggest, a feature that provides
website suggestions as you type into the address bar. Learn
more about this faster way to navigate the web and locale-
specific features.
- Firefox macOS now uses Apple's low-power mode for
fullscreen video on sites such as YouTube and Twitch. This
meaningfully extends battery life in long viewing sessions.
Now your kids can find out what the fox says on a loop
without you ever missing a beat…
- With this release, power users can use about:unloads to
release system resources by manually unloading tabs without
closing them.
- On Windows, there will now be fewer interruptions because
Firefox won’t prompt you for updates. Instead, a background
agent will download and install updates even if Firefox is
closed.
- On Linux, we’ve improved WebGL performance and reduced
power consumption for many users.
- To better protect all Firefox users against side-channel
attacks, such as Spectre, we introduced Site Isolation.
- Firefox no longer warns you by default when you exit the
browser or close a window using a menu, button, or three-key
command. This should cut back on unwelcome notifications,
which is always nice—however, if you prefer a bit of notice,
you’ll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox
Settings. No worries! More details here.
- Firefox supports the new Snap Layouts menus when running on
Windows 11.
- RLBox—a new technology that hardens Firefox against
potential security vulnerabilities in third-party
libraries—is now enabled on all platforms.
- We’ve reduced CPU usage on macOS in Firefox and
WindowServer during event processing.
- We’ve also reduced the power usage of software decoded
video on macOS, especially in fullscreen. This includes
streaming sites such as Netflix and Amazon Prime Video.
- You can now move the Picture-in-Picture toggle button to
the opposite side of the video. Simply look for the new
context menu option Move Picture-in-Picture Toggle to Left
(Right) Side.
- We’ve made significant improvements in noise suppression
and auto-gain-control, as well as slight improvements in
echo-cancellation to provide you with a better overall
experience.
- We’ve also significantly reduced main-thread load.
- When printing, you can now choose to print only the
odd/even pages.
- Firefox now supports and displays the new style of
scrollbars on Windows 11.
- Firefox has a new optimized download flow. Instead of
prompting every time, files will download automatically.
However, they can still be opened from the downloads panel
with just one click. Easy! More information
- Firefox no longer asks what to do for each file by default.
You won’t be prompted to choose a helper application or save
to disk before downloading a file unless you have changed
your download action setting for that type of file.
- Any files you download will be immediately saved on your
disk. Depending on the current configuration, they’ll be
saved in your preferred download folder, or you’ll be asked
to select a location for each download. Windows and Linux
users will find their downloaded files in the destination
folder. They’ll no longer be put in the Temp folder.
- Firefox allows users to choose from a number of built-in
search engines to set as their default. In this release, some
users who had previously configured a default engine might
notice their default search engine has changed since Mozilla
was unable to secure formal permission to continue including
certain search engines in Firefox.
- You can now toggle Narrate in ReaderMode with the keyboard
shortcut 'n.'
- You can find added support for search—with or without
diacritics—in the PDF viewer.
- The Linux sandbox has been strengthened: processes exposed
to web content no longer have access to the X Window system
(X11).
- Firefox now supports credit card autofill and capture in
Germany, France, and the United Kingdom.
- We now support captions/subtitles display on YouTube, Prime
Video, and Netflix videos you watch in Picture-in-Picture.
Just turn on the subtitles on the in-page video player, and
they will appear in PiP.
- Picture-in-Picture now also supports video captions on
websites that use Web Video Text Track (WebVTT) format (e.g.,
Coursera.org, Canadian Broadcasting Corporation, and many
more).
- On the first run after install, Firefox detects when its
language does not match the operating system language and
offers the user a choice between the two languages.
- Firefox spell checking now checks spelling in multiple
languages. To enable additional languages, select them in the
text field’s context menu.
- HDR video is now supported in Firefox on Mac—starting with
YouTube! Firefox users on macOS 11+ (with HDR-compatible
screens) can enjoy higher-fidelity video content. No need to
manually flip any preferences to turn HDR video support
on—just make sure battery preferences are NOT set to
“optimize video streaming while on battery”.
- Hardware-accelerated AV1 video decoding is enabled on
Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2
Excluding Navi 24, GeForce 30). Installing the AV1 Video
Extension from the Microsoft Store may also be required.
- Video overlay is enabled on Windows for Intel GPUs,
reducing power usage during video playback.
- Improved fairness between painting and handling other
events. This noticeably improves the performance of the
volume slider on Twitch.
- Scrollbars on Linux and Windows 11 won't take space by
default. On Linux, users can change this in Settings. On
Windows, Firefox follows the system setting (System Settings
> Accessibility > Visual Effects > Always show scrollbars).
- Firefox now ignores less restricted referrer
policies—including unsafe-url, no-referrer-when-downgrade,
and origin-when-cross-origin—for cross-site
subresource/iframe requests to prevent privacy leaks from the
referrer.
- Reading is now easier with the prefers-contrast media
query, which allows sites to detect if the user has requested
that web content is presented with a higher (or lower)
contrast.
- All non-configured MIME types can now be assigned a custom
action upon download completion.
- Firefox now allows users to use as many microphones as they
want, at the same time, during video conferencing. The most
exciting benefit is that you can easily switch your
microphones at any time (if your conferencing service
provider enables this flexibility).
- Print preview has been updated.
* Fixed: Various security fixes.
- MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34483 (bmo#1335845)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34476 (bmo#1387919)
ASN.1 parser could have been tricked into accepting malformed
ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246)
Potential integer overflow in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138)
Sandboxed iframes could redirect to external schemes
* CVE-2022-34469 (bmo#1721220)
TLS certificate errors on HSTS-protected domains could be
bypassed by the user on Firefox for Android
* CVE-2022-34471 (bmo#1766047)
Compromised server could trick a browser into an addon
downgrade
* CVE-2022-34472 (bmo#1770123)
Unavailable PAC file resulted in OCSP requests being blocked
* CVE-2022-34478 (bmo#1773717)
Microsoft protocols can be attacked if a user accepts a
prompt
* CVE-2022-2200 (bmo#1771381)
Undesired attributes could be set as part of prototype
pollution
* CVE-2022-34480 (bmo#1454072)
Free of uninitialized pointer in lg_init
* CVE-2022-34477 (bmo#1731614)
MediaError message property leaked information on cross-
origin same-site pages
* CVE-2022-34475 (bmo#1757210)
HTML Sanitizer could have been bypassed via same-origin
script via use tags
* CVE-2022-34473 (bmo#1770888)
HTML Sanitizer could have been bypassed via use tags
* CVE-2022-34484 (bmo#1763634, bmo#1772651)
Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
* CVE-2022-34485 (bmo#1768409, bmo#1768578)
Memory safety bugs fixed in Firefox 102
ImportantSUSE bug 1200793SUSE bug 1201758SUSE bug 1202645CVE-2022-2200 at SUSECVE-2022-2200 at NVDCVE-2022-2505 at SUSECVE-2022-2505 at NVDCVE-2022-34468 at SUSECVE-2022-34468 at NVDCVE-2022-34469 at SUSECVE-2022-34469 at NVDCVE-2022-34470 at SUSECVE-2022-34470 at NVDCVE-2022-34471 at SUSECVE-2022-34471 at NVDCVE-2022-34472 at SUSECVE-2022-34472 at NVDCVE-2022-34473 at SUSECVE-2022-34473 at NVDCVE-2022-34474 at SUSECVE-2022-34474 at NVDCVE-2022-34475 at SUSECVE-2022-34475 at NVDCVE-2022-34476 at SUSECVE-2022-34476 at NVDCVE-2022-34477 at SUSECVE-2022-34477 at NVDCVE-2022-34478 at SUSECVE-2022-34478 at NVDCVE-2022-34479 at SUSECVE-2022-34479 at NVDCVE-2022-34480 at SUSECVE-2022-34480 at NVDCVE-2022-34481 at SUSECVE-2022-34481 at NVDCVE-2022-34482 at SUSECVE-2022-34482 at NVDCVE-2022-34483 at SUSECVE-2022-34483 at NVDCVE-2022-34484 at SUSECVE-2022-34484 at NVDCVE-2022-34485 at SUSECVE-2022-34485 at NVDCVE-2022-36314 at SUSECVE-2022-36314 at NVDCVE-2022-36318 at SUSECVE-2022-36318 at NVDCVE-2022-36319 at SUSECVE-2022-36319 at NVDCVE-2022-38472 at SUSECVE-2022-38472 at NVDCVE-2022-38473 at SUSECVE-2022-38473 at NVDCVE-2022-38476 at SUSECVE-2022-38476 at NVDCVE-2022-38477 at SUSECVE-2022-38477 at NVDCVE-2022-38478 at SUSECVE-2022-38478 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative (bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
ImportantSUSE bug 1172145SUSE bug 1177440SUSE bug 1188944SUSE bug 1191881SUSE bug 1194535SUSE bug 1196616SUSE bug 1200598SUSE bug 1200770SUSE bug 1200910SUSE bug 1201019SUSE bug 1201420SUSE bug 1201429SUSE bug 1201705SUSE bug 1201726SUSE bug 1201940SUSE bug 1201948SUSE bug 1202096SUSE bug 1202154SUSE bug 1202346SUSE bug 1202347SUSE bug 1202393SUSE bug 1202396SUSE bug 1202672SUSE bug 1202897SUSE bug 1202898SUSE bug 1203098CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21385 at SUSECVE-2022-21385 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
- CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)
ImportantSUSE bug 1194581SUSE bug 1194588CVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libsndfile (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libsndfile fixes the following issues:
- CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that
could potentially lead to heap exploitation (bsc#1194006).
ImportantSUSE bug 1194006CVE-2021-4156 at SUSECVE-2021-4156 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite3 was update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Update to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64.
- CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3.
ImportantSUSE bug 1203477CVE-2022-40956 at SUSECVE-2022-40956 at NVDCVE-2022-40957 at SUSECVE-2022-40957 at NVDCVE-2022-40958 at SUSECVE-2022-40958 at NVDCVE-2022-40959 at SUSECVE-2022-40959 at NVDCVE-2022-40960 at SUSECVE-2022-40960 at NVDCVE-2022-40962 at SUSECVE-2022-40962 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for krb5-appl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for krb5-appl fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530):
- CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution.
- CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution.
ImportantSUSE bug 1203530CVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
ImportantSUSE bug 1203614SUSE bug 1203619SUSE bug 1203620CVE-2022-2795 at SUSECVE-2022-2795 at NVDCVE-2022-38177 at SUSECVE-2022-38177 at NVDCVE-2022-38178 at SUSECVE-2022-38178 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for squid (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
ImportantSUSE bug 1203677SUSE bug 1203680CVE-2022-41317 at SUSECVE-2022-41317 at NVDCVE-2022-41318 at SUSECVE-2022-41318 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql-jdbc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).
ImportantSUSE bug 1202170CVE-2022-31197 at SUSECVE-2022-31197 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for clamav (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for clamav fixes the following issues:
- CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731)
ImportantSUSE bug 1194731CVE-2022-20698 at SUSECVE-2022-20698 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
- CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107).
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS.
ImportantSUSE bug 1201309SUSE bug 1202097SUSE bug 1202385SUSE bug 1202677SUSE bug 1202960SUSE bug 1203107SUSE bug 1203552CVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).
ImportantSUSE bug 1201723SUSE bug 1201971SUSE bug 1202026SUSE bug 1202466SUSE bug 1202467SUSE bug 1202468SUSE bug 1202968SUSE bug 1202971SUSE bug 1202973CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libksba (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985).
- CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529).
- CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).
- CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727).
- CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207).
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442).
- CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442).
- CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032).
- CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731).
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)
- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162)
- CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575).
The following non-security bugs were fixed:
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- elfcore: fix building with clang (bsc#1169514).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge.
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841).
- kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- net: Using proper atomic helper (bsc#1186222).
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Add XDP support (bsc#1193507).
- net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507).
- net: mana: Improve the HWC error handling (bsc#1193507).
- net: mana: Support hibernation and kexec (bsc#1193507).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- post.sh: detect /usr mountpoint too
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change.
- rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla).
- rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358).
- rpm: use _rpmmacrodir (boo#1191384)
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
- watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
ImportantSUSE bug 1071995SUSE bug 1124431SUSE bug 1167162SUSE bug 1169514SUSE bug 1172073SUSE bug 1177101SUSE bug 1179599SUSE bug 1184804SUSE bug 1185377SUSE bug 1186207SUSE bug 1186222SUSE bug 1187167SUSE bug 1189305SUSE bug 1189841SUSE bug 1190358SUSE bug 1190428SUSE bug 1191229SUSE bug 1191384SUSE bug 1191731SUSE bug 1192032SUSE bug 1192267SUSE bug 1192740SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1193306SUSE bug 1193440SUSE bug 1193442SUSE bug 1193507SUSE bug 1193575SUSE bug 1193669SUSE bug 1193727SUSE bug 1193731SUSE bug 1193767SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194001SUSE bug 1194048SUSE bug 1194087SUSE bug 1194227SUSE bug 1194302SUSE bug 1194516SUSE bug 1194529SUSE bug 1194880SUSE bug 1194888SUSE bug 1194985SUSE bug 1195254CVE-2018-25020 at SUSECVE-2018-25020 at NVDCVE-2019-15126 at SUSECVE-2019-15126 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-0935 at SUSECVE-2021-0935 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-3564 at SUSECVE-2021-3564 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for multipath-tools (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for multipath-tools fixes the following issues:
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
ImportantSUSE bug 1202616SUSE bug 1202739SUSE bug 1204325CVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libxml2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1201978SUSE bug 1204366SUSE bug 1204367CVE-2016-3709 at SUSECVE-2016-3709 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bluez fixes the following issues:
- CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237).
- CVE-2016-9803: Fixed memory leak (bsc#1013885).
ImportantSUSE bug 1013885SUSE bug 1193237CVE-2016-9803 at SUSECVE-2016-9803 at NVDCVE-2019-8921 at SUSECVE-2019-8921 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Updated to version 102.4.0 ESR (bsc#1204421):
- CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
ImportantSUSE bug 1204421CVE-2022-42927 at SUSECVE-2022-42927 at NVDCVE-2022-42928 at SUSECVE-2022-42928 at NVDCVE-2022-42929 at SUSECVE-2022-42929 at NVDCVE-2022-42932 at SUSECVE-2022-42932 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for telnet (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759).
ImportantSUSE bug 1203759CVE-2022-39028 at SUSECVE-2022-39028 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
golang-github-prometheus-alertmanager:
- Do not include sources (bsc#1200725)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114)
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
* CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
kiwi-desc-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Use salt bundle
* Add support fo VirtIO disks
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
ModerateSUSE bug 1196338SUSE bug 1198903SUSE bug 1200725SUSE bug 1201535SUSE bug 1201539CVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-31097 at SUSECVE-2022-31097 at NVDCVE-2022-31107 at SUSECVE-2022-31107 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593).
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
ImportantSUSE bug 1202593SUSE bug 1204383CVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libtirpc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
ImportantSUSE bug 1200800SUSE bug 1201680CVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openjpeg2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openjpeg2 fixes the following issues:
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789).
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046).
ImportantSUSE bug 1149789SUSE bug 1179821SUSE bug 1180043SUSE bug 1180044SUSE bug 1180046CVE-2018-21010 at SUSECVE-2018-21010 at NVDCVE-2020-27824 at SUSECVE-2020-27824 at NVDCVE-2020-27842 at SUSECVE-2020-27842 at NVDCVE-2020-27843 at SUSECVE-2020-27843 at NVDCVE-2020-27845 at SUSECVE-2020-27845 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dbus-1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libtasn1 (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690).
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412).
- CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416).
ImportantSUSE bug 1204412SUSE bug 1204416CVE-2022-3550 at SUSECVE-2022-3550 at NVDCVE-2022-3551 at SUSECVE-2022-3551 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glibc (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for glibc fixes the following issues:
- CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing
a malformed regexp (bsc#1193625)
- x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852)
- Recognize ppc64p7 arch to build for power7
ModerateSUSE bug 1193625SUSE bug 1196852CVE-2015-8985 at SUSECVE-2015-8985 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libvirt (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876)
ImportantSUSE bug 1192876SUSE bug 1193981SUSE bug 1194041CVE-2021-3975 at SUSECVE-2021-3975 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sudo fixes the following issues:
Security fixes:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).
Other:
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
- Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998).
ImportantSUSE bug 1197998SUSE bug 1203201SUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923)
ImportantSUSE bug 1185104SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2021-28689 at SUSECVE-2021-28689 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270):
- CVE-2022-45403: Service Workers might have learned size of cross-origin media files
- CVE-2022-45404: Fullscreen notification bypass
- CVE-2022-45405: Use-after-free in InputStream implementation
- CVE-2022-45406: Use-after-free of a JavaScript Realm
- CVE-2022-45408: Fullscreen notification bypass via windowName
- CVE-2022-45409: Use-after-free in Garbage Collection
- CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
- CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
- CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
- CVE-2022-45416: Keystroke Side-Channel Leakage
- CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
- CVE-2022-45420: Iframe contents could be rendered outside the iframe
- CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
ImportantSUSE bug 1205270CVE-2022-45403 at SUSECVE-2022-45403 at NVDCVE-2022-45404 at SUSECVE-2022-45404 at NVDCVE-2022-45405 at SUSECVE-2022-45405 at NVDCVE-2022-45406 at SUSECVE-2022-45406 at NVDCVE-2022-45408 at SUSECVE-2022-45408 at NVDCVE-2022-45409 at SUSECVE-2022-45409 at NVDCVE-2022-45410 at SUSECVE-2022-45410 at NVDCVE-2022-45411 at SUSECVE-2022-45411 at NVDCVE-2022-45412 at SUSECVE-2022-45412 at NVDCVE-2022-45416 at SUSECVE-2022-45416 at NVDCVE-2022-45418 at SUSECVE-2022-45418 at NVDCVE-2022-45420 at SUSECVE-2022-45420 at NVDCVE-2022-45421 at SUSECVE-2022-45421 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).
ImportantSUSE bug 1204641SUSE bug 1204643SUSE bug 1204644SUSE bug 1204645SUSE bug 1205392CVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for pixman (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125).
- CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).
ImportantSUSE bug 1203125SUSE bug 1205244CVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for exiv2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for exiv2 fixes the following issues:
- CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681)
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332)
- CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338)
- CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
- CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
ImportantSUSE bug 1119562SUSE bug 1142681SUSE bug 1185002SUSE bug 1186231SUSE bug 1188733SUSE bug 1189332SUSE bug 1189337SUSE bug 1189338CVE-2018-20097 at SUSECVE-2018-20097 at NVDCVE-2019-13112 at SUSECVE-2019-13112 at NVDCVE-2021-29457 at SUSECVE-2021-29457 at NVDCVE-2021-29473 at SUSECVE-2021-29473 at NVDCVE-2021-31291 at SUSECVE-2021-31291 at NVDCVE-2021-32815 at SUSECVE-2021-32815 at NVDCVE-2021-34334 at SUSECVE-2021-34334 at NVDCVE-2021-37620 at SUSECVE-2021-37620 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for busybox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for busybox fixes the following issues:
- CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660).
- CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412).
- CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912).
- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663).
- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662).
- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
- CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976).
- CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978).
- CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428).
- CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869).
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263).
- Update to 1.35.0
- awk: fix printf %%, fix read beyond end of buffer
- chrt: silence analyzer warning
- libarchive: remove duplicate forward declaration
- mount: 'mount -o rw ....' should not fall back to RO mount
- ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find,
mktemp, wget and others
- Enable fdisk (jsc#CAR-16)
- Update to 1.34.1:
* build system: use SOURCE_DATE_EPOCH for timestamp if available
* many bug fixes and new features
* touch: make FEATURE_TOUCH_NODEREF unconditional
- update to 1.33.1:
* httpd: fix sendfile
* ash: fix HISTFILE corruptio
* ash: fix unset variable pattern expansion
* traceroute: fix option parsing
* gunzip: fix for archive corruption
- Update to version 1.33.0
- many bug fixes and new features
- Update to version 1.32.1
- fixes a case where in ash, 'wait' never finishes.
- prepare usrmerge (bsc#1029961)
- Enable testsuite and package it for later rerun (for QA, jsc#CAR-15)
- Update to version 1.31.1:
+ Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion
fix), hush, dpkg-deb, telnet and wget.
- Changes from version 1.31.0:
+ many bugfixes and new features.
- Add busybox-no-stime.patch: stime() has been deprecated in glibc
2.31 and replaced with clock_settime().
- update to 1.25.1:
* fixes for hush, gunzip, ip route, ntpd
- includes changes from 1.25.0:
* many added and expanded implementations of command options
- includes changes from 1.24.2:
* fixes for build system (static build with glibc fixed),
truncate, gunzip and unzip.
- Update to version 1.24.1
* for a full list of changes see http://www.busybox.net/news.html
- Refresh busybox.install.patch
- Update to 1.23.2
* for a full list of changes see http://www.busybox.net/news.html
- Cleaned up spec file with spec-cleaner
- Refreshed patches
- update to 1.22.1:
Many updates and fixes for most included tools, see
see http://www.busybox.net/news.html
ImportantSUSE bug 1029961SUSE bug 1064976SUSE bug 1064978SUSE bug 1069412SUSE bug 1099260SUSE bug 1099263SUSE bug 1102912SUSE bug 1121426SUSE bug 1121428SUSE bug 1184522SUSE bug 1191514SUSE bug 1192869SUSE bug 914660SUSE bug 951562SUSE bug 970662SUSE bug 970663SUSE bug 991940CVE-2011-5325 at SUSECVE-2011-5325 at NVDCVE-2014-9645 at SUSECVE-2014-9645 at NVDCVE-2015-9261 at SUSECVE-2015-9261 at NVDCVE-2016-2147 at SUSECVE-2016-2147 at NVDCVE-2016-2148 at SUSECVE-2016-2148 at NVDCVE-2016-6301 at SUSECVE-2016-6301 at NVDCVE-2017-15873 at SUSECVE-2017-15873 at NVDCVE-2017-15874 at SUSECVE-2017-15874 at NVDCVE-2017-16544 at SUSECVE-2017-16544 at NVDCVE-2018-1000500 at SUSECVE-2018-1000500 at NVDCVE-2018-1000517 at SUSECVE-2018-1000517 at NVDCVE-2018-20679 at SUSECVE-2018-20679 at NVDCVE-2019-5747 at SUSECVE-2019-5747 at NVDCVE-2021-28831 at SUSECVE-2021-28831 at NVDCVE-2021-42373 at SUSECVE-2021-42373 at NVDCVE-2021-42374 at SUSECVE-2021-42374 at NVDCVE-2021-42375 at SUSECVE-2021-42375 at NVDCVE-2021-42376 at SUSECVE-2021-42376 at NVDCVE-2021-42377 at SUSECVE-2021-42377 at NVDCVE-2021-42378 at SUSECVE-2021-42378 at NVDCVE-2021-42379 at SUSECVE-2021-42379 at NVDCVE-2021-42380 at SUSECVE-2021-42380 at NVDCVE-2021-42381 at SUSECVE-2021-42381 at NVDCVE-2021-42382 at SUSECVE-2021-42382 at NVDCVE-2021-42383 at SUSECVE-2021-42383 at NVDCVE-2021-42384 at SUSECVE-2021-42384 at NVDCVE-2021-42385 at SUSECVE-2021-42385 at NVDCVE-2021-42386 at SUSECVE-2021-42386 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244).
The following non-security bug was fixed:
- Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171).
ImportantSUSE bug 1202666SUSE bug 1205244CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for binutils (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for binutils fixes the following issues:
The following security bugs were fixed:
- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).
- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).
- CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).
- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).
- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).
- CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).
- CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
- CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).
- CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).
The following non-security bugs were fixed:
- SLE toolchain update of binutils, update to 2.39 from 2.37.
- Update to 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
--weaken-symbols options now works with unique symbols as well.
- Update to 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
--unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
--unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils (bsc#1198458).
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to 'warn' will generate a
warning message whenever any multibyte character is encountered. Using the
option to 'warn-sym-only' will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908).
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
- Add back fix for bsc#1191473, which got lost in the update to 2.38.
- Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
ImportantSUSE bug 1142579SUSE bug 1185597SUSE bug 1185712SUSE bug 1188374SUSE bug 1191473SUSE bug 1191908SUSE bug 1193929SUSE bug 1194783SUSE bug 1197592SUSE bug 1198237SUSE bug 1198458SUSE bug 1202816SUSE bug 1202966SUSE bug 1202967SUSE bug 1202969CVE-2019-1010204 at SUSECVE-2019-1010204 at NVDCVE-2021-3530 at SUSECVE-2021-3530 at NVDCVE-2021-3648 at SUSECVE-2021-3648 at NVDCVE-2021-3826 at SUSECVE-2021-3826 at NVDCVE-2021-45078 at SUSECVE-2021-45078 at NVDCVE-2021-46195 at SUSECVE-2021-46195 at NVDCVE-2022-27943 at SUSECVE-2022-27943 at NVDCVE-2022-38126 at SUSECVE-2022-38126 at NVDCVE-2022-38127 at SUSECVE-2022-38127 at NVDCVE-2022-38533 at SUSECVE-2022-38533 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
Security fixes:
- CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
- CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
- CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
- CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
- CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).
Update to version 2.38.2:
- Fix scrolling issues in some sites having fixed background.
- Fix prolonged buffering during progressive live playback.
- Fix the build with accessibility disabled.
- Fix several crashes and rendering issues.
Update to version 2.38.1:
- Make xdg-dbus-proxy work if host session bus address is an
abstract socket.
- Use a single xdg-dbus-proxy process when sandbox is enabled.
- Fix high resolution video playback due to unimplemented
changeType operation.
- Ensure GSubprocess uses posix_spawn() again and inherit file
descriptors.
- Fix player stucking in buffering (paused) state for progressive
streaming.
- Do not try to preconnect on link click when link preconnect
setting is disabled.
- Fix close status code returned when the client closes a
WebSocket in some cases.
- Fix media player duration calculation.
- Fix several crashes and rendering issues.
Update to version 2.38.0:
- New media controls UI style.
- Add new API to set WebView's Content-Security-Policy for web
extensions support.
- Make it possible to use the remote inspector from other
browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
- MediaSession is enabled by default, allowing remote media
control using MPRIS.
- Add support for PDF documents using PDF.js.
ImportantSUSE bug 1205120SUSE bug 1205121SUSE bug 1205122SUSE bug 1205123SUSE bug 1205124CVE-2022-32888 at SUSECVE-2022-32888 at NVDCVE-2022-32923 at SUSECVE-2022-32923 at NVDCVE-2022-42799 at SUSECVE-2022-42799 at NVDCVE-2022-42823 at SUSECVE-2022-42823 at NVDCVE-2022-42824 at SUSECVE-2022-42824 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
- CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
- CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
- CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
- CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
- CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
- Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302]
* Security:
- The IBM ORB Does Not Support Object-Serialisation Data Filtering
- Large Allocation In CipherSuite
- Avoid Evaluating Sslalgorithmconstraints Twice
- Cache The Results Of Constraint Checks
- An incorrect ShortBufferException is thrown by IBMJCEPlus,
IBMJCEPlusFIPS during cipher update operation
- Disable SHA-1 Signed Jars For Ea
- JSSE Performance Improvement
- Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
* Java 8/Orb:
- Upgrade ibmcfw.jar To Version o2228.02
* Class Libraries:
- Crash In Libjsor.So During An Rdma Failover
- High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
- Update Timezone Information To The Latest tzdata2022c
* Jit Compiler:
- Crash During JIT Compilation
- Incorrect JIT Optimization Of Java Code
- Incorrect Return From Class.isArray()
- Unexpected ClassCastException
- Performance Regression When Calling VM Helper Code On X86
* X/Os Extentions:
- Add RSA-OAEP Cipher Function To IBMJCECCA
- Update to Java 8.0 Service Refresh 7 Fix Pack 16
* Java Virtual Machine
- Assertion failure at ClassLoaderRememberedSet.cpp
- Assertion failure at StandardAccessBarrier.cpp when
-Xgc:concurrentScavenge is set.
- GC can have unflushed ownable synchronizer objects which
can eventually lead to heap corruption and failure when
-Xgc:concurrentScavenge is set.
* JIT Compiler:
- Incorrect JIT optimization of Java code
- JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
* Reliability and Serviceability:
- javacore with 'kill -3' SIGQUIT signal freezes Java process
ModerateSUSE bug 1204468SUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475SUSE bug 1204480SUSE bug 1205302CVE-2022-21618 at SUSECVE-2022-21618 at NVDCVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDCVE-2022-39399 at SUSECVE-2022-39399 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for supportutils (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
ModerateSUSE bug 1203818cpe:/o:suse:sles-ltss:12:sp4Security update for grub2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for grub2 fixes the following issues:
Security Fixes:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520).
- Remove zfs modules (bsc#1205554).
ImportantSUSE bug 1205178SUSE bug 1205182SUSE bug 1205520SUSE bug 1205554CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- CVE-2022-42252: Fixed a request smuggling (bsc#1204918).
ImportantSUSE bug 1204918CVE-2022-42252 at SUSECVE-2022-42252 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for emacs (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for emacs fixes the following issues:
- CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822).
ImportantSUSE bug 1205822CVE-2022-45939 at SUSECVE-2022-45939 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for krb5 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u352 (icedtea-3.25.0):
- CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475).
- CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471).
- CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472).
ModerateSUSE bug 1204471SUSE bug 1204472SUSE bug 1204473SUSE bug 1204475CVE-2022-21619 at SUSECVE-2022-21619 at NVDCVE-2022-21624 at SUSECVE-2022-21624 at NVDCVE-2022-21626 at SUSECVE-2022-21626 at NVDCVE-2022-21628 at SUSECVE-2022-21628 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for glibc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Bugs fixed:
- Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458)
- Allow dlopen of filter object to work (bsc#1192620, BZ #16272)
- x86: fix stack alignment in cancelable syscall stub (bsc#1191835)
ImportantSUSE bug 1191835SUSE bug 1192620SUSE bug 1193478SUSE bug 1194640SUSE bug 1194768SUSE bug 1194770CVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):
- CVE-2022-46880: Use-after-free in WebGL
- CVE-2022-46872: Arbitrary file read from a compromised content process
- CVE-2022-46881: Memory corruption in WebGL
- CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
- CVE-2022-46882: Use-after-free in WebGL
- CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
ImportantSUSE bug 1206242CVE-2022-46872 at SUSECVE-2022-46872 at NVDCVE-2022-46874 at SUSECVE-2022-46874 at NVDCVE-2022-46875 at SUSECVE-2022-46875 at NVDCVE-2022-46878 at SUSECVE-2022-46878 at NVDCVE-2022-46880 at SUSECVE-2022-46880 at NVDCVE-2022-46881 at SUSECVE-2022-46881 at NVDCVE-2022-46882 at SUSECVE-2022-46882 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for zabbix (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for zabbix fixes the following issues:
- CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083).
ModerateSUSE bug 1206083CVE-2022-43515 at SUSECVE-2022-43515 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
- CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
- CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
- CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
- CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
- CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)
- Xi: return an error from XI property changes if verification failed (bsc#1205875)
ImportantSUSE bug 1205874SUSE bug 1205875SUSE bug 1205876SUSE bug 1205877SUSE bug 1205878SUSE bug 1205879SUSE bug 1206017CVE-2022-4283 at SUSECVE-2022-4283 at NVDCVE-2022-46340 at SUSECVE-2022-46340 at NVDCVE-2022-46341 at SUSECVE-2022-46341 at NVDCVE-2022-46342 at SUSECVE-2022-46342 at NVDCVE-2022-46343 at SUSECVE-2022-46343 at NVDCVE-2022-46344 at SUSECVE-2022-46344 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_7_1-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_7_1-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)
- CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here.
ModerateSUSE bug 1204703SUSE bug 1205302CVE-2022-3676 at SUSECVE-2022-3676 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322).
- CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
- CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788).
- CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987).
The following non-security bugs were fixed:
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes).
ImportantSUSE bug 1196018SUSE bug 1198702SUSE bug 1200788SUSE bug 1201455SUSE bug 1202686SUSE bug 1203008SUSE bug 1203183SUSE bug 1203290SUSE bug 1203322SUSE bug 1203514SUSE bug 1203960SUSE bug 1203987SUSE bug 1204166SUSE bug 1204168SUSE bug 1204170SUSE bug 1204354SUSE bug 1204355SUSE bug 1204402SUSE bug 1204414SUSE bug 1204415SUSE bug 1204424SUSE bug 1204431SUSE bug 1204432SUSE bug 1204439SUSE bug 1204479SUSE bug 1204574SUSE bug 1204576SUSE bug 1204631SUSE bug 1204635SUSE bug 1204636SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204868SUSE bug 1205006SUSE bug 1205128SUSE bug 1205130SUSE bug 1205220SUSE bug 1205473SUSE bug 1205514SUSE bug 1205671SUSE bug 1205705SUSE bug 1205709SUSE bug 1205796SUSE bug 1206113SUSE bug 1206114SUSE bug 1206207CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-40307 at SUSECVE-2022-40307 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for vim (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for vim fixes the following issues:
Updated to version 9.0.0814:
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2.
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2.
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
ModerateSUSE bug 1070955SUSE bug 1173256SUSE bug 1174564SUSE bug 1176549SUSE bug 1182324SUSE bug 1190533SUSE bug 1190570SUSE bug 1191770SUSE bug 1191893SUSE bug 1192167SUSE bug 1192478SUSE bug 1192481SUSE bug 1192902SUSE bug 1192903SUSE bug 1192904SUSE bug 1193294SUSE bug 1193298SUSE bug 1193466SUSE bug 1193905SUSE bug 1194093SUSE bug 1194216SUSE bug 1194217SUSE bug 1194388SUSE bug 1194556SUSE bug 1194872SUSE bug 1194885SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195203SUSE bug 1195332SUSE bug 1195354SUSE bug 1195356SUSE bug 1196361SUSE bug 1198596SUSE bug 1198748SUSE bug 1199331SUSE bug 1199333SUSE bug 1199334SUSE bug 1199651SUSE bug 1199655SUSE bug 1199693SUSE bug 1199745SUSE bug 1199747SUSE bug 1199936SUSE bug 1200010SUSE bug 1200011SUSE bug 1200012SUSE bug 1200270SUSE bug 1200697SUSE bug 1200698SUSE bug 1200700SUSE bug 1200701SUSE bug 1200732SUSE bug 1200884SUSE bug 1200902SUSE bug 1200903SUSE bug 1200904SUSE bug 1201132SUSE bug 1201133SUSE bug 1201134SUSE bug 1201135SUSE bug 1201136SUSE bug 1201150SUSE bug 1201151SUSE bug 1201152SUSE bug 1201153SUSE bug 1201154SUSE bug 1201155SUSE bug 1201249SUSE bug 1201356SUSE bug 1201359SUSE bug 1201363SUSE bug 1201620SUSE bug 1201863SUSE bug 1202046SUSE bug 1202049SUSE bug 1202050SUSE bug 1202051SUSE bug 1202414SUSE bug 1202420SUSE bug 1202421SUSE bug 1202511SUSE bug 1202512SUSE bug 1202515SUSE bug 1202552SUSE bug 1202599SUSE bug 1202687SUSE bug 1202689SUSE bug 1202862SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2016-1248 at SUSECVE-2016-1248 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:sles-ltss:12:sp4Security update for virglrenderer (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for virglrenderer fixes the following issues:
- CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389).
ImportantSUSE bug 1195389CVE-2022-0135 at SUSECVE-2022-0135 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
ImportantSUSE bug 1195054SUSE bug 1195217CVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tiff fixes the following issues:
- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
- CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312).
- CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808).
- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809).
- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812).
- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539).
ImportantSUSE bug 1071031SUSE bug 1154365SUSE bug 1182808SUSE bug 1182809SUSE bug 1182811SUSE bug 1182812SUSE bug 1190312SUSE bug 1194539CVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tcpdump (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tcpdump fixes the following issues:
- CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825).
ModerateSUSE bug 1195825CVE-2018-16301 at SUSECVE-2018-16301 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xerces-j2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xerces-j2 fixes the following issues:
- CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).
ImportantSUSE bug 1195108CVE-2022-23437 at SUSECVE-2022-23437 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682)
- CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service
- CVE-2022-22754: Extensions could have bypassed permission confirmation during update
- CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable
- CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements
- CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types
- CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
- CVE-2022-22763: Script Execution during invalid object state
- CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)
- Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry
ImportantSUSE bug 1195230SUSE bug 1195682CVE-2022-22753 at SUSECVE-2022-22753 at NVDCVE-2022-22754 at SUSECVE-2022-22754 at NVDCVE-2022-22756 at SUSECVE-2022-22756 at NVDCVE-2022-22759 at SUSECVE-2022-22759 at NVDCVE-2022-22760 at SUSECVE-2022-22760 at NVDCVE-2022-22761 at SUSECVE-2022-22761 at NVDCVE-2022-22763 at SUSECVE-2022-22763 at NVDCVE-2022-22764 at SUSECVE-2022-22764 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220207 release.
- CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615)
- CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779)
- CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780)
- CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781)
- Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
- Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
ImportantSUSE bug 1192615SUSE bug 1195779SUSE bug 1195780SUSE bug 1195781CVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943)
- CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942)
ImportantSUSE bug 1193942SUSE bug 1193943CVE-2021-44224 at SUSECVE-2021-44224 at NVDCVE-2021-44790 at SUSECVE-2021-44790 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.5 (bsc#1195735):
- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.
Update to version 2.34.4 (bsc#1195064):
- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The following CVEs were addressed in a previous update:
- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
ImportantSUSE bug 1195064SUSE bug 1195735CVE-2021-30934 at SUSECVE-2021-30934 at NVDCVE-2021-30936 at SUSECVE-2021-30936 at NVDCVE-2021-30951 at SUSECVE-2021-30951 at NVDCVE-2021-30952 at SUSECVE-2021-30952 at NVDCVE-2021-30953 at SUSECVE-2021-30953 at NVDCVE-2021-30954 at SUSECVE-2021-30954 at NVDCVE-2021-30984 at SUSECVE-2021-30984 at NVDCVE-2021-45481 at SUSECVE-2021-45481 at NVDCVE-2021-45482 at SUSECVE-2021-45482 at NVDCVE-2021-45483 at SUSECVE-2021-45483 at NVDCVE-2022-22589 at SUSECVE-2022-22589 at NVDCVE-2022-22590 at SUSECVE-2022-22590 at NVDCVE-2022-22592 at SUSECVE-2022-22592 at NVDCVE-2022-22594 at SUSECVE-2022-22594 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cyrus-sasl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
ImportantSUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
ImportantSUSE bug 1196025SUSE bug 1196026SUSE bug 1196168SUSE bug 1196169SUSE bug 1196171CVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for zsh (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be
executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be
properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-1100: Fixed a potential code execution via a stack-based buffer
overflow in utils.c:checkmailpath() (bsc#1089030).
ImportantSUSE bug 1089030SUSE bug 1163882SUSE bug 1196435CVE-2018-1100 at SUSECVE-2018-1100 at NVDCVE-2019-20044 at SUSECVE-2019-20044 at NVDCVE-2021-45444 at SUSECVE-2021-45444 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
The following non-security bugs were fixed:
- NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934).
- crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840).
- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).
- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
ImportantSUSE bug 1107207SUSE bug 1114893SUSE bug 1185973SUSE bug 1191580SUSE bug 1194516SUSE bug 1195536SUSE bug 1195543SUSE bug 1195612SUSE bug 1195840SUSE bug 1195897SUSE bug 1195908SUSE bug 1195934SUSE bug 1195949SUSE bug 1195987SUSE bug 1196079SUSE bug 1196155SUSE bug 1196584SUSE bug 1196601SUSE bug 1196612CVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.6.1 ESR (bsc#1196809):
- CVE-2022-26485: Use-after-free in XSLT parameter processing
- CVE-2022-26486: Use-after-free in WebGPU IPC Framework
ImportantSUSE bug 1196809CVE-2022-26485 at SUSECVE-2022-26485 at NVDCVE-2022-26486 at SUSECVE-2022-26486 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb fixes the following issues:
- Update to 10.2.43 (bsc#1196016):
* 10.2.43: CVE-2021-46665
CVE-2021-46664
CVE-2021-46661
CVE-2021-46668
CVE-2021-46663
* 10.2.42: CVE-2022-24052
CVE-2022-24051
CVE-2022-24050
CVE-2022-24048
CVE-2021-46659, bsc#1195339
- The following issues have already been fixed in this package but weren't
previously mentioned in the changes file:
CVE-2021-46658, bsc#1195334
CVE-2021-46657, bsc#1195325
ImportantSUSE bug 1195325SUSE bug 1195334SUSE bug 1195339SUSE bug 1196016CVE-2021-46657 at SUSECVE-2021-46657 at NVDCVE-2021-46658 at SUSECVE-2021-46658 at NVDCVE-2021-46659 at SUSECVE-2021-46659 at NVDCVE-2021-46661 at SUSECVE-2021-46661 at NVDCVE-2021-46663 at SUSECVE-2021-46663 at NVDCVE-2021-46664 at SUSECVE-2021-46664 at NVDCVE-2021-46665 at SUSECVE-2021-46665 at NVDCVE-2021-46668 at SUSECVE-2021-46668 at NVDCVE-2022-24048 at SUSECVE-2022-24048 at NVDCVE-2022-24050 at SUSECVE-2022-24050 at NVDCVE-2022-24051 at SUSECVE-2022-24051 at NVDCVE-2022-24052 at SUSECVE-2022-24052 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255)
- Remove log4j dependency, which is currently directly in use (bsc#1196137)
- Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
ImportantSUSE bug 1195255SUSE bug 1196091SUSE bug 1196137CVE-2022-23181 at SUSECVE-2022-23181 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.6 (bsc#1196133):
- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.
ImportantSUSE bug 1196133CVE-2022-22620 at SUSECVE-2022-22620 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libcaca (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libcaca fixes the following issues:
- CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no
data is written and space is allocated for the header only, not taking into
account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752).
ImportantSUSE bug 1184751SUSE bug 1184752CVE-2021-30498 at SUSECVE-2021-30498 at NVDCVE-2021-30499 at SUSECVE-2021-30499 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.7.0 ESR (bsc#1196900):
- CVE-2022-26383: Browser window spoof using fullscreen mode
- CVE-2022-26384: iframe allow-scripts sandbox bypass
- CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
- CVE-2022-26381: Use-after-free in text reflows
- CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users
ImportantSUSE bug 1196900CVE-2022-26381 at SUSECVE-2022-26381 at NVDCVE-2022-26383 at SUSECVE-2022-26383 at NVDCVE-2022-26384 at SUSECVE-2022-26384 at NVDCVE-2022-26386 at SUSECVE-2022-26386 at NVDCVE-2022-26387 at SUSECVE-2022-26387 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for expat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249).
ImportantSUSE bug 1196249SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
Non-security issues fixed:
- Fix PAC pointer authentication in ARM. (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
- Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u322 (icedtea-3.22.0)
Including the following security fixes:
- CVE-2022-21248, bsc#1194926: Enhance cross VM serialization
- CVE-2022-21283, bsc#1194937: Better String matching
- CVE-2022-21293, bsc#1194935: Improve String constructions
- CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps
- CVE-2022-21282, bsc#1194933: Better resolution of URIs
- CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management
- CVE-2022-21299, bsc#1194931: Improved scanning of XML entities
- CVE-2022-21305, bsc#1194939: Better array indexing
- CVE-2022-21340, bsc#1194940: Verify Jar Verification
- CVE-2022-21341, bsc#1194941: Improve serial forms for transport
- CVE-2022-21349: Improve Solaris font rendering
- CVE-2022-21360, bsc#1194929: Enhance BMP image support
- CVE-2022-21365, bsc#1194928: Enhanced BMP processing
ImportantSUSE bug 1193314SUSE bug 1193444SUSE bug 1193491SUSE bug 1194926SUSE bug 1194928SUSE bug 1194929SUSE bug 1194931SUSE bug 1194932SUSE bug 1194933SUSE bug 1194934SUSE bug 1194935SUSE bug 1194937SUSE bug 1194939SUSE bug 1194940SUSE bug 1194941SUSE bug 1195163CVE-2022-21248 at SUSECVE-2022-21248 at NVDCVE-2022-21282 at SUSECVE-2022-21282 at NVDCVE-2022-21283 at SUSECVE-2022-21283 at NVDCVE-2022-21293 at SUSECVE-2022-21293 at NVDCVE-2022-21294 at SUSECVE-2022-21294 at NVDCVE-2022-21296 at SUSECVE-2022-21296 at NVDCVE-2022-21299 at SUSECVE-2022-21299 at NVDCVE-2022-21305 at SUSECVE-2022-21305 at NVDCVE-2022-21340 at SUSECVE-2022-21340 at NVDCVE-2022-21341 at SUSECVE-2022-21341 at NVDCVE-2022-21349 at SUSECVE-2022-21349 at NVDCVE-2022-21360 at SUSECVE-2022-21360 at NVDCVE-2022-21365 at SUSECVE-2022-21365 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bind fixes the following issues:
- CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose
caching rules (bsc#1197135).
ImportantSUSE bug 1197135CVE-2021-25220 at SUSECVE-2021-25220 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for kernel-firmware fixes the following issues:
Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786):
- CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access.
ModerateSUSE bug 1195786CVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098).
- CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095).
- CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091).
- CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096).
ImportantSUSE bug 1197091SUSE bug 1197095SUSE bug 1197096SUSE bug 1197098CVE-2022-22719 at SUSECVE-2022-22719 at NVDCVE-2022-22720 at SUSECVE-2022-22720 at NVDCVE-2022-22721 at SUSECVE-2022-22721 at NVDCVE-2022-23943 at SUSECVE-2022-23943 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sudo (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for git fixes the following issues:
- CVE-2022-41903: Fixed a heap overflow in the 'git archive' and
'git log --format' commands (bsc#1207033).
- CVE-2022-23521: Fixed an integer overflow that could be triggered
when parsing a gitattributes file (bsc#1207032).
ImportantSUSE bug 1207032SUSE bug 1207033CVE-2022-23521 at SUSECVE-2022-23521 at NVDCVE-2022-41903 at SUSECVE-2022-41903 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.7.0 ESR (bsc#1207119):
- CVE-2022-46871: Updated an out of date library (libusrsctp) which
contained several vulnerabilities.
- CVE-2023-23598: Fixed an arbitrary file read from GTK drag and
drop on Linux.
- CVE-2023-23601: Fixed a potential spoofing attack when dragging a
URL from a cross-origin iframe into the same tab.
- CVE-2023-23602: Fixed a mishandled security check, which caused
the Content Security Policy header to be ignored for WebSockets
in WebWorkers.
- CVE-2022-46877: Fixed a fullscreen notification bypass which
could be leveraged in spoofing attacks.
- CVE-2023-23603: Fixed a Content Security Policy bypass via format
directives.
- CVE-2023-23605: Fixed several memory safety bugs.
ImportantSUSE bug 1207119CVE-2022-46871 at SUSECVE-2022-46871 at NVDCVE-2022-46877 at SUSECVE-2022-46877 at NVDCVE-2023-23598 at SUSECVE-2023-23598 at NVDCVE-2023-23601 at SUSECVE-2023-23601 at NVDCVE-2023-23602 at SUSECVE-2023-23602 at NVDCVE-2023-23603 at SUSECVE-2023-23603 at NVDCVE-2023-23605 at SUSECVE-2023-23605 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for freeradius-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for freeradius-server fixes the following issues:
- CVE-2022-41859: Fixed an issue in EAP-PWD that could leak
information about the password, which could facilitate dictionary
attacks (bsc#1206204).
- CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually
configured, which could be triggered via a malformed SIM option
(bsc#1206205).
- CVE-2022-41861: Fixed a server crash that could be triggered by
sending malformed data from a system in the RADIUS circle of trust
(bsc#1206206).
ImportantSUSE bug 1206204SUSE bug 1206205SUSE bug 1206206CVE-2022-41859 at SUSECVE-2022-41859 at NVDCVE-2022-41860 at SUSECVE-2022-41860 at NVDCVE-2022-41861 at SUSECVE-2022-41861 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2021-20251: Fixed an issue where the bad password count would
not be properly incremented, which could allow attackers to brute
force a user's password (bsc#1206546).
- CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
Secure channel (bsc#1206504).
- CVE-2022-37966: Fixed an issue where a weak cipher would be
selected to encrypt session keys, which could lead to privilege
escalation (bsc#1205385).
ImportantSUSE bug 1205385SUSE bug 1206504SUSE bug 1206546CVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dpdk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of dpdk fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-ltss:12:sp4Security update for libXpm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libXpm fixes the following issues:
- CVE-2022-46285: Fixed an infinite loop that could be triggered
when reading a XPM image with a C-style comment that is never
closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could
be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands
susceptible to PATH environment variable manipulation attacks
(bsc#1207031).
ImportantSUSE bug 1207029SUSE bug 1207030SUSE bug 1207031CVE-2022-44617 at SUSECVE-2022-44617 at NVDCVE-2022-46285 at SUSECVE-2022-46285 at NVDCVE-2022-4883 at SUSECVE-2022-4883 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bluez fixes the following issues:
- CVE-2022-39176: Fixed a memory safety issue that could allow
physically proximate attackers to obtain sensitive information
(bsc#1203121).
- CVE-2022-39177: Fixed a memory safety issue that could allow
physically proximate attackers to cause a denial of service
(bsc#1203120).
ImportantSUSE bug 1203120SUSE bug 1203121CVE-2022-39176 at SUSECVE-2022-39176 at NVDCVE-2022-39177 at SUSECVE-2022-39177 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).
ImportantSUSE bug 1209622CVE-2023-28708 at SUSECVE-2023-28708 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).
ImportantSUSE bug 1209543CVE-2023-1393 at SUSECVE-2023-1393 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.5 (boo#1208328):
- CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.
- CVE-2023-23518: Processing maliciously crafted web content may lead to
Previously fixed inside update to version 2.38.4 (boo#1207997):
- CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.
ImportantSUSE bug 1207997SUSE bug 1208328CVE-2022-42826 at SUSECVE-2022-42826 at NVDCVE-2023-23518 at SUSECVE-2023-23518 at NVDCVE-2023-23529 at SUSECVE-2023-23529 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sudo (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sudo fixes the following issues:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
ModerateSUSE bug 1209361SUSE bug 1209362CVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
Security fixes:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
Other fixes:
- Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062)
ModerateSUSE bug 1202062SUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for systemd (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
Bug fixes:
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
- Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244).
- Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529).
- Fixed 'man' tweak description of auto/noauto (bsc#1191502).
ImportantSUSE bug 1191502SUSE bug 1195529SUSE bug 1197244SUSE bug 1198507SUSE bug 1204423SUSE bug 1204968SUSE bug 1205000SUSE bug 1206985SUSE bug 1208958CVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDCVE-2023-26604 at SUSECVE-2023-26604 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ghostscript fixes the following issues:
- CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062).
ImportantSUSE bug 1210062CVE-2023-28879 at SUSECVE-2023-28879 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 102.10.0 ESR (bsc#1210212)
- CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
- CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
- CVE-2023-29533: Fullscreen notification obscured
- MFSA-TMP-2023-0001: Double-free in libwebp
- CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
- CVE-2023-29536: Invalid free from JavaScript code
- CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download
- CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux
- CVE-2023-29542: Bypass of file download extension restrictions
- CVE-2023-29545: Windows Save As dialog resolved environment variables
- CVE-2023-1945: Memory Corruption in Safe Browsing Code
- CVE-2023-29548: Incorrect optimization result on ARM64
- CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
ImportantSUSE bug 1210212CVE-2023-1945 at SUSECVE-2023-1945 at NVDCVE-2023-29531 at SUSECVE-2023-29531 at NVDCVE-2023-29532 at SUSECVE-2023-29532 at NVDCVE-2023-29533 at SUSECVE-2023-29533 at NVDCVE-2023-29535 at SUSECVE-2023-29535 at NVDCVE-2023-29536 at SUSECVE-2023-29536 at NVDCVE-2023-29539 at SUSECVE-2023-29539 at NVDCVE-2023-29541 at SUSECVE-2023-29541 at NVDCVE-2023-29542 at SUSECVE-2023-29542 at NVDCVE-2023-29545 at SUSECVE-2023-29545 at NVDCVE-2023-29548 at SUSECVE-2023-29548 at NVDCVE-2023-29550 at SUSECVE-2023-29550 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for harfbuzz (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 (bsc#1208480):
* Security fixes:
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
* New Features/Enhancements:
- Add RSA-PSS signature to IBMJCECCA.
* Defect Fixes:
- IJ45437 Service, Build, Packaging and Deliver: Getting
FIPSRUNTIMEEXCEPTION when calling java code:
MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
- IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
- IJ45280 Class Libraries: Update timezone information to the
latest TZDATA2022F
- IJ44896 Class Libraries: Update timezone information to the
latest TZDATA2022G
- IJ45436 Java Virtual Machine: Stack walking code gets into
endless loop, hanging the application
- IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified
multiple times on the same command line the first option takes
precedence instead of the last
- IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT()
due to a NULL pointer
- IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static
final field object properties
- IJ44107 JIT Compiler: JIT publishes new object reference to other
threads without executing a memory flush
- IX90193 ORB: Fix security vulnerability CVE-2023-21830
- IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has
similar error of JDK-8253368
- IJ45148 Security: code changes for tech preview
- IJ44621 Security: Computing Diffie-Hellman secret repeatedly,
using IBMJCEPLUS, causes a small memory leak
- IJ44172 Security: Disable SHA-1 signed jars for EA
- IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly,
using IBMJCEPLUS, Causes a small memory leak
- IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305
crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
- IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA
during signature operations resulting in Java cores
- IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
- IJ45202 Security: KEYTOOL NPE if signing certificate does not contain
a SUBJECTKEYIDENTIFIER extension
- IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY()
method uses SHA1XXXX signature algorithms to match private and public keys
- IJ45203 Security: RSAPSS multiple names for KEYTYPE
- IJ43920 Security: The PKCS12 keystore update and the PBES2 support
- IJ40002 XML: Fix security vulnerability CVE-2022-21426
ModerateSUSE bug 1207246SUSE bug 1207248SUSE bug 1207249SUSE bug 1208480CVE-2022-21426 at SUSECVE-2022-21426 at NVDCVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21835 at SUSECVE-2023-21835 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for liblouis (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for liblouis fixes the following issues:
- CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429).
- CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431).
- CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432).
ImportantSUSE bug 1209429SUSE bug 1209431SUSE bug 1209432SUSE bug 1209855CVE-2023-26767 at SUSECVE-2023-26767 at NVDCVE-2023-26768 at SUSECVE-2023-26768 at NVDCVE-2023-26769 at SUSECVE-2023-26769 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
backend could cause the response headers to be truncated early,
resulting in some headers being incorporated into the response body
(bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
header could cause memory corruption (bsc#1207247).
ImportantSUSE bug 1207247SUSE bug 1207250SUSE bug 1207251CVE-2006-20001 at SUSECVE-2006-20001 at NVDCVE-2022-36760 at SUSECVE-2022-36760 at NVDCVE-2022-37436 at SUSECVE-2022-37436 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2-mod_auth_openidc (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441).
- CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073).
ImportantSUSE bug 1190855SUSE bug 1206441SUSE bug 1210073CVE-2022-23527 at SUSECVE-2022-23527 at NVDCVE-2023-28625 at SUSECVE-2023-28625 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for shim (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1193315SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ovmf (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ovmf fixes the following issues:
- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246).
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
ImportantSUSE bug 1174246SUSE bug 1196741CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tiff (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tiff fixes the following issues:
- CVE-2022-48281: Fixed a buffer overflow that could be triggered via
a crafted image (bsc#1207413).
ImportantSUSE bug 1207413CVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sssd (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sssd fixes the following issues:
- CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474)
ImportantSUSE bug 1207474CVE-2022-4254 at SUSECVE-2022-4254 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for dmidecode (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.6 (bsc#1210731):
- CVE-2022-0108: Fixed information leak.
- CVE-2022-32885: Fixed arbitrary code execution.
- CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer.
- CVE-2023-27932: Fixed Same Origin Policy bypass.
- CVE-2023-27954: Fixed sensitive user information tracking.
- CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295).
Already fixed in version 2.38.5:
- CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
ImportantSUSE bug 1210295SUSE bug 1210731CVE-2022-0108 at SUSECVE-2022-0108 at NVDCVE-2022-32885 at SUSECVE-2022-32885 at NVDCVE-2022-32886 at SUSECVE-2022-32886 at NVDCVE-2022-32912 at SUSECVE-2022-32912 at NVDCVE-2023-25358 at SUSECVE-2023-25358 at NVDCVE-2023-25360 at SUSECVE-2023-25360 at NVDCVE-2023-25361 at SUSECVE-2023-25361 at NVDCVE-2023-25362 at SUSECVE-2023-25362 at NVDCVE-2023-25363 at SUSECVE-2023-25363 at NVDCVE-2023-27932 at SUSECVE-2023-27932 at NVDCVE-2023-27954 at SUSECVE-2023-27954 at NVDCVE-2023-28205 at SUSECVE-2023-28205 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for git (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for git fixes the following issues:
- CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686).
- CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686).
- CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).
ModerateSUSE bug 1210686CVE-2023-25652 at SUSECVE-2023-25652 at NVDCVE-2023-25815 at SUSECVE-2023-25815 at NVDCVE-2023-29007 at SUSECVE-2023-29007 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for shadow (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for vim (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
- CVE-2022-3491: Fixed an out of bounds memory access that could
cause a crash (bsc#1206028).
- CVE-2022-3520: Fixed an out of bounds memory access that could
cause a crash (bsc#1206071).
- CVE-2022-3591: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206072).
- CVE-2022-4292: Fixed a use-after-free issue that could cause
memory corruption or undefined behavior (bsc#1206075).
- CVE-2022-4293: Fixed a floating point exception that could cause
a crash (bsc#1206077).
- CVE-2022-4141: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1205797).
- CVE-2022-3705: Fixed an use-after-free issue that could cause
a crash or memory corruption (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077SUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for shim (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for shim fixes the following issues:
- Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737)
ImportantSUSE bug 1198458CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.11.0 ESR (bsc#1211175):
- CVE-2023-32205: Browser prompts could have been obscured by popups
- CVE-2023-32206: Crash in RLBox Expat driver
- CVE-2023-32207: Potential permissions request bypass via clickjacking
- CVE-2023-32211: Content process crash due to invalid wasm code
- CVE-2023-32212: Potential spoof due to obscured address bar
- CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
- CVE-2023-32214: Potential DoS via exposed protocol handlers
- CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
ImportantSUSE bug 1211175CVE-2023-32205 at SUSECVE-2023-32205 at NVDCVE-2023-32206 at SUSECVE-2023-32206 at NVDCVE-2023-32207 at SUSECVE-2023-32207 at NVDCVE-2023-32211 at SUSECVE-2023-32211 at NVDCVE-2023-32212 at SUSECVE-2023-32212 at NVDCVE-2023-32213 at SUSECVE-2023-32213 at NVDCVE-2023-32214 at SUSECVE-2023-32214 at NVDCVE-2023-32215 at SUSECVE-2023-32215 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for SUSE Manager Client Tools (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051)
prometheus-blackbox_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062)
- Other non-security bugs fixed and changes:
* Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113)
* On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
prometheus-postgres_exporter:
- Security issues fixed:
* CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)
- Other non-security issues fixed:
* Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and
clones
* Create the prometheus user for Red Hat Linux Enterprise systems and clones
* Fix broken log-level for values other than debug (bsc#1208965)
golang-github-prometheus-node_exporter:
- Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578):
* CVE-2022-27191: Update go/x/crypto (bsc#1197284)
* CVE-2022-27664: Update go/x/net (bsc#1203185)
* CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
- Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578):
* NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU
thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes
with high numbers of CPUs/CPU threads.
* [BUGFIX] Fix hwmon label sanitizer
* [BUGFIX] Use native endianness when encoding InetDiagMsg
* [BUGFIX] Fix btrfs device stats always being zero
* [BUGFIX] Fix diskstats exclude flags
* [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning
* [BUGFIX] Fix concurrency issue in ethtool collector
* [BUGFIX] Fix concurrency issue in netdev collector
* [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes
* [BUGFIX] Fix iostat on macos broken by deprecation warning
* [BUGFIX] Fix NodeFileDescriptorLimit alerts
* [BUGFIX] Sanitize rapl zone names
* [BUGFIX] Add file descriptor close safely in test
* [BUGFIX] Fix race condition in os_release.go
* [BUGFIX] Skip ZFS IO metrics if their paths are missing
* [BUGFIX] Handle nil CPU thermal power status on M1
* [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE
* [BUGFIX] Sanitize UTF-8 in dmi collector
* [CHANGE] Merge metrics descriptions in textfile collector
* [FEATURE] Add multiple listeners and systemd socket listener activation
* [FEATURE] [node-mixin] Add darwin dashboard to mixin
* [FEATURE] Add 'isolated' metric on cpu collector on linux
* [FEATURE] Add cgroup summary collector
* [FEATURE] Add selinux collector
* [FEATURE] Add slab info collector
* [FEATURE] Add sysctl collector
* [FEATURE] Also track the CPU Spin time for OpenBSD systems
* [FEATURE] Add support for MacOS version
* [ENHANCEMENT] Add RTNL version of netclass collector
* [ENHANCEMENT] [node-mixin] Add missing selectors
* [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default
* [ENHANCEMENT] [node-mixin] Change disk graph to disk table
* [ENHANCEMENT] [node-mixin] Change io time units to %util
* [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd
* [ENHANCEMENT] Add additional vm_stat memory metrics for darwin
* [ENHANCEMENT] Add device filter flags to arp collector
* [ENHANCEMENT] Add diskstats include and exclude device flags
* [ENHANCEMENT] Add node_softirqs_total metric
* [ENHANCEMENT] Add rapl zone name label option
* [ENHANCEMENT] Add slabinfo collector
* [ENHANCEMENT] Allow user to select port on NTP server to query
* [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev
* [ENHANCEMENT] Enable builds against older macOS SDK
* [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
* [ENHANCEMENT] systemd: Expose systemd minor version
* [ENHANCEMENT] Use netlink for tcpstat collector
* [ENHANCEMENT] Use netlink to get netdev stats
* [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles
* [ENHANCEMENT] Add btrfs device error stats
golang-github-prometheus-prometheus:
- Security issues fixed in this version update to 2.37.6 (jsc#PED-3576):
* CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
* CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
- Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576):
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
* [BUGFIX] Properly close file descriptor when logging unfinished queries.
* [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
* [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
* [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
* [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
* [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
* [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
* [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
* [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default
configuration values.
* [BUGFIX] Fix serving of static assets like fonts and favicon.
* [BUGFIX] promtool: Add --lint-fatal option.
* [BUGFIX] Changing TotalQueryableSamples from int to int64.
* [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
* [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
* [BUGFIX] Stop rule manager before TSDB is stopped.
* [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
* [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
* [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page.
* [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
* [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
* [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
* [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset.
* [BUGFIX] UI: Fix bug that sets the range input to the resolution.
* [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled.
* [BUGFIX] Parser: Specify type in metadata parser errors.
* [BUGFIX] Scrape: Fix label limit changes not applying.
* [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch.
* [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
* [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
* [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
* [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
* [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s.
* [BUGFIX] Promtool: Make exit codes more consistent.
* [BUGFIX] Promtool: Fix flakiness of rule testing.
* [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write
irrecoverably fails.
* [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
* [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks.
* [BUGFIX] TSDB: Fix logging of exemplar storage size.
* [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
* [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets.
* [BUGFIX] UI: Fix autocompletion when expression is empty.
* [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
* [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
* [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting
in a new exit code (3) for linter errors.
* [CHANGE] UI: Classic UI removed.
* [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
* [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
* [CHANGE] Web: Promote remote-write-receiver to stable.
* [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery.
* [FEATURE] Add lowercase and uppercase relabel action.
* [FEATURE] SD: Add IONOS Cloud integration.
* [FEATURE] SD: Add Vultr integration.
* [FEATURE] SD: Add Linode SD failure count metric.
* [FEATURE] Add prometheus_ready metric.
* [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit.
Enable with the flag `--enable-feature=auto-gomaxprocs`.
* [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query.
Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using
stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`.
* [FEATURE] Config: Add stripPort template function.
* [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended.
* [FEATURE] SD: Enable target discovery in own K8s namespace.
* [FEATURE] SD: Add provider ID label in K8s SD.
* [FEATURE] Web: Add limit field to the rules API.
* [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
* [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
* [ENHANCEMENT] TSDB: Memory optimizations.
* [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
* [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
* [ENHANCEMENT] Add stripDomain to template function.
* [ENHANCEMENT] UI: Enable active search through dropped targets.
* [ENHANCEMENT] promtool: support matchers when querying label
* [ENHANCEMENT] Add agent mode identifier.
* [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup.
* [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
* [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
* [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1
EndpointSlice (previously only discovery.k8s.io/v1beta1
EndpointSlice was supported).
* [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods.
* [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
* [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
* [ENHANCEMENT] Config: Support overriding minimum TLS version.
* [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag
`--storage.tsdb.head-chunks-write-queue-size`.
* [ENHANCEMENT] HTTP SD: Add a failure counter.
* [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
* [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
* [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape.
* [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1.
* [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read.
* [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
* [ENHANCEMENT] UI: Improve graph colors that were hard to see.
* [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels.
* [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces.
* [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver.
* [ENHANCEMENT] Remote-write: Shard up more when backlogged.
* [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance.
* [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap.
* [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write.
* [ENHANCEMENT] TSDB: Improve label matching performance.
* [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
* [ENHANCEMENT] UI: Optimize the target page and add a search bar.
golang-github-prometheus-promu:
- Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576):
* [BUGFIX] Set build date from last changelog modification (bsc#1047218)
* [BUGFIX] Validate environment variable value
* [BUGFIX]Set build date from SOURCE_DATE_EPOCH
* [BUGFIX]Make extldflags extensible by configuration.
* [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine
* [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag
* [BUGFIX] Fix git repository url parsing
* [CHANGE] Remove ioutil
* [CHANGE] Update common Prometheus files
* [FEATURE] Add the ability to override tags per GOOS
* [FEATURE] Adding changes to support s390x
* [FEATURE] Added check_licenses Command to Promu
* [ENHANCEMENT] Allow to customize nested options via env variables
* [ENHANCEMENT] Add warning if promu info is unable to determine repo info
ImportantSUSE bug 1047218SUSE bug 1197284SUSE bug 1203185SUSE bug 1203599SUSE bug 1204023SUSE bug 1208049SUSE bug 1208051SUSE bug 1208060SUSE bug 1208062SUSE bug 1208064SUSE bug 1208965SUSE bug 1209113CVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql15 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql15 fixes the following issues:
Updated to version 15.3:
- CVE-2023-2454: Fixed an issue where a user having permission to
create a schema could hijack the privileges of a security definer
function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or
modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
ImportantSUSE bug 1210303SUSE bug 1211228SUSE bug 1211229CVE-2023-2454 at SUSECVE-2023-2454 at NVDCVE-2023-2455 at SUSECVE-2023-2455 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for curl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for curl fixes the following issues:
- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ImportantSUSE bug 1206309SUSE bug 1207992SUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233SUSE bug 1211339CVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- Fix kABI breakage (bsc#1208333)
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353).
- cifs: fix double free in dfs mounts (bsc#1209845).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
- cifs: missing null pointer check in cifs_mount (bsc#1209845).
- cifs: serialize all mount attempts (bsc#1209845).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- k-m-s: Drop Linux 2.6 support
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
ImportantSUSE bug 1076830SUSE bug 1194535SUSE bug 1202353SUSE bug 1205128SUSE bug 1207036SUSE bug 1207125SUSE bug 1207168SUSE bug 1207185SUSE bug 1207795SUSE bug 1207845SUSE bug 1208179SUSE bug 1208333SUSE bug 1208599SUSE bug 1208777SUSE bug 1208837SUSE bug 1208850SUSE bug 1209008SUSE bug 1209052SUSE bug 1209256SUSE bug 1209289SUSE bug 1209291SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209613SUSE bug 1209687SUSE bug 1209777SUSE bug 1209778SUSE bug 1209845SUSE bug 1209871SUSE bug 1209887SUSE bug 1210124SUSE bug 1210202SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210647SUSE bug 1211037CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20567 at SUSECVE-2022-20567 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u372 (icedtea-3.27.0):
- CVE-2023-21930: Fixed an issue in the JSSE component that could
allow an attacker to access critical data without authorization
(bsc#1210628).
- CVE-2023-21937: Fixed an issue in the Networking component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210631).
- CVE-2023-21938: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210632).
- CVE-2023-21939: Fixed an issue in the Swing component that could
allow an attacker to update, insert or delete some data without
authorization (bsc#1210634).
- CVE-2023-21954: Fixed an issue in the Hotspot component that
could allow an attacker to access critical data without
authorization (bsc#1210635).
- CVE-2023-21967: Fixed an issue in the JSSE component that could
allow an attacker to cause a hang or frequently repeatable
crash without authorization (bsc#1210636).
- CVE-2023-21968: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210637).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ctags (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a
crafted filename (bsc#1206543).
ImportantSUSE bug 1206543CVE-2022-4515 at SUSECVE-2022-4515 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382)
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608).
ImportantSUSE bug 1211608CVE-2023-28709 at SUSECVE-2023-28709 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openvswitch (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
- CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865).
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).
ImportantSUSE bug 1188524SUSE bug 1203865SUSE bug 1206580SUSE bug 1206581CVE-2021-36980 at SUSECVE-2021-36980 at NVDCVE-2022-32166 at SUSECVE-2022-32166 at NVDCVE-2022-4337 at SUSECVE-2022-4337 at NVDCVE-2022-4338 at SUSECVE-2022-4338 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.12.0 ESR (bsc#1211922):
- CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
- CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
ImportantSUSE bug 1211922CVE-2023-34414 at SUSECVE-2023-34414 at NVDCVE-2023-34416 at SUSECVE-2023-34416 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637SUSE bug 1210711SUSE bug 1210826SUSE bug 1211615CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDCVE-2023-2597 at SUSECVE-2023-2597 at NVDCVE-2023-30441 at SUSECVE-2023-30441 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libcares2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libcares2 fixes the following issues:
- CVE-2023-32067: Fixed a denial of service that could be triggered by
a 0-byte UDP payload (bsc#1211604).
- CVE-2023-31147: Fixed an insufficient randomness in generation of
DNS query IDs (bsc#1211605).
- CVE-2023-31130: Fixed a buffer underflow when configuring specific
IPv6 addresses (bsc#1211606).
- CVE-2023-31124: Fixed a build issue when cross-compiling that could
lead to insufficient randomness (bsc#1211607).
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libX11 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287).
- CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
ImportantSUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206878SUSE bug 1209287SUSE bug 1210629SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211105SUSE bug 1211186SUSE bug 1211260SUSE bug 1211592CVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libwebp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libwebp fixes the following issues:
- CVE-2023-1999: Fixed double free (bsc#1210212).
ImportantSUSE bug 1210212CVE-2023-1999 at SUSECVE-2023-1999 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bluez (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Add security patches (bsc#1211846):
- CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
- CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).
ImportantSUSE bug 1211658SUSE bug 1211659SUSE bug 1211846CVE-2023-28204 at SUSECVE-2023-28204 at NVDCVE-2023-32373 at SUSECVE-2023-32373 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests [bsc#1201627]
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
ModerateSUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python fixes the following issues:
- CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471).
ImportantSUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for bind (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for bind fixes the following issues:
- CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544).
ImportantSUSE bug 1212544CVE-2023-2828 at SUSECVE-2023-2828 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for installation-images (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-ltss:12:sp4Security update for libqt5-qtbase (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libqt5-qtbase fixes the following issues:
- CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408).
- CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798).
ImportantSUSE bug 1189408SUSE bug 1211798CVE-2020-24741 at SUSECVE-2020-24741 at NVDCVE-2023-32763 at SUSECVE-2023-32763 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).
ImportantSUSE bug 1207783CVE-2023-0494 at SUSECVE-2023-0494 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ghostscript (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ghostscript fixes the following issues:
- CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711).
ImportantSUSE bug 1212711CVE-2023-36664 at SUSECVE-2023-36664 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
- Required fields are now highlighted in PDF forms.
- Improved performance on high-refresh rate monitors (120Hz+).
- Buttons in the Tabs toolbar can now be reached with Tab,
Shift+Tab, and Arrow keys. View this article for additional
details.
- Windows' 'Make text bigger' accessibility setting now
affects all the UI and content pages, rather than only
applying to system font sizes.
- Non-breaking spaces are now preserved—preventing automatic
line breaks—when copying text from a form control.
- Fixed WebGL performance issues on NVIDIA binary drivers via
DMA-Buf on Linux.
- Fixed an issue in which Firefox startup could be
significantly slowed down by the processing of Web content
local storage. This had the greatest impact on users with
platter hard drives and significant local storage.
- Removed a configuration option to allow SHA-1 signatures in
certificates: SHA-1 signatures in certificates—long since
determined to no longer be secure enough—are now not
supported.
- Highlight color is preserved correctly after typing `Enter`
in the mail composer of Yahoo Mail and Outlook.
After bypassing the https only error page navigating back
would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was
visited.
- Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
plain text contexts, such as input and text area.
- Added an option to print only the current page from the
print preview dialog.
- Swipe to navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) on Windows is now
enabled.
- Stability on Windows is significantly improved as Firefox
handles low-memory situations much better.
- Touchpad scrolling on macOS was made more accessible by
reducing unintended diagonal scrolling opposite of the
intended scroll axis.
- Firefox is less likely to run out of memory on Linux and
performs more efficiently for the rest of the system when
memory runs low.
- It is now possible to edit PDFs: including writing text,
drawing, and adding signatures.
- Setting Firefox as your default browser now also makes it
the default PDF application on Windows systems.
- Swipe-to-navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) now works for Linux
users on Wayland.
- Text Recognition in images allows users on macOS 10.15 and
higher to extract text from the selected image (such as a
meme or screenshot).
- Firefox View helps you get back to content you previously
discovered. A pinned tab allows you to find and open recently
closed tabs on your current device and access tabs from other
devices (via our “Tab Pickup” feature).
- Import maps, which allow web pages to control the behavior
of JavaScript imports, are now enabled by default.
- Processes used for background tabs now use efficiency mode
on Windows 11 to limit resource use.
- The shift+esc keyboard shortcut now opens the Process
Manager, offering a way to quickly identify processes that
are using too many resources.
- Firefox now supports properly color correcting images
tagged with ICCv4 profiles.
- Support for non-English characters when saving and printing
PDF forms.
- The bookmarks toolbar's default 'Only show on New Tab'
state works correctly for blank new tabs. As before, you can
change the bookmark toolbar's behavior using the toolbar
context menu.
- Manifest Version 3 (MV3) extension support is now enabled
by default (MV2 remains enabled/supported). This major update
also ushers an exciting user interface change in the form of
the new extensions button.
- The Arbitrary Code Guard exploit protection has been
enabled in the media playback utility processes, improving
security for Windows users.
- The native HTML date picker for date and datetime inputs
can now be used with a keyboard alone, improving its
accessibility for screen reader users. Users with limited
mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
- Firefox builds in the Spanish from Spain (es-ES) and
Spanish from Argentina (es-AR) locales now come with a built-
in dictionary for the Firefox spellchecker.
- On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls
the page instead of zooming. This avoids accidental zooming
and matches the behavior of other web browsers on macOS.
- It's now possible to import bookmarks, history and
passwords not only from Edge, Chrome or Safari but also from
Opera, Opera GX, and Vivaldi.
- GPU sandboxing has been enabled on Windows.
- On Windows, third-party modules can now be blocked from
injecting themselves into Firefox, which can be helpful if
they are causing crashes or other undesirable behavior.
- Date, time, and datetime-local input fields can now be
cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on
macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and
Linux.
- GPU-accelerated Canvas2D is enabled by default on macOS and
Linux.
- WebGL performance improvement on Windows, MacOS and Linux.
- Enables overlay of hardware-decoded video with non-Intel
GPUs on Windows 10/11, improving video playback performance
and video scaling quality.
- Windows native notifications are now enabled.
- Firefox Relay users can now opt-in to create Relay email
masks directly from the Firefox credential manager. You must
be signed in with your Firefox Account.
- We’ve added two new locales: Silhe Friulian (fur) and
Sardinian (sc).
- Right-clicking on password fields now shows an option to
reveal the password.
- Private windows and ETP set to strict will now include
email tracking protection. This will make it harder for email
trackers to learn the browsing habits of Firefox users. You
can check the Tracking Content in the sub-panel on the shield
icon panel.
- The deprecated U2F Javascript API is now disabled by
default. The U2F protocol remains usable through the WebAuthn
API. The U2F API can be re-enabled using the
`security.webauth.u2f` preference.
- Say hello to enhanced Picture-in-Picture! Rewind, check
video duration, and effortlessly switch to full-screen mode
on the web's most popular video websites.
- Firefox's address bar is already a great place to search
for what you're looking for. Now you'll always be able to see
your web search terms and refine them while viewing your
search's results - no additional scrolling needed! Also, a
new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest
entries.
- Private windows now protect users even better by blocking
third-party cookies and storage of content trackers.
- Passwords automatically generated by Firefox now include
special characters, giving users more secure passwords by
default.
- Firefox 115 introduces a redesigned accessibility engine
which significantly improves the speed, responsiveness, and
stability of Firefox when used with:
- Screen readers, as well as certain other accessibility
software;
- East Asian input methods;
- Enterprise single sign-on software; and
- Other applications which use accessibility frameworks to
access information.
- Firefox 115 now supports AV1 Image Format files containing
animations (AVIS), improving support for AVIF images across
the web.
- The Windows GPU sandbox first shipped in the Firefox 110
release has been tightened to enhance the security benefits
it provides.
- A 13-year-old feature request was fulfilled and Firefox now
supports files being drag-and-dropped directly from Microsoft
Outlook. A special thanks to volunteer contributor Marco
Spiess for helping to get this across the finish line!
- Users on macOS can now access the Services sub-menu
directly from Firefox context menus.
- On Windows, the elastic overscroll effect has been enabled
by default. When two-finger scrolling on the touchpad or
scrolling on the touchscreen, you will now see a bouncing
animation when scrolling past the edge of a scroll container.
- Firefox is now available in the Tajik (tg) language.
- Added UI to manage the DNS over HTTPS exception list.
- Bookmarks can now be searched from the Bookmarks menu. The
Bookmarks menu is accessible by adding the Bookmarks menu
button to the toolbar.
- Restrict searches to your local browsing history by
selecting Search history from the History, Library or
Application menu buttons.
- Mac users can now capture video from their cameras in all
supported native resolutions. This enables resolutions higher
than 1280x720.
- It is now possible to reorder the extensions listed in the
extensions panel.
- Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator.
- Pocket Recommended content can now be seen in France,
Italy, and Spain.
- DNS over HTTPS settings are now part of the Privacy &
Security section of the Settings page and allow the user to
choose from all the supported modes.
- Migrating from another browser? Now you can bring over
payment methods you've saved in Chrome-based browsers to
Firefox.
- Hardware video decoding enabled for Intel GPUs on Linux.
- The Tab Manager dropdown now features close buttons, so you
can close tabs more quickly.
- Windows Magnifier now follows the text cursor correctly
when the Firefox title bar is visible.
- Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions-
using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3
*_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
[6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows
[9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464)
Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002)
Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711)
Potential use-after-free from compartment mismatch in
SpiderMonkey
* CVE-2023-37203 (bmo#291640)
Drag and Drop API may provide access to local system files
* CVE-2023-37204 (bmo#1832195)
Fullscreen notification obscured via option element
* CVE-2023-37205 (bmo#1704420)
URL spoofing in address bar using RTL characters
* CVE-2023-37206 (bmo#1813299)
Insufficient validation of symlinks in the FileSystem API
* CVE-2023-37207 (bmo#1816287)
Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675)
Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993)
Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886)
Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
bmo#1836550, bmo#1837450)
Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,
bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,
bmo#1838587)
Memory safety bugs fixed in Firefox 115
- Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
ImportantSUSE bug 1212101SUSE bug 1212438CVE-2023-3482 at SUSECVE-2023-3482 at NVDCVE-2023-37201 at SUSECVE-2023-37201 at NVDCVE-2023-37202 at SUSECVE-2023-37202 at NVDCVE-2023-37203 at SUSECVE-2023-37203 at NVDCVE-2023-37204 at SUSECVE-2023-37204 at NVDCVE-2023-37205 at SUSECVE-2023-37205 at NVDCVE-2023-37206 at SUSECVE-2023-37206 at NVDCVE-2023-37207 at SUSECVE-2023-37207 at NVDCVE-2023-37208 at SUSECVE-2023-37208 at NVDCVE-2023-37209 at SUSECVE-2023-37209 at NVDCVE-2023-37210 at SUSECVE-2023-37210 at NVDCVE-2023-37211 at SUSECVE-2023-37211 at NVDCVE-2023-37212 at SUSECVE-2023-37212 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-ibm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000):
- Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection.
ImportantSUSE bug 1213000cpe:/o:suse:sles-ltss:12:sp4Security update for perl (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for samba (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ModerateSUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230)
Security fixes:
- CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703)
Other fixes:
- Fixed a startup crash experienced by some Windows
users by blocking instances of a malicious injected DLL
(bmo#1841751)
- Fixed a bug with displaying a caret in the text editor
on some websites (bmo#1840804)
- Fixed a bug with broken audio rendering on some
websites (bmo#1841982)
- Fixed a bug with patternTransform translate using the
wrong units (bmo#1840746)
- Fixed a crash affecting Windows 7 users related to the
DLL blocklist.
Firefox Extended Support Release 115.0.1 ESR
- Fixed a startup crash for Windows users with Kingsoft
Antivirus software installed (bmo#1837242)
ImportantSUSE bug 1213230CVE-2023-3600 at SUSECVE-2023-3600 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cjose (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cjose fixes the following issues:
- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).
ImportantSUSE bug 1213385CVE-2023-37464 at SUSECVE-2023-37464 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_0_0 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- testsuite: Update further expiring certificates that affect tests [bsc#1201627]
ImportantSUSE bug 1201627SUSE bug 1207533SUSE bug 1207534SUSE bug 1207536CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
ImportantSUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libksba (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ImportantSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mariadb (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mariadb fixes the following issues:
- CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164).
ModerateSUSE bug 1201164CVE-2022-32084 at SUSECVE-2022-32084 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2-mod_security2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2-mod_security2 fixes the following issues:
- CVE-2022-48279: Fixed a potential firewall bypass due to an
incorrect parsing of HTTP multipart requests (bsc#1207378).
ImportantSUSE bug 1207378CVE-2022-48279 at SUSECVE-2022-48279 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137)
Security hardening, related to Spring Framework vulnerabilities:
- Deprecate getResources() and always return null (bsc#1198136).
ImportantSUSE bug 1196137SUSE bug 1198136cpe:/o:suse:sles-ltss:12:sp4Security update for libapr-util1 (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libapr-util1 fixes the following issues:
- CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)
CriticalSUSE bug 1207866CVE-2022-25147 at SUSECVE-2022-25147 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xrdp (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xrdp fixes the following issues:
- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
ImportantSUSE bug 1206300SUSE bug 1206303SUSE bug 1206306SUSE bug 1206307SUSE bug 1206310SUSE bug 1206311SUSE bug 1206312CVE-2022-23468 at SUSECVE-2022-23468 at NVDCVE-2022-23479 at SUSECVE-2022-23479 at NVDCVE-2022-23480 at SUSECVE-2022-23480 at NVDCVE-2022-23481 at SUSECVE-2022-23481 at NVDCVE-2022-23482 at SUSECVE-2022-23482 at NVDCVE-2022-23483 at SUSECVE-2022-23483 at NVDCVE-2022-23484 at SUSECVE-2022-23484 at NVDcpe:/o:suse:sles-ltss:12:sp4Feature update for LibreOffice (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for LibreOffice fixes the following issues:
libreoffice:
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* For the highlights of changes of version 7.4 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.4
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
* poppler-data version update from 0.4.10 to 0.4.11
* skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
* New build dependencies:
* fixmath-devel
* libwebp-devel
* zlib-devel
* dragonbox-devel
* at-spi2-core-devel
* libtiff-devel
dragonbox:
- New package at version 1.1.3 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
fixmath:
- New package at version 2022.07.20 (jsc#PED-1785)
* New dependency for LibreOffice 7.4
libmwaw:
- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
* Add debug code to read some private rsrc data
* Allow to read some MacWrite which does not have printer informations
* Add a parser for Scoop files
* Add a parser for ScriptWriter files
* Add a parser for ReadySetGo 1-4 files
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for cups (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
- CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1212230SUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-34241 at SUSECVE-2023-34241 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for postgresql15 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for postgresql15 fixes the following issues:
Update to 15.2:
- CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102).
ImportantSUSE bug 1208102CVE-2022-41862 at SUSECVE-2022-41862 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- Reverted 'constraints: increase disk space for all architectures' (bsc#1203693).
- HID: betop: check shape of output reports (bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186).
- HID: check empty report_list in hid_validate_values() (bsc#1206784).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
ImportantSUSE bug 1203693SUSE bug 1205149SUSE bug 1206073SUSE bug 1206664SUSE bug 1206677SUSE bug 1206784SUSE bug 1207036SUSE bug 1207186SUSE bug 1207237CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ImageMagick (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ImageMagick fixes the following issues:
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).
ImportantSUSE bug 1207982SUSE bug 1207983CVE-2022-44267 at SUSECVE-2022-44267 at NVDCVE-2022-44268 at SUSECVE-2022-44268 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for git (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).
ImportantSUSE bug 1208027SUSE bug 1208028CVE-2023-22490 at SUSECVE-2023-22490 at NVDCVE-2023-23946 at SUSECVE-2023-23946 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for java-1_8_0-openjdk (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for java-1_8_0-openjdk fixes the following issues:
Updated to version jdk8u362 (icedtea-3.26.0):
- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
ModerateSUSE bug 1207248SUSE bug 1207249CVE-2023-21830 at SUSECVE-2023-21830 at NVDCVE-2023-21843 at SUSECVE-2023-21843 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for clamav (Critical)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for clamav fixes the following issues:
- CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363).
- CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).
CriticalSUSE bug 1208363SUSE bug 1208365CVE-2023-20032 at SUSECVE-2023-20032 at NVDCVE-2023-20052 at SUSECVE-2023-20052 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for ucode-intel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Updated to version 102.8.0 ESR (bsc#1208144):
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
- CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus.
- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
- CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers.
- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
- CVE-2023-25729: Fixed extensions opening external schemes without user knowledge.
- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
- CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads.
- CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey.
- CVE-2023-25744: Fixed Memory safety bugs.
- CVE-2023-25746: Fixed Memory safety bugs.
ImportantSUSE bug 1208138SUSE bug 1208144CVE-2023-0767 at SUSECVE-2023-0767 at NVDCVE-2023-25728 at SUSECVE-2023-25728 at NVDCVE-2023-25729 at SUSECVE-2023-25729 at NVDCVE-2023-25730 at SUSECVE-2023-25730 at NVDCVE-2023-25732 at SUSECVE-2023-25732 at NVDCVE-2023-25734 at SUSECVE-2023-25734 at NVDCVE-2023-25735 at SUSECVE-2023-25735 at NVDCVE-2023-25737 at SUSECVE-2023-25737 at NVDCVE-2023-25738 at SUSECVE-2023-25738 at NVDCVE-2023-25739 at SUSECVE-2023-25739 at NVDCVE-2023-25742 at SUSECVE-2023-25742 at NVDCVE-2023-25743 at SUSECVE-2023-25743 at NVDCVE-2023-25744 at SUSECVE-2023-25744 at NVDCVE-2023-25746 at SUSECVE-2023-25746 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for mozilla-nss (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for poppler (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).
- CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).
ImportantSUSE bug 1140877SUSE bug 1202692CVE-2019-13283 at SUSECVE-2019-13283 at NVDCVE-2022-38784 at SUSECVE-2022-38784 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for libxslt (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xterm (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xterm fixes the following issues:
- CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305).
ImportantSUSE bug 1205305CVE-2022-45063 at SUSECVE-2022-45063 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for nrpe (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for nrpe fixes the following issues:
- CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906).
ModerateSUSE bug 931600SUSE bug 938906CVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for emacs (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for emacs fixes the following issues:
- CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515).
- CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512).
ImportantSUSE bug 1208512SUSE bug 1208515CVE-2022-48337 at SUSECVE-2022-48337 at NVDCVE-2022-48339 at SUSECVE-2022-48339 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for webkit2gtk3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.3 (bnc#1206750):
- CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
- CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474).
- CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
- CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
- CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
- CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
- CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
- CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
ImportantSUSE bug 1206474SUSE bug 1206750CVE-2022-42852 at SUSECVE-2022-42852 at NVDCVE-2022-42856 at SUSECVE-2022-42856 at NVDCVE-2022-42863 at SUSECVE-2022-42863 at NVDCVE-2022-42867 at SUSECVE-2022-42867 at NVDCVE-2022-46691 at SUSECVE-2022-46691 at NVDCVE-2022-46692 at SUSECVE-2022-46692 at NVDCVE-2022-46698 at SUSECVE-2022-46698 at NVDCVE-2022-46699 at SUSECVE-2022-46699 at NVDCVE-2022-46700 at SUSECVE-2022-46700 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for xorg-x11-server (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xorg-x11-server fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874).
ImportantSUSE bug 1205874CVE-2022-46340 at SUSECVE-2022-46340 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for python3 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
- CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673).
ImportantSUSE bug 1206673SUSE bug 1208471CVE-2022-40899 at SUSECVE-2022-40899 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for tomcat (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513CVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for jakarta-commons-fileupload (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
ImportantSUSE bug 1208513SUSE bug 986359CVE-2016-3092 at SUSECVE-2016-3092 at NVDCVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for vim (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for MozillaFirefox (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for MozillaFirefox fixes the following issues:
Update to version 102.9.0 ESR (bsc#1209173):
- CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
- CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
- CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
- CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28160: Redirect to Web Extension files may have leaked local path
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- CVE-2023-28177: Memory safety bugs fixed in Firefox 111
ImportantSUSE bug 1209173CVE-2023-25748 at SUSECVE-2023-25748 at NVDCVE-2023-25749 at SUSECVE-2023-25749 at NVDCVE-2023-25750 at SUSECVE-2023-25750 at NVDCVE-2023-25751 at SUSECVE-2023-25751 at NVDCVE-2023-25752 at SUSECVE-2023-25752 at NVDCVE-2023-28159 at SUSECVE-2023-28159 at NVDCVE-2023-28160 at SUSECVE-2023-28160 at NVDCVE-2023-28161 at SUSECVE-2023-28161 at NVDCVE-2023-28162 at SUSECVE-2023-28162 at NVDCVE-2023-28163 at SUSECVE-2023-28163 at NVDCVE-2023-28164 at SUSECVE-2023-28164 at NVDCVE-2023-28176 at SUSECVE-2023-28176 at NVDCVE-2023-28177 at SUSECVE-2023-28177 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for apache2 (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for apache2 fixes the following issues:
- CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).
The following non-security bugs were fixed:
- Fixed passing health check does not recover worker from its error state (bsc#1208708).
ImportantSUSE bug 1208708SUSE bug 1209047CVE-2023-25690 at SUSECVE-2023-25690 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).
The following non-security bugs were fixed:
- kabi/severities: add l2tp local symbols
ImportantSUSE bug 1191881SUSE bug 1194535SUSE bug 1201420SUSE bug 1203331SUSE bug 1203332SUSE bug 1205711SUSE bug 1207051SUSE bug 1207773SUSE bug 1207795SUSE bug 1208700SUSE bug 1209188CVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-2991 at SUSECVE-2022-2991 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for oracleasm (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of oracleasm fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-ltss:12:sp4Security update for xen (Important)SUSE Linux Enterprise Server 12 SP4-LTSS
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:sles-ltss:12:sp4Security update for grub2 (Moderate)SUSE Linux Enterprise Server 12 SP4-LTSS
This update of grub2 fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sles-ltss:12:sp4DirectFBlib++dfb-1_7-1libdirectfb-1_7-1sles-releaseMozillaFirefoxMozillaFirefox-translationsSuSEfirewall2aaa_baseaaa_base-extrasaccountsserviceaccountsservice-langlibaccountsservice0typelib-1_0-AccountsService-1_0alsaalsa-docslibasound2libasound2-32bitantapache-commons-beanutilsapache-commons-beanutils-javadocapache-commons-daemonapache-commons-daemon-javadocapache-commons-httpclientapache2apache2-docapache2-example-pagesapache2-preforkapache2-utilsapache2-workerapache2-mod_apparmorapparmor-docsapparmor-parserapparmor-profilesapparmor-utilslibapparmor1libapparmor1-32bitpam_apparmorpam_apparmor-32bitperl-apparmorapache2-mod_jkapache2-mod_nssapache2-mod_perlatflexflex-32bitlibQtWebKit4libQtWebKit4-32bitlibbonobolibbonobo-32bitlibbonobo-doclibbonobo-langaudiofilelibaudiofile1libaudiofile1-32bitaugeasaugeas-lenseslibaugeas0autofsautomakem4avahiavahi-langavahi-utilslibavahi-client3libavahi-client3-32bitlibavahi-common3libavahi-common3-32bitlibavahi-core7libdns_sdlibdns_sd-32bitaxisbashbash-doclibreadline6libreadline6-32bitreadline-docbindbind-chrootenvbind-docbind-utilslibbind9-160libdns169libirs160libisc166libisc166-32bitlibisccc160libisccfg160liblwres160python-bindbinutilsbluezlibbluetooth3busyboxbzip2bzip2-doclibbz2-1libbz2-1-32bitceph-commonlibcephfs2librados2libradosstriper1librbd1librgw2python-cephfspython-radospython-rbdpython-rgwchronycifs-utilsclamavcolord-gtk-langlibcolord-gtk1libcolord2libcolord2-32bitlibcolorhug2coolkeycoreutilscoreutils-langcpiocpio-langcpp48gcc48gcc48-32bitgcc48-c++gcc48-infogcc48-localelibasan0libasan0-32bitlibstdc++48-devellibstdc++48-devel-32bitcrackliblibcrack2libcrack2-32bitcrashcrash-kmp-defaultcroncroniectagscupscups-clientcups-libscups-libs-32bitcups-filterscups-filters-cups-browsedcups-filters-foomatic-ripcups-filters-ghostscriptcups-pk-helpercups-pk-helper-langcurllibcurl4libcurl4-32bitcvscvs-doccyrus-saslcyrus-sasl-32bitcyrus-sasl-crammd5cyrus-sasl-crammd5-32bitcyrus-sasl-digestmd5cyrus-sasl-gssapicyrus-sasl-gssapi-32bitcyrus-sasl-otpcyrus-sasl-otp-32bitcyrus-sasl-plaincyrus-sasl-plain-32bitcyrus-sasl-saslauthdcyrus-sasl-sqlauxpropcyrus-sasl-sqlauxprop-32bitlibsasl2-3libsasl2-3-32bitdavfs2dbus-1dbus-1-x11libdbus-1-3libdbus-1-3-32bitdbus-1-glibdbus-1-glib-32bitdhcpdhcp-clientdhcp-relaydhcp-serverdnsmasqdosfstoolsdovecot22dovecot22-backend-mysqldovecot22-backend-pgsqldovecot22-backend-sqlitedpdkdpdk-kmp-defaultdpdk-thunderxdpdk-thunderx-kmp-defaultdpdk-toolslibdpdk-17_11dracutdracut-fipsdstate2fsprogslibcom_err2libcom_err2-32bitlibext2fs2ecryptfs-utilsecryptfs-utils-32bitelfutilslibasm1libasm1-32bitlibdw1libdw1-32bitlibebl1libebl1-32bitlibelf-devellibelf1libelf1-32bitemacsemacs-elemacs-infoemacs-noxemacs-x11etagseogeog-langevinceevince-browser-pluginevince-langevince-plugin-djvudocumentevince-plugin-dvidocumentevince-plugin-pdfdocumentevince-plugin-psdocumentevince-plugin-tiffdocumentevince-plugin-xpsdocumentlibevdocument3-4libevview3-3nautilus-evinceexpatlibexpat1libexpat1-32bitfetchmailfetchmailconffilefile-magiclibmagic1libmagic1-32bitfontconfigfontconfig-32bitfreeradius-serverfreeradius-server-docfreeradius-server-krb5freeradius-server-ldapfreeradius-server-libsfreeradius-server-mysqlfreeradius-server-perlfreeradius-server-postgresqlfreeradius-server-pythonfreeradius-server-sqlitefreeradius-server-utilsft2demosfuselibfuse2g3utilsmgettygdgdk-pixbuf-langgdk-pixbuf-query-loadersgdk-pixbuf-query-loaders-32bitlibgdk_pixbuf-2_0-0libgdk_pixbuf-2_0-0-32bittypelib-1_0-GdkPixbuf-2_0gdk-pixbuf-loader-rsvglibrsvg-2-2librsvg-2-2-32bitrsvg-viewgdmgdm-langgdmflexiserverlibgdm1typelib-1_0-Gdm-1_0ghostscriptghostscript-x11giflib-progslibgif6libgif6-32bitgit-coreglib2-langglib2-toolslibgio-2_0-0libgio-2_0-0-32bitlibglib-2_0-0libglib-2_0-0-32bitlibgmodule-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgthread-2_0-0libgthread-2_0-0-32bitglibcglibc-32bitglibc-develglibc-devel-32bitglibc-htmlglibc-i18ndataglibc-infoglibc-localeglibc-locale-32bitglibc-profileglibc-profile-32bitnscdgnome-keyringgnome-keyring-32bitgnome-keyring-langgnome-keyring-pamgnome-keyring-pam-32bitlibgck-modules-gnome-keyringgnome-settings-daemongnome-settings-daemon-langgnome-shellgnome-shell-browser-plugingnome-shell-langgnome-shell-search-provider-nautiluslibnautilus-extension1nautilusnautilus-langgnutlslibgnutls-openssl27libgnutls28libgnutls28-32bitgpg2gpg2-langgpgmelibgpgme11groffgroff-fullgxditviewgrub2grub2-arm64-efigrub2-i386-pcgrub2-powerpc-ieee1275grub2-s390x-emugrub2-snapper-plugingrub2-systemd-sleep-plugingrub2-x86_64-efigrub2-x86_64-xengstreamergstreamer-langgstreamer-utilslibgstreamer-1_0-0libgstreamer-1_0-0-32bittypelib-1_0-Gst-1_0gstreamer-plugins-badgstreamer-plugins-bad-langlibgstadaptivedemux-1_0-0libgstbadaudio-1_0-0libgstbadbase-1_0-0libgstbadvideo-1_0-0libgstbasecamerabinsrc-1_0-0libgstcodecparsers-1_0-0libgstgl-1_0-0libgstmpegts-1_0-0libgstphotography-1_0-0libgsturidownloader-1_0-0gstreamer-plugins-basegstreamer-plugins-base-langlibgstallocators-1_0-0libgstapp-1_0-0libgstapp-1_0-0-32bitlibgstaudio-1_0-0libgstaudio-1_0-0-32bitlibgstfft-1_0-0libgstpbutils-1_0-0libgstpbutils-1_0-0-32bitlibgstriff-1_0-0libgstrtp-1_0-0libgstrtsp-1_0-0libgstsdp-1_0-0libgsttag-1_0-0libgsttag-1_0-0-32bitlibgstvideo-1_0-0libgstvideo-1_0-0-32bitgstreamer-plugins-goodgstreamer-plugins-good-langgtk2-datagtk2-langgtk2-toolsgtk2-tools-32bitlibgtk-2_0-0libgtk-2_0-0-32bitguestfs-dataguestfs-toolsguestfsdlibguestfs0perl-Sys-Guestfspython-libguestfsvirt-p2vvirt-v2vguileguile-modules-2_0libguile-2_0-22gvwdiffgvimvimvim-datagziphardlinkhpliphplip-hpijshplip-sanehyper-vibus-chewingibus-pinyinipsec-toolsiputilsjakarta-commons-fileuploadjakarta-commons-fileupload-javadocjakarta-taglibs-standardjakarta-taglibs-standard-javadocjava-1_7_0-openjdkjava-1_7_0-openjdk-demojava-1_7_0-openjdk-develjava-1_7_0-openjdk-headlessjava-1_7_1-ibmjava-1_7_1-ibm-alsajava-1_7_1-ibm-jdbcjava-1_7_1-ibm-pluginjava-1_8_0-ibmjava-1_8_0-ibm-alsajava-1_8_0-ibm-pluginjava-1_8_0-openjdkjava-1_8_0-openjdk-demojava-1_8_0-openjdk-develjava-1_8_0-openjdk-headlesskbdkbd-legacykdumpkernel-defaultkernel-default-basekernel-default-develkernel-default-mankernel-develkernel-macroskernel-sourcekernel-symskernel-firmwareucode-amdkrb5krb5-32bitkrb5-clientkrb5-dockrb5-plugin-kdb-ldapkrb5-plugin-preauth-otpkrb5-plugin-preauth-pkinitkrb5-serverkrb5-appl-clientskrb5-appl-serverslcms2liblcms2-2liblcms2-2-32bitlftplibFLAC++6libFLAC8libFLAC8-32bitlibHX28libHX28-32bitlibICE6libICE6-32bitlibIlmImf-Imf_2_1-21openexrlibMagickCore-6_Q16-1libMagickWand-6_Q16-1libQt5Concurrent5libQt5Core5libQt5DBus5libQt5Gui5libQt5Network5libQt5OpenGL5libQt5PrintSupport5libQt5Sql5libQt5Sql5-mysqllibQt5Sql5-postgresqllibQt5Sql5-sqlitelibQt5Sql5-unixODBClibQt5Test5libQt5Widgets5libQt5Xml5libQt5WebKit5libQt5WebKit5-importslibQt5WebKitWidgets5libSoundTouch0libX11-6libX11-6-32bitlibX11-datalibX11-xcb1libX11-xcb1-32bitlibXRes1libXRes1-32bitlibXcursor1libXcursor1-32bitlibXdmcp6libXdmcp6-32bitlibXext6libXext6-32bitlibXfixes3libXfixes3-32bitlibXfont1libXfont2-2libXi6libXi6-32bitlibXinerama1libXinerama1-32bitlibXp6libXp6-32bitlibXpm4libXpm4-32bitlibXrandr2libXrandr2-32bitlibXrender1libXrender1-32bitlibXt6libXt6-32bitlibXtst6libXtst6-32bitlibXv1libXv1-32bitlibXvMC1libXvnc1tigervncxorg-x11-XvnclibXxf86dga1libXxf86vm1libXxf86vm1-32bitlibapr-util1libapr-util1-dbd-sqlite3libapr1libarchive13libasan2libasan2-32bitlibffi4libffi4-32bitlibmpx0libmpx0-32bitlibmpxwrappers0libmpxwrappers0-32bitlibass5libblkid1libblkid1-32bitlibfdisk1libmount1libmount1-32bitlibsmartcols1libuuid1libuuid1-32bitpython-libmountutil-linuxutil-linux-langutil-linux-systemduuiddlibcairo-gobject2libcairo-gobject2-32bitlibcairo-script-interpreter2libcairo2libcairo2-32bitlibcares2libcdio14libcdio14-32bitlibdcerpc-binding0libdcerpc-binding0-32bitlibdcerpc0libdcerpc0-32bitlibndr-krb5pac0libndr-krb5pac0-32bitlibndr-nbt0libndr-nbt0-32bitlibndr-standard0libndr-standard0-32bitlibndr0libndr0-32bitlibnetapi0libnetapi0-32bitlibsamba-credentials0libsamba-credentials0-32bitlibsamba-errors0libsamba-errors0-32bitlibsamba-hostconfig0libsamba-hostconfig0-32bitlibsamba-passdb0libsamba-passdb0-32bitlibsamba-util0libsamba-util0-32bitlibsamdb0libsamdb0-32bitlibsmbclient0libsmbclient0-32bitlibsmbconf0libsmbconf0-32bitlibsmbldap0libsmbldap0-32bitlibtevent-util0libtevent-util0-32bitlibwbclient0libwbclient0-32bitsambasamba-clientsamba-client-32bitsamba-docsamba-libssamba-libs-32bitsamba-winbindsamba-winbind-32bitlibdmx1libecpg6libpq5libpq5-32bitpostgresql10postgresql10-contribpostgresql10-docspostgresql10-serverlibevent-2_0-5libexempi3libexif12libexif12-32bitlibfreebl3libfreebl3-32bitlibfreebl3-hmaclibfreebl3-hmac-32bitlibsoftokn3libsoftokn3-32bitlibsoftokn3-hmaclibsoftokn3-hmac-32bitmozilla-nssmozilla-nss-32bitmozilla-nss-certsmozilla-nss-certs-32bitmozilla-nss-sysinitmozilla-nss-sysinit-32bitmozilla-nss-toolslibfreetype6libfreetype6-32bitlibgc1libgcrypt20libgcrypt20-32bitlibgcrypt20-hmaclibgcrypt20-hmac-32bitlibgme0libgnomesulibgnomesu-langlibgnomesu0libgoa-1_0-0libgoa-backend-1_0-1libgraphite2-3libgraphite2-3-32bitlibgssglue1libgssglue1-32bitlibgypsy0libhivex0perl-Win-Hivexlibhogweed2libhogweed2-32bitlibnettle4libnettle4-32bitlibical1libical1-32bitlibicu-doclibicu52_1libicu52_1-32bitlibicu52_1-datalibidn-toolslibidn11libidn11-32bitlibimobiledevice6libipa_hbac0libsss_certmap0libsss_idmap0libsss_nss_idmap0libsss_simpleifp0libsss_sudopython-sssd-configsssdsssd-32bitsssd-adsssd-ipasssd-krb5sssd-krb5-commonsssd-ldapsssd-proxysssd-toolslibjansson4libjasper1libjasper1-32bitlibjavascriptcoregtk-3_0-0libwebkitgtk-3_0-0libwebkitgtk3-langlibjavascriptcoregtk-4_0-18libwebkit2gtk-4_0-37typelib-1_0-JavaScriptCore-4_0typelib-1_0-WebKit2-4_0webkit2gtk-4_0-injected-bundleslibjbig2libjbig2-32bitlibjpeg-turbolibjpeg62libjpeg62-32bitlibjpeg62-turbolibjpeg8libjpeg8-32bitlibturbojpeg0libjson-c2libjson-c2-32bitlibkde4libkde4-32bitlibkdecore4libkdecore4-32bitlibksuseinstall1libksuseinstall1-32bitlibkpathsea6libksba8liblcms1liblcms1-32bitlibldap-2_4-2libldap-2_4-2-32bitopenldap2openldap2-back-metaopenldap2-clientlibldb1libldb1-32bitliblouis-dataliblouis9python-louispython3-louislibltdl7libltdl7-32bitlibtoollibtool-32bitliblua5_2liblua5_2-32bitlualiblzo2-2liblzo2-2-32bitlibmicrohttpd10libmms0libmodplug1libmpfr4libmpfr4-32bitlibmspack0libmusicbrainz4libmysqlclient18libmysqlclient18-32bitmariadb-100-errormessageslibncurses5libncurses5-32bitlibncurses6libncurses6-32bitncurses-develncurses-devel-32bitncurses-utilstackterminfoterminfo-baselibneon27libneon27-32bitlibnetpbm11libnetpbm11-32bitnetpbmlibnghttp2-14libnghttp2-14-32bitlibnm-glib-vpn1libnm-glib4libnm-util2libnm0typelib-1_0-NMClient-1_0typelib-1_0-NetworkManager-1_0libopenjp2-7libopenssl-1_0_0-devellibopenssl1_0_0libopenssl1_0_0-32bitlibopenssl1_0_0-hmaclibopenssl1_0_0-hmac-32bitopenssl-1_0_0openssl-1_0_0-doclibopenssl-developenssllibopenssl1_1libopenssl1_1-32bitlibopenvswitch-2_8-0openvswitchlibopus0libospf0libospfapiclient0libquagga_pb0libzebra1quaggalibotr5libpango-1_0-0libpango-1_0-0-32bittypelib-1_0-Pango-1_0libpcre1libpcre1-32bitlibpcre16-0libpcsclite1pcsc-litelibplist3libpng12-0libpng12-0-32bitlibpng15-15libpng16-16libpng16-16-32bitlibpolkit0polkittypelib-1_0-Polkit-1_0libpoppler-glib8libpoppler-qt4-4libpoppler60poppler-toolslibprocps3procpslibproxy1libproxy1-32bitlibproxy1-config-gnome3libproxy1-config-gnome3-32bitlibproxy1-networkmanagerlibproxy1-pacrunner-webkitlibpulse-mainloop-glib0libpulse-mainloop-glib0-32bitlibpulse0libpulse0-32bitpulseaudiopulseaudio-esound-compatpulseaudio-gdm-hookspulseaudio-langpulseaudio-module-x11pulseaudio-module-zeroconfpulseaudio-utilslibpython2_7-1_0libpython2_7-1_0-32bitpython-basepython-base-32bitpython-xmllibpython3_4m1_0python3-baselibqpdf18qpdflibqt4libqt4-32bitlibqt4-qt3supportlibqt4-qt3support-32bitlibqt4-sqllibqt4-sql-32bitlibqt4-sql-mysqllibqt4-sql-sqlitelibqt4-x11libqt4-x11-32bitqt4-x11-toolslibquicktime0libraptor2-0librelp0libruby2_1-2_1ruby2.1ruby2.1-stdliblibsaml8opensaml-binopensaml-schemaslibshibsp-lite6libshibsp6shibboleth-splibsmilibsmi2libsndfile1libsndfile1-32bitlibsnmp30libsnmp30-32bitnet-snmpperl-SNMPsnmp-mibslibsoup-2_4-1libsoup-2_4-1-32bitlibsoup-langtypelib-1_0-Soup-2_4libspice-client-glib-2_0-8libspice-client-glib-helperlibspice-client-gtk-3_0-5libspice-controller0typelib-1_0-SpiceClientGlib-2_0typelib-1_0-SpiceClientGtk-3_0libspice-server1libsqlite3-0libsqlite3-0-32bitsqlite3libsrtp1libssh2-1libssh2-1-32bitlibssh4libssh4-32bitlibsystemd0libsystemd0-32bitlibudev1libudev1-32bitsystemdsystemd-32bitsystemd-bash-completionsystemd-sysvinitudevlibtag1libtag_c0tagliblibtasn1libtasn1-6libtasn1-6-32bitlibtcnative-1-0libthai-datalibthai0libthai0-32bitlibtiff5libtiff5-32bittifflibtirpc-netconfiglibtirpc3libtirpc3-32bitlibudisks2-0udisks2udisks2-langlibupsclient1nutnut-drivers-netlibusbmuxd4libvdpau1libvirglrenderer0libvirtlibvirt-adminlibvirt-clientlibvirt-daemonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-interfacelibvirt-daemon-driver-libxllibvirt-daemon-driver-lxclibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-daemon-hookslibvirt-daemon-lxclibvirt-daemon-qemulibvirt-daemon-xenlibvirt-doclibvirt-libslibvirt-lock-sanlocklibvirt-nsslibvmtools0open-vm-toolsopen-vm-tools-desktoplibvncclient0libvncserver0libvorbis-doclibvorbis0libvorbis0-32bitlibvorbisenc2libvorbisenc2-32bitlibvorbisfile3libvorbisfile3-32bitlibvpx1libvte9python-vtevte2-langlibwavpack1libwireshark9libwiretap7libwscodecs1libwsutil8wiresharkwireshark-gtklibxcb-dri2-0libxcb-dri2-0-32bitlibxcb-dri3-0libxcb-dri3-0-32bitlibxcb-glx0libxcb-glx0-32bitlibxcb-present0libxcb-present0-32bitlibxcb-randr0libxcb-render0libxcb-render0-32bitlibxcb-shape0libxcb-shm0libxcb-shm0-32bitlibxcb-sync1libxcb-sync1-32bitlibxcb-xf86dri0libxcb-xfixes0libxcb-xfixes0-32bitlibxcb-xinerama0libxcb-xkb1libxcb-xkb1-32bitlibxcb-xv0libxcb1libxcb1-32bitlibxerces-c-3_1libxerces-c-3_1-32bitlibxml2-2libxml2-2-32bitlibxml2-doclibxml2-toolslibxmltooling6xmltooling-schemaslibxslt-toolslibxslt1libxslt1-32bitlibyaml-0-2libykcs11-1libykpiv1yubico-piv-toollibz1libz1-32bitzlib-devellibzip2libzypplogrotatelogwatchmailmanmailxmariadbmariadb-clientmariadb-errormessagesmariadb-toolsmemcachedminicommipv6dmozilla-nsprmozilla-nspr-32bitmuttntpntp-docopenscopenslpopenslp-32bitopenslp-serveropensshopenssh-fipsopenssh-helpersopenvpnopenvpn-auth-pam-pluginopieopie-32bitovmfovmf-toolsqemu-ovmf-x86_64qemu-uefi-aarch64p7zippampam-32bitpam-docpam-modulespam-modules-32bitpam_krb5pam_krb5-32bitpam_sshpam_ssh-32bitpam_yubicopatchpcsc-ccidperlperl-32bitperl-baseperl-docperl-Archive-Zipperl-Config-IniFilesperl-DBD-mysqlperl-HTML-Parserperl-LWP-Protocol-httpsperl-Tkperl-XML-LibXMLperl-YAML-LibYAMLpigzpolicycoreutilspolicycoreutils-pythonpowerpc-utilsppc64-diagpppprocmailpythonpython-32bitpython-cursespython-demopython-gdbmpython-idlepython-tkpython-PyYAMLpython-cupshelperssystem-config-printersystem-config-printer-commonsystem-config-printer-common-langsystem-config-printer-dbus-serviceudev-configure-printerpython-docpython-doc-pdfpython-imagingpython-libxml2python-pyOpenSSLpython3-pyOpenSSLpython-pywbempython-requestspython3python3-cursespython3-requestsqemuqemu-armqemu-block-curlqemu-block-iscsiqemu-block-rbdqemu-block-sshqemu-guest-agentqemu-ipxeqemu-kvmqemu-langqemu-ppcqemu-s390qemu-seabiosqemu-sgabiosqemu-toolsqemu-vgabiosqemu-x86radvdres-signingkeyssmtsmt-supportrpcbindrpmrpm-32bitrpm-buildrrdtoolrrdtool-cachedrsyncrsyslogrsyslog-diag-toolsrsyslog-docrsyslog-module-gssapirsyslog-module-gtlsrsyslog-module-mysqlrsyslog-module-pgsqlrsyslog-module-relprsyslog-module-snmprsyslog-module-udpspoofrtkitrubyrzszsane-backendssblim-sfcbshadowshimsocatspice-vdagentsquashfssquidsquidGuardsquidGuard-docstrongswanstrongswan-docstrongswan-hmacstrongswan-ipsecstrongswan-libs0stunnelsudosupportutilssysconfigsysconfig-netconfigsyslog-servicesystemtapsystemtap-runtimesystemtap-serversysvinit-toolswhoistartar-langtboottcpdumptftptomcattomcat-admin-webappstomcat-docs-webapptomcat-el-3_0-apitomcat-javadoctomcat-jsp-2_3-apitomcat-libtomcat-servlet-4_0-apitomcat-webappstpm2.0-toolstransfigucode-intelunixODBCunixODBC-32bitunrarunzipupdate-alternativesvinovino-langvorbis-toolsvorbis-tools-langvsftpdw3mwgetwpa_supplicantxalan-j2xdg-utilsxenxen-doc-htmlxen-libsxen-libs-32bitxen-toolsxen-tools-domUxf86-video-intelxfsprogsxinetdxlockmorexorg-x11xorg-x11-essentialsxrdbxorg-x11-libsxorg-x11-serverxorg-x11-server-extraxscreensaverxscreensaver-datayast2yast2-coreyast2-usersyubikey-managerzoozshzypperzypper-logpython-Django1suse-openstack-cloud-releaseardana-ansibleardana-barbicanardana-cassandraardana-ceilometerardana-cinderardana-clusterardana-cobblerardana-dbardana-designateardana-glanceardana-heatardana-horizonardana-input-modelardana-installer-uiardana-ironicardana-keystoneardana-loggingardana-magnumardana-manilaardana-memcachedardana-monascaardana-monasca-transformardana-mqardana-neutronardana-novaardana-octaviaardana-opsconsoleardana-opsconsole-uiardana-osconfigardana-serviceardana-service-ansibleardana-sesardana-sparkardana-swiftardana-tempestardana-tlscaasp-openstack-heat-templatesdocumentation-suse-openstack-cloud-deploymentdocumentation-suse-openstack-cloud-operationsdocumentation-suse-openstack-cloud-securitydocumentation-suse-openstack-cloud-supplementgalera-python-clustercheckgrafanagrafana-monasca-ui-drilldownopenstack-ceilometeropenstack-ceilometer-agent-centralopenstack-ceilometer-agent-computeopenstack-ceilometer-agent-ipmiopenstack-ceilometer-agent-notificationopenstack-ceilometer-pollingopenstack-cinderopenstack-cinder-apiopenstack-cinder-backupopenstack-cinder-scheduleropenstack-cinder-volumeopenstack-dashboardopenstack-designateopenstack-designate-agentopenstack-designate-apiopenstack-designate-centralopenstack-designate-produceropenstack-designate-sinkopenstack-designate-workeropenstack-heatopenstack-heat-apiopenstack-heat-api-cfnopenstack-heat-engineopenstack-heat-plugin-heat_dockeropenstack-horizon-plugin-designate-uiopenstack-horizon-plugin-heat-uiopenstack-horizon-plugin-magnum-uiopenstack-horizon-plugin-monasca-uiopenstack-ironicopenstack-ironic-apiopenstack-ironic-conductoropenstack-ironic-python-agentopenstack-keystoneopenstack-magnumopenstack-magnum-apiopenstack-magnum-conductoropenstack-manilaopenstack-manila-apiopenstack-manila-dataopenstack-manila-scheduleropenstack-manila-shareopenstack-monasca-agentopenstack-monasca-notificationopenstack-neutronopenstack-neutron-dhcp-agentopenstack-neutron-fwaasopenstack-neutron-gbpopenstack-neutron-ha-toolopenstack-neutron-l3-agentopenstack-neutron-lbaasopenstack-neutron-lbaas-agentopenstack-neutron-linuxbridge-agentopenstack-neutron-macvtap-agentopenstack-neutron-metadata-agentopenstack-neutron-metering-agentopenstack-neutron-openvswitch-agentopenstack-neutron-serveropenstack-neutron-vpnaasopenstack-neutron-vyatta-agentopenstack-novaopenstack-nova-apiopenstack-nova-cellsopenstack-nova-computeopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-placement-apiopenstack-nova-scheduleropenstack-nova-serialproxyopenstack-nova-vncproxyopenstack-octaviaopenstack-octavia-amphora-agentopenstack-octavia-apiopenstack-octavia-health-manageropenstack-octavia-housekeepingopenstack-octavia-workerpython-ardana-configurationprocessorpython-barbican-tempest-pluginpython-ceilometerpython-cinderpython-cinderclientpython-cinderclient-docpython-cinderlmpython-designatepython-heatpython-horizonpython-horizon-plugin-designate-uipython-horizon-plugin-heat-uipython-horizon-plugin-magnum-uipython-horizon-plugin-monasca-uipython-ironicpython-ironicclientpython-ironicclient-docpython-keystonepython-magnumpython-manilapython-manila-tempest-pluginpython-manilaclientpython-manilaclient-docpython-monasca-agentpython-monasca-notificationpython-neutronpython-neutron-fwaaspython-neutron-gbppython-neutron-lbaaspython-neutron-vpnaaspython-novapython-octaviapython-openstack_authpython-os-brickpython-os-brick-commonpython-oslo.dbpython-proliantutilssupportutils-plugin-suse-openstack-cloudvenv-openstack-barbican-x86_64venv-openstack-cinder-x86_64venv-openstack-designate-x86_64venv-openstack-glance-x86_64venv-openstack-heat-x86_64venv-openstack-horizon-x86_64venv-openstack-ironic-x86_64venv-openstack-keystone-x86_64venv-openstack-magnum-x86_64venv-openstack-manila-x86_64venv-openstack-monasca-ceilometer-x86_64venv-openstack-monasca-x86_64venv-openstack-neutron-x86_64venv-openstack-nova-x86_64venv-openstack-octavia-x86_64venv-openstack-sahara-x86_64python-Twistedardana-extensions-nsxardana-swiftlm-drive-provisionardana-swiftlm-log-tailerardana-swiftlm-uptime-monopenstack-horizon-plugin-neutron-fwaas-uiopenstack-horizon-plugin-neutron-lbaas-uiopenstack-horizon-plugin-neutron-vpnaas-uiopenstack-monasca-persisteropenstack-monasca-persister-javaopenstack-tempestopenstack-tempest-testpython-cinder-tempest-pluginpython-horizon-plugin-neutron-fwaas-uipython-horizon-plugin-neutron-lbaas-uipython-horizon-plugin-neutron-vpnaas-uipython-keystonemiddlewarepython-monasca-persisterpython-monasca-tempest-pluginpython-openstackclientpython-openstacksdkpython-python-engineiopython-swiftlmpython-tempestpython-vmware-nsxpython-vmware-nsxlibvenv-openstack-swift-x86_64mariadb-galerapython-SQLAlchemypython-urllib3python-Werkzeugansible1novncopenstack-glanceopenstack-glance-apiopenstack-saharaopenstack-sahara-apiopenstack-sahara-engineopenstack-watcheropenstack-watcher-docpython-glancepython-saharapython-watcheropenstack-horizon-plugin-manila-uiopenstack-octavia-amphora-image-x86_64pdnspdns-backend-mysqlpython-horizon-plugin-manila-uipython-octaviaclientpython-oslo.cachepython-oslo.messagingpython-ecdsaopenstack-barbicanopenstack-barbican-apiopenstack-barbican-keystone-listeneropenstack-barbican-retryopenstack-barbican-workeropenstack-heat-templatespython-barbicanpython-psutilrelease-notes-suse-openstack-cloudhaproxyopenstack-ironic-image-x86_64python-glanceclientpython-glanceclient-docpython-ironic-libpython-novaclientpython-novaclient-docpython-oslo.configpython-oslo.config-docpython-oslo.rootwrappython-oslo.utilspython-swiftclientpython-swiftclient-docpython-watcherclientzookeeper-servermozilla-nspr-develmozilla-nss-develMozillaFirefox-branding-SLEMozillaFirefox-develMozillaFirefox-translations-commonpython-ipaddresscobblergolang-github-prometheus-node_exporterxrdplibwebkit2gtk3-langtypelib-1_0-WebKit2WebExtension-4_0kibanaopenstack-neutron-vsphereopenstack-neutron-vsphere-docopenstack-neutron-vsphere-dvs-agentopenstack-neutron-vsphere-ovsvapp-agentopenstack-resource-agentspython-Pillowpython-ardana-packagerpython-heatclientpython-heatclient-docpython-networking-vspherepython-neutron-tempest-pluginpython-octavia-tempest-pluginpython-pyroute2python-waitressjava-1_8_0-ibm-develjava-1_7_1-ibm-devellibsolv-devellibsolv-toolsperl-solvpython-solvperl-DBIpython3-develgrafana-natel-discrete-panelpython-Flask-Corsstormstorm-nimbusstorm-supervisorlibbind9-161libdns1110libirs161libisc1107libisc1107-32bitlibisccc161libisccfg163liblwres161python-piplibasan6libasan6-32bitlibatomic1libatomic1-32bitlibgcc_s1libgcc_s1-32bitlibgfortran5libgfortran5-32bitlibgo16libgo16-32bitlibgomp1libgomp1-32bitlibitm1libitm1-32bitliblsan0libobjc4libobjc4-32bitlibquadmath0libquadmath0-32bitlibstdc++6libstdc++6-32bitlibstdc++6-localelibstdc++6-pp-gcc10libstdc++6-pp-gcc10-32bitlibtsan0libubsan1libubsan1-32bitopenldap2-docopenldap2-ppolicy-check-passwordpostgresqlpostgresql-contribpostgresql-docspostgresql-plperlpostgresql-plpythonpostgresql-pltclpostgresql-serverpostgresql10-plperlpostgresql10-plpythonpostgresql10-pltcllibmariadb3libmariadb_pluginspython-setuptoolspython3-setuptoolspython-cryptographypython3-cryptographyopenssl-1_1python-developenssh-askpass-gnomeinfluxdbopenstack-heat-gbpopenstack-horizon-plugin-gbp-uipython-Jinja2python-heat-gbppython-horizon-plugin-gbp-uipython-neutron-vpnaas-tempest-pluginpython-pysaml2python-pytestsparkdnsmasq-utilskeepalivedopenstack-dashboard-theme-SUSEopenstack-horizon-plugin-ironic-uiopenstack-horizon-plugin-octavia-uiopenstack-swiftopenstack-swift-accountopenstack-swift-containeropenstack-swift-objectopenstack-swift-proxypython-amqppython-horizon-plugin-ironic-uipython-horizon-plugin-octavia-uipython-keystoneauth1python-keystoneclientpython-keystoneclient-docpython-ovspython-swiftlibzypp-develfwupdatefwupdate-efilibfwup0perl-Mail-SpamAssassinspamassassinpermissionslibavahi-glib1libavahi-glib1-32bitlibdjvulibre21graphvizgraphviz-gdgraphviz-gnomegraphviz-tclpython-httplib2libwebp5libwebp5-32bitlibwebpdemux1libwebpmux1apache2-mod_auth_openidccaribou-commonlibcaribou0typelib-1_0-Caribou-1_0cassandracassandra-toolspython-elementpathpython-pypython-xmlschemaImageMagick-config-6-SUSEImageMagick-config-6-upstreamxtermarpwatchpython3-urllib3python-rsalibudev-develsystemd-devellinuxptppython3-PyYAMLaspellaspell-ispelllibaspell15libaspell15-32bitmysql-connector-javalibesmtplibgtk-vnc-1_0-0libgtk-vnc-2_0-0libgvnc-1_0-0python-gtk-vnctypelib-1_0-GVnc-1_0typelib-1_0-GtkVnc-2_0ghostscript-devellibspectre-devellibspectre1sqlite3-develjavapackages-filesystembinutils-devellibctf-nobfd0libctf0javapackages-toolslibpcrecpp0libpcreposix0pcre-develselinux-policyselinux-policy-develselinux-policy-minimumopenstack-ec2-apiopenstack-ec2-api-apiopenstack-ec2-api-metadataopenstack-ec2-api-s3python-ec2apipython-eventletglib-networkingglib-networking-langlog4jelasticsearchkafkalogstashopenstack-monasca-threshscreeniscsiuiolibopeniscsiusr0_2_0open-iscsiperl-XML-Twiggitgit-cvsgit-daemongit-emailgit-guigit-svngit-webgitkzlib-devel-32bitzlib-devel-staticzlib-devel-static-32bitliblzma5liblzma5-32bitxzxz-langsssd-dbuslibSDL-1_2-0libSDL-1_2-0-32bitaidepython-XStatic-jquery-uipython-lxmllibpcre2-16-0libpcre2-32-0libpcre2-8-0libpcre2-posix2libopenssl1_1-hmaclibopenssl1_1-hmac-32bitoracleasm-kmp-defaultsysstatsysstat-isagcrash-gcorersyslog-module-mmnormalizepython-M2Cryptopython3-M2Cryptomokutilpython-Babellibcroco-0_6-3libcroco-0_6-3-32bitlibjson-c-devellibgda-5_0-4libgda-5_0-mysqllibgda-5_0-postgreslibgda-5_0-sqlitelibgda-ui-5_0-4rabbitmq-serverrabbitmq-server-pluginssqlite3-tclpostgresql-jdbcpython-Makokpartxmultipath-toolstelnettelnet-serverlibpixman-1-0libpixman-1-0-32bitlibexiv2-12zabbix-agentvim-data-commonca-certificates-mozillaxerces-j2xerces-j2-xml-apisxerces-j2-xml-resolverlibcaca0libharfbuzz-icu0libharfbuzz0libharfbuzz0-32bitdmidecodepython-sqlparsepython-tornadoinstall-initrd-SLEStftpboot-installation-SLES-12-SP4-x86_64libcjose0apache2-mod_security2python-geventmonitoring-plugins-nrpenrpepython-cffiatk-docatk-langlibatk-1_0-0libatk-1_0-0-32bitlibxmlsec1-1libxmlsec1-gcrypt1libxmlsec1-gnutls1libxmlsec1-nss1libxmlsec1-openssl1typelib-1_0-Atk-1_0xmlsec1crowbarcrowbar-corecrowbar-core-branding-upstreamcrowbar-develcrowbar-hacrowbar-openstackdocumentation-suse-openstack-cloud-crowbar-deploymentdocumentation-suse-openstack-cloud-crowbar-operationsnodejs6ruby2.1-rubygem-rails-html-sanitizerruby2.1-rubygem-loofahcrowbar-uiyast2-crowbarruby2.1-rubygem-easy_diffruby2.1-rubygem-hamlruby2.1-rubygem-crowbar-clientruby2.1-rubygem-pumaruby2.1-rubygem-actionview-4_2ruby2.1-rubygem-activesupport-4_2ruby2.1-rubygem-activeresourceruby2.1-rubygem-json-1_7ruby2.1-rubygem-rackruby2.1-rubygem-actionpack-4_2ruby2.1-rubygem-activerecord-session_storeruby2.1-rubygem-nokogiriruby2.1-rubygem-addressableruby2.1-rubygem-activerecord-4_2ruby2.1-rubygem-redcarpetsleshammer-x86_64ruby2.1-rubygem-sinatraruby2.1-rubygem-yajl-rubyruby2.1-rubygem-tzinfopython3-rpmrpm-pythonkernel-azurekernel-azure-basekernel-azure-develkernel-devel-azurekernel-source-azurekernel-syms-azureatftphostinfoPackageKitPackageKit-backend-zyppPackageKit-langlibpackagekit-glib2-18typelib-1_0-PackageKitGlib-1_0nmaplibu2f-host0pam_u2fibusibus-gtkibus-gtk3ibus-langlibibus-1_0-5typelib-1_0-IBus-1_0python-plylibpcap1python-xdgnfs-clientnfs-docnfs-kernel-serverlibunwindlibunwind-develgdblibseccomp2libseccomp2-32bitpython-numpyauditaudit-audispd-pluginslibaudit1libaudit1-32bitlibauparse0python2-auditpython3-auditlibwsman1libwsman_clientpp1openwsman-serverlibmemcachedlibmemcached11libmemcachedutil2manfile-rollerfile-roller-langnautilus-file-rollerpam_radiuspam_radius-32bitMesaMesa-32bitMesa-driMesa-dri-32bitMesa-libEGL1Mesa-libEGL1-32bitMesa-libGL1Mesa-libGL1-32bitMesa-libGLESv2-2Mesa-libglapi0Mesa-libglapi0-32bitlibgbm1libgbm1-32bitlibxatracker2python-rpm-macrosshared-python-startupedlibadns1gnuplotlibgxps2python-chardetpython3-certifipython3-chardetwickedwicked-servicelibasan5libasan5-32bitlibgo14libgo14-32bitpython-asn1cryptopython-packagingpython3-asn1cryptopython3-packagingipmitoolpython-xattrpython3-cffiperl-CGIbcm43xx-firmwareu-boot-rpi3u-boot-toolslibsss_nss_idmap-develtftpboot-installation-SLES-12-SP4-aarch64libsss_idmap-develtftpboot-installation-SLES-12-SP4-ppc64letftpboot-installation-SLES-12-SP4-s390x0:1.7.1-6.112.40:52.9.0esr-109.38.20:3.6.312.333-3.13.10:13.2+git20140911.61c1681-38.8.10:0.6.42-16.3.10:1.0.27.2-15.10:1.9.4-3.3.10:1.9.2-1.270:1.0.15-6.100:3.1-4.4980:2.4.23-29.24.10:2.8.2-49.210:1.2.40-5.20:1.0.14-19.3.10:2.0.8-11.430:3.1.14-8.6.10:2.5.37-8.10:4.8.7+2.3.4-4.7.20:2.32.1-16.10:0.3.6-10.10:1.2.0-17.3.10:5.0.9-28.3.50:1.13.4-6.20:1.4.16-15.740:0.6.32-30.360:1.4-290.3.10:4.3-83.15.10:6.3-83.15.10:9.11.2-1.240:2.31-9.26.10:5.13-5.4.10:1.21.1-3.30:1.0.6-29.20:12.2.8+git.1536505967.080f2248ff-2.15.10:2.3-3.1100:6.5-9.3.20:0.100.2-33.18.10:0.1.26-6.30:1.3.3-12.130:1.1.0-148.3.10:8.25-13.7.10:2.11-36.3.40:4.8.5-31.17.10:2.9.0-7.10:7.2.1-2.190:7.2.1_k4.12.14_94.41-2.190:4.2-58.30:1.4.11-58.30:5.8-7.10:1.7.5-20.17.10:1.0.58-19.2.30:0.2.5-5.10:7.60.0-2.110:1.12.12-182.3.10:2.1.26-8.7.10:1.5.2-2.30:1.8.22-29.10.20:0.100.2-3.580:4.3.3-10.14.10:2.78-18.3.10:3.0.26-6.50:2.2.31-19.11.10:17.11.4-3.60:17.11.4_k4.12.14_94.41-3.60:17.11.4-3.50:17.11.4_k4.12.14_94.41-3.50:044.1-9.50:0.7.3-1.110:1.43.8-1.190:103-8.3.10:0.158-6.10:24.3-25.3.10:3.20.4-7.70:3.20.2-6.22.90:2.1.0-21.3.10:6.3.26-12.30:5.22-10.6.10:2.11.1-7.10:3.0.15-2.8.20:2.6.3-7.15.10:2.9.3-6.3.10:1.1.36-58.3.10:2.1.0-24.9.10:2.34.0-19.17.10:2.40.20-5.6.10:3.10.0.1-54.6.30:9.25-23.13.10:5.0.5-12.10:2.12.3-27.14.10:2.48.2-10.20:2.22-15.30:3.20.0-28.3.180:3.20.1-50.5.80:3.20.4-77.17.10:3.20.3-23.6.10:3.3.27-3.3.10:2.0.24-9.3.10:1.5.1-1.120:1.22.2-5.4290:2.02-11.80:1.8.3-9.50:1.8.3-17.20:1.8.3-12.110:1.8.3-15.10:2.24.31-7.110:1.32.4-21.3.100:2.0.9-8.30:3.7.4-1.390:1.2.1-3.640:7.4.326-16.10:1.6-9.3.10:1.0-6.450:3.16.11-1.330:7-7.50:1.4.14-4.110:1.5.0-11.20:0.8.0-19.3.10:s20121221-2.190:1.1.1-120.2380:1.1.1-255.20:1.7.0.181-43.15.20:1.7.1_sr4.30-38.26.10:1.8.0_sr5.20-30.36.10:1.8.0.181-27.26.20:2.0.4-8.10.20:0.8.16-9.20:4.12.14-94.41.10:20180525-3.110:1.12.5-40.28.20:1.0.3-1.50:2.7-9.7.10:4.7.4-3.3.200:1.3.0-11.10:3.18-1.190:1.0.8-12.10:2.1.0-6.3.10:6.8.8.1-71.85.10:5.6.2-6.12.10:5.6.2-1.310:1.7.1-5.3.10:1.6.2-12.5.10:1.0.7-3.540:1.1.14-4.6.10:1.1.1-12.10:1.3.2-4.3.10:5.0.1-7.10:1.5.1-11.3.120:2.0.3-1.190:1.7.4-17.10:1.1.3-3.550:1.0.2-3.580:3.5.11-5.10:1.5.0-6.20:0.9.8-7.10:1.1.4-3.590:1.2.2-7.10:1.0.10-7.10:1.0.8-7.10:1.6.0-18.23.720:1.1.3-3.540:1.5.3-2.3.10:1.5.1-4.3.10:3.1.2-25.10:5.3.1+r233831-12.10:0.10.2-3.10:2.29.2-7.140:2.29.2-7.70:1.15.2-25.3.20:1.9.1-9.4.10:0.90-6.3.10:4.6.16+git.124.aee309c5c18-3.32.10:1.1.3-3.520:10.5-1.3.10:10.5-1.3.20:2.0.21-6.3.10:2.2.1-5.7.10:0.6.21-8.3.10:3.29.5-58.12.10:7.2d-5.10:1.6.1-16.61.10:0.6.0-5.10:2.0.0-353.6.20:3.20.5-9.60:1.3.1-10.3.10:0.4-3.830:0.9-6.240:1.3.10-4.10:2.7.1-12.10:1.0.1-16.3.10:52.1-8.7.10:1.28-5.3.10:1.2.0-7.310:1.16.1-2.80:1.13.4-34.7.10:2.7-1.20:1.900.14-195.8.10:2.4.11-23.200:2.20.3-2.23.80:2.0-12.60:2.0-12.130:1.5.3-31.7.40:62.2.0-31.7.40:8.1.2-31.7.40:0.11-2.220:4.12.0-10.10:6.2.0dev-22.3.10:1.3.0-23.10:1.19-17.310:2.4.41-18.40.10:1.1.29-3.3.10:2.6.4-6.6.10:2.4.2-17.4.10:5.2.4-6.10:2.08-1.60:2.08-1.130:0.9.30-5.10:0.6.2-15.80:0.8.9.0+git20170610.f6dd59a-15.4.10:3.1.2-7.10:0.4-14.40:2.1.5-27.860:10.0.35-1.70:5.9-58.10:0.30.0-3.650:10.66.3-7.10:1.7.1-1.840:1.0.12-13.6.10:2.1.0-4.9.10:1.0.2p-2.110:1.0.2p-1.130:1.1.1-1.90:2.8.4-3.360:1.1-3.10:1.1.1-17.7.10:4.0.0-9.10:1.40.1-9.50:8.39-8.3.10:1.8.10-7.3.10:1.12-20.3.20:1.2.50-19.10:1.5.22-9.10:1.6.8-14.10:0.113-5.12.10:0.43.0-16.15.10:3.3.9-11.14.10:0.4.13-16.30:0.4.13-16.60:5.0-4.10:2.7.13-28.11.20:3.4.6-25.16.10:7.1.1-3.3.40:4.8.7-8.8.10:1.2.4-14.3.10:2.0.10-3.670:1.2.12-3.3.10:2.1.9-18.10:2.5.5-3.3.10:2.5.5-6.3.10:0.4.8-18.630:1.0.25-36.16.10:5.7.3-6.3.10:2.62.2-5.7.10:0.33-3.6.10:0.12.8-6.10:3.8.10.2-8.10:1.5.2-3.2.10:1.4.3-19.10:0.6.3-12.6.10:228-150.49.20:1.9.1-1.2650:4.9-3.5.10:1.2.17-1.120:0.1.25-4.20:4.0.9-44.24.10:1.0.1-17.6.10:2.1.3-1.140:2.7.1-1.300:1.0.10-2.30:1.1.1-6.730:0.5.0-11.10:4.0.0-6.130:10.3.0-2.60:0.9.9-17.5.10:1.3.3-10.14.10:1.3.0-3.3.10:0.28.2-19.70:4.60.99-5.3.10:2.4.9-48.29.10:1.10-4.3.10:3.1.1-12.30:2.9.4-46.15.10:1.5.6-3.6.10:1.1.28-16.10:0.1.6-7.10:1.5.0-3.160:1.2.11-1.270:0.11.1-13.3.10:16.19.0-2.36.30:3.11.0-2.11.10:7.4.3-15.650:2.1.17-1.180:12.5-28.10:10.2.18-1.70:1.4.39-4.6.10:2.7-3.10:2.0.2.umip.0.4-19.770:4.13.1-18.10:1.10.1-55.6.10:4.2.8p12-64.8.20:0.13.0-1.1220:2.0.0-18.17.10:7.2p2-74.25.10:2.3.8-16.20.10:2.4-724.650:2017+git1510945757.b2662641d5-2.180:9.20.1-7.3.10:1.1.8-24.14.10:12.1-23.60:12.1-23.120:2.4.4-4.50:2.0-1.400:2.26-1.250:2.7.5-8.5.10:1.4.25-4.10:5.18.2-12.17.10:1.34-3.3.10:2.82-3.140:4.021-12.5.20:3.71-1.1780:6.04-5.40:804.031-3.820:2.0019-6.3.50:0.38-10.10:2.3-5.10:2.5-10.3.10:1.3.5-3.80:2.7.4-1.180:2.4.7-3.40:3.22-269.3.50:2.7.13-28.11.10:3.12-26.6.10:1.5.7-7.50:1.1.7-21.80:16.0.0-4.6.10:0.7.0-4.70:2.11.1-6.28.10:2.7.0-2.30:2.11.2-4.140:1.0.0-4.140:1.11.0-4.140:8-4.140:1.9.7-2.170:3.0.38-52.26.10:0.2.3-23.10:4.11.2-16.16.10:1.4.7-20.10:3.1.0-13.13.30:8.24.0-3.16.10:0.11_git201205151338-8.170:2.1-1.60:0.12.21~rc-1001.3.10:1.0.24-3.10:1.4.8-17.3.40:4.2.1-27.19.10:0.9-23.140:1.7.2.4-3.10:0.16.0-8.5.150:4.3-6.20:3.5.21-26.9.10:1.4-30.6.10:5.1.3-26.5.10:5.00-4.3.40:1.8.20p2-3.7.100:3.0-95.18.10:0.84.0-13.10:2.0-778.10:3.0-15.130:2.88+-99.150:5.1.1-1.170:1.27.1-15.3.70:20170711_1.9.7-1.100:4.9.2-14.5.10:5.2-11.6.10:9.0.12-1.70:3.1.1-1.160:3.2.5e-2.3.20:20180807a-13.35.10:2.3.6-7.9.10:5.0.14-3.10:6.00-33.8.10:1.18.4-14.2160:3.20.2-5.80:1.4.0-26.10:3.0.2-40.11.10:0.5.3.git20161120-160.10:1.14-21.7.10:2.2-15.3.10:2.7.0-264.380:20140630-6.3.10:4.11.0_08-1.110:2.99.917+git781.c8990575-1.270:4.15.0-1.120:2.3.15-8.8.10:5.43-5.330:7.6_1-14.80:1.1.0-3.580:7.6-45.70:1.19.6-2.10:5.22-7.10:3.2.48-3.29.200:3.3.1-1.70:3.2.17-1.50:0.6.0-1.270:2.10-1020.620:5.0.5-6.7.20:1.13.45-21.23.4(noarch)0:1.11.20-3.3.19(noarch)0:1.11.20-3.6.1(noarch)0:9.0+git.1560211997.7ac9792-3.3.5(noarch)0:9.0+git.1559292830.208d258-3.3.5(noarch)0:9.0+git.1557220194.6a90deb-3.3.3(noarch)0:9.0+git.1557219517.7b97993-3.3.5(noarch)0:9.0+git.1559039284.6fc1d47-3.3.5(noarch)0:9.0+git.1557219586.7c96a6d-3.3.5(noarch)0:9.0+git.1557219626.b190680-3.3.5(noarch)0:9.0+git.1560868957.42bcb70-3.3.5(noarch)0:9.0+git.1558588538.9211022-3.3.5(noarch)0:9.0+git.1559033522.5e5be1c-3.3.5(noarch)0:9.0+git.1559036788.b727b53-3.3.5(noarch)0:9.0+git.1557219807.6036a8e-3.3.5(noarch)0:9.0+git.1557220534.883f8c9-3.3.5(noarch)0:9.0+git.1559171053.476225c-3.3.6(noarch)0:9.0+git.1560365077.17250c6-3.3.5(noarch)0:9.0+git.1559292289.b5ed172-3.3.5(noarch)0:9.0+git.1557219914.6d7ebb5-3.3.5(noarch)0:9.0+git.1557219960.226e32b-3.3.5(noarch)0:9.0+git.1556646861.58ce24f-3.3.5(noarch)0:9.0+git.1557219995.cd49525-3.3.5(noarch)0:9.0+git.1556731170.c8210e0-3.3.5(noarch)0:9.0+git.1557220073.7e88cfa-3.3.5(noarch)0:9.0+git.1560214193.fc0378b-3.3.5(noarch)0:9.0+git.1560464557.d2f6200-3.3.5(noarch)0:9.0+git.1559869848.7a706df-3.3.5(noarch)0:9.0+git.1560519270.e0a2620-3.3.5(noarch)0:9.0+git.1553642196.ba23382-3.3.5(noarch)0:9.0+git.1555530925.206f1a8-4.3.7(noarch)0:9.0+git.1560269313.7ddaff2-3.3.5(noarch)0:9.0+git.1560974342.47a5b12-3.3.5(noarch)0:9.0+git.1557220501.ebd3011-3.3.5(noarch)0:9.0+git.1554740095.48252d3-3.3.5(noarch)0:9.0+git.1557220247.e78d1c3-3.3.5(noarch)0:9.0+git.1559038506.cc119d9-3.3.5(noarch)0:9.0+git.1560949748.f0bd816-3.3.5(noarch)0:9.0+git.1557220381.5641a2e-3.3.5(noarch)0:1.0+git.1560518045.ad7dc6d-3.3.5(noarch)0:9.20190621-3.3.7(noarch)0:0.0+git.1562242499.36b8b64-6.3.5(x86_64)0:5.3.3-3.3.1(noarch)0:1.14.1~dev7-3.3.9(noarch)0:11.0.2~dev13-3.3.9(noarch)0:13.0.6~dev12-3.3.8(noarch)0:14.0.4~dev4-3.3.8(noarch)0:7.0.1~dev20-3.3.8(noarch)0:11.0.3~dev5-3.3.8(noarch)0:7.0.1~dev7-3.3.8(noarch)0:1.4.1~dev4-4.3.7(noarch)0:5.0.2~dev9-3.3.8(noarch)0:11.1.4~dev2-3.3.9(noarch)0:3.3.2~dev13-3.3.6(noarch)0:14.1.1~dev7-3.3.9(noarch)0:7.1.1~dev24-3.3.8(noarch)0:7.3.1~dev2-4.3.8(noarch)0:2.8.1~dev10-3.3.6(noarch)0:1.14.1~dev8-6.3.6(noarch)0:13.0.4~dev89-3.3.7(noarch)0:13.0.2~dev14-3.3.7(noarch)0:5.0.1~dev443-3.3.6(noarch)0:13.0.1~dev12-3.3.7(noarch)0:13.0.2~dev4-3.3.7(noarch)0:18.2.2~dev9-3.3.8(noarch)0:3.1.2~dev2-3.3.6(noarch)0:9.0+git.1558039547.f0d0ddf-3.4.1(noarch)0:0.1.0-4.3.1(noarch)0:4.0.2-3.3.7(noarch)0:0.0.2+git.1541454501.6148725-3.3.5(noarch)0:2.5.2-4.3.7(noarch)0:0.1.0-3.3.5(noarch)0:1.24.2-3.3.7(noarch)0:2.5.7-3.3.7(noarch)0:4.40.2-3.3.8(noarch)0:2.8.4-1.1(noarch)0:9.0.1562324636.e7046a3-1.1(noarch)0:7.0.1~dev18-3.2.1(noarch)0:13.0.6~dev12-3.2.1(noarch)0:7.0.1~dev20-3.3.1(noarch)0:17.0.1~dev16-3.3.1(noarch)0:11.0.3~dev5-3.3.1(noarch)0:14.0.4~dev4-4.3.2(noarch)0:11.1.4~dev2-4.3.2(noarch)0:14.1.1~dev7-3.3.1(noarch)0:7.1.1~dev24-4.3.2(noarch)0:7.3.1~dev2-3.3.1(noarch)0:1.8.2~dev3-3.3.1(noarch)0:2.7.1~dev10-3.3.1(noarch)0:13.0.4~dev89-6.3.1(noarch)0:18.2.2~dev9-3.3.1(noarch)0:3.1.2~dev2-4.3.1(noarch)0:9.0.2~dev9-3.3.1(noarch)0:2.20.1-4.3.1(x86_64)0:15.2.1-9.5.2(noarch)0:9.0+git.1566374020.301191f-3.7.2(noarch)0:9.0+git.1566251498.be02ca4-3.7.2(noarch)0:9.0+git.1565678764.c3a9b9f-3.7.2(noarch)0:9.0+git.1559333871.40508f7-3.7.2(noarch)0:9.0+git.1566336494.93967dd-3.7.2(noarch)0:9.0+git.1564409964.b7e4fc3-3.7.2(noarch)0:9.0+git.1565680593.df7a432-3.7.2(noarch)0:9.0+git.1566213657.69862ab-8.1(noarch)0:9.0+git.1566375806.f0b2333-3.7.2(noarch)0:9.0+git.1565721273.f44b8d7-3.7.2(noarch)0:9.0+git.1565891518.2a545a1-3.7.2(noarch)0:9.0+git.1562848565.91e75b2-3.7.2(noarch)0:9.0+git.1566255088.3443670-3.7.2(noarch)0:9.0+git.1565721987.ddc59c8-3.7.2(noarch)0:9.0+git.1565891593.cad6d1a-3.7.2(noarch)0:9.0+git.1565761582.2dc823a-3.7.2(noarch)0:9.0+git.1565762005.016032a-3.7.2(noarch)0:9.0+git.1566332665.ad894c0-3.7.2(noarch)0:9.0+git.1565115025.148d092-3.7.2(noarch)0:9.0+git.1566251310.3a1e8f9-3.7.2(noarch)0:9.0+git.1566332515.e232568-3.7.2(noarch)0:9.0+git.1566206502.6c87b41-3.7.2(noarch)0:9.0+git.1566251377.b1caeaa-3.7.2(noarch)0:9.0+git.1555530925.206f1a8-4.7.2(noarch)0:9.0+git.1565764394.545b573-3.7.2(noarch)0:9.0+git.1564706915.edd44c4-3.7.2(noarch)0:9.0+git.1565962617.523149b-3.7.2(noarch)0:9.0+git.1565891872.73fc3c7-3.7.2(noarch)0:9.0+git.1541434883.e0ebe69-8.1(noarch)0:9.0+git.1566471752.a3c5c9c-3.7.2(noarch)0:11.0.2~dev14-3.7.2(noarch)0:13.0.7~dev3-3.7.2(noarch)0:7.0.1~dev21-3.7.2(noarch)0:11.0.3~dev19-3.7.2(noarch)0:1.5.1~dev6-8.1(noarch)0:5.0.1~dev7-8.1(noarch)0:1.4.1~dev7-8.1(noarch)0:11.1.4~dev9-3.7.2(noarch)0:3.3.3~dev4-3.7.2(noarch)0:14.1.1~dev8-3.7.2(noarch)0:7.1.1~dev28-3.7.2(noarch)0:7.3.1~dev3-4.7.2(noarch)0:1.14.2~dev1-6.7.2(noarch)0:1.12.1~dev9-9.1(noarch)0:13.0.5~dev22-3.7.2(noarch)0:5.0.1~dev459-3.7.2(noarch)0:13.0.1~dev14-3.7.2(noarch)0:18.2.2~dev9-3.7.2(noarch)0:3.1.2~dev8-3.7.2(noarch)0:19.0.0-12.1(noarch)0:9.0+git.1566405927.c5c03d4-3.8.2(noarch)0:0.1.0-8.1(noarch)0:2.5.3-4.7.2(noarch)0:5.2.0-8.1(noarch)0:0.3.0-8.1(noarch)0:3.16.2-8.1(noarch)0:0.17.3-8.1(noarch)0:2.8.4-8.1(noarch)0:2.0.2-9.1(noarch)0:13.0.1~dev146-9.1(noarch)0:13.0.1~dev24-8.1(noarch)0:7.0.1~dev18-3.7.2(noarch)0:17.0.1~dev16-3.7.2(noarch)0:14.0.4~dev4-4.7.2(noarch)0:11.1.4~dev9-4.7.2(noarch)0:7.1.1~dev28-4.7.2(noarch)0:7.3.1~dev3-3.7.2(noarch)0:1.8.2~dev3-3.7.2(noarch)0:2.7.1~dev10-3.7.2(noarch)0:13.0.5~dev22-6.7.2(noarch)0:3.1.2~dev8-4.7.2(noarch)0:9.0.2~dev9-3.7.2(noarch)0:2.19.2~dev1-2.4.2(x86_64)0:10.2.25-3.19.2(noarch)0:1.11.23-3.9.1(x86_64)0:1.2.10-3.3.1(noarch)0:1.23-3.6.1(noarch)0:0.14.1-3.3.1(x86_64)0:15.2.1-9.8.1(noarch)0:1.9.6-9.3.1(noarch)0:9.0+git.1568385829.54601ac-3.10.1(noarch)0:9.0+git.1568150980.027f167-3.10.1(noarch)0:9.0+git.1568382922.6f2cea4-3.10.1(noarch)0:9.0+git.1568830037.2eea267-11.1(noarch)0:9.0+git.1567000146.4569d10-3.10.1(noarch)0:9.0+git.1566409257.eec6360-3.10.1(noarch)0:9.0+git.1569535129.ca87ef0-3.10.1(noarch)0:9.0+git.1568835830.10c9689-3.6.1(noarch)0:9.0+git.1567695427.5974ab2-3.10.1(noarch)0:9.0+git.1568817582.a4813e2-3.10.1(noarch)0:9.0+git.1567630824.aa6dc2d-3.10.1(noarch)0:9.0+git.1568362662.7fba216-3.10.1(noarch)0:9.0+git.1566593422.813e56c-4.10.1(noarch)0:9.0+git.1567630791.5ca70a6-3.10.1(noarch)0:9.0+git.1569439941.6800991-3.10.1(noarch)0:9.0+git.1569257240.456c4fc-3.6.1(x86_64)0:6.2.5-3.6.1(noarch)0:1.14.1~dev9-3.6.1(noarch)0:1.1.0-3.3.1(noarch)0:13.0.7~dev16-3.10.2(noarch)0:14.0.4~dev11-3.6.2(noarch)0:7.0.1~dev22-3.10.2(noarch)0:17.0.1~dev30-3.3.2(noarch)0:11.0.3~dev23-3.10.2(noarch)0:1.4.1~dev4-4.6.1(noarch)0:11.1.4~dev15-3.10.2(noarch)0:3.3.3~dev5-3.10.2(noarch)0:14.1.1~dev16-3.10.2(noarch)0:7.3.1~dev6-4.10.2(noarch)0:13.0.5~dev50-3.10.2(noarch)0:5.0.1~dev472-3.10.2(noarch)0:18.2.3~dev22-3.10.2(noarch)0:3.1.2~dev45-3.10.2(noarch)0:9.0.2~dev12-3.3.2(noarch)0:19.0.0-15.2(noarch)0:1.12.1~dev19-4.3.2(noarch)0:9.0+git.1568955483.5f039e4-3.11.1(noarch)0:0.1.0-11.1(noarch)0:1.23-3.9.1(noarch)0:7.0.1~dev18-3.9.1(noarch)0:13.0.7~dev16-3.9.1(noarch)0:7.0.1~dev22-3.9.1(noarch)0:17.0.1~dev30-3.9.1(noarch)0:11.0.3~dev23-3.9.1(noarch)0:14.0.4~dev11-4.9.1(noarch)0:11.1.4~dev15-4.9.1(noarch)0:14.1.1~dev16-3.9.1(noarch)0:7.1.1~dev28-4.9.1(noarch)0:7.3.1~dev6-3.9.1(noarch)0:1.8.2~dev3-3.9.1(noarch)0:2.7.1~dev10-3.9.1(noarch)0:13.0.5~dev50-6.9.1(noarch)0:18.2.3~dev22-3.9.1(noarch)0:3.1.2~dev45-4.9.1(noarch)0:9.0.2~dev12-3.9.1(noarch)0:2.19.2~dev1-2.6.1(noarch)0:9.0+git.1568821007.4e73730-3.13.3(noarch)0:9.0+git.1569869028.8edfc22-3.10.3(noarch)0:9.0+git.1570035317.78077ac-3.10.3(noarch)0:9.0+git.1569444107.add6a40-3.9.3(noarch)0:9.0+git.1571328680.3a89cb8-3.13.3(x86_64)0:6.2.5-3.9.3(noarch)0:13.0.8~dev8-3.13.5(noarch)0:14.0.5~dev1-3.9.4(noarch)0:2.16.2~dev2-3.3.3(noarch)0:14.1.1~dev26-3.13.4(noarch)0:7.3.1~dev15-4.13.4(noarch)0:13.0.6~dev3-3.13.4(noarch)0:13.0.3~dev2-3.6.3(noarch)0:13.0.1~dev15-3.10.3(noarch)0:18.2.4~dev18-3.13.5(noarch)0:3.2.1~dev1-3.13.3(noarch)0:0.1.1-7.3.4(x86_64)0:4.1.8-3.3.3(noarch)0:1.11.24-3.12.3(noarch)0:5.2.1-11.4(noarch)0:1.6.1-3.3.3(noarch)0:2.5.8-3.6.3(noarch)0:1.30.4-3.3.3(noarch)0:8.1.4-3.3.3(noarch)0:7.0.1~dev18-3.11.3(noarch)0:13.0.8~dev8-3.11.3(noarch)0:7.0.1~dev22-3.11.3(noarch)0:17.0.1~dev30-3.11.3(noarch)0:11.0.3~dev23-3.11.3(noarch)0:14.0.5~dev1-4.11.3(noarch)0:14.1.1~dev26-3.11.3(noarch)0:7.1.1~dev28-4.11.3(noarch)0:7.3.1~dev15-3.11.3(noarch)0:1.8.2~dev3-3.11.3(noarch)0:2.7.1~dev10-3.11.3(noarch)0:13.0.6~dev3-6.11.3(noarch)0:18.2.4~dev18-3.11.3(noarch)0:3.2.1~dev1-4.11.3(noarch)0:9.0.2~dev12-3.11.3(noarch)0:2.19.2~dev1-2.8.3(noarch)0:0.13.3-5.10.1(noarch)0:9.0+git.1572311426.a6dc2fd-3.13.1(noarch)0:9.0+git.1573069087.15ffd1c-3.13.1(noarch)0:9.0+git.1572019823.6650494-3.16.1(noarch)0:9.0+git.1572618171.4460843-3.13.1(noarch)0:7.0.1~dev21-3.3.1(noarch)0:0.0.0+git.1553459627.948e8cc-3.3.1(noarch)0:14.1.1~dev28-3.16.1(noarch)0:13.0.6~dev8-3.16.2(noarch)0:5.0.1~dev476-3.13.1(noarch)0:13.0.1~dev16-3.13.1(noarch)0:18.2.4~dev22-3.16.2(noarch)0:3.2.1~dev3-3.16.1(noarch)0:9.0.2~dev14-3.6.1(x86_64)0:5.4.6-3.3.1(noarch)0:9.20191025-3.15.1(noarch)0:7.0.1~dev21-3.13.1(noarch)0:13.0.8~dev8-3.13.1(noarch)0:7.0.1~dev22-3.13.1(noarch)0:11.0.3~dev23-3.13.1(noarch)0:14.1.1~dev28-3.13.1(noarch)0:7.1.1~dev28-4.13.1(noarch)0:7.3.1~dev15-3.13.1(noarch)0:1.8.2~dev3-3.13.1(noarch)0:13.0.6~dev8-6.13.1(noarch)0:18.2.4~dev22-3.13.1(noarch)0:3.2.1~dev3-4.13.1(noarch)0:9.0.2~dev14-3.13.1(x86_64)0:1.6.11-11.3.1(x86_64)0:10.2.29-3.22.1(noarch)0:9.0+git.1587034359.a12678b-3.19.1(noarch)0:9.0+git.1583953599.cd723bb-3.10.1(noarch)0:9.0+git.1585653734.c1fe3b2-3.13.1(noarch)0:9.0+git.1586543314.6b6aa20-3.19.1(noarch)0:9.0+git.1583445435.4bd1793-3.10.1(noarch)0:9.0+git.1584632190.9541c56-3.16.1(noarch)0:9.0+git.1585929695.f35b591-3.10.1(noarch)0:9.0+git.1586769889.d43d736-3.16.1(noarch)0:9.0+git.1586350749.a463fd2-3.13.1(noarch)0:9.0+git.1587667603.507fb50-3.19.1(noarch)0:9.0+git.1587486004.8e99c6b-3.16.1(noarch)0:9.0+git.1586546715.dbd07ab-3.16.1(noarch)0:9.0+git.1587398456.b31cc4a-3.13.1(noarch)0:9.0+git.1586301209.c9413b4-3.12.1(x86_64)0:1.5.17-3.3.1(noarch)0:11.1.1~dev5-3.13.2(noarch)0:13.0.10~dev9-3.19.1(noarch)0:7.0.1~dev25-3.16.2(noarch)0:11.0.3~dev35-3.16.1(noarch)0:11.1.5~dev3-3.16.1(noarch)0:9.0.0-3.6.1(noarch)0:7.4.2~dev4-4.21.1(noarch)0:13.0.8~dev28-3.22.1(noarch)0:18.3.1~dev17-3.22.1(noarch)0:3.2.3~dev2-3.22.1(noarch)0:0.1.3-7.9.2(noarch)0:4.0.3-3.6.2(noarch)0:2.13.2-3.3.2(noarch)0:2.14.3-3.6.1(noarch)0:2.5.4-4.10.1(noarch)0:5.2.2-17.1(noarch)0:0.1.0-3.6.1(noarch)0:11.0.1-3.3.1(noarch)0:1.6.2-3.6.1(noarch)0:3.16.3-11.1(noarch)0:2.5.10-3.9.2(noarch)0:6.4.2-3.3.1(noarch)0:5.14.2-3.3.1(noarch)0:3.36.5-3.3.1(noarch)0:3.6.1-3.3.1(noarch)0:2.1.1-3.3.1(noarch)0:9.20200319-3.18.1(noarch)0:7.0.1~dev24-3.17.1(noarch)0:13.0.10~dev9-3.17.1(noarch)0:7.0.1~dev25-3.17.1(noarch)0:17.0.1~dev30-3.15.1(noarch)0:11.0.3~dev35-3.17.1(noarch)0:14.1.1~dev1-4.16.1(noarch)0:11.1.5~dev3-4.13.1(noarch)0:14.1.1~dev36-3.17.1(noarch)0:7.2.1~dev1-4.17.1(noarch)0:7.4.2~dev4-3.19.1(noarch)0:1.8.2~dev3-3.17.1(noarch)0:2.7.1~dev10-3.15.1(noarch)0:13.0.8~dev28-6.17.1(noarch)0:18.3.1~dev17-3.17.1(noarch)0:3.2.3~dev2-4.17.1(noarch)0:9.0.2~dev15-3.17.1(noarch)0:2.19.2~dev48-2.12.1(noarch)0:3.4.13-3.3.1(x86_64)0:10.2.32-3.28.2(x86_64)0:3.53.1-58.48.1(x86_64)0:4.25-19.15.1(x86_64)0:4.11.4_04-2.30.1(x86_64)0:78.0.1-112.3.1(x86_64)0:78-35.3.1(noarch)0:1.0.22-3.3.1(x86_64)0:3.5.21-26.29.1(noarch)0:9.0.36-3.42.2(noarch)0:2.6.6-49.26.3(x86_64)0:0.18.1-1.6.2(x86_64)0:0.9.0~git.1456906198.f422461-21.27.1(noarch)0:9.0.36-3.45.1(x86_64)0:2.1.17-3.23.1(x86_64)0:4.6.16+git.186.c6d77b0d5a6-3.52.1(noarch)0:4.6.16+git.186.c6d77b0d5a6-3.52.1(x86_64)0:2.28.3-2.56.1(noarch)0:2.28.3-2.56.1(x86_64)0:2.02-12.31.1(noarch)0:2.02-12.31.1(x86_64)0:9.52-23.39.1(x86_64)0:78.1.0-112.8.1(x86_64)0:1.6.2-12.8.1(noarch)0:1.6.2-12.8.1(x86_64)0:1.10-4.5.1(x86_64)0:4.12.14-95.57.1(noarch)0:4.12.14-95.57.1(x86_64)0:4.11.4_06-2.33.1(noarch)0:1.0.18-3.13.1(noarch)0:1.9.6-9.7.2(noarch)0:9.0+git.1591138508.e269bdb-3.22.2(noarch)0:9.0+git.1588181228.bae3b1f-3.13.2(noarch)0:9.0+git.1593631708.9354a78-3.13.2(noarch)0:9.0+git.1589740948.c24fc0b-3.19.2(noarch)0:9.0+git.1591193994.d93b668-3.13.2(noarch)0:9.0+git.1594158642.b5905e4-3.12.2(noarch)0:9.0+git.1589385256.7fbfaaf-3.19.2(noarch)0:9.0+git.1593618110.cbd1a37-3.16.2(noarch)0:9.0+git.1590756257.e09d54f-3.22.2(noarch)0:9.0+git.1590079609.a2ae6ab-3.19.2(noarch)0:9.0+git.1593033709.9495bb2-3.16.2(x86_64)0:6.2.5-3.12.2(x86_64)0:4.6.3-4.3.2(noarch)0:7.0.1~dev24-3.9.5(noarch)0:11.1.1~dev7-3.16.3(noarch)0:13.0.10~dev12-3.22.4(noarch)0:14.1.1~dev6-3.15.5(noarch)0:7.0.2~dev2-3.19.3(noarch)0:0.0.0+git.1582270132.8a20477-3.6.2(noarch)0:11.1.5~dev6-3.19.3(noarch)0:14.2.1~dev4-3.22.3(noarch)0:7.2.1~dev1-3.13.3(noarch)0:7.4.2~dev31-4.24.3(noarch)0:2.8.2~dev5-3.9.3(noarch)0:13.0.8~dev68-3.25.3(noarch)0:2.0.1~dev167-3.3.3(noarch)0:18.3.1~dev38-3.25.4(noarch)0:3.2.3~dev7-3.25.3(noarch)0:0.1.4-7.12.3(noarch)0:1.0+git.1569436425.8b9c49f-5.3.2(noarch)0:1.11.29-3.15.2(x86_64)0:5.2.0-3.3.2(noarch)0:0.0.3-9.3.2(noarch)0:1.16.3-3.3.3(noarch)0:0.2.0-3.3.2(x86_64)0:0.2.0-3.3.2(noarch)0:2.5.10-3.12.3(noarch)0:8.1.4-3.6.2(noarch)0:0.5.2-4.3.2(noarch)0:1.23-3.12.2(noarch)0:1.4.3-3.3.1(noarch)0:9.20200610-3.21.4(noarch)0:7.0.1~dev24-3.19.3(noarch)0:13.0.10~dev12-3.19.2(noarch)0:7.0.2~dev2-3.19.2(noarch)0:17.0.1~dev30-3.17.2(noarch)0:11.0.3~dev35-3.19.2(noarch)0:14.1.1~dev6-4.18.3(noarch)0:11.1.5~dev6-4.15.2(noarch)0:14.2.1~dev4-3.19.2(noarch)0:7.2.1~dev1-4.19.2(noarch)0:7.4.2~dev31-3.21.2(noarch)0:1.8.2~dev3-3.19.2(noarch)0:2.7.1~dev10-3.17.3(noarch)0:13.0.8~dev68-6.19.2(noarch)0:18.3.1~dev38-3.19.3(noarch)0:3.2.3~dev7-4.19.2(noarch)0:9.0.2~dev15-3.19.2(noarch)0:2.19.2~dev48-2.14.2(x86_64)0:0.9.9-17.31.1(x86_64)0:1.6.2-12.12.1(noarch)0:1.6.2-12.12.1(x86_64)0:3.1.1-13.3.6(x86_64)0:2.28.4-2.59.1(noarch)0:2.28.4-2.59.1(x86_64)0:2.2.31-19.22.1(x86_64)0:2.02-12.39.1(noarch)0:2.02-12.39.1(x86_64)0:1.19.6-4.8.1(x86_64)0:1.19.6-4.11.1(x86_64)0:2.4.23-29.63.1(noarch)0:2.4.23-29.63.1(x86_64)0:1.8.0_sr6.15-30.72.1(x86_64)0:3.5.21-26.32.1(x86_64)0:1.6.2-12.15.1(noarch)0:1.6.2-12.15.1(x86_64)0:1.7.1_sr4.70-38.56.1(x86_64)0:78.2.0-112.19.2(x86_64)0:4.12.14-95.60.1(noarch)0:4.12.14-95.60.1(x86_64)0:15+git47-25.11.1(x86_64)0:0.6.36-2.30.1(x86_64)0:1.628-5.3.1(x86_64)0:3.4.10-25.52.1(x86_64)0:2017+git1510945757.b2662641d5-3.29.1(noarch)0:2017+git1510945757.b2662641d5-3.29.1(x86_64)0:4.6.16+git.237.40a3f495f75-3.55.1(noarch)0:4.6.16+git.237.40a3f495f75-3.55.1(x86_64)0:5.6.2-6.25.1(x86_64)0:78.3.0-112.22.1(x86_64)0:4.1.8-3.6.1(x86_64)0:4.11.4_08-2.36.1(x86_64)0:1.628-5.6.1(x86_64)0:1.7.0.271-43.41.1(noarch)0:9.0+git.1596813072.110811d-3.25.2(noarch)0:9.0+git.1596129576.0b3d3ce-3.13.2(noarch)0:9.0+git.1588258487.3acf8ad-3.16.2(noarch)0:9.0+git.1569535129.ca87ef0-3.13.2(noarch)0:9.0+git.1566593422.813e56c-4.13.2(noarch)0:9.0+git.1597427032.a062830-3.19.2(x86_64)0:6.7.4-3.17.1(noarch)0:0.0.9-4.3.3(noarch)0:13.0.10~dev16-3.25.3(noarch)0:14.1.1~dev7-3.18.3(noarch)0:11.1.5~dev16-3.22.3(noarch)0:3.3.4~dev5-3.16.2(noarch)0:7.4.2~dev54-4.27.3(noarch)0:13.0.8~dev95-3.28.3(noarch)0:18.3.1~dev54-3.28.3(noarch)0:3.0.3-4.3.2(x86_64)0:1.2.3-3.3.4(noarch)0:13.0.10~dev16-3.22.3(noarch)0:14.1.1~dev7-4.21.3(noarch)0:11.1.5~dev16-4.17.2(noarch)0:7.4.2~dev54-3.23.2(noarch)0:13.0.8~dev95-6.21.3(noarch)0:18.3.1~dev54-3.21.2(x86_64)0:1.6.0-22.17.1(x86_64)0:0.4.13-18.3.1(x86_64)0:9.11.22-3.22.1(noarch)0:9.11.22-3.22.1(x86_64)0:2.6.3-7.18.1(noarch)0:9.0.1-4.3.1(x86_64)0:4.0.0-8.23.1(x86_64)0:78.4.0-112.28.1(x86_64)0:0.12.8-15.1(x86_64)0:0.33-3.9.1(x86_64)0:4.11.4_10-2.39.2(x86_64)0:4.6.16+git.248.c833312e640-3.58.1(noarch)0:4.6.16+git.248.c833312e640-3.58.1(x86_64)0:1.0.31-4.3.1(noarch)0:3.1-6.3.1(x86_64)0:1.8.0.272-27.48.1(x86_64)0:10.2.1+git583-1.3.5(x86_64)0:20201027-13.76.1(x86_64)0:1.7.0.281-43.44.2(x86_64)0:2.4.41-18.77.1(noarch)0:2.4.41-18.77.1(x86_64)0:1.2-18.77.1(x86_64)0:78.4.1-112.32.1(x86_64)0:12.4-3.5.1(noarch)0:12.0.1-4.4.1(x86_64)0:10.14-4.4.1(noarch)0:10.14-4.4.1(x86_64)0:2.0.15-5.3.1(noarch)0:20190618-5.14.1(x86_64)0:1.12.5-40.40.2(x86_64)0:4.11.4_12-2.42.1(x86_64)0:10.15-4.9.1(noarch)0:10.15-4.9.1(x86_64)0:3.1.11-2.19.1(x86_64)0:10.2.36-3.33.1(noarch)0:10.2.36-3.33.1(x86_64)0:20201118-13.81.1(x86_64)0:5.13-5.23.1(x86_64)0:4.12.14-95.65.1(noarch)0:4.12.14-95.65.1(x86_64)0:78.5.0-112.36.1(x86_64)0:0.9.9-17.34.1(x86_64)0:1.19.6-4.19.1(noarch)0:40.6.2-4.18.1(x86_64)0:3.4.10-25.58.1(x86_64)0:3.10.0.1-54.17.2(noarch)0:3.10.0.1-54.17.2(x86_64)0:2.1.4-7.31.1(x86_64)0:12.5-3.9.3(x86_64)0:1.10.1-55.18.1(x86_64)0:4.11.4_14-2.45.1(x86_64)0:1.0.2p-3.30.1(noarch)0:1.0.2p-3.30.1(x86_64)0:1.1.1d-2.27.1(x86_64)0:2.7.17-28.59.1(noarch)0:2.7.17-28.59.1(x86_64)0:7.2p2-78.10.1(noarch)0:9.0+git.1600802664.7e480a2-3.6.2(noarch)0:9.0+git.1605174486.a78ddce-3.19.2(noarch)0:9.0+git.1601621747.a87e5a0-3.22.2(noarch)0:9.0+git.1603378983.fc0bca9-3.19.2(x86_64)0:6.7.4-3.20.1(x86_64)0:1.3.8-4.3.3(noarch)0:13.0.10~dev20-3.28.2(noarch)0:11.0.4~dev4-3.19.2(noarch)0:12.0.1~dev2-3.3.4(noarch)0:0.0.0+git.1605509190.64f020b6-3.9.3(noarch)0:12.0.1~dev3-3.3.4(noarch)0:3.3.4~dev6-3.19.4(noarch)0:7.4.2~dev57-4.30.2(noarch)0:13.0.8~dev135-3.31.2(noarch)0:12.0.1~dev5-3.19.4(noarch)0:13.0.2~dev6-3.9.2(noarch)0:18.3.1~dev77-3.31.2(noarch)0:2.10.1-3.3.3(noarch)0:4.5.0-4.3.3(noarch)0:3.7.4-3.3.3(noarch)0:1.23-3.15.3(noarch)0:9.20200917-3.24.3(noarch)0:2.2.3-5.3.3(noarch)0:7.0.1~dev24-3.21.2(noarch)0:13.0.10~dev20-3.24.2(noarch)0:7.0.2~dev2-3.21.2(noarch)0:17.0.1~dev30-3.19.2(noarch)0:11.0.4~dev4-3.21.2(noarch)0:14.1.1~dev7-4.23.2(noarch)0:11.1.5~dev16-4.19.2(noarch)0:14.2.1~dev4-3.21.2(noarch)0:7.2.1~dev1-4.21.2(noarch)0:7.4.2~dev57-3.25.2(noarch)0:1.8.2~dev3-3.21.2(noarch)0:2.7.1~dev10-3.19.2(noarch)0:13.0.8~dev135-6.23.2(noarch)0:18.3.1~dev77-3.23.2(noarch)0:3.2.3~dev7-4.21.2(noarch)0:9.0.2~dev15-3.21.2(noarch)0:2.19.2~dev48-2.16.2(x86_64)0:78.6.0-112.39.1(x86_64)0:4.11.4_16-2.48.1(x86_64)0:0.103.0-33.32.1(x86_64)0:2.1.26-8.13.1(x86_64)0:2.78-18.12.1(x86_64)0:10.2.31-3.25.1(noarch)0:9.0+git.1581611758.f694f7d-3.16.1(noarch)0:9.0+git.1579256229.c8b4b38-3.10.1(noarch)0:9.0+git.1574950066.a3c4be4-3.10.1(noarch)0:9.0+git.1578936438.b9a9b95-3.16.1(noarch)0:9.0+git.1575562864.8ed5e10-3.13.1(noarch)0:9.0+git.1580403439.d425462-3.13.1(noarch)0:9.0+git.1579273481.4b8c46f-3.13.1(noarch)0:9.0+git.1581024903.8e74867-3.10.1(noarch)0:9.0+git.1580304673.6c668eb-3.16.1(noarch)0:9.0+git.1576074489.62de7e2-3.13.1(noarch)0:9.0+git.1580235830.0dca223-3.13.1(noarch)0:9.0+git.1578932816.e299c08-3.10.1(noarch)0:9.0+git.1575296665.3fdfe45-3.9.1(x86_64)0:2.0.19-3.3.1(noarch)0:7.0.1~dev24-3.6.4(noarch)0:11.0.2~dev21-3.10.3(noarch)0:13.0.9~dev11-3.16.3(noarch)0:14.1.1~dev1-3.12.2(noarch)0:2018.2+git.1555335229.5c8dec9-3.3.1(noarch)0:7.0.1~dev23-3.13.3(noarch)0:11.0.3~dev31-3.13.3(noarch)0:7.0.1~dev8-3.6.1(noarch)0:3.3.1~dev14-3.3.1(noarch)0:5.0.1~dev8-11.1(noarch)0:2.0.2~dev1-1.3.2(noarch)0:11.1.4~dev22-3.13.2(noarch)0:3.3.3~dev6-3.13.2(noarch)0:14.1.1~dev36-3.19.3(noarch)0:7.2.1~dev1-3.10.3(noarch)0:2.8.1~dev13-3.6.2(noarch)0:13.0.7~dev48-3.19.3(noarch)0:13.0.3~dev4-3.9.2(noarch)0:5.0.1~dev491-3.16.1(noarch)0:13.0.2~dev6-3.6.2(noarch)0:18.2.4~dev63-3.19.3(noarch)0:3.2.2~dev8-3.19.1(noarch)0:0.1.2-7.6.3(noarch)0:9.0.2~dev15-3.9.2(noarch)0:2.19.2~dev48-3.3.1(noarch)0:2.4.2-4.3.1(noarch)0:2.14.2-3.3.1(noarch)0:3.10.1~dev10-3.3.1(noarch)0:3.17.1~dev5-3.3.1(noarch)0:5.2.2~dev3-14.2(x86_64)0:2.9.0-3.3.1(noarch)0:9.0.1574431436.987b47d-3.6.1(noarch)0:7.0.1~dev24-3.15.1(noarch)0:13.0.9~dev11-3.15.1(noarch)0:7.0.1~dev23-3.15.1(noarch)0:17.0.1~dev30-3.13.1(noarch)0:11.0.3~dev31-3.15.1(noarch)0:14.1.1~dev1-4.14.2(noarch)0:11.1.4~dev22-4.11.1(noarch)0:14.1.1~dev36-3.15.1(noarch)0:7.2.1~dev1-4.15.1(noarch)0:7.3.1~dev15-3.15.1(noarch)0:1.8.2~dev3-3.15.1(noarch)0:2.7.1~dev10-3.13.1(noarch)0:13.0.7~dev48-6.15.1(noarch)0:18.2.4~dev63-3.15.1(noarch)0:3.2.2~dev8-4.15.1(noarch)0:9.0.2~dev15-3.15.1(noarch)0:2.19.2~dev48-2.10.1(noarch)0:7.3.1~dev15-4.18.2(noarch)0:7.3.1~dev15-3.17.3(x86_64)0:16.21.2-2.45.1(x86_64)0:0.5-10.10.1(x86_64)0:3.4.5-44.13.1(x86_64)0:2.22-114.8.3(noarch)0:2.22-114.8.3(x86_64)0:1.19.6-4.22.1(x86_64)0:0.103.2-33.35.1(x86_64)0:2.11.2-5.29.1(noarch)0:1.0.0+-5.29.1(noarch)0:1.11.0_0_g63451fc-5.29.1(noarch)0:8-5.29.1(x86_64)0:4.11.4_16-2.51.1(x86_64)0:1.8.20p2-3.23.1(x86_64)0:78.10.0-112.57.2(x86_64)0:2.7.1-13.3.1(x86_64)0:3.10.0.1-54.20.1(noarch)0:3.10.0.1-54.20.1(x86_64)0:20170707-3.27.1(x86_64)0:1.7.0.291-43.47.3(x86_64)0:1.7.5-20.36.1(x86_64)0:9.11.22-3.34.1(noarch)0:9.11.22-3.34.1(x86_64)0:4.6.16+git.282.cfafed5922a-3.61.1(noarch)0:4.6.16+git.282.cfafed5922a-3.61.1(x86_64)0:0.6.32-32.15.1(noarch)0:0.6.32-32.15.1(x86_64)0:4.12.14-95.74.1(noarch)0:4.12.14-95.74.1(x86_64)0:3.4.10-25.71.1(x86_64)0:3.5.25.3-5.9.1(x86_64)0:2.28.0-29.6.1(x86_64)0:4.11.4_18-2.54.1(x86_64)0:2.9.4-46.43.1(noarch)0:2.9.4-46.43.1(x86_64)0:2.78-18.15.1(x86_64)0:1.3.0-12.3.1(noarch)0:0.19.0-8.3.4(x86_64)0:7.60.0-4.20.1(x86_64)0:2.2.31-19.25.1(x86_64)0:3.5.25.3-5.12.1(x86_64)0:4.3.3-10.22.1(x86_64)0:0.4.3-4.7.1(x86_64)0:0.113-5.21.1(x86_64)0:1.8.3-18.3.5(noarch)0:1.8.3-18.3.5(x86_64)0:78.11.0-112.62.1(x86_64)0:4.12.14-95.77.1(noarch)0:4.12.14-95.77.1(x86_64)0:1.6.2-12.21.1(noarch)0:1.6.2-12.21.1(x86_64)0:1.7.1_sr4.75-38.59.1(x86_64)0:2.4.0-3.14.1(x86_64)0:0.12.8-18.1(x86_64)0:20210525-13.90.1(x86_64)0:5.2.0-3.8.1(x86_64)0:0.4.21-8.3.1(x86_64)0:2.11.2-5.32.1(noarch)0:1.0.0+-5.32.1(noarch)0:1.11.0_0_g63451fc-5.32.1(noarch)0:8-5.32.1(x86_64)0:3.0.15-2.20.1(noarch)0:9.0+git.1615223676.777f0b3-3.25.2(noarch)0:9.0+git.1618235096.90974ed-3.10.2(x86_64)0:3.11.10-3.3.3(x86_64)0:6.7.4-3.23.2(x86_64)0:4.6.6-4.9.2(noarch)0:14.1.1~dev11-3.24.6(noarch)0:11.1.5~dev17-3.25.5(noarch)0:13.0.8~dev164-3.37.4(noarch)0:12.0.1~dev29-3.25.3(noarch)0:18.3.1~dev82-3.37.6(noarch)0:1.11.29-3.25.1(noarch)0:1.3.1-1.3.2(noarch)0:1.5.4-3.3.2(noarch)0:4.5.0-4.6.2(noarch)0:1.0.18-1.3.2(noarch)0:7.0.1~dev24-3.23.1(noarch)0:13.0.10~dev20-3.26.1(noarch)0:7.0.2~dev2-3.23.1(noarch)0:17.0.1~dev30-3.21.1(noarch)0:11.0.4~dev4-3.23.1(noarch)0:14.1.1~dev11-4.27.3(noarch)0:11.1.5~dev17-4.21.2(noarch)0:14.2.1~dev4-3.24.3(noarch)0:7.2.1~dev1-4.23.1(noarch)0:7.4.2~dev60-3.29.1(noarch)0:1.8.2~dev3-3.23.2(noarch)0:2.7.1~dev10-3.21.1(noarch)0:13.0.8~dev164-6.27.3(noarch)0:18.3.1~dev82-3.27.3(noarch)0:3.2.3~dev7-4.23.1(noarch)0:9.0.2~dev15-3.23.1(noarch)0:2.19.2~dev48-2.18.1(x86_64)0:1.8.0.292-27.60.1(x86_64)0:6.8.8.1-71.154.1(x86_64)0:2.32.1-2.63.3(noarch)0:2.32.1-2.63.3(x86_64)0:2.4.23-29.74.1(noarch)0:2.4.23-29.74.1(x86_64)0:308-5.3.1(x86_64)0:2.7.1-13.6.1(x86_64)0:2017+git1510945757.b2662641d5-3.38.1(noarch)0:2017+git1510945757.b2662641d5-3.38.1(x86_64)0:1.6.1-16.77.1(x86_64)0:2.1.0-6.34.1(x86_64)0:13.1-3.3.1(noarch)0:13-4.7.1(x86_64)0:2.1a15-159.9.1(x86_64)0:0.6.37-2.33.1(x86_64)0:16.21.4-2.51.1(noarch)0:2.24.0-8.14.3(noarch)0:1.25.10-3.29.1(noarch)0:3.4.2-4.4.1(x86_64)0:1.8.20p2-3.20.1(noarch)0:9.0.1-4.6.1(x86_64)0:78.12.0-112.65.1(x86_64)0:78.7.0-112.45.1(x86_64)0:4.12.14-95.80.1(noarch)0:4.12.14-95.80.1(x86_64)0:228-150.98.1(noarch)0:228-150.98.1(x86_64)0:7.60.0-4.25.1(x86_64)0:1.4-15.3.1(x86_64)0:2.11.2-5.35.1(noarch)0:1.0.0+-5.35.1(noarch)0:1.11.0_0_g63451fc-5.35.1(noarch)0:8-5.35.1(x86_64)0:1.8.22-29.21.1(x86_64)0:2.32.3-2.66.1(noarch)0:2.32.3-2.66.1(x86_64)0:1.0.25-36.23.1(x86_64)0:3.5.25.3-5.19.2(x86_64)0:5.2.0-3.11.1(x86_64)0:10.2.39-3.36.1(noarch)0:10.2.39-3.36.1(x86_64)0:2.11-36.9.1(noarch)0:2.11-36.9.1(x86_64)0:1.9.1-9.7.1(x86_64)0:78.13.0-112.68.1(x86_64)0:6.3.26-13.12.1(x86_64)0:2.11-36.12.1(noarch)0:2.11-36.12.1(x86_64)0:1.8.0.302-27.63.2(x86_64)0:2.11-36.15.1(noarch)0:2.11-36.15.1(x86_64)0:5.3.1-28.6.1(x86_64)0:1.0.2p-3.39.3(noarch)0:1.0.2p-3.39.3(x86_64)0:1.1.1d-2.36.2(x86_64)0:5.6.1-4.5.1(x86_64)0:0.60.6.1-18.11.1(noarch)0:5.1.42-5.7.1(x86_64)0:2.1.0-6.37.1(x86_64)0:1.0.6-17.3.1(x86_64)0:5.22-10.21.1(x86_64)0:4.11.4_20-2.60.1(x86_64)0:2.8.10-4.23.1(x86_64)0:1.0.2p-3.42.2(noarch)0:1.0.2p-3.42.2(x86_64)0:1.1.1d-2.39.2(x86_64)0:10.2.40-3.39.1(noarch)0:10.2.40-3.39.1(noarch)0:9.0.36-3.58.1(x86_64)0:3.68-58.54.1(x86_64)0:4.32-19.18.1(x86_64)0:3.2.8a-2.17.1(x86_64)0:0.6.0-11.3.1(x86_64)0:9.52-23.42.1(x86_64)0:0.2.7-12.12.1(x86_64)0:91.1.0-112.71.1(x86_64)0:91-35.6.6(x86_64)0:1.8.0_sr6.20-30.78.1(x86_64)0:3.36.0-9.18.1(x86_64)0:5.2.0-3.14.1(noarch)0:1.25.10-3.31.2(x86_64)0:2.22-114.15.1(noarch)0:2.22-114.15.1(x86_64)0:2.32.4-2.71.2(noarch)0:2.32.4-2.71.2(x86_64)0:2.4.23-29.80.1(noarch)0:2.4.23-29.80.1(x86_64)0:7.60.0-4.30.1(noarch)0:1.23-3.18.1(x86_64)0:3.4.10-25.63.2(x86_64)0:3.4.10-25.63.1(x86_64)0:91.2.0-112.74.1(x86_64)0:5.3.1-14.3.1(noarch)0:8.0.25-5.10.1(x86_64)0:5.1.3-26.16.1(noarch)0:5.1.3-26.16.1(x86_64)0:10.18-4.19.6(noarch)0:10.18-4.19.6(x86_64)0:0.13.0-3.19.1(x86_64)0:3.2.8b-2.20.1(x86_64)0:2.37-9.39.1(x86_64)0:2.0.1-13.1(noarch)0:9.0.36-3.71.1(x86_64)0:2.11.2-5.40.2(noarch)0:1.0.0+-5.40.2(noarch)0:1.11.0_0_g63451fc-5.40.2(noarch)0:8-5.40.2(x86_64)0:2.37-9.44.1(x86_64)0:8.45-8.7.1(noarch)0:20140730-36.5.2(x86_64)0:91.3.0-112.80.2(noarch)0:9.0+git.1628097238.f6cbb0e-3.29.1(noarch)0:9.0+git.1627995376.30bdf85-3.25.1(x86_64)0:1.3.8-4.6.1(x86_64)0:4.6.6-4.12.1(noarch)0:13.0.10~dev23-3.31.2(noarch)0:7.1.1~dev6-3.3.2(noarch)0:12.0.1~dev4-3.6.1(noarch)0:0.0.0+git.1628179051.7d761bff-3.12.1(noarch)0:12.0.1~dev5-3.6.1(noarch)0:14.2.1~dev7-3.25.2(noarch)0:14.0.1~dev19-3.28.1(noarch)0:18.3.1~dev91-3.40.1(noarch)0:0.20.0-8.3.1(noarch)0:7.0.1~dev24-3.25.1(noarch)0:13.0.10~dev23-3.28.1(noarch)0:7.0.2~dev2-3.25.1(noarch)0:17.0.1~dev30-3.23.1(noarch)0:11.0.4~dev4-3.25.1(noarch)0:14.1.1~dev11-4.29.1(noarch)0:11.1.5~dev17-4.23.1(noarch)0:14.2.1~dev7-3.26.1(noarch)0:7.2.1~dev1-4.25.1(noarch)0:7.4.2~dev60-3.31.1(noarch)0:1.8.2~dev3-3.25.1(noarch)0:2.7.1~dev10-3.23.1(noarch)0:13.0.8~dev164-6.29.1(noarch)0:18.3.1~dev91-3.29.1(noarch)0:3.2.3~dev7-4.25.1(noarch)0:9.0.2~dev15-3.25.1(noarch)0:2.19.2~dev48-2.20.1(x86_64)0:4.6.16+git.307.b3899d08cc6-3.64.2(noarch)0:4.6.16+git.307.b3899d08cc6-3.64.2(x86_64)0:14.1-3.3.1(noarch)0:14-4.10.1(x86_64)0:10.19-4.22.1(noarch)0:10.19-4.22.1(x86_64)0:2.32.4-2.74.5(noarch)0:2.32.4-2.74.5(x86_64)0:1.8.0.312-27.66.1(x86_64)0:1.7.0.321-43.53.2(x86_64)0:2.1.9-19.6.1(x86_64)0:4.11.4_24-2.65.1(x86_64)0:0.103.4-33.41.1(x86_64)0:2.34.1-2.77.1(noarch)0:2.34.1-2.77.1(x86_64)0:7.2p2-78.13.1(x86_64)0:3.68.1-58.57.1(x86_64)0:4.12.14-95.83.2(noarch)0:4.12.14-95.83.2(x86_64)0:91.4.0-112.83.1(x86_64)0:2.48.2-6.3.1(noarch)0:2.48.2-6.3.1(x86_64)0:1.19.6-4.25.1(x86_64)0:1.2.3-3.5.1(noarch)0:2.7.1~dev10-3.25.1(noarch)0:1.2.15-126.6.1(x86_64)0:1.19.6-4.28.1(x86_64)0:4.6.16+git.313.502515a5bfc-3.67.2(noarch)0:4.6.16+git.313.502515a5bfc-3.67.2(x86_64)0:4.1-5.9.1(noarch)0:2.4.2-6.3.1(x86_64)0:0.10.2.2-3.2.1(x86_64)0:2.4.1-7.3.1(noarch)0:2.8.2~dev5-3.12.1(noarch)0:1.12.1~dev9-12.2(noarch)0:2.1.1-5.3.1(noarch)0:7.0.1~dev24-3.27.1(noarch)0:13.0.10~dev23-3.30.1(noarch)0:7.0.2~dev2-3.27.1(noarch)0:17.0.1~dev30-3.25.1(noarch)0:11.0.4~dev4-3.27.1(noarch)0:14.1.1~dev11-4.31.1(noarch)0:11.1.5~dev17-4.25.1(noarch)0:14.2.1~dev7-3.28.1(noarch)0:7.2.1~dev1-4.27.1(noarch)0:7.4.2~dev60-3.33.1(noarch)0:1.8.2~dev3-3.27.1(noarch)0:2.7.1~dev10-3.27.1(noarch)0:13.0.8~dev164-6.31.1(noarch)0:18.3.1~dev91-3.31.1(noarch)0:3.2.3~dev7-4.27.1(noarch)0:9.0.2~dev15-3.27.1(noarch)0:2.19.2~dev48-2.22.1(noarch)0:3.4.13-3.6.1(x86_64)0:10.2.41-3.44.3(noarch)0:10.2.41-3.44.3(x86_64)0:2.7.17-28.64.1(noarch)0:2.7.17-28.64.3(x86_64)0:4.12.14-95.68.1(noarch)0:4.12.14-95.68.1(x86_64)0:2.6-15.13.1(x86_64)0:2.8.10-4.26.1(x86_64)0:1.900.14-195.25.1(x86_64)0:4.0.4-23.6.1(noarch)0:9.0+git.1611600773.5f1de5f-3.22.1(noarch)0:9.0+git.1610491814.38661c2-3.16.1(noarch)0:9.0+git.1610490922.d5f9813-3.16.1(noarch)0:9.0+git.1610547641.d79ecfd-3.22.1(noarch)0:9.0+git.1611867924.eb82818-4.16.1(noarch)0:9.0+git.1610634027.5934cf8-3.25.1(x86_64)0:4.6.3-4.6.1(noarch)0:14.1.1~dev10-3.21.3(noarch)0:7.4.2~dev60-4.33.2(noarch)0:13.0.8~dev147-3.34.2(noarch)0:12.0.1~dev16-3.22.2(noarch)0:18.3.1~dev78-3.34.2(noarch)0:1.11.29-3.18.2(noarch)0:9.20201214-3.27.2(noarch)0:14.1.1~dev10-4.25.2(noarch)0:7.4.2~dev60-3.27.2(noarch)0:13.0.8~dev147-6.25.2(noarch)0:18.3.1~dev78-3.25.2(x86_64)0:9.11.22-3.29.1(noarch)0:9.11.22-3.29.1(x86_64)0:1.7.1_sr4.80-38.62.1(x86_64)0:1.0.3-3.6.1(x86_64)0:1.8.0.282-27.56.2(noarch)0:2.10.1-3.6.1(x86_64)0:1.8.0_sr6.25-30.81.1(x86_64)0:0.7.8.2-12.27.2(x86_64)0:2.0.876-12.27.2(noarch)0:3.44-5.3.1(x86_64)0:78.8.0-112.51.1(x86_64)0:2.3.1-3.3.1(x86_64)0:2.1.4-7.34.1(x86_64)0:2.02-12.47.1(noarch)0:2.02-12.47.1(x86_64)0:2.4.41-18.83.1(noarch)0:2.4.41-18.83.1(x86_64)0:1.2-18.83.1(x86_64)0:1.0.2p-3.36.1(noarch)0:1.0.2p-3.36.1(x86_64)0:4.12.14-95.71.1(noarch)0:4.12.14-95.71.1(x86_64)0:2.6-15.16.1(x86_64)0:1.1.1d-2.30.1(x86_64)0:2.26.2-27.43.1(x86_64)0:2.7.18-28.67.1(noarch)0:2.7.18-28.67.1(x86_64)0:78.6.1-112.42.1(noarch)0:2.48.2-12.22.1(x86_64)0:2.48.2-12.22.1(x86_64)0:4.60.99-5.9.1(x86_64)0:1.39.2-3.5.1(x86_64)0:1.1.1d-2.33.1(noarch)0:9.0.36-3.64.1(x86_64)0:78.9.0-112.54.1(x86_64)0:2.3.8-16.29.1(x86_64)0:1.7.1_sr5.5-38.68.1(x86_64)0:1.8.0_sr7.5-30.87.1(noarch)0:1.11.29-3.30.1(x86_64)0:1.2.11-3.6.1(x86_64)0:1.8.0_sr7.0-30.84.1(x86_64)0:2.29.2-9.17.1(noarch)0:2.29.2-9.17.1(x86_64)0:3.68.3-58.69.1(x86_64)0:91.8.0-112.98.1(x86_64)0:2.1.0-4.15.1(x86_64)0:2.7.18-33.8.1(noarch)0:2.7.18-33.8.1(noarch)0:8.0.25-5.13.1(x86_64)0:91.5.0-112.86.1(x86_64)0:5.0.5-6.7.1(noarch)0:5.0.5-6.7.1(x86_64)0:0.6.22-8.13.1(noarch)0:9.0.36-3.87.1(x86_64)0:1.16.1-4.40.1(x86_64)0:4.12.14-95.96.1(noarch)0:4.12.14-95.96.1(x86_64)0:1.6-9.6.2(x86_64)0:4.11.4_28-2.73.1(x86_64)0:2.78-18.18.1(x86_64)0:2.26.2-27.52.1(x86_64)0:2.9.4-46.49.1(noarch)0:2.9.4-46.49.1(x86_64)0:1.2.15-15.17.1(noarch)0:2.8.2~dev5-3.15.1(noarch)0:2.2.3-5.6.1(noarch)0:2.7.1~dev10-3.29.1(noarch)0:3.4.13-3.9.1(x86_64)0:2.34.3-2.82.1(noarch)0:2.34.3-2.82.1(x86_64)0:6.9-13.20.1(x86_64)0:0.16-20.15.1(x86_64)0:15.2.1-9.14.1(x86_64)0:91.9.0-112.104.1(x86_64)0:5.0.5-6.12.2(x86_64)0:1.7.1_sr5.0-38.65.1(x86_64)0:1.6-9.9.1(x86_64)0:2.36.0-2.96.1(noarch)0:2.36.0-2.96.1(x86_64)0:1.43.8-3.17.1(noarch)0:9.0+git.1644879908.8a641c1-3.13.1(x86_64)0:6.7.4-3.26.1(noarch)0:7.0.1~dev24-3.14.1(noarch)0:13.0.10~dev24-3.34.2(noarch)0:14.0.1~dev4-3.9.1(noarch)0:14.0.1~dev3-3.9.1(noarch)0:11.1.5~dev18-3.28.2(noarch)0:14.2.1~dev9-3.28.2(noarch)0:13.0.8~dev206-3.40.1(noarch)0:14.0.1~dev33-3.31.1(x86_64)0:5.2.0-3.17.1(noarch)0:1.13.0.1-4.3.1(x86_64)0:4.2.4-3.3.1(noarch)0:9.20220413-3.30.1(noarch)0:7.0.1~dev24-3.35.2(noarch)0:13.0.10~dev24-3.38.1(noarch)0:7.0.2~dev2-3.35.1(noarch)0:17.0.1~dev30-3.33.1(noarch)0:11.0.4~dev4-3.35.1(noarch)0:14.1.1~dev11-4.39.1(noarch)0:11.1.5~dev18-4.33.1(noarch)0:14.2.1~dev9-3.36.1(noarch)0:7.2.1~dev1-4.35.1(noarch)0:7.4.2~dev60-3.41.1(noarch)0:1.8.2~dev3-3.35.1(noarch)0:2.7.1~dev10-3.37.1(noarch)0:13.0.8~dev206-6.39.1(noarch)0:18.3.1~dev91-3.39.1(noarch)0:3.2.3~dev7-4.35.1(noarch)0:9.0.2~dev15-3.35.1(noarch)0:2.19.2~dev48-2.30.1(x86_64)0:20220510-13.97.1(x86_64)0:91.9.0-112.108.4(noarch)0:2.48.2-12.28.1(x86_64)0:2.48.2-12.28.1(x86_64)0:2.4.41-22.10.1(noarch)0:2.4.41-22.10.1(x86_64)0:1.2-22.10.1(x86_64)0:2.1.0-21.12.1(x86_64)0:10.21-4.28.3(noarch)0:10.21-4.28.3(x86_64)0:91.9.1-112.111.1(noarch)0:2.11.1-6.31.1(x86_64)0:2.9.4-46.54.3(noarch)0:2.9.4-46.54.3(x86_64)0:10.34-1.7.1(noarch)0:20190618-5.25.2(x86_64)0:2.9-15.22.1(x86_64)0:14.3-3.9.3(x86_64)0:6.8.8.1-71.172.1(x86_64)0:2.1.17-3.26.1(x86_64)0:0.113-5.24.1(x86_64)0:1.2.15-3.6.3(x86_64)0:91.10.0-112.114.1(x86_64)0:5.1.3-26.20.1(noarch)0:5.1.3-26.20.1(x86_64)0:3.68.4-58.72.1(x86_64)0:2.02-143.2(noarch)0:2.02-143.2(x86_64)0:4.12.14-95.99.3(noarch)0:4.12.14-95.99.2(x86_64)0:4.12.14-95.99.2(x86_64)0:2.36.3-2.99.1(noarch)0:2.36.3-2.99.1(x86_64)0:2.4.23-29.91.1(noarch)0:2.4.23-29.91.1(x86_64)0:1.0.2p-3.53.1(noarch)0:1.0.2p-3.53.1(x86_64)0:15.2.1-9.17.1(noarch)0:1.2.15-126.9.1(x86_64)0:1.3.0-1.15.3(x86_64)0:0.5-10.12.1(x86_64)0:10.2.44-3.50.1(noarch)0:10.2.44-3.50.1(x86_64)0:3.4.10-25.93.1(x86_64)0:1.0.2p-3.56.1(noarch)0:1.0.2p-3.56.1(x86_64)0:1.1.1d-2.66.1(x86_64)0:2.0.8_k4.12.14_95.99-4.9.1(x86_64)0:2.7.18-33.11.1(noarch)0:2.7.18-33.11.1(x86_64)0:12.0.2-10.36.1(x86_64)0:17.11.7-5.12.1(x86_64)0:17.11.7_k4.12.14_95.99-5.12.1(x86_64)0:91.11.0-112.119.1(x86_64)0:1.1.1d-2.69.1(x86_64)0:7.2.1-4.14.1(x86_64)0:7.2.1_k4.12.14_95.99-4.14.1(x86_64)0:8.24.0-3.58.2(x86_64)0:8.45-8.12.1(x86_64)0:1.19.6-4.31.1(x86_64)0:3.5.21-26.35.1(x86_64)0:4.12.14-95.102.1(noarch)0:4.12.14-95.102.1(x86_64)0:2.36.4-2.102.1(noarch)0:2.36.4-2.102.1(x86_64)0:0.29.0-23.8.1(x86_64)0:2.0.24-9.11.1(noarch)0:2.0.24-9.11.1(x86_64)0:1.8.0.332-27.75.2(x86_64)0:3.79-58.75.1(x86_64)0:4.34-19.21.1(x86_64)0:2.26.2-27.57.1(x86_64)0:1.7.1_sr5.10-38.71.1(x86_64)0:1.8.0_sr7.10-30.90.1(x86_64)0:4.11.4_30-2.76.1(x86_64)0:10.34-1.10.1(x86_64)0:4.6.16+git.324.6bba9ddab76-3.73.1(noarch)0:4.6.16+git.324.6bba9ddab76-3.73.1(x86_64)0:91.12.0-112.124.1(x86_64)0:2.2.31-19.29.1(x86_64)0:7.1.1-3.8.1(x86_64)0:4.6.16+git.320.a2d80a7efef-3.70.1(noarch)0:4.6.16+git.320.a2d80a7efef-3.70.1(x86_64)0:0.2.0-12.3.1(noarch)0:2.5.1-3.3.1(x86_64)0:4.12.14-95.105.1(noarch)0:4.12.14-95.105.1(x86_64)0:15.2.1-9.20.1(x86_64)0:7.60.0-4.38.1(x86_64)0:1.8.0.345-27.78.1(x86_64)0:20220809-13.101.1(x86_64)0:1.2.11-3.9.1(noarch)0:1.11.29-3.37.1(noarch)0:7.0.1~dev24-3.30.1(noarch)0:13.0.10~dev23-3.33.1(noarch)0:7.0.2~dev2-3.30.1(noarch)0:17.0.1~dev30-3.28.1(noarch)0:11.0.4~dev4-3.30.1(noarch)0:14.1.1~dev11-4.34.2(noarch)0:11.1.5~dev17-4.28.1(noarch)0:14.2.1~dev7-3.31.1(noarch)0:7.2.1~dev1-4.30.1(noarch)0:7.4.2~dev60-3.36.1(noarch)0:1.8.2~dev3-3.30.1(noarch)0:2.7.1~dev10-3.32.1(noarch)0:13.0.8~dev164-6.34.1(noarch)0:18.3.1~dev91-3.34.1(noarch)0:3.2.3~dev7-4.30.1(noarch)0:9.0.2~dev15-3.30.1(noarch)0:2.19.2~dev48-2.25.1(x86_64)0:3.1.0-13.19.1(x86_64)0:1.7.1_sr5.15-38.74.1(x86_64)0:1.8.0_sr7.11-30.93.1(x86_64)0:5.13-5.26.1(x86_64)0:0.6.11-12.6.45(x86_64)0:1.8.3-16.6.2(noarch)0:1.8.3-16.6.2(x86_64)0:10.22-4.31.1(noarch)0:10.22-4.31.1(x86_64)0:2.36.5-2.107.2(noarch)0:2.36.5-2.107.2(x86_64)0:12.1.0-4.45.1(x86_64)0:5.7.3-6.9.1(x86_64)0:0.12.1-4.3.1(x86_64)0:91.13.0-112.127.4(x86_64)0:5.2.4-9.3.1(x86_64)0:2.36.7-2.110.1(noarch)0:2.36.7-2.110.1(x86_64)0:0.103.7-33.50.1(x86_64)0:1.8.0_sr7.15-30.96.1(x86_64)0:2.1.3-3.8.1(noarch)0:2.1.3-3.8.1(noarch)0:14-4.17.2(x86_64)0:2.0.19-3.6.1(x86_64)0:14.5-3.14.9(x86_64)0:102.2.0-112.130.1(x86_64)0:102-35.9.1(x86_64)0:4.12.14-95.108.1(noarch)0:4.12.14-95.108.1(x86_64)0:4.11.4_26-2.68.1(noarch)0:9.0+git.1660748476.c118d23-3.32.1(noarch)0:9.0+git.1660747489.119efcd-3.19.1(noarch)0:9.0+git.1651855288.a2341ad-3.22.1(x86_64)0:6.7.4-3.29.1(noarch)0:0.0.0+git.1654529662.75fa04a7-3.15.1(noarch)0:14.0.1~dev4-3.12.1(noarch)0:14.0.1~dev46-3.34.1(noarch)0:18.3.1~dev92-3.43.1(noarch)0:1.11.29-3.40.1(x86_64)0:3.6.16-4.3.1(noarch)0:11.0.4~dev4-3.37.1(noarch)0:14.1.1~dev11-4.41.1(noarch)0:13.0.8~dev206-6.41.1(noarch)0:18.3.1~dev92-3.41.1(x86_64)0:1.0.25-36.26.1(x86_64)0:3.39.3-9.23.1(x86_64)0:102.3.0-112.133.1(x86_64)0:2.1.0-21.25.1(x86_64)0:1.0.3-3.9.1(x86_64)0:2.36.8-2.113.1(noarch)0:2.36.8-2.113.1(x86_64)0:9.11.22-3.43.1(noarch)0:9.11.22-3.43.1(x86_64)0:3.4.10-25.96.1(x86_64)0:3.5.21-26.38.1(noarch)0:2.4.2-6.6.1(x86_64)0:0.10.2.2-3.5.1(x86_64)0:2.4.1-7.6.1(noarch)0:2.8.2~dev5-3.18.1(noarch)0:1.12.1~dev9-15.1(noarch)0:2.1.1-5.6.1(noarch)0:2.2.3-5.9.2(x86_64)0:1.2.3-3.8.1(noarch)0:7.0.1~dev24-3.33.1(noarch)0:13.0.10~dev23-3.36.1(noarch)0:7.0.2~dev2-3.33.1(noarch)0:17.0.1~dev30-3.31.1(noarch)0:11.0.4~dev4-3.33.1(noarch)0:14.1.1~dev11-4.37.1(noarch)0:11.1.5~dev17-4.31.1(noarch)0:14.2.1~dev7-3.34.1(noarch)0:7.2.1~dev1-4.33.1(noarch)0:7.4.2~dev60-3.39.1(noarch)0:1.8.2~dev3-3.33.1(noarch)0:2.7.1~dev10-3.35.2(noarch)0:13.0.8~dev164-6.37.1(noarch)0:18.3.1~dev91-3.37.1(noarch)0:3.2.3~dev7-4.33.1(noarch)0:9.0.2~dev15-3.33.1(noarch)0:2.19.2~dev48-2.28.1(noarch)0:3.4.13-3.12.1(noarch)0:9.4-3.6.3(x86_64)0:2.7.18-33.14.1(x86_64)0:2.7.18-33.14.2(noarch)0:2.7.18-33.14.2(x86_64)0:0.103.5-33.44.1(noarch)0:1.4.3-3.6.1(x86_64)0:4.12.14-95.111.1(noarch)0:4.12.14-95.111.1(x86_64)0:4.0.9-44.56.1(x86_64)0:1.3.0-24.3.1(noarch)0:1.0.7-4.3.1(x86_64)0:4.12.14-95.88.1(noarch)0:4.12.14-95.88.1(x86_64)0:0.7.3+177+suse.b16d5dc-2.23.1(x86_64)0:2.9.4-46.59.2(noarch)0:2.9.4-46.59.2(x86_64)0:2.9.4-46.59.3(x86_64)0:5.13-5.31.1(x86_64)0:102.4.0-112.136.3(x86_64)0:1.2-167.10.1(x86_64)0:1.3.0-1.21.1(x86_64)0:7.60.0-4.43.1(x86_64)0:1.0.1-17.24.1(x86_64)0:2.1.0-4.18.2(x86_64)0:1.8.22-29.24.1(x86_64)0:4.9-3.13.1(x86_64)0:1.19.6-4.34.1(x86_64)0:2.1.0-21.28.1(x86_64)0:2.22-114.22.1(noarch)0:2.22-114.22.1(x86_64)0:15.2.1-9.23.1(x86_64)0:4.0.0-8.26.1(x86_64)0:1.8.20p2-3.33.1(x86_64)0:4.11.4_34-2.83.1(x86_64)0:102.5.0-112.139.1(x86_64)0:4.0.9-44.59.1(x86_64)0:0.34.0-8.3.1(x86_64)0:3.4.10-25.102.2(x86_64)0:0.23-12.18.1(x86_64)0:1.35.0-4.3.1(x86_64)0:2.7.18-33.17.1(noarch)0:2.7.18-33.17.1(x86_64)0:2.39-9.50.1(x86_64)0:2.38.2-2.120.1(noarch)0:2.38.2-2.120.1(x86_64)0:1.8.0_sr7.20-30.99.1(noarch)0:3.0.10-95.51.1(x86_64)0:2.02-153.1(noarch)0:2.02-153.1(noarch)0:9.0.36-3.93.1(x86_64)0:24.3-25.9.1(noarch)0:24.3-25.9.1(x86_64)0:1.12.5-40.43.1(x86_64)0:1.8.0.352-27.81.1(x86_64)0:2.22-114.19.1(noarch)0:2.22-114.19.1(x86_64)0:102.6.0-112.142.1(x86_64)0:4.0.12-4.21.1(x86_64)0:1.19.6-4.39.1(x86_64)0:1.7.1_sr5.15-38.77.1(x86_64)0:1.8.0_sr7.20-30.102.1(x86_64)0:4.12.14-95.114.1(noarch)0:4.12.14-95.114.1(x86_64)0:9.0.0814-17.9.1(noarch)0:9.0.0814-17.9.1(noarch)0:2.60-12.40.1(x86_64)0:0.5.0-12.9.1(x86_64)0:2.1.0-21.15.1(x86_64)0:4.0.9-44.45.1(x86_64)0:4.9.2-14.20.1(noarch)0:2.6.6-49.35.1(noarch)0:2.8.1-268.9.1(x86_64)0:91.6.0-112.89.1(x86_64)0:20220207-13.93.1(x86_64)0:2.4.23-29.83.1(noarch)0:2.4.23-29.83.1(x86_64)0:2.34.5-2.85.3(noarch)0:2.34.5-2.85.3(x86_64)0:2.1.26-14.5.1(x86_64)0:2.1.0-21.18.1(x86_64)0:5.0.5-6.19.1(x86_64)0:15.2.1-9.11.1(x86_64)0:4.12.14-95.93.1(noarch)0:4.12.14-95.93.1(x86_64)0:91.6.1-112.92.1(x86_64)0:10.2.43-3.47.1(noarch)0:10.2.43-3.47.1(x86_64)0:5.3.1-14.5.1(noarch)0:9.0.36-3.84.1(x86_64)0:2.34.6-2.88.1(noarch)0:2.34.6-2.88.1(x86_64)0:0.99.beta18-14.6.1(x86_64)0:91.7.0-112.95.1(x86_64)0:2.1.0-21.22.1(x86_64)0:1.0.2p-3.48.1(noarch)0:1.0.2p-3.48.1(x86_64)0:1.1.1d-2.61.1(x86_64)0:1.8.0.322-27.72.2(x86_64)0:9.11.22-3.40.1(noarch)0:9.11.22-3.40.1(noarch)0:20190618-5.22.1(x86_64)0:2.4.23-29.88.1(noarch)0:2.4.23-29.88.1(x86_64)0:1.8.20p2-3.36.1(x86_64)0:2.26.2-27.63.2(x86_64)0:102.7.0-112.145.1(x86_64)0:3.79.3-58.91.1(x86_64)0:3.0.15-2.23.1(x86_64)0:4.6.16+git.384.9fec958bed-3.76.1(noarch)0:4.6.16+git.384.9fec958bed-3.76.1(x86_64)0:4.11.4_36-2.86.1(x86_64)0:17.11.7-5.14.1(x86_64)0:17.11.7_k4.12.14_95.117-5.14.1(x86_64)0:3.5.11-6.7.1(x86_64)0:5.13-5.36.1(noarch)0:9.0.36-3.102.1(x86_64)0:1.19.6-4.48.1(x86_64)0:2.38.5-2.131.4(noarch)0:2.38.5-2.131.4(x86_64)0:1.8.20p2-3.39.1(x86_64)0:1.0.2p-3.69.1(noarch)0:1.0.2p-3.69.1(x86_64)0:1.1.1d-2.78.1(x86_64)0:228-150.108.2(noarch)0:228-150.108.2(x86_64)0:1.1.1d-2.81.1(x86_64)0:9.52-23.51.1(x86_64)0:102.10.0-112.156.1(x86_64)0:1.4.5-8.3.1(x86_64)0:1.8.0_sr8.0-30.105.1(x86_64)0:2.6.4-6.14.2(x86_64)0:2.6.4-6.14.3(x86_64)0:2.6.4-6.16.1(x86_64)0:2.4.23-29.94.1(noarch)0:2.4.23-29.94.1(x86_64)0:2.4.0-7.9.1(x86_64)0:15.7-25.24.1(x86_64)0:1.0.2p-3.72.1(noarch)0:1.0.2p-3.72.1(x86_64)0:2017+git1510945757.b2662641d5-3.41.2(noarch)0:2017+git1510945757.b2662641d5-3.41.2(x86_64)0:4.0.9-44.65.1(x86_64)0:1.16.1-4.43.1(x86_64)0:3.0-10.6.1(x86_64)0:2.38.6-2.136.1(noarch)0:2.38.6-2.136.1(x86_64)0:2.26.2-27.69.1(x86_64)0:4.2.1-27.22.1(noarch)0:1.11.29-3.44.1(x86_64)0:9.0.1234-17.12.1(noarch)0:9.0.1234-17.12.1(x86_64)0:15.7-25.27.1(x86_64)0:2.78-18.21.1(x86_64)0:102.11.0-112.159.1(x86_64)0:1.5.0-1.24.4(x86_64)0:15.3-3.9.1(x86_64)0:2.3.1-3.6.6(noarch)0:7.0.1~dev24-3.41.2(noarch)0:13.0.10~dev24-3.42.3(noarch)0:7.0.2~dev2-3.39.2(noarch)0:17.0.1~dev30-3.37.2(noarch)0:11.0.4~dev4-3.41.2(noarch)0:14.1.1~dev11-4.47.2(noarch)0:11.1.5~dev18-4.37.2(noarch)0:14.2.1~dev9-3.40.2(noarch)0:7.2.1~dev1-4.39.3(noarch)0:7.4.2~dev60-3.45.2(noarch)0:1.8.2~dev3-3.39.2(noarch)0:2.7.1~dev10-3.41.2(noarch)0:13.0.8~dev209-6.47.2(noarch)0:18.3.1~dev92-3.47.2(noarch)0:3.2.3~dev7-4.39.2(noarch)0:9.0.2~dev15-3.39.2(noarch)0:2.19.2~dev48-2.34.2(x86_64)0:7.60.0-4.56.1(x86_64)0:4.12.14-95.125.1(noarch)0:4.12.14-95.125.1(x86_64)0:1.8.0.372-27.87.1(x86_64)0:5.8-8.3.1(x86_64)0:20230512-13.107.1(noarch)0:9.0.36-3.105.1(x86_64)0:1.1.1d-2.84.1(x86_64)0:1.0.2p-3.75.1(noarch)0:1.0.2p-3.75.1(x86_64)0:1.7.5-20.39.1(x86_64)0:2.8.10-4.33.1(noarch)0:11.0.4~dev4-3.24.4(noarch)0:2.19.3~dev3-3.6.3(noarch)0:0.14.1-3.6.2(noarch)0:7.0.2~dev2-3.41.2(noarch)0:11.0.4~dev4-3.43.2(noarch)0:14.2.1~dev9-3.42.2(noarch)0:7.2.1~dev1-4.41.3(noarch)0:3.2.3~dev7-4.41.2(noarch)0:9.0.2~dev15-3.41.2(noarch)0:2.19.3~dev3-2.36.3(x86_64)0:102.12.0-112.162.1(x86_64)0:1.8.0_sr8.5-30.108.1(x86_64)0:1.9.1-9.12.1(x86_64)0:1.6.2-12.30.1(noarch)0:1.6.2-12.30.1(x86_64)0:4.12.14-95.128.1(noarch)0:4.12.14-95.128.1(x86_64)0:0.4.3-4.10.1(x86_64)0:5.13-5.39.1(x86_64)0:2.38.6-2.139.1(noarch)0:2.38.6-2.139.1(x86_64)0:1.1.1d-2.89.1(x86_64)0:1.0.2p-3.78.1(noarch)0:1.0.2p-3.78.1(x86_64)0:2.7.18-33.20.2(noarch)0:2.7.18-33.20.2(x86_64)0:3.39.3-9.26.1(noarch)0:0.2.3-4.3.1(x86_64)0:9.11.22-3.46.4(noarch)0:9.11.22-3.46.4(x86_64)0:4.5.3-3.3.1(x86_64)0:14.337.5-3.3.1(noarch)0:14.337.5-3.3.1(x86_64)0:5.6.2-6.33.1(x86_64)0:1.19.6-4.42.1(x86_64)0:9.52-23.54.1(x86_64)0:115.0-112.165.1(x86_64)0:115-35.12.2(noarch)0:115.0-112.165.1(x86_64)0:1.8.0_sr8.6-30.111.1(x86_64)0:5.18.2-12.26.1(noarch)0:5.18.2-12.26.1(x86_64)0:4.6.16+git.393.97432483687-3.81.1(noarch)0:4.6.16+git.393.97432483687-3.81.1(x86_64)0:115.0.2-112.170.2(noarch)0:115.0.2-112.170.2(x86_64)0:0.6.1-7.5.1(x86_64)0:1.0.2p-3.64.1(noarch)0:1.0.2p-3.64.1(x86_64)0:1.1.1d-2.75.1(x86_64)0:1.3.0-24.6.1(x86_64)0:10.2.44-3.53.1(noarch)0:10.2.44-3.53.1(x86_64)0:2.8.0-7.6.1(noarch)0:1.11.29-3.47.1(x86_64)0:5.3.1-14.7.3(x86_64)0:1.5.3-8.7.1(x86_64)0:0.9.0~git.1456906198.f422461-21.30.2(noarch)0:1.11.29-3.50.1(x86_64)0:1.7.5-20.46.1(x86_64)0:0.4.3-4.15.1(x86_64)0:15.2-3.6.1(x86_64)0:1.3.5-3.3.1(noarch)0:40.1.0-3.3.1(x86_64)0:4.12.14-95.117.1(noarch)0:4.12.14-95.117.1(x86_64)0:6.8.8.1-71.183.1(x86_64)0:2.26.2-27.66.1(noarch)0:1.23-3.25.1(x86_64)0:1.8.0.362-27.84.1(noarch)0:1.11.29-3.53.1(x86_64)0:0.103.8-33.53.1(x86_64)0:20230214-13.104.1(x86_64)0:5.2.0-3.20.1(x86_64)0:102.8.0-112.150.1(x86_64)0:3.79.4-58.94.1(x86_64)0:0.43.0-16.22.1(x86_64)0:1.1.28-17.15.1(x86_64)0:308-5.9.1(x86_64)0:2.15-6.3.1(x86_64)0:24.3-25.12.1(noarch)0:24.3-25.12.1(x86_64)0:2.38.3-2.123.1(noarch)0:2.38.3-2.123.1(x86_64)0:1.19.6-4.45.1(x86_64)0:3.4.10-25.108.1(noarch)0:9.0.36-3.99.1(noarch)0:14.0.1~dev5-3.12.1(noarch)0:14.0.1~dev6-3.15.1(noarch)0:13.0.8~dev209-3.43.1(noarch)0:14.0.1~dev52-3.37.1(noarch)0:2.2.3-5.12.1(noarch)0:7.0.1~dev24-3.37.1(noarch)0:14.1.1~dev11-4.43.1(noarch)0:13.0.8~dev209-6.43.1(noarch)0:1.1.1-122.8.1(x86_64)0:9.0.1386-17.15.4(noarch)0:9.0.1386-17.15.4(x86_64)0:102.9.0-112.153.1(x86_64)0:2.4.23-29.97.1(noarch)0:2.4.23-29.97.1(x86_64)0:1.11.5-3.3.1(noarch)0:13.0.10~dev24-3.37.2(noarch)0:17.0.1~dev30-3.6.2(noarch)0:14.0.1~dev58-3.40.1(noarch)0:18.3.1~dev92-3.46.1(noarch)0:3.36.5-3.6.1(noarch)0:7.0.1~dev24-3.39.1(noarch)0:13.0.10~dev24-3.40.1(noarch)0:7.0.2~dev2-3.37.1(noarch)0:17.0.1~dev30-3.35.1(noarch)0:11.0.4~dev4-3.39.1(noarch)0:14.1.1~dev11-4.45.1(noarch)0:11.1.5~dev18-4.35.1(noarch)0:14.2.1~dev9-3.38.1(noarch)0:7.2.1~dev1-4.37.1(noarch)0:7.4.2~dev60-3.43.1(noarch)0:1.8.2~dev3-3.37.1(noarch)0:2.7.1~dev10-3.39.1(noarch)0:13.0.8~dev209-6.45.1(noarch)0:18.3.1~dev92-3.45.1(noarch)0:3.2.3~dev7-4.37.1(noarch)0:9.0.2~dev15-3.37.1(noarch)0:2.19.2~dev48-2.32.1(x86_64)0:4.12.14-95.120.4(noarch)0:4.12.14-95.120.4(x86_64)0:2.0.8_k4.12.14_95.117-4.11.1(x86_64)0:4.11.4_38-2.89.1(x86_64)0:2.02-158.1(noarch)0:2.02-158.1(noarch)0:1.11.29-3.61.1(noarch)0:14.1.1~dev11-4.53.1(x86_64)0:5.2.0-3.26.2(noarch)0:14.1.1~dev11-4.55.2(x86_64)0:5.2.0-3.23.1(noarch)0:2.28.1-6.5.23(x86_64)0:2.28.1-6.5.23(x86_64)0:1.2.37-8.6.21(noarch)0:1.11.29-3.58.3(noarch)0:14.1.1~dev11-4.51.4(noarch)0:6.0+git.1561125496.b7508480-3.6.5(x86_64)0:6.0+git.1562154525.5e2983308-3.3.8(noarch)0:6.0+git.1560951093.4af1ee5-3.3.7(noarch)0:6.0+git.1562153583.4735fcf34-3.3.7(x86_64)0:6.17.0-11.27.1(x86_64)0:1.0.3-8.8.1(x86_64)0:2.0.2-3.8.1(x86_64)0:6.0+git.1566321308.1de18b9a4-3.7.2(noarch)0:6.0+git.1566406179.7549de2-3.7.2(noarch)0:6.0+git.1566404979.41279a88e-3.7.2(noarch)0:1.3.0+git.1563181545.65360af5-8.1(noarch)0:3.4.2-8.1(x86_64)0:6.0+git.1569587091.3f083d63c-3.10.1(noarch)0:6.0+git.1567673476.1342c3d-3.10.1(noarch)0:6.0+git.1569805311.a94583476-3.10.1(noarch)0:1.3.0+git.1568396400.0344a727-11.1(x86_64)0:1.0.0-4.3.2(x86_64)0:6.0+git.1571412352.8da4d261f-3.13.3(noarch)0:6.0+git.1572264221.3826a58b8-3.13.3(x86_64)0:4.0.6-3.3.1(x86_64)0:6.0+git.1573825081.b1caf60f1-3.16.1(noarch)0:6.0+git.1573754820.dd036ef77-3.16.1(noarch)0:1.3.0+git.1572871359.50fc6087-14.1(x86_64)0:6.0+git.1587558898.313bb9fd3-3.22.2(noarch)0:6.0+git.1586256059.e6f67e1-3.16.1(noarch)0:6.0+git.1587753188.da39e44a7-3.22.1(x86_64)0:3.9.2-3.6.1(x86_64)0:2.16.0-4.6.1(x86_64)0:6.17.1-11.37.1(x86_64)0:4.2.9-9.9.1(x86_64)0:4.2.9-7.6.1(x86_64)0:6.0+git.1594619891.b75a61d0d-3.25.5(noarch)0:6.0+git.1591795073.49cb6400e-3.25.3(x86_64)0:4.0.0-4.3.1(x86_64)0:1.7.7-4.3.1(x86_64)0:2.16.0-4.9.1(x86_64)0:6.17.1-11.30.1(x86_64)0:1.6.13-3.8.1(x86_64)0:4.2.9-9.12.1(x86_64)0:6.0+git.1598519900.770074aa7-3.28.4(x86_64)0:3.9.3-3.9.1(x86_64)0:4.2.9-7.9.1(x86_64)0:6.0+git.1606314264.bf9ada813-3.31.2(noarch)0:6.0+git.1604573541.bb18c172d-3.28.3(x86_64)0:6.17.1-11.33.1(x86_64)0:6.0+git.1582892022.cbd70e833-3.19.3(noarch)0:6.0+git.1574286261.6fd1a34-3.13.2(noarch)0:6.0+git.1580922461.67fb3c087-3.19.2(noarch)0:1.3.0+git.1575896697.a01a3a08-17.1(x86_64)0:3.9.1-3.3.1(x86_64)0:2.16.0-4.3.1(x86_64)0:4.2.9-9.6.1(x86_64)0:4.2.9-7.12.1(noarch)0:6.0+git.1616146717.a89ae0f4e-3.34.4(x86_64)0:0.1.2-4.3.2(x86_64)0:1.6.1-5.3.1(x86_64)0:2.16.0-4.12.1(x86_64)0:2.3.6-4.3.3(x86_64)0:4.2.9-6.6.1(noarch)0:6.0+git.1630614261.26948f746-3.37.2(x86_64)0:2.16.0-4.15.1(x86_64)0:3.2.3-4.3.1(x86_64)0:6.0+git.1611320924.849e748ff-3.34.1(noarch)0:6.0+git.1610402342.21499240d-3.31.1(noarch)0:0.9.0-7.6.1(x86_64)0:1.4.6-4.3.1(x86_64)0:1.3.1-4.6.1(x86_64)0:1.6.13-3.13.1(x86_64)0:1.2.2-3.3.1(x86_64)0:1.0.3-8.11.1(x86_64)0:2.16.0-4.18.1(x86_64)0:4.2.9-9.15.1(x86_64)0:1.6.1-5.6.1(x86_64)0:2.0.2-3.11.1(x86_64)0:1.6.13-3.19.1(x86_64)0:4.2.9-7.18.1(x86_64)0:1.0.3-8.14.1(x86_64)0:4.2.9-7.15.1(x86_64)0:4.2.9-6.9.1(x86_64)0:4.2.9-6.12.1(x86_64)0:1.6.13-3.16.1(x86_64)0:1.6.13-3.22.1(aarch64|ppc64le|s390x|x86_64)0:1.6.1-16.62.1(s390x|x86_64)0:1.6.1-16.62.1(aarch64|ppc64le|s390x|x86_64)0:2.7.13-28.16.1(s390x|x86_64)0:2.7.13-28.16.1(noarch)0:2.7.13-28.16.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.27.2(noarch)0:2.4.23-29.27.2(aarch64|ppc64le|s390x|x86_64)0:0.3.6-11.3.1(s390x|x86_64)0:0.3.6-11.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4.10-48.32.1(aarch64|ppc64le|s390x|x86_64)0:60.2.2esr-109.46.1(aarch64|ppc64le|s390x|x86_64)0:60-32.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.14-19.6.3(aarch64|ppc64le|s390x|x86_64)0:3.36.4-58.15.3(s390x|x86_64)0:3.36.4-58.15.3(aarch64|ppc64le|s390x|x86_64)0:4.19-19.3.1(s390x|x86_64)0:4.19-19.3.1(aarch64|ppc64le|s390x|x86_64)0:1.7.1-5.6.1(aarch64|ppc64le|s390x|x86_64)0:0.13.0-3.3.2(aarch64|ppc64le|s390x|x86_64)0:3.1.2-26.3.1(aarch64|ppc64le|s390x|x86_64)0:60.3.0-109.50.2(aarch64|ppc64le|s390x|x86_64)0:228-150.53.3(s390x|x86_64)0:228-150.53.3(noarch)0:228-150.53.3(aarch64|ppc64le|s390x|x86_64)0:10.6-1.6.1(s390x|x86_64)0:10.6-1.6.1(noarch)0:10.6-1.6.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.12.1(aarch64|ppc64le|s390x|x86_64)0:4.11.2-16.21.1(s390x|x86_64)0:4.11.2-16.21.1(aarch64|ppc64le|s390x|x86_64)0:0.23-12.5.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.27.1(s390x|x86_64)0:4.0.9-44.27.1(aarch64|ppc64le|s390x|x86_64)0:7.2p2-74.30.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.35-38.29.1(x86_64)0:1.7.1_sr4.35-38.29.1(x86_64)0:4.12.14-6.3.1(noarch)0:4.12.14-6.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1-2.3.1(s390x|x86_64)0:1.1.1-2.3.1(aarch64|ppc64le|s390x|x86_64)0:5.9-61.1(s390x|x86_64)0:5.9-61.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.3.1(s390x|x86_64)0:1.0.2p-3.3.1(noarch)0:1.0.2p-3.3.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.93.2(aarch64|ppc64le|s390x|x86_64)0:1.3.1-7.13.4(noarch)0:16.0.0-4.11.3(noarch)0:18.0.1-4.8.1(ppc64le|s390x|x86_64)0:1.8.0_sr5.25-30.39.1(x86_64)0:1.8.0_sr5.25-30.39.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.3.1(s390x)0:4.12.14-95.3.1(noarch)0:4.12.14-95.3.1(aarch64|ppc64le|s390x|x86_64)0:9.26-23.16.1(aarch64|ppc64le|s390x|x86_64)0:0.2.7-12.4.1(aarch64|ppc64le|s390x|x86_64)0:1.7.5-20.20.1(s390x|x86_64)0:1.7.5-20.20.1(aarch64|ppc64le|s390x|x86_64)0:4.9.2-14.8.1(aarch64|ppc64le|s390x|x86_64)0:2.4.41-18.43.1(s390x|x86_64)0:2.4.41-18.43.1(aarch64|ppc64le|s390x|x86_64)0:5.6.2-6.15.2(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.5.1(aarch64)0:2.11.2-5.5.1(aarch64|x86_64)0:2.11.2-5.5.1(noarch)0:1.0.0+-5.5.1(s390x|x86_64)0:2.11.2-5.5.1(ppc64le)0:2.11.2-5.5.1(s390x)0:2.11.2-5.5.1(noarch)0:1.11.0-5.5.1(noarch)0:8-5.5.1(x86_64)0:2.11.2-5.5.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.7.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.5.1(noarch)0:2017+git1510945757.b2662641d5-3.5.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.30.1(s390x|x86_64)0:4.0.9-44.30.1(aarch64|ppc64le|s390x|x86_64)0:10.0.37-2.3.1(s390x|x86_64)0:10.0.37-2.3.1(aarch64|ppc64le|s390x|x86_64)0:60.4.0esr-109.55.1(aarch64|ppc64le|s390x|x86_64)0:3.40.1-58.18.1(s390x|x86_64)0:3.40.1-58.18.1(aarch64|ppc64le|s390x|x86_64)0:4.20-19.6.1(s390x|x86_64)0:4.20-19.6.1(ppc64le|s390x|x86_64)0:2.1.17-3.3.3(aarch64|ppc64le|s390x|x86_64)0:2.4.11-48.35.1(aarch64|ppc64le|s390x|x86_64)0:2.24.0-2.38.2(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.108.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.154.2998451b912-3.40.3(s390x|x86_64)0:4.6.16+git.154.2998451b912-3.40.3(noarch)0:4.6.16+git.154.2998451b912-3.40.3(aarch64|ppc64le|s390x|x86_64)0:2.4.14-48.45.1(aarch64|ppc64le|s390x|x86_64)0:1.4.3-20.6.1(s390x|x86_64)0:1.4.3-20.6.1(aarch64|ppc64le|s390x|x86_64)0:2.12.3-27.17.2(aarch64|ppc64le|s390x|x86_64)0:2.6-15.10.1(aarch64|ppc64le|s390x|x86_64)0:0.7.0-160.8.1(aarch64|ppc64le|s390x|x86_64)0:2.22-100.8.1(s390x|x86_64)0:2.22-100.8.1(noarch)0:2.22-100.8.1(aarch64|ppc64le|s390x|x86_64)0:1.12.5-40.31.1(s390x|x86_64)0:1.12.5-40.31.1(aarch64|ppc64le|s390x|x86_64)0:1.5.3-31.14.2(aarch64|ppc64le|s390x|x86_64)0:62.2.0-31.14.2(s390x|x86_64)0:62.2.0-31.14.2(aarch64|ppc64le|s390x|x86_64)0:8.1.2-31.14.2(s390x|x86_64)0:8.1.2-31.14.2(noarch)0:1.0.1-19.5.1(noarch)0:3.0-95.21.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1b-2.12.2(s390x|x86_64)0:1.1.1b-2.12.2(aarch64|ppc64le|s390x|x86_64)0:2.24.1-2.41.5(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.16.1(noarch)0:2017+git1510945757.b2662641d5-3.16.1(aarch64|ppc64le|s390x|x86_64)0:3.0.15-2.11.2(aarch64|ppc64le|s390x|x86_64)0:10.2.21-3.7.1(noarch)0:10.2.21-3.7.1(aarch64|ppc64le|s390x|x86_64)0:3.8.10.2-9.6.1(s390x|x86_64)0:3.8.10.2-9.6.1(noarch)0:1.1.1-122.3.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.212-27.32.1(aarch64|ppc64le|s390x|x86_64)0:1.1.28-17.3.1(s390x|x86_64)0:1.1.28-17.3.1(x86_64)0:20190507-13.41.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.13.1(aarch64)0:2.11.2-5.13.1(aarch64|x86_64)0:2.11.2-5.13.1(noarch)0:1.0.0+-5.13.1(s390x|x86_64)0:2.11.2-5.13.1(ppc64le)0:2.11.2-5.13.1(s390x)0:2.11.2-5.13.1(noarch)0:1.11.0-5.13.1(noarch)0:8-5.13.1(x86_64)0:2.11.2-5.13.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.16.1(s390x)0:4.12.14-95.16.1(noarch)0:4.12.14-95.16.1(x86_64)0:4.12.14-6.12.1(noarch)0:4.12.14-6.12.1(x86_64)0:4.11.1_06-2.11.1(aarch64|ppc64le|s390x|x86_64)0:228-150.66.4(s390x|x86_64)0:228-150.66.4(noarch)0:228-150.66.4(aarch64|ppc64le|s390x|x86_64)0:1.1.3-24.9.1(noarch)0:1.1.3-24.9.1(aarch64|ppc64le|s390x|x86_64)0:6.46-3.3.1(x86_64)0:20190514-13.44.1(aarch64|ppc64le|s390x|x86_64)0:7.2p2-74.35.1(aarch64|ppc64le|s390x|x86_64)0:12.0.2-10.18.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.12.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.45-38.37.1(x86_64)0:1.7.1_sr4.45-38.37.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-8.12.1(x86_64)0:4.0.0-8.12.1(aarch64|x86_64)0:4.0.0-8.12.1(aarch64|ppc64le|s390x|x86_64)0:228-150.58.1(s390x|x86_64)0:228-150.58.1(noarch)0:228-150.58.1(aarch64|ppc64le|s390x|x86_64)0:4.0.4-23.3.3(aarch64|ppc64le|s390x|x86_64)0:4.9-3.10.1(s390x|x86_64)0:4.9-3.10.1(aarch64|ppc64le|s390x|x86_64)0:2.4.12-48.39.1(noarch)0:1.4-290.6.1(aarch64|ppc64le|s390x|x86_64)0:60.7.0-109.72.1(aarch64|ppc64le|s390x|x86_64)0:3.20.4-77.23.1(noarch)0:3.20.4-77.23.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.221-43.22.1(aarch64|ppc64le|s390x|x86_64)0:1.2.40-7.3.1(aarch64|ppc64le|s390x|x86_64)0:2.7.13-28.26.1(s390x|x86_64)0:2.7.13-28.26.1(noarch)0:2.7.13-28.26.1(aarch64|ppc64le|s390x|x86_64)0:9.26a-23.19.1(aarch64|ppc64le|s390x|x86_64)0:0.2.7-12.6.1(aarch64|ppc64le|s390x|x86_64)0:7.4.326-17.3.1(noarch)0:7.4.326-17.3.1(aarch64|ppc64le|s390x|x86_64)0:2.22.5-2.32.2(aarch64|ppc64le|s390x|x86_64)0:0.6.11-12.3.1(s390x|x86_64)0:0.6.11-12.3.1(aarch64|ppc64le|s390x|x86_64)0:1.16.1-4.12.2(s390x|x86_64)0:1.16.1-4.12.2(aarch64|ppc64le|s390x|x86_64)0:10.8-1.9.1(s390x|x86_64)0:10.8-1.9.1(noarch)0:10.8-1.9.1(aarch64|ppc64le|s390x|x86_64)0:7.2p2-74.42.8(aarch64|ppc64le|s390x|x86_64)0:7.2p2-74.42.10(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.19.1(s390x)0:4.12.14-95.19.1(noarch)0:4.12.14-95.19.1(x86_64)0:4.12.14-6.15.2(noarch)0:4.12.14-6.15.2(aarch64|ppc64le|s390x|x86_64)0:4.0.0-8.15.2(x86_64)0:4.0.0-8.15.2(aarch64|x86_64)0:4.0.0-8.15.2(aarch64|ppc64le|s390x|x86_64)0:1.8.3-13.3.2(noarch)0:1.8.3-13.3.2(s390x|x86_64)0:1.8.3-13.3.2(aarch64|ppc64le|s390x|x86_64)0:3.8.10.2-9.9.1(s390x|x86_64)0:3.8.10.2-9.9.1(aarch64|ppc64le|s390x|x86_64)0:1.4.3-20.9.1(s390x|x86_64)0:1.4.3-20.9.1(aarch64|ppc64le|s390x|x86_64)0:2.4.15-48.48.1(aarch64|ppc64le|s390x|x86_64)0:60.7.1-109.77.1(ppc64le|s390x|x86_64)0:1.8.0_sr5.35-30.50.1(x86_64)0:1.8.0_sr5.35-30.50.1(aarch64|ppc64le|s390x|x86_64)0:10.66.3-8.7.2(s390x|x86_64)0:10.66.3-8.7.2(aarch64|ppc64le|s390x|x86_64)0:60.7.2-109.80.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.123.2(aarch64|ppc64le|s390x|x86_64)0:2.22-100.15.4(s390x|x86_64)0:2.22-100.15.4(noarch)0:2.22-100.15.4(aarch64|ppc64le|s390x|x86_64)0:2.78-18.6.1(noarch)0:2.48.2-12.12.2(aarch64|ppc64le|s390x|x86_64)0:2.48.2-12.12.2(s390x|x86_64)0:2.48.2-12.12.2(aarch64|ppc64le|s390x|x86_64)0:0.158-7.7.2(s390x|x86_64)0:0.158-7.7.2(aarch64|ppc64le|s390x|x86_64)0:1.1.6-3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.0.8-3.3.1(aarch64|ppc64le|s390x|x86_64)0:10.9-1.12.1(s390x|x86_64)0:10.9-1.12.1(aarch64|ppc64le|s390x|x86_64)0:10.9-1.12.2(noarch)0:10.9-1.12.2(aarch64|ppc64le|s390x|x86_64)0:0.6.32-32.3.1(noarch)0:0.6.32-32.3.1(s390x|x86_64)0:0.6.32-32.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.32-32.3.2(s390x|x86_64)0:0.6.32-32.3.2(noarch)0:20190618-5.8.1(x86_64)0:4.12.14-6.18.1(noarch)0:4.12.14-6.18.1(noarch)0:2.48.2-12.15.1(aarch64|ppc64le|s390x|x86_64)0:2.48.2-12.15.1(s390x|x86_64)0:2.48.2-12.15.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.6.1(s390x|x86_64)0:2.1.0-21.6.1(aarch64|ppc64le|s390x|x86_64)0:0.9.0~git.1456906198.f422461-21.9.1(aarch64|ppc64le|s390x|x86_64)0:2.24.2-2.44.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.24.1(s390x)0:4.12.14-95.24.1(noarch)0:4.12.14-95.24.1(aarch64|ppc64le|s390x|x86_64)0:60.8.0-109.83.3(aarch64|ppc64le|s390x|x86_64)0:3.44.1-58.28.1(s390x|x86_64)0:3.44.1-58.28.1(noarch)0:9.0.21-3.13.2(aarch64|ppc64le|s390x|x86_64)0:1.1.28-17.6.1(s390x|x86_64)0:1.1.28-17.6.1(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.20.1(s390x|x86_64)0:2.9.4-46.20.1(noarch)0:2.9.4-46.20.1(aarch64|ppc64le|s390x|x86_64)0:0.113-5.15.1(x86_64)0:20190618-13.47.1(aarch64|ppc64le|s390x|x86_64)0:1.0.6-30.5.1(noarch)0:1.0.6-30.5.1(s390x|x86_64)0:1.0.6-30.5.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.6.1(s390x)0:4.12.14-95.6.1(noarch)0:4.12.14-95.6.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-44.3.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-6.10.1(aarch64|ppc64le|s390x|x86_64)0:0.6.36-2.16.2(aarch64|ppc64le|s390x|x86_64)0:16.20.0-2.39.4(aarch64|ppc64le|s390x|x86_64)0:1.13.51-21.26.4(noarch)0:1.13.51-21.26.4(aarch64|ppc64le|s390x|x86_64)0:4.2-59.10.1(aarch64|ppc64le|s390x|x86_64)0:1.4.11-59.10.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.6.1(s390x|x86_64)0:7.60.0-4.6.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.126.1(aarch64|ppc64le|s390x|x86_64)0:1.0.6-30.8.1(noarch)0:1.0.6-30.8.1(s390x|x86_64)0:1.0.6-30.8.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-6.13.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.231-43.27.2(aarch64|ppc64le|s390x|x86_64)0:0.113-5.18.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.222-27.35.2(aarch64|ppc64le|s390x|x86_64)0:3.4.6-25.29.1(x86_64)0:4.12.14-6.23.1(noarch)0:4.12.14-6.23.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.29.1(s390x)0:4.12.14-95.29.1(noarch)0:4.12.14-95.29.1(aarch64|ppc64le|s390x|x86_64)0:3.20.2-6.27.1(noarch)0:3.20.2-6.27.1(aarch64|ppc64le|s390x|x86_64)0:4.9.2-14.11.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.17.1(aarch64|ppc64le|s390x|x86_64)0:8.24.0-3.19.1(aarch64|ppc64le|s390x|x86_64)0:2.7.13-28.31.1(s390x|x86_64)0:2.7.13-28.31.1(noarch)0:2.7.13-28.31.2(aarch64|ppc64le|s390x|x86_64)0:2.4.16-48.51.1(aarch64|ppc64le|s390x|x86_64)0:10.0.38-2.6.2(s390x|x86_64)0:10.0.38-2.6.2(aarch64|ppc64le|s390x|x86_64)0:2.1.0-4.12.2(x86_64)0:4.12.14-6.6.2(noarch)0:4.12.14-6.6.2(noarch)0:1.9.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.12-13.12.1(aarch64|ppc64le|s390x|x86_64)0:5.18.2-12.20.1(s390x|x86_64)0:5.18.2-12.20.1(noarch)0:5.18.2-12.20.1(aarch64|ppc64le|s390x|x86_64)0:0.6.36-2.27.19.8(aarch64|ppc64le|s390x|x86_64)0:16.20.2-27.60.4(aarch64|ppc64le|s390x|x86_64)0:1.13.54-18.40.2(noarch)0:1.13.54-18.40.2(aarch64|ppc64le|s390x|x86_64)0:10.10-1.15.1(s390x|x86_64)0:10.10-1.15.1(noarch)0:10.10-1.15.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.43.1(noarch)0:2.4.23-29.43.1(aarch64|ppc64le|s390x|x86_64)0:3.1.2-2.6.6(aarch64|ppc64le|s390x|x86_64)0:10.2.25-3.19.2(noarch)0:10.2.25-3.19.2(ppc64le|s390x|x86_64)0:1.7.1_sr4.50-38.41.1(x86_64)0:1.7.1_sr4.50-38.41.1(aarch64|ppc64le|s390x|x86_64)0:2.24.4-2.47.1(noarch)0:2.24.4-2.47.1(aarch64|ppc64le|s390x|x86_64)0:9.26a-23.25.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.18.1(aarch64)0:2.11.2-5.18.1(aarch64|x86_64)0:2.11.2-5.18.1(noarch)0:1.0.0+-5.18.1(s390x|x86_64)0:2.11.2-5.18.1(ppc64le)0:2.11.2-5.18.1(s390x)0:2.11.2-5.18.1(noarch)0:1.11.0-5.18.1(noarch)0:8-5.18.1(x86_64)0:2.11.2-5.18.1(aarch64|ppc64le|s390x|x86_64)0:12.2.12+git.1568024032.02236657ca-2.39.1(ppc64le|s390x|x86_64)0:1.8.0_sr5.40-30.54.1(x86_64)0:1.8.0_sr5.40-30.54.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.9.1(s390x|x86_64)0:7.60.0-4.9.1(aarch64|ppc64le|s390x|x86_64)0:1.5.13-15.11.2(noarch)0:1.5.13-15.11.2(aarch64|ppc64le|s390x|x86_64)0:2.4.41-18.63.1(s390x|x86_64)0:2.4.41-18.63.1(noarch)0:2.4.41-18.63.1(aarch64|ppc64le|s390x|x86_64)0:0.12.8-12.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.32.1(s390x)0:4.12.14-95.32.1(noarch)0:4.12.14-95.32.1(aarch64|ppc64le|s390x|x86_64)0:6.46-3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.4.6-25.21.1(aarch64|ppc64le|s390x|x86_64)0:60.9.0-109.86.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.9.1(s390x|x86_64)0:2.1.0-21.9.1(aarch64|ppc64le|s390x|x86_64)0:3.5.25.3-5.3.1(aarch64|ppc64le|s390x|x86_64)0:2.2.31-19.17.1(aarch64|ppc64le|s390x|x86_64)0:9.27-23.28.1(aarch64|ppc64le|s390x|x86_64)0:2.0.24-9.8.1(noarch)0:2.0.24-9.8.1(aarch64|ppc64le|s390x|x86_64)0:9.11.2-3.10.1(noarch)0:9.11.2-3.10.1(s390x|x86_64)0:9.11.2-3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.11.1(s390x|x86_64)0:1.0.2p-3.11.1(noarch)0:1.0.2p-3.11.1(noarch)0:3.4-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.1-16.68.1(s390x|x86_64)0:1.6.1-16.68.1(aarch64|ppc64le|s390x|x86_64)0:1.900.14-195.15.1(s390x|x86_64)0:1.900.14-195.15.1(aarch64|ppc64le|s390x|x86_64)0:3.8.10.2-9.12.1(s390x|x86_64)0:3.8.10.2-9.12.1(aarch64|ppc64le|s390x|x86_64)0:68.1.0-109.89.1(aarch64|ppc64le|s390x|x86_64)0:68-32.8.1(noarch)0:40.6.2-4.12.23(x86_64)0:4.12.14-6.26.1(noarch)0:4.12.14-6.26.1(aarch64|ppc64le|s390x|x86_64)0:2.32-9.33.1(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.14.1(aarch64|ppc64le|s390x|x86_64)0:1.8.1-10.3.1(aarch64|ppc64le|s390x|x86_64)0:4.9.2-14.14.1(aarch64|ppc64le|s390x|x86_64)0:1.43.8-3.8.1(s390x|x86_64)0:1.43.8-3.8.1(aarch64|ppc64le|s390x|x86_64)0:10.0.40.1-2.9.1(s390x|x86_64)0:10.0.40.1-2.9.1(noarch)0:0.25-9.3.1(aarch64|ppc64le|s390x|x86_64)0:4.3.3-10.19.1(aarch64|ppc64le|s390x|x86_64)0:0.99.beta18-14.3.27(aarch64|ppc64le|s390x|x86_64)0:2.7.13-28.36.1(s390x|x86_64)0:2.7.13-28.36.1(noarch)0:2.7.13-28.36.1(aarch64|ppc64le|s390x|x86_64)0:12.0.2-10.27.1(x86_64)0:4.11.2_02-2.14.2(aarch64|ppc64le|s390x|x86_64)0:0.6.42-16.8.3(noarch)0:0.6.42-16.8.3(aarch64|ppc64le|s390x|x86_64)0:1.3.0-34.22.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.131.1(aarch64|ppc64le|s390x|x86_64)0:3.4.6-25.34.2(aarch64|ppc64le|s390x|x86_64)0:8.24.0-3.33.2(aarch64|ppc64le|x86_64)0:1.1-11.3.1(aarch64|ppc64le|s390x|x86_64)0:68.2.0-109.95.2(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.37.1(s390x)0:4.12.14-95.37.1(noarch)0:4.12.14-95.37.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.169.064abe062be-3.46.1(s390x|x86_64)0:4.6.16+git.169.064abe062be-3.46.1(noarch)0:4.6.16+git.169.064abe062be-3.46.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.15.3(aarch64|ppc64le|s390x|x86_64)0:8.3.1-2.14.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-3.7.1(aarch64|ppc64le|s390x|x86_64)0:1.4.3-20.14.1(s390x|x86_64)0:1.4.3-20.14.1(aarch64|ppc64le|s390x|x86_64)0:2.4.1-11.3.2(s390x|x86_64)0:2.4.1-11.3.2(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.40.1(s390x)0:4.12.14-95.40.1(noarch)0:4.12.14-95.40.1(x86_64)0:4.12.14-6.29.1(noarch)0:4.12.14-6.29.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.23.2(aarch64)0:2.11.2-5.23.2(aarch64|x86_64)0:2.11.2-5.23.2(noarch)0:1.0.0+-5.23.2(s390x|x86_64)0:2.11.2-5.23.2(ppc64le)0:2.11.2-5.23.2(s390x)0:2.11.2-5.23.2(noarch)0:1.11.0-5.23.2(noarch)0:8-5.23.2(x86_64)0:2.11.2-5.23.2(x86_64)0:20191112-13.53.1(x86_64)0:4.11.2_04-2.17.1(aarch64|ppc64le|s390x|x86_64)0:1.5.3-31.19.1(aarch64|ppc64le|s390x|x86_64)0:62.2.0-31.19.1(s390x|x86_64)0:62.2.0-31.19.1(aarch64|ppc64le|s390x|x86_64)0:8.1.2-31.19.1(s390x|x86_64)0:8.1.2-31.19.1(aarch64|ppc64le|s390x|x86_64)0:9.27-23.31.1(x86_64)0:20191112a-13.56.1(x86_64)0:4.11.1_02-2.3.1(aarch64|ppc64le|x86_64)0:17.11.7-5.3.2(x86_64)0:17.11.7_k4.12.14_95.37-5.3.2(aarch64)0:17.11.7-5.3.2(aarch64)0:17.11.7_k4.12.14_95.37-5.3.2(aarch64|ppc64le|s390x|x86_64)0:0.60.6.1-18.3.1(s390x|x86_64)0:0.60.6.1-18.3.1(aarch64|ppc64le|s390x|x86_64)0:3.8.10.2-9.15.1(s390x|x86_64)0:3.8.10.2-9.15.1(aarch64|ppc64le|s390x|x86_64)0:1.7.5-20.26.1(s390x|x86_64)0:1.7.5-20.26.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.42.1(s390x|x86_64)0:4.0.9-44.42.1(aarch64|ppc64le|s390x|x86_64)0:2.11-36.6.1(noarch)0:2.11-36.6.1(aarch64|ppc64le|s390x|x86_64)0:0.100.3-33.26.1(ppc64le|s390x|x86_64)0:2.1.17-3.11.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.241-43.30.1(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.23.2(s390x|x86_64)0:2.9.4-46.23.2(noarch)0:2.9.4-46.23.2(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.23.3(aarch64|ppc64le|s390x|x86_64)0:3.1.2-26.6.1(aarch64|ppc64le|s390x|x86_64)0:5.9-69.1(s390x|x86_64)0:5.9-69.1(aarch64|ppc64le|s390x|x86_64)0:0.9.9-17.11.1(aarch64|ppc64le|s390x|x86_64)0:0.100.3-33.29.1(aarch64|ppc64le|s390x|x86_64)0:20170707-3.14.1(aarch64|ppc64le|s390x|x86_64)0:2.0.8-13.5.1(aarch64|ppc64le|s390x|x86_64)0:5.1.3-26.13.1(noarch)0:5.1.3-26.13.1(aarch64|ppc64le|s390x|x86_64)0:0.6.3-12.9.1(s390x|x86_64)0:0.6.3-12.9.1(x86_64)0:4.11.3_02-2.20.1(aarch64|ppc64le|s390x|x86_64)0:2.12.3-27.22.1(x86_64)0:4.12.14-6.34.1(noarch)0:4.12.14-6.34.1(aarch64|ppc64le|s390x|x86_64)0:68.3.0-109.98.1(aarch64|ppc64le|s390x|x86_64)0:60.5.0esr-109.58.3(aarch64|ppc64le|s390x|x86_64)0:60-32.5.1(aarch64|ppc64le|s390x|x86_64)0:3.41.1-58.25.1(s390x|x86_64)0:3.41.1-58.25.1(aarch64|ppc64le|s390x|x86_64)0:10.2.29-3.22.1(noarch)0:10.2.29-3.22.1(aarch64|ppc64le|s390x|x86_64)0:10.0.40.2-2.12.2(s390x|x86_64)0:10.0.40.2-2.12.2(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.45.1(s390x)0:4.12.14-95.45.1(noarch)0:4.12.14-95.45.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.3.1(s390x|x86_64)0:7.60.0-4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0-5.8.1(aarch64|ppc64le|s390x|x86_64)0:228-150.63.1(s390x|x86_64)0:228-150.63.1(noarch)0:228-150.63.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.8.1(aarch64)0:2.11.2-5.8.1(aarch64|x86_64)0:2.11.2-5.8.1(noarch)0:1.0.0+-5.8.1(s390x|x86_64)0:2.11.2-5.8.1(ppc64le)0:2.11.2-5.8.1(s390x)0:2.11.2-5.8.1(noarch)0:1.11.0-5.8.1(noarch)0:8-5.8.1(x86_64)0:2.11.2-5.8.1(aarch64|ppc64le|s390x|x86_64)0:3.3.9-11.18.1(aarch64|ppc64le|s390x|x86_64)0:2.7.13-28.21.1(s390x|x86_64)0:2.7.13-28.21.1(noarch)0:2.7.13-28.21.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.201-43.18.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.34.4(noarch)0:2.4.23-29.34.4(aarch64|ppc64le|s390x|x86_64)0:12.2.10+git.1549630712.bb089269ea-2.27.2(aarch64|ppc64le|s390x|x86_64)0:2.22.6-2.35.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1-2.6.1(s390x|x86_64)0:1.1.1-2.6.1(aarch64|ppc64le|s390x|x86_64)0:1.16.1-4.3.2(s390x|x86_64)0:1.16.1-4.3.2(aarch64|ppc64le|s390x|x86_64)0:2.8.1-10.3.2(s390x|x86_64)0:2.8.1-10.3.2(aarch64|ppc64le|s390x|x86_64)0:1.8.0.191-27.29.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.6.1(s390x|x86_64)0:1.0.2p-3.6.1(noarch)0:1.0.2p-3.6.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.8.3(noarch)0:2017+git1510945757.b2662641d5-3.8.3(aarch64|ppc64le|s390x|x86_64)0:2.22.4-2.29.3(aarch64|ppc64le|s390x|x86_64)0:0.9.9-17.8.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.40-38.34.1(x86_64)0:1.7.1_sr4.40-38.34.1(aarch64|ppc64le|s390x|x86_64)0:10.2.22-3.14.1(noarch)0:10.2.22-3.14.1(ppc64le|s390x|x86_64)0:1.8.0_sr5.30-30.46.1(x86_64)0:1.8.0_sr5.30-30.46.1(aarch64|ppc64le|s390x|x86_64)0:4.7.4-3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.4.3-20.3.1(s390x|x86_64)0:1.4.3-20.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4.11-21.8.1(aarch64|ppc64le|s390x|x86_64)0:2.4.13-48.42.1(aarch64|ppc64le|s390x|x86_64)0:9.26a-23.22.1(x86_64)0:20190312-13.38.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-24.12.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.13.1(s390x)0:4.12.14-95.13.1(noarch)0:4.12.14-95.13.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.13.1(noarch)0:2017+git1510945757.b2662641d5-3.13.1(x86_64)0:4.12.14-6.9.1(noarch)0:4.12.14-6.9.1(aarch64|ppc64le|s390x|x86_64)0:0.5.3.git20161120-161.3.4(aarch64|ppc64le|s390x|x86_64)0:1.1.1-2.9.1(s390x|x86_64)0:1.1.1-2.9.1(aarch64|ppc64le|s390x|x86_64)0:4.2.8p13-85.1(aarch64|ppc64le|s390x|x86_64)0:1.0.18-3.2.1(aarch64|ppc64le|s390x|x86_64)0:4.3-83.23.1(noarch)0:4.3-83.23.1(aarch64|ppc64le|s390x|x86_64)0:6.3-83.23.1(s390x|x86_64)0:6.3-83.23.1(noarch)0:6.3-83.23.1(aarch64|ppc64le|s390x|x86_64)0:5.22-10.12.2(s390x|x86_64)0:5.22-10.12.2(aarch64|ppc64le|s390x|x86_64)0:60.6.1esr-109.63.2(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.40.1(noarch)0:2.4.23-29.40.1(x86_64)0:4.11.1_04-2.6.1(aarch64|ppc64le|s390x|x86_64)0:0.100.3-33.21.1(aarch64|ppc64le|s390x|x86_64)0:1.2.15-15.11.1(s390x|x86_64)0:1.2.15-15.11.1(aarch64|ppc64le|s390x|x86_64)0:2.2.31-19.14.2(aarch64|ppc64le|s390x|x86_64)0:3.8.10.2-9.3.1(s390x|x86_64)0:3.8.10.2-9.3.1(aarch64|ppc64le|s390x|x86_64)0:1.5.6-3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-8.9.1(x86_64)0:4.0.0-8.9.1(aarch64|x86_64)0:4.0.0-8.9.1(aarch64|ppc64le|s390x|x86_64)0:1.14-21.10.1(aarch64|ppc64le|s390x|x86_64)0:1.7.1-5.11.1(aarch64|ppc64le|s390x|x86_64)0:3.4.6-25.24.1(aarch64|ppc64le|s390x|x86_64)0:3.0.15-2.14.1(aarch64|ppc64le|s390x|x86_64)0:2.6.6-4.3.1(aarch64|ppc64le|s390x|x86_64)0:4.8.7-8.13.1(s390x|x86_64)0:4.8.7-8.13.1(aarch64|ppc64le|s390x|x86_64)0:1.7.5-20.29.1(s390x|x86_64)0:1.7.5-20.29.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.23.1(s390x|x86_64)0:1.1.1d-2.23.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.26.1(noarch)0:2017+git1510945757.b2662641d5-3.26.1(aarch64|ppc64le|s390x|x86_64)0:3.20.3-15.3.25(noarch)0:3.20.3-15.3.25(aarch64|ppc64le|s390x|x86_64)0:1.3.16-239.4.1(s390x|x86_64)0:1.3.16-239.4.1(x86_64)0:4.12.14-6.40.1(noarch)0:4.12.14-6.40.1(aarch64|ppc64le|s390x|x86_64)0:2.28.1-2.50.3(noarch)0:2.28.1-2.50.3(x86_64)0:4.11.3_04-2.23.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.51.1(s390x)0:4.12.14-95.51.1(noarch)0:4.12.14-95.51.1(aarch64|ppc64le|s390x|x86_64)0:2.5.5-6.6.1(aarch64|ppc64le|s390x|x86_64)0:12.2.12+git.1587570958.35d78d0243-2.45.1(aarch64|ppc64le|s390x|x86_64)0:0.9.9-17.19.1(aarch64|ppc64le|s390x|x86_64)0:52.1-8.10.1(s390x|x86_64)0:52.1-8.10.1(aarch64|ppc64le|s390x|x86_64)0:2.4.41-18.68.1(s390x|x86_64)0:2.4.41-18.68.1(noarch)0:2.4.41-18.68.1(aarch64|ppc64le|s390x|x86_64)0:1.2-18.68.1(aarch64|ppc64le|s390x|x86_64)0:2.28.2-2.53.2(noarch)0:2.28.2-2.53.2(aarch64|ppc64le|s390x|x86_64)0:9.52-23.34.1(aarch64|ppc64le|s390x|x86_64)0:0.2.7-12.10.1(aarch64|ppc64le|s390x|x86_64)0:68.8.0-109.119.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.23.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.54.1(noarch)0:2.4.23-29.54.1(aarch64|ppc64le|s390x|x86_64)0:5.1.2-26.12.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-8.20.2(x86_64)0:4.0.0-8.20.2(aarch64|x86_64)0:4.0.0-8.20.2(aarch64|ppc64le|s390x|x86_64)0:2.1.0-6.20.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.36.1(ppc64le|s390x|x86_64)0:2.1.17-3.20.1(aarch64|ppc64le|s390x|x86_64)0:9.11.2-3.17.1(noarch)0:9.11.2-3.17.1(s390x|x86_64)0:9.11.2-3.17.1(noarch)0:1.9.4-3.6.1(noarch)0:9.0.35-3.32.1(aarch64|ppc64le|s390x|x86_64)0:0.6.3-12.12.1(s390x|x86_64)0:0.6.3-12.12.1(aarch64|ppc64le|x86_64)0:17.11.7-5.6.2(x86_64)0:17.11.7_k4.12.14_95.51-5.6.2(aarch64)0:17.11.7-5.6.2(aarch64)0:17.11.7_k4.12.14_95.51-5.6.2(aarch64|ppc64le|s390x|x86_64)0:3.1.8-2.15.1(aarch64|ppc64le|s390x|x86_64)0:18.0.2-8.3.2(s390x|x86_64)0:18.0.2-8.3.2(aarch64|ppc64le|x86_64)0:1.0.0-8.3.2(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.26.1(aarch64)0:2.11.2-5.26.1(aarch64|x86_64)0:2.11.2-5.26.1(noarch)0:1.0.0+-5.26.1(s390x|x86_64)0:2.11.2-5.26.1(ppc64le)0:2.11.2-5.26.1(s390x)0:2.11.2-5.26.1(noarch)0:1.11.0-5.26.1(noarch)0:8-5.26.1(x86_64)0:2.11.2-5.26.1(aarch64|ppc64le|s390x|x86_64)0:3.20.3-15.6.1(noarch)0:3.20.3-15.6.1(aarch64|ppc64le|s390x|x86_64)0:2.7.17-28.42.1(s390x|x86_64)0:2.7.17-28.42.1(noarch)0:2.7.17-28.42.1(noarch)0:20200207.5feb6c1-3.19.1(noarch)0:0.1-1.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.22-8.9.1(s390x|x86_64)0:0.6.22-8.9.1(aarch64|ppc64le|s390x|x86_64)0:7.4.326-17.6.1(noarch)0:7.4.326-17.6.1(aarch64|ppc64le|s390x|x86_64)0:68.9.0-109.123.1(aarch64|ppc64le|s390x|x86_64)0:2.1.9-19.3.2(aarch64|ppc64le|s390x|x86_64)0:1.7.0.261-43.38.8(aarch64|ppc64le|s390x|x86_64)0:6.2.0dev-22.8.2(x86_64)0:20200602-13.68.1(aarch64|ppc64le|s390x|x86_64)0:0.5.0-12.3.1(x86_64)0:4.12.14-6.43.1(noarch)0:4.12.14-6.43.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.54.1(s390x)0:4.12.14-95.54.1(noarch)0:4.12.14-95.54.1(aarch64|ppc64le|s390x|x86_64)0:1.9-4.4.5(aarch64|ppc64le|s390x|x86_64)0:1.4-103.3.1(aarch64|ppc64le|s390x|x86_64)0:0.3.6-11.7.8(s390x|x86_64)0:0.3.6-11.7.8(x86_64)0:4.11.4_02-2.26.1(aarch64|ppc64le|s390x|x86_64)0:4.6.5-3.3.74(aarch64|ppc64le|s390x|x86_64)0:5.18.2-12.23.1(s390x|x86_64)0:5.18.2-12.23.1(noarch)0:5.18.2-12.23.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.65-38.53.1(x86_64)0:1.7.1_sr4.65-38.53.1(ppc64le|s390x|x86_64)0:1.8.0_sr6.10-30.69.1(x86_64)0:1.8.0_sr6.10-30.69.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.252-27.45.6(aarch64|ppc64le|s390x|x86_64)0:0.2.2-10.3.5(aarch64|ppc64le|s390x|x86_64)0:10.2.32-3.28.2(noarch)0:10.2.32-3.28.2(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.15.2(s390x|x86_64)0:7.60.0-4.15.2(aarch64|ppc64le|s390x|x86_64)0:12.2.13+git.1592168685.85110a3e9d-2.50.1(aarch64|ppc64le|s390x|x86_64)0:1.6.0-22.14.1(noarch)0:9.0.35-3.39.1(noarch)0:3.0.4-5.6.1(noarch)0:2018.4.16-3.6.1(noarch)0:2.20.1-5.2(noarch)0:1.22-3.20.1(aarch64|ppc64le|s390x|x86_64)0:1.10.1-55.11.1(aarch64|ppc64le|s390x|x86_64)0:6.00-33.13.3(aarch64|ppc64le|s390x|x86_64)0:10.0.40.4-2.20.1(s390x|x86_64)0:10.0.40.4-2.20.1(aarch64|i586|ppc64le|s390|s390x|x86_64)0:3.5.21-26.26.1(aarch64|ppc64le|s390x|x86_64)0:4.2.8p15-88.1(aarch64|ppc64le|s390x|x86_64)0:3.2.5e-2.8.2(aarch64|ppc64le|s390x|x86_64)0:228-150.86.3(s390x|x86_64)0:228-150.86.3(noarch)0:228-150.86.3(aarch64|ppc64le|s390x|x86_64)0:20170707-3.24.1(aarch64|ppc64le|s390x|x86_64)0:2.4.41-18.71.2(s390x|x86_64)0:2.4.41-18.71.2(noarch)0:2.4.41-18.71.2(aarch64|ppc64le|s390x|x86_64)0:1.2-18.71.2(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.174.c2fd2e28c84-3.49.1(s390x|x86_64)0:4.6.16+git.174.c2fd2e28c84-3.49.1(noarch)0:4.6.16+git.174.c2fd2e28c84-3.49.1(ppc64le|s390x|x86_64)0:1.8.0_sr6.0-30.60.1(x86_64)0:1.8.0_sr6.0-30.60.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.232-27.38.1(aarch64|ppc64le|s390x|x86_64)0:12.0.2-10.36.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.242-27.41.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.14.1(s390x|x86_64)0:1.0.2p-3.14.1(noarch)0:1.0.2p-3.14.1(aarch64|ppc64le|s390x|x86_64)0:5.6.2-6.22.1(aarch64|ppc64le|s390x|x86_64)0:228-150.82.1(s390x|x86_64)0:228-150.82.1(noarch)0:228-150.82.1(aarch64|ppc64le|s390x|x86_64)0:1.43.8-3.11.1(s390x|x86_64)0:1.43.8-3.11.1(aarch64|ppc64le|s390x|x86_64)0:0.6.60-2.18.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.20.6(aarch64|ppc64le|s390x|x86_64)0:1.8.22-29.17.12(aarch64|ppc64le|s390x|x86_64)0:1.8.22-29.17.7(s390x|x86_64)0:1.8.22-29.17.7(aarch64|ppc64le|s390x|x86_64)0:68.5.0-109.106.1(aarch64|ppc64le|s390x|x86_64)0:9.2.1+r275327-1.3.9(s390x|x86_64)0:9.2.1+r275327-1.3.9(aarch64|ppc64le|x86_64)0:9.2.1+r275327-1.3.9(ppc64le|x86_64)0:9.2.1+r275327-1.3.9(x86_64)0:9.2.1+r275327-1.3.9(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.17.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.141.1(aarch64|ppc64le|s390x|x86_64)0:2.78-18.12.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.60-38.47.1(x86_64)0:1.7.1_sr4.60-38.47.1(aarch64|ppc64le|s390x|x86_64)0:0.6.21-8.6.1(s390x|x86_64)0:0.6.21-8.6.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.4.7-4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.39.2(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.39.3(aarch64|ppc64le|s390x|x86_64)0:10.2.31-3.25.1(noarch)0:10.2.31-3.25.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.55-38.44.1(x86_64)0:1.7.1_sr4.55-38.44.1(aarch64|ppc64le|s390x|x86_64)0:10.0.40.3-2.15.1(s390x|x86_64)0:10.0.40.3-2.15.1(ppc64le|s390x|x86_64)0:1.8.0_sr6.5-30.63.1(x86_64)0:1.8.0_sr6.5-30.63.1(noarch)0:1.2.15-126.3.1(aarch64|ppc64le|s390x|x86_64)0:5.1.2-26.9.4(noarch)0:0.24.0-2.5.1(noarch)0:17.1-2.5.1(x86_64)0:4.12.14-6.37.1(noarch)0:4.12.14-6.37.1(aarch64|ppc64le|s390x|x86_64)0:1.6.8-15.5.2(s390x|x86_64)0:1.6.8-15.5.2(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.48.1(s390x)0:4.12.14-95.48.1(noarch)0:4.12.14-95.48.1(aarch64|ppc64le|s390x|x86_64)0:20170707-3.21.1(aarch64|ppc64le|s390x|x86_64)0:2.40.21-5.9.1(s390x|x86_64)0:2.40.21-5.9.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-24.17.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.251-43.35.1(aarch64|ppc64le|s390x|x86_64)0:1.8.18-5.9.1(noarch)0:9.0.31-3.25.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.20.1(aarch64|ppc64le|s390x|x86_64)0:68.4.1-109.101.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.23.1(noarch)0:2017+git1510945757.b2662641d5-3.23.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-3.11.1(aarch64|ppc64le|s390x|x86_64)0:10.12-1.18.1(s390x|x86_64)0:10.12-1.18.1(noarch)0:10.12-1.18.1(aarch64|ppc64le|s390x|x86_64)0:68.6.0-109.110.1(aarch64|ppc64le|s390x|x86_64)0:16.21.2-2.45.1(aarch64|ppc64le|s390x|x86_64)0:1.11.2-5.11.1(aarch64|ppc64le|s390x|x86_64)0:2.1.4-7.28.2(aarch64|ppc64le|s390x|x86_64)0:0.7.5-6.3.2(aarch64|ppc64le|s390x|x86_64)0:3.4.2-44.8.1(aarch64|ppc64le|s390x|x86_64)0:2.22-100.21.5(s390x|x86_64)0:2.22-100.21.5(noarch)0:2.22-100.21.5(aarch64|ppc64le|s390x|x86_64)0:1.4.39-4.11.2(aarch64|ppc64le|s390x|x86_64)0:1.1.36-58.9.2(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.45.1(aarch64|ppc64le|s390x|x86_64)0:0.23-12.8.1(aarch64|ppc64le|s390x|x86_64)0:3.47.1-58.34.1(s390x|x86_64)0:3.47.1-58.34.1(aarch64|ppc64le|s390x|x86_64)0:4.23-19.12.1(s390x|x86_64)0:4.23-19.12.1(aarch64|ppc64le|s390x|x86_64)0:1.2.50-20.3.2(s390x|x86_64)0:1.2.50-20.3.2(aarch64|ppc64le|s390x|x86_64)0:1.1.28-17.9.1(s390x|x86_64)0:1.1.28-17.9.1(aarch64|ppc64le|s390x|x86_64)0:68.6.1-109.113.1(aarch64|ppc64le|s390x|x86_64)0:3.20.2-7.3.21(noarch)0:3.20.2-7.3.21(aarch64|ppc64le|s390x|x86_64)0:12.2.12+git.1585658687.363df3a813-2.42.4(aarch64|ppc64le|s390x|x86_64)0:3.5.25.3-5.6.10(aarch64|ppc64le|s390x|x86_64)0:68.7.0-109.116.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.20.1(s390x|x86_64)0:1.1.1d-2.20.1(aarch64|ppc64le|s390x|x86_64)0:2.26.0-27.27.1(aarch64|ppc64le|s390x|x86_64)0:10.34-1.3.1(noarch)0:4.38-1.3.1(aarch64|x86_64)0:3.53.1-58.48.1(aarch64|x86_64)0:4.25-19.15.14(aarch64|x86_64)0:78.0.1-112.3.1(aarch64|x86_64)0:78-35.3.1(aarch64|x86_64)0:3.5.21-26.29.1(aarch64|x86_64)0:0.18.1-1.6.2(aarch64|x86_64)0:0.9.0~git.1456906198.f422461-21.27.1(aarch64|x86_64)0:4.6.16+git.186.c6d77b0d5a6-3.52.1(aarch64|x86_64)0:2.28.3-2.56.1(aarch64|x86_64)0:2.02-12.31.1(aarch64)0:2.02-12.31.1(aarch64|x86_64)0:9.52-23.39.1(aarch64|x86_64)0:78.1.0-112.8.1(aarch64|x86_64)0:1.6.2-12.8.1(aarch64|x86_64)0:1.10-4.5.1(aarch64|x86_64)0:4.12.14-95.57.1(aarch64|x86_64)0:0.9.9-17.31.1(aarch64|x86_64)0:1.6.2-12.12.1(aarch64|x86_64)0:3.1.1-13.3.6(aarch64|x86_64)0:2.28.4-2.59.1(aarch64|x86_64)0:2.2.31-19.22.1(aarch64|x86_64)0:2.02-12.39.1(aarch64)0:2.02-12.39.1(aarch64|x86_64)0:1.19.6-4.8.1(aarch64|x86_64)0:1.19.6-4.11.1(aarch64|x86_64)0:2.4.23-29.63.1(aarch64|x86_64)0:3.5.21-26.32.1(aarch64|x86_64)0:1.6.2-12.15.1(aarch64|x86_64)0:78.2.0-112.19.2(aarch64|x86_64)0:4.12.14-95.60.1(aarch64|x86_64)0:0.6.36-2.30.1(aarch64|x86_64)0:1.628-5.3.1(aarch64|x86_64)0:3.4.10-25.52.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.29.1(aarch64|x86_64)0:4.6.16+git.237.40a3f495f75-3.55.1(aarch64|x86_64)0:5.6.2-6.25.1(aarch64|x86_64)0:78.3.0-112.22.1(aarch64|x86_64)0:1.628-5.6.1(aarch64|x86_64)0:1.7.0.271-43.41.1(aarch64|x86_64)0:1.6.0-22.17.1(aarch64|x86_64)0:0.4.13-18.3.1(aarch64|x86_64)0:9.11.22-3.22.1(noarch)0:20180314-4.3.1(aarch64|x86_64)0:2.6.3-7.18.1(aarch64|x86_64)0:4.0.0-8.23.1(aarch64|x86_64)0:78.4.0-112.28.1(aarch64|x86_64)0:0.12.8-15.1(aarch64|x86_64)0:0.33-3.9.1(aarch64|x86_64)0:4.6.16+git.248.c833312e640-3.58.1(aarch64|x86_64)0:1.0.31-4.3.1(aarch64|x86_64)0:1.8.0.272-27.48.1(aarch64)0:2018.03-4.3.1(aarch64|x86_64)0:10.2.1+git583-1.3.5(aarch64|x86_64)0:1.7.0.281-43.44.2(aarch64|x86_64)0:2.4.41-18.77.1(aarch64|x86_64)0:1.2-18.77.1(aarch64|x86_64)0:78.4.1-112.32.1(aarch64|x86_64)0:12.4-3.5.1(aarch64|x86_64)0:10.14-4.4.1(aarch64|x86_64)0:2.0.15-5.3.1(aarch64|x86_64)0:1.12.5-40.40.2(aarch64|x86_64)0:10.15-4.9.1(aarch64|x86_64)0:3.1.11-2.19.1(aarch64|x86_64)0:10.2.36-3.33.1(aarch64|x86_64)0:5.13-5.23.1(aarch64|x86_64)0:4.12.14-95.65.1(aarch64|x86_64)0:78.5.0-112.36.1(aarch64|x86_64)0:0.9.9-17.34.1(aarch64|x86_64)0:1.19.6-4.19.1(aarch64|x86_64)0:3.4.10-25.58.1(aarch64|x86_64)0:3.10.0.1-54.17.2(aarch64|x86_64)0:2.1.4-7.31.1(aarch64|x86_64)0:12.5-3.9.3(aarch64|x86_64)0:1.10.1-55.18.1(aarch64|x86_64)0:1.0.2p-3.30.1(aarch64|x86_64)0:1.1.1d-2.27.1(aarch64|x86_64)0:2.7.17-28.59.1(aarch64|x86_64)0:7.2p2-78.10.1(aarch64|x86_64)0:78.6.0-112.39.1(aarch64|x86_64)0:0.103.0-33.32.1(aarch64|x86_64)0:2.1.26-8.13.1(aarch64|x86_64)0:16.21.2-2.45.1(aarch64|x86_64)0:3.4.5-44.13.1(aarch64|x86_64)0:2.22-114.8.3(aarch64|x86_64)0:1.19.6-4.22.1(aarch64|x86_64)0:0.103.2-33.35.1(aarch64|x86_64)0:2.11.2-5.29.1(aarch64)0:2.11.2-5.29.1(aarch64|x86_64)0:1.8.20p2-3.23.1(aarch64|x86_64)0:78.10.0-112.57.2(aarch64|x86_64)0:2.7.1-13.3.1(aarch64|x86_64)0:3.10.0.1-54.20.1(aarch64|x86_64)0:20170707-3.27.1(aarch64|x86_64)0:1.7.0.291-43.47.3(aarch64|x86_64)0:1.7.5-20.36.1(aarch64|x86_64)0:9.11.22-3.34.1(aarch64|x86_64)0:4.6.16+git.282.cfafed5922a-3.61.1(aarch64|x86_64)0:0.6.32-32.15.1(aarch64|x86_64)0:4.12.14-95.74.1(aarch64|x86_64)0:3.4.10-25.71.1(aarch64|x86_64)0:3.5.25.3-5.9.1(aarch64|x86_64)0:2.28.0-29.6.1(aarch64|x86_64)0:2.9.4-46.43.1(aarch64|x86_64)0:2.78-18.15.1(aarch64|x86_64)0:1.3.0-12.3.1(aarch64|x86_64)0:7.60.0-4.20.1(aarch64|x86_64)0:2.2.31-19.25.1(aarch64|x86_64)0:3.5.25.3-5.12.1(aarch64|x86_64)0:4.3.3-10.22.1(aarch64|x86_64)0:0.4.3-4.7.1(aarch64|x86_64)0:0.113-5.21.1(aarch64|x86_64)0:1.8.3-18.3.5(aarch64|x86_64)0:78.11.0-112.62.1(aarch64|x86_64)0:4.12.14-95.77.1(aarch64|x86_64)0:1.6.2-12.21.1(aarch64|x86_64)0:2.4.0-3.14.1(aarch64|x86_64)0:0.12.8-18.1(aarch64|x86_64)0:0.4.21-8.3.1(aarch64|x86_64)0:2.11.2-5.32.1(aarch64)0:2.11.2-5.32.1(aarch64|x86_64)0:3.0.15-2.20.1(aarch64|x86_64)0:1.8.0.292-27.60.1(aarch64|x86_64)0:6.8.8.1-71.154.1(aarch64|x86_64)0:2.32.1-2.63.3(aarch64|x86_64)0:2.4.23-29.74.1(aarch64|x86_64)0:308-5.3.1(aarch64|x86_64)0:2.7.1-13.6.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.38.1(aarch64|x86_64)0:1.6.1-16.77.1(aarch64|x86_64)0:2.1.0-6.34.1(aarch64|x86_64)0:13.1-3.3.1(aarch64|x86_64)0:2.1a15-159.9.1(aarch64|x86_64)0:0.6.37-2.33.1(aarch64|x86_64)0:16.21.4-2.51.1(aarch64|x86_64)0:1.8.20p2-3.20.1(aarch64|x86_64)0:78.12.0-112.65.1(aarch64|x86_64)0:78.7.0-112.45.1(aarch64|x86_64)0:4.12.14-95.80.1(aarch64|x86_64)0:228-150.98.1(aarch64|x86_64)0:7.60.0-4.25.1(aarch64|x86_64)0:1.4-15.3.1(aarch64|x86_64)0:2.11.2-5.35.1(aarch64)0:2.11.2-5.35.1(aarch64|x86_64)0:1.8.22-29.21.1(aarch64|x86_64)0:2.32.3-2.66.1(aarch64|x86_64)0:1.0.25-36.23.1(aarch64|x86_64)0:3.5.25.3-5.19.2(aarch64|x86_64)0:10.2.39-3.36.1(aarch64|x86_64)0:2.11-36.9.1(aarch64|x86_64)0:1.9.1-9.7.1(aarch64|x86_64)0:78.13.0-112.68.1(aarch64|x86_64)0:6.3.26-13.12.1(aarch64|x86_64)0:2.11-36.12.1(aarch64|x86_64)0:1.8.0.302-27.63.2(aarch64|x86_64)0:2.11-36.15.1(aarch64|x86_64)0:5.3.1-28.6.1(aarch64|x86_64)0:1.0.2p-3.39.3(aarch64|x86_64)0:1.1.1d-2.36.2(aarch64|x86_64)0:5.6.1-4.5.1(aarch64|x86_64)0:0.60.6.1-18.11.1(aarch64|x86_64)0:2.1.0-6.37.1(aarch64|x86_64)0:1.0.6-17.3.1(aarch64|x86_64)0:5.22-10.21.1(aarch64|x86_64)0:2.8.10-4.23.1(aarch64|x86_64)0:1.0.2p-3.42.2(aarch64|x86_64)0:1.1.1d-2.39.2(aarch64|x86_64)0:10.2.40-3.39.1(aarch64|x86_64)0:3.68-58.54.1(aarch64|x86_64)0:4.32-19.18.1(aarch64|x86_64)0:3.2.8a-2.17.1(aarch64|x86_64)0:0.6.0-11.3.1(aarch64|x86_64)0:9.52-23.42.1(aarch64|x86_64)0:0.2.7-12.12.1(aarch64|x86_64)0:91.1.0-112.71.1(aarch64|x86_64)0:91-35.6.6(aarch64|x86_64)0:3.36.0-9.18.1(aarch64|x86_64)0:2.22-114.15.1(aarch64|x86_64)0:2.32.4-2.71.2(aarch64|x86_64)0:2.4.23-29.80.1(aarch64|x86_64)0:7.60.0-4.30.1(aarch64|x86_64)0:3.4.10-25.63.2(aarch64|x86_64)0:3.4.10-25.63.1(aarch64|x86_64)0:91.2.0-112.74.1(aarch64|x86_64)0:5.1.3-26.16.1(aarch64|x86_64)0:10.18-4.19.6(aarch64|x86_64)0:0.13.0-3.19.1(aarch64|x86_64)0:3.2.8b-2.20.1(aarch64|x86_64)0:2.37-9.39.1(aarch64|x86_64)0:2.0.1-13.1(aarch64|x86_64)0:2.11.2-5.40.2(aarch64)0:2.11.2-5.40.2(aarch64|x86_64)0:2.37-9.44.1(aarch64|x86_64)0:8.45-8.7.1(aarch64|x86_64)0:91.3.0-112.80.2(aarch64|x86_64)0:4.6.16+git.307.b3899d08cc6-3.64.2(aarch64|x86_64)0:14.1-3.3.1(aarch64|x86_64)0:10.19-4.22.1(aarch64|x86_64)0:2.32.4-2.74.5(aarch64|x86_64)0:1.8.0.312-27.66.1(aarch64|x86_64)0:1.7.0.321-43.53.2(aarch64|x86_64)0:2.1.9-19.6.1(aarch64|x86_64)0:0.103.4-33.41.1(aarch64|x86_64)0:2.34.1-2.77.1(aarch64|x86_64)0:7.2p2-78.13.1(aarch64|x86_64)0:3.68.1-58.57.1(aarch64|x86_64)0:4.12.14-95.83.2(aarch64|x86_64)0:91.4.0-112.83.1(noarch)0:20180314-4.6.1(aarch64|x86_64)0:2.48.2-6.3.1(aarch64|x86_64)0:1.19.6-4.25.1(aarch64|x86_64)0:1.19.6-4.28.1(aarch64|x86_64)0:4.6.16+git.313.502515a5bfc-3.67.2(aarch64|x86_64)0:4.1-5.9.1(aarch64|x86_64)0:10.2.41-3.44.3(aarch64|x86_64)0:2.7.17-28.64.1(aarch64|x86_64)0:4.12.14-95.68.1(aarch64|x86_64)0:2.6-15.13.1(aarch64|x86_64)0:2.8.10-4.26.1(aarch64|x86_64)0:1.900.14-195.25.1(aarch64|x86_64)0:4.0.4-23.6.1(aarch64|x86_64)0:9.11.22-3.29.1(aarch64|x86_64)0:1.0.3-3.6.1(aarch64|x86_64)0:1.8.0.282-27.56.2(aarch64|x86_64)0:0.7.8.2-12.27.2(aarch64|x86_64)0:2.0.876-12.27.2(aarch64|x86_64)0:78.8.0-112.51.1(aarch64|x86_64)0:2.1.4-7.34.1(aarch64|x86_64)0:2.02-12.47.1(aarch64)0:2.02-12.47.1(aarch64|x86_64)0:2.4.41-18.83.1(aarch64|x86_64)0:1.2-18.83.1(aarch64|x86_64)0:1.0.2p-3.36.1(aarch64|x86_64)0:4.12.14-95.71.1(aarch64|x86_64)0:2.6-15.16.1(aarch64|x86_64)0:1.1.1d-2.30.1(aarch64|x86_64)0:2.26.2-27.43.1(aarch64|x86_64)0:2.7.18-28.67.1(aarch64|x86_64)0:78.6.1-112.42.1(aarch64|x86_64)0:2.48.2-12.22.1(aarch64|x86_64)0:4.60.99-5.9.1(aarch64|x86_64)0:1.39.2-3.5.1(aarch64|x86_64)0:1.1.1d-2.33.1(aarch64|x86_64)0:78.9.0-112.54.1(aarch64|x86_64)0:2.3.8-16.29.1(aarch64|x86_64)0:1.2.11-3.6.1(aarch64|x86_64)0:2.29.2-9.17.1(aarch64|x86_64)0:3.68.3-58.69.1(aarch64|x86_64)0:91.8.0-112.98.1(aarch64|x86_64)0:2.1.0-4.15.1(aarch64|x86_64)0:2.7.18-33.8.1(aarch64|x86_64)0:91.5.0-112.86.1(aarch64|x86_64)0:5.0.5-6.7.1(aarch64|x86_64)0:0.6.22-8.13.1(aarch64|x86_64)0:1.16.1-4.40.1(aarch64)0:1.16.1-4.40.1(aarch64|x86_64)0:4.12.14-95.96.1(aarch64|x86_64)0:1.6-9.6.2(aarch64|x86_64)0:2.78-18.18.1(aarch64|x86_64)0:2.26.2-27.52.1(aarch64|x86_64)0:2.9.4-46.49.1(aarch64|x86_64)0:1.2.15-15.17.1(aarch64|x86_64)0:2.34.3-2.82.1(aarch64|x86_64)0:6.9-13.20.1(aarch64|x86_64)0:0.16-20.15.1(aarch64|x86_64)0:91.9.0-112.104.1(aarch64|x86_64)0:5.0.5-6.12.2(aarch64|x86_64)0:1.6-9.9.1(aarch64|x86_64)0:2.36.0-2.96.1(aarch64|x86_64)0:1.43.8-3.17.1(aarch64|x86_64)0:91.9.0-112.108.4(aarch64|x86_64)0:2.48.2-12.28.1(aarch64|x86_64)0:2.4.41-22.10.1(aarch64|x86_64)0:1.2-22.10.1(aarch64|x86_64)0:2.1.0-21.12.1(aarch64|x86_64)0:10.21-4.28.3(aarch64|x86_64)0:91.9.1-112.111.1(aarch64|x86_64)0:2.9.4-46.54.3(aarch64|x86_64)0:10.34-1.7.1(aarch64|x86_64)0:2.9-15.22.1(aarch64|x86_64)0:14.3-3.9.3(aarch64|x86_64)0:6.8.8.1-71.172.1(aarch64|x86_64)0:0.113-5.24.1(aarch64|x86_64)0:1.2.15-3.6.3(aarch64|x86_64)0:91.10.0-112.114.1(aarch64|x86_64)0:5.1.3-26.20.1(aarch64|x86_64)0:3.68.4-58.72.1(aarch64|x86_64)0:2.02-143.2(aarch64)0:2.02-143.2(aarch64)0:2018.03-4.6.1(aarch64|x86_64)0:4.12.14-95.99.3(aarch64|x86_64)0:4.12.14-95.99.2(aarch64|x86_64)0:2.36.3-2.99.1(aarch64|x86_64)0:2.4.23-29.91.1(aarch64|x86_64)0:1.0.2p-3.53.1(aarch64|x86_64)0:1.3.0-1.15.3(aarch64|x86_64)0:10.2.44-3.50.1(aarch64|x86_64)0:3.4.10-25.93.1(aarch64|x86_64)0:1.0.2p-3.56.1(aarch64|x86_64)0:1.1.1d-2.66.1(aarch64|x86_64)0:2.0.8_k4.12.14_95.99-4.9.1(aarch64|x86_64)0:2.7.18-33.11.1(aarch64|x86_64)0:17.11.7-5.12.1(aarch64)0:17.11.7-5.12.1(aarch64)0:17.11.7_k4.12.14_95.99-5.12.1(aarch64|x86_64)0:91.11.0-112.119.1(aarch64|x86_64)0:1.1.1d-2.69.1(aarch64|x86_64)0:7.2.1-4.14.1(aarch64|x86_64)0:7.2.1_k4.12.14_95.99-4.14.1(aarch64|x86_64)0:8.24.0-3.58.2(aarch64|x86_64)0:8.45-8.12.1(aarch64|x86_64)0:1.19.6-4.31.1(aarch64|x86_64)0:3.5.21-26.35.1(aarch64|x86_64)0:4.12.14-95.102.1(aarch64|x86_64)0:2.36.4-2.102.1(aarch64|x86_64)0:0.29.0-23.8.1(aarch64|x86_64)0:2.0.24-9.11.1(aarch64|x86_64)0:1.8.0.332-27.75.2(aarch64|x86_64)0:3.79-58.75.1(aarch64|x86_64)0:4.34-19.21.1(aarch64|x86_64)0:2.26.2-27.57.1(aarch64|x86_64)0:10.34-1.10.1(aarch64|x86_64)0:4.6.16+git.324.6bba9ddab76-3.73.1(aarch64|x86_64)0:91.12.0-112.124.1(aarch64|x86_64)0:2.2.31-19.29.1(aarch64|x86_64)0:7.1.1-3.8.1(aarch64|x86_64)0:4.6.16+git.320.a2d80a7efef-3.70.1(aarch64)0:2018.03-4.9.1(aarch64|x86_64)0:4.12.14-95.105.1(aarch64|x86_64)0:7.60.0-4.38.1(aarch64|x86_64)0:1.8.0.345-27.78.1(aarch64|x86_64)0:1.2.11-3.9.1(aarch64|x86_64)0:3.1.0-13.19.1(aarch64|x86_64)0:5.13-5.26.1(aarch64|x86_64)0:0.6.11-12.6.45(aarch64|x86_64)0:1.8.3-16.6.2(aarch64|x86_64)0:10.22-4.31.1(aarch64|x86_64)0:2.36.5-2.107.2(aarch64|x86_64)0:5.7.3-6.9.1(aarch64|x86_64)0:0.12.1-4.3.1(aarch64|x86_64)0:91.13.0-112.127.4(aarch64|x86_64)0:5.2.4-9.3.1(aarch64|x86_64)0:2.36.7-2.110.1(aarch64|x86_64)0:0.103.7-33.50.1(aarch64|x86_64)0:2.1.3-3.8.1(aarch64|x86_64)0:14.5-3.14.9(aarch64|x86_64)0:102.2.0-112.130.1(aarch64|x86_64)0:102-35.9.1(aarch64|x86_64)0:4.12.14-95.108.1(aarch64|x86_64)0:1.0.25-36.26.1(aarch64|x86_64)0:3.39.3-9.23.1(aarch64|x86_64)0:102.3.0-112.133.1(aarch64|x86_64)0:2.1.0-21.25.1(aarch64|x86_64)0:1.0.3-3.9.1(aarch64|x86_64)0:2.36.8-2.113.1(aarch64|x86_64)0:9.11.22-3.43.1(aarch64|x86_64)0:3.4.10-25.96.1(aarch64|x86_64)0:3.5.21-26.38.1(aarch64|x86_64)0:2.7.18-33.14.1(aarch64|x86_64)0:2.7.18-33.14.2(aarch64|x86_64)0:0.103.5-33.44.1(aarch64|x86_64)0:4.12.14-95.111.1(aarch64|x86_64)0:4.0.9-44.56.1(aarch64|x86_64)0:1.3.0-24.3.1(aarch64|x86_64)0:4.12.14-95.88.1(aarch64|x86_64)0:0.7.3+177+suse.b16d5dc-2.23.1(aarch64|x86_64)0:2.9.4-46.59.2(aarch64|x86_64)0:2.9.4-46.59.3(aarch64|x86_64)0:5.13-5.31.1(aarch64|x86_64)0:102.4.0-112.136.3(aarch64|x86_64)0:1.2-167.10.1(aarch64|x86_64)0:1.3.0-1.21.1(aarch64|x86_64)0:7.60.0-4.43.1(aarch64|x86_64)0:1.0.1-17.24.1(aarch64|x86_64)0:2.1.0-4.18.2(aarch64|x86_64)0:1.8.22-29.24.1(aarch64|x86_64)0:4.9-3.13.1(aarch64|x86_64)0:1.19.6-4.34.1(aarch64|x86_64)0:2.1.0-21.28.1(aarch64|x86_64)0:2.22-114.22.1(aarch64|x86_64)0:4.0.0-8.26.1(aarch64|x86_64)0:1.8.20p2-3.33.1(aarch64|x86_64)0:102.5.0-112.139.1(aarch64|x86_64)0:4.0.9-44.59.1(aarch64|x86_64)0:0.34.0-8.3.1(aarch64|x86_64)0:3.4.10-25.102.2(aarch64|x86_64)0:0.23-12.18.1(aarch64|x86_64)0:1.35.0-4.3.1(aarch64|x86_64)0:2.7.18-33.17.1(aarch64|x86_64)0:2.39-9.50.1(aarch64|x86_64)0:2.38.2-2.120.1(aarch64|x86_64)0:2.02-153.1(aarch64)0:2.02-153.1(aarch64|x86_64)0:24.3-25.9.1(aarch64|x86_64)0:1.12.5-40.43.1(aarch64|x86_64)0:1.8.0.352-27.81.1(aarch64|x86_64)0:2.22-114.19.1(aarch64|x86_64)0:102.6.0-112.142.1(aarch64|x86_64)0:4.0.12-4.21.1(aarch64|x86_64)0:1.19.6-4.39.1(aarch64|x86_64)0:4.12.14-95.114.1(aarch64|x86_64)0:9.0.0814-17.9.1(aarch64|x86_64)0:0.5.0-12.9.1(aarch64|x86_64)0:2.1.0-21.15.1(aarch64|x86_64)0:4.0.9-44.45.1(aarch64|x86_64)0:4.9.2-14.20.1(aarch64|x86_64)0:91.6.0-112.89.1(aarch64|x86_64)0:2.4.23-29.83.1(aarch64|x86_64)0:2.34.5-2.85.3(aarch64|x86_64)0:2.1.26-14.5.1(aarch64|x86_64)0:2.1.0-21.18.1(aarch64|x86_64)0:5.0.5-6.19.1(aarch64|x86_64)0:4.12.14-95.93.1(aarch64|x86_64)0:91.6.1-112.92.1(aarch64|x86_64)0:10.2.43-3.47.1(aarch64|x86_64)0:5.3.1-14.5.1(aarch64|x86_64)0:2.34.6-2.88.1(aarch64|x86_64)0:0.99.beta18-14.6.1(aarch64|x86_64)0:91.7.0-112.95.1(aarch64|x86_64)0:2.1.0-21.22.1(aarch64|x86_64)0:1.0.2p-3.48.1(aarch64|x86_64)0:1.1.1d-2.61.1(aarch64|x86_64)0:1.8.0.322-27.72.2(aarch64|x86_64)0:9.11.22-3.40.1(aarch64|x86_64)0:2.4.23-29.88.1(aarch64|x86_64)0:1.8.20p2-3.36.1(aarch64|x86_64)0:2.26.2-27.63.2(aarch64|x86_64)0:102.7.0-112.145.1(aarch64|x86_64)0:3.79.3-58.91.1(aarch64|x86_64)0:3.0.15-2.23.1(aarch64|x86_64)0:4.6.16+git.384.9fec958bed-3.76.1(aarch64|x86_64)0:17.11.7-5.14.1(aarch64)0:17.11.7-5.14.1(aarch64)0:17.11.7_k4.12.14_95.117-5.14.1(aarch64|x86_64)0:3.5.11-6.7.1(aarch64|x86_64)0:5.13-5.36.1(aarch64|x86_64)0:1.19.6-4.48.1(aarch64|x86_64)0:2.38.5-2.131.4(aarch64|x86_64)0:1.8.20p2-3.39.1(aarch64|x86_64)0:1.0.2p-3.69.1(aarch64|x86_64)0:1.1.1d-2.78.1(aarch64|x86_64)0:228-150.108.2(aarch64|x86_64)0:1.1.1d-2.81.1(aarch64|x86_64)0:9.52-23.51.1(aarch64|x86_64)0:102.10.0-112.156.1(aarch64|x86_64)0:1.4.5-8.3.1(aarch64|x86_64)0:2.6.4-6.14.2(aarch64|x86_64)0:2.6.4-6.14.3(aarch64|x86_64)0:2.6.4-6.16.1(aarch64|x86_64)0:2.4.23-29.94.1(aarch64|x86_64)0:2.4.0-7.9.1(aarch64|x86_64)0:1.0.2p-3.72.1(aarch64|x86_64)0:2017+git1510945757.b2662641d5-3.41.2(aarch64|x86_64)0:4.0.9-44.65.1(aarch64|x86_64)0:1.16.1-4.43.1(aarch64)0:1.16.1-4.43.1(aarch64|x86_64)0:3.0-10.6.1(aarch64|x86_64)0:2.38.6-2.136.1(aarch64|x86_64)0:2.26.2-27.69.1(aarch64|x86_64)0:4.2.1-27.22.1(aarch64|x86_64)0:9.0.1234-17.12.1(aarch64|x86_64)0:102.11.0-112.159.1(aarch64|x86_64)0:1.5.0-1.24.4(aarch64|x86_64)0:15.3-3.9.1(aarch64|x86_64)0:7.60.0-4.56.1(aarch64|x86_64)0:4.12.14-95.125.1(aarch64|x86_64)0:1.8.0.372-27.87.1(aarch64|x86_64)0:5.8-8.3.1(aarch64|x86_64)0:1.1.1d-2.84.1(aarch64|x86_64)0:1.0.2p-3.75.1(aarch64|x86_64)0:1.7.5-20.39.1(aarch64|x86_64)0:2.8.10-4.33.1(aarch64|x86_64)0:102.12.0-112.162.1(aarch64|x86_64)0:1.9.1-9.12.1(aarch64|x86_64)0:1.6.2-12.30.1(aarch64|x86_64)0:4.12.14-95.128.1(aarch64|x86_64)0:0.4.3-4.10.1(aarch64|x86_64)0:5.13-5.39.1(aarch64|x86_64)0:2.38.6-2.139.1(aarch64|x86_64)0:1.1.1d-2.89.1(aarch64|x86_64)0:1.0.2p-3.78.1(aarch64|x86_64)0:2.7.18-33.20.2(aarch64|x86_64)0:3.39.3-9.26.1(aarch64|x86_64)0:9.11.22-3.46.4(aarch64|x86_64)0:14.337.5-3.3.1(aarch64|x86_64)0:5.6.2-6.33.1(aarch64|x86_64)0:1.19.6-4.42.1(aarch64|x86_64)0:9.52-23.54.1(aarch64|x86_64)0:115.0-112.165.1(aarch64|x86_64)0:115-35.12.2(aarch64|x86_64)0:5.18.2-12.26.1(aarch64|x86_64)0:4.6.16+git.393.97432483687-3.81.1(aarch64|x86_64)0:115.0.2-112.170.2(aarch64|x86_64)0:0.6.1-7.5.1(aarch64|x86_64)0:1.0.2p-3.64.1(aarch64|x86_64)0:1.1.1d-2.75.1(aarch64|x86_64)0:1.3.0-24.6.1(aarch64|x86_64)0:10.2.44-3.53.1(aarch64|x86_64)0:2.8.0-7.6.1(aarch64|x86_64)0:5.3.1-14.7.3(aarch64|x86_64)0:1.5.3-8.7.1(aarch64|x86_64)0:0.9.0~git.1456906198.f422461-21.30.2(aarch64|x86_64)0:2.28.1-6.5.23(aarch64|x86_64)0:1.2.37-8.6.21(aarch64|x86_64)0:1.7.5-20.46.1(aarch64|x86_64)0:15.2-3.6.1(aarch64|x86_64)0:4.12.14-95.117.1(aarch64|x86_64)0:6.8.8.1-71.183.1(aarch64|x86_64)0:2.26.2-27.66.1(aarch64|x86_64)0:1.8.0.362-27.84.1(aarch64|x86_64)0:0.103.8-33.53.1(aarch64|x86_64)0:102.8.0-112.150.1(aarch64|x86_64)0:3.79.4-58.94.1(aarch64|x86_64)0:0.43.0-16.22.1(aarch64|x86_64)0:1.1.28-17.15.1(aarch64|x86_64)0:308-5.9.1(aarch64|x86_64)0:2.15-6.3.1(aarch64|x86_64)0:24.3-25.12.1(aarch64|x86_64)0:2.38.3-2.123.1(aarch64|x86_64)0:1.19.6-4.45.1(aarch64|x86_64)0:3.4.10-25.108.1(aarch64|x86_64)0:9.0.1386-17.15.4(aarch64|x86_64)0:102.9.0-112.153.1(aarch64|x86_64)0:2.4.23-29.97.1(aarch64|x86_64)0:4.12.14-95.120.4(aarch64|x86_64)0:2.0.8_k4.12.14_95.117-4.11.1(aarch64|x86_64)0:2.02-158.1(aarch64)0:2.02-158.1(aarch64|ppc64le|s390x|x86_64)0:3.53.1-58.48.1(s390x|x86_64)0:3.53.1-58.48.1(aarch64|ppc64le|s390x|x86_64)0:4.25-19.15.1(s390x|x86_64)0:4.25-19.15.1(aarch64|ppc64le|s390x|x86_64)0:78.0.1-112.3.1(aarch64|ppc64le|s390x|x86_64)0:78-35.3.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.29.1(aarch64|ppc64le|s390x|x86_64)0:0.18.1-1.6.2(aarch64|ppc64le|s390x|x86_64)0:0.9.0~git.1456906198.f422461-21.27.1(ppc64le|s390x|x86_64)0:2.1.17-3.23.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.186.c6d77b0d5a6-3.52.1(s390x|x86_64)0:4.6.16+git.186.c6d77b0d5a6-3.52.1(aarch64|ppc64le|s390x|x86_64)0:2.28.3-2.56.1(aarch64|ppc64le|s390x|x86_64)0:2.02-12.31.1(ppc64le)0:2.02-12.31.1(s390x)0:2.02-12.31.1(aarch64|ppc64le|s390x|x86_64)0:9.52-23.39.1(aarch64|ppc64le|s390x|x86_64)0:78.1.0-112.8.1(aarch64|ppc64le|s390x|x86_64)0:1.6.2-12.8.1(s390x|x86_64)0:1.6.2-12.8.1(aarch64|ppc64le|s390x|x86_64)0:1.10-4.5.1(s390x|x86_64)0:1.10-4.5.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.57.1(s390x)0:4.12.14-95.57.1(aarch64|ppc64le|s390x|x86_64)0:0.9.9-17.31.1(aarch64|ppc64le|s390x|x86_64)0:1.6.2-12.12.1(s390x|x86_64)0:1.6.2-12.12.1(aarch64|ppc64le|s390x|x86_64)0:3.1.1-13.3.6(s390x|x86_64)0:3.1.1-13.3.6(aarch64|ppc64le|s390x|x86_64)0:2.28.4-2.59.1(aarch64|ppc64le|s390x|x86_64)0:2.2.31-19.22.1(aarch64|ppc64le|s390x|x86_64)0:2.02-12.39.1(ppc64le)0:2.02-12.39.1(s390x)0:2.02-12.39.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.11.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.63.1(ppc64le|s390x|x86_64)0:1.8.0_sr6.15-30.72.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.32.1(aarch64|ppc64le|s390x|x86_64)0:1.6.2-12.15.1(s390x|x86_64)0:1.6.2-12.15.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.70-38.56.1(aarch64|ppc64le|s390x|x86_64)0:78.2.0-112.19.2(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.60.1(s390x)0:4.12.14-95.60.1(aarch64|ppc64le|s390x|x86_64)0:0.6.36-2.30.1(aarch64|ppc64le|s390x|x86_64)0:1.628-5.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.52.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.237.40a3f495f75-3.55.1(s390x|x86_64)0:4.6.16+git.237.40a3f495f75-3.55.1(aarch64|ppc64le|s390x|x86_64)0:5.6.2-6.25.1(aarch64|ppc64le|s390x|x86_64)0:78.3.0-112.22.1(aarch64|ppc64le|s390x|x86_64)0:1.628-5.6.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.271-43.41.1(aarch64|ppc64le|s390x|x86_64)0:1.6.0-22.17.1(aarch64|ppc64le|s390x|x86_64)0:0.4.13-18.3.1(s390x|x86_64)0:0.4.13-18.3.1(aarch64|ppc64le|s390x|x86_64)0:9.11.22-3.22.1(s390x|x86_64)0:9.11.22-3.22.1(aarch64|ppc64le|s390x|x86_64)0:2.6.3-7.18.1(s390x|x86_64)0:2.6.3-7.18.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-8.23.1(aarch64|ppc64le|s390x|x86_64)0:78.4.0-112.28.1(aarch64|ppc64le|s390x|x86_64)0:0.12.8-15.1(aarch64|ppc64le|s390x|x86_64)0:0.33-3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.248.c833312e640-3.58.1(s390x|x86_64)0:4.6.16+git.248.c833312e640-3.58.1(aarch64|ppc64le|s390x|x86_64)0:1.0.31-4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.272-27.48.1(aarch64|ppc64le|s390x|x86_64)0:10.2.1+git583-1.3.5(s390x|x86_64)0:10.2.1+git583-1.3.5(aarch64|ppc64le|x86_64)0:10.2.1+git583-1.3.5(ppc64le|x86_64)0:10.2.1+git583-1.3.5(aarch64|ppc64le|s390x|x86_64)0:1.7.0.281-43.44.2(aarch64|ppc64le|s390x|x86_64)0:2.4.41-18.77.1(s390x|x86_64)0:2.4.41-18.77.1(aarch64|ppc64le|s390x|x86_64)0:1.2-18.77.1(aarch64|ppc64le|s390x|x86_64)0:78.4.1-112.32.1(aarch64|ppc64le|s390x|x86_64)0:12.4-3.5.1(s390x|x86_64)0:12.4-3.5.1(aarch64|ppc64le|s390x|x86_64)0:10.14-4.4.1(aarch64|ppc64le|s390x|x86_64)0:2.0.15-5.3.1(aarch64|ppc64le|s390x|x86_64)0:1.12.5-40.40.2(s390x|x86_64)0:1.12.5-40.40.2(aarch64|ppc64le|s390x|x86_64)0:10.15-4.9.1(aarch64|ppc64le|s390x|x86_64)0:3.1.11-2.19.1(aarch64|ppc64le|s390x|x86_64)0:10.2.36-3.33.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.23.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.65.1(s390x)0:4.12.14-95.65.1(aarch64|ppc64le|s390x|x86_64)0:78.5.0-112.36.1(aarch64|ppc64le|s390x|x86_64)0:0.9.9-17.34.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.19.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.58.1(aarch64|ppc64le|s390x|x86_64)0:3.10.0.1-54.17.2(aarch64|ppc64le|s390x|x86_64)0:2.1.4-7.31.1(aarch64|ppc64le|s390x|x86_64)0:12.5-3.9.3(s390x|x86_64)0:12.5-3.9.3(aarch64|ppc64le|s390x|x86_64)0:1.10.1-55.18.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.30.1(s390x|x86_64)0:1.0.2p-3.30.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.27.1(s390x|x86_64)0:1.1.1d-2.27.1(aarch64|ppc64le|s390x|x86_64)0:2.7.17-28.59.1(s390x|x86_64)0:2.7.17-28.59.1(aarch64|ppc64le|s390x|x86_64)0:7.2p2-78.10.1(aarch64|ppc64le|s390x|x86_64)0:78.6.0-112.39.1(aarch64|ppc64le|s390x|x86_64)0:0.103.0-33.32.1(aarch64|ppc64le|s390x|x86_64)0:2.1.26-8.13.1(s390x|x86_64)0:2.1.26-8.13.1(aarch64|ppc64le|s390x|x86_64)0:3.4.5-44.13.1(aarch64|ppc64le|s390x|x86_64)0:2.22-114.8.3(s390x|x86_64)0:2.22-114.8.3(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.22.1(aarch64|ppc64le|s390x|x86_64)0:0.103.2-33.35.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.29.1(s390x|x86_64)0:2.11.2-5.29.1(ppc64le)0:2.11.2-5.29.1(s390x)0:2.11.2-5.29.1(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.23.1(aarch64|ppc64le|s390x|x86_64)0:78.10.0-112.57.2(aarch64|ppc64le|s390x|x86_64)0:2.7.1-13.3.1(s390x|x86_64)0:2.7.1-13.3.1(aarch64|ppc64le|s390x|x86_64)0:3.10.0.1-54.20.1(aarch64|ppc64le|s390x|x86_64)0:20170707-3.27.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.291-43.47.3(aarch64|ppc64le|s390x|x86_64)0:1.7.5-20.36.1(s390x|x86_64)0:1.7.5-20.36.1(aarch64|ppc64le|s390x|x86_64)0:9.11.22-3.34.1(s390x|x86_64)0:9.11.22-3.34.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.282.cfafed5922a-3.61.1(s390x|x86_64)0:4.6.16+git.282.cfafed5922a-3.61.1(aarch64|ppc64le|s390x|x86_64)0:0.6.32-32.15.1(s390x|x86_64)0:0.6.32-32.15.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.74.1(s390x)0:4.12.14-95.74.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.71.1(aarch64|ppc64le|s390x|x86_64)0:3.5.25.3-5.9.1(aarch64|ppc64le|s390x|x86_64)0:2.28.0-29.6.1(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.43.1(s390x|x86_64)0:2.9.4-46.43.1(aarch64|ppc64le|s390x|x86_64)0:2.78-18.15.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-12.3.1(s390x|x86_64)0:1.3.0-12.3.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.20.1(s390x|x86_64)0:7.60.0-4.20.1(aarch64|ppc64le|s390x|x86_64)0:2.2.31-19.25.1(aarch64|ppc64le|s390x|x86_64)0:3.5.25.3-5.12.1(aarch64|ppc64le|s390x|x86_64)0:4.3.3-10.22.1(aarch64|ppc64le|s390x|x86_64)0:0.4.3-4.7.1(s390x|x86_64)0:0.4.3-4.7.1(aarch64|ppc64le|s390x|x86_64)0:0.113-5.21.1(aarch64|ppc64le|s390x|x86_64)0:1.8.3-18.3.5(aarch64|ppc64le|s390x|x86_64)0:78.11.0-112.62.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.77.1(s390x)0:4.12.14-95.77.1(aarch64|ppc64le|s390x|x86_64)0:1.6.2-12.21.1(s390x|x86_64)0:1.6.2-12.21.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.75-38.59.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-3.14.1(aarch64|ppc64le|s390x|x86_64)0:0.12.8-18.1(aarch64|ppc64le|s390x|x86_64)0:0.4.21-8.3.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.32.1(s390x|x86_64)0:2.11.2-5.32.1(ppc64le)0:2.11.2-5.32.1(s390x)0:2.11.2-5.32.1(aarch64|ppc64le|s390x|x86_64)0:3.0.15-2.20.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.292-27.60.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.154.1(aarch64|ppc64le|s390x|x86_64)0:2.32.1-2.63.3(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.74.1(aarch64|ppc64le|s390x|x86_64)0:308-5.3.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-13.6.1(s390x|x86_64)0:2.7.1-13.6.1(aarch64|ppc64le|s390x|x86_64)0:1.6.1-16.77.1(s390x|x86_64)0:1.6.1-16.77.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-6.34.1(aarch64|ppc64le|s390x|x86_64)0:13.1-3.3.1(s390x|x86_64)0:13.1-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.1a15-159.9.1(aarch64|ppc64le|s390x|x86_64)0:0.6.37-2.33.1(aarch64|ppc64le|s390x|x86_64)0:16.21.4-2.51.1(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.20.1(aarch64|ppc64le|s390x|x86_64)0:78.12.0-112.65.1(aarch64|ppc64le|s390x|x86_64)0:78.7.0-112.45.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.80.1(s390x)0:4.12.14-95.80.1(aarch64|ppc64le|s390x|x86_64)0:228-150.98.1(s390x|x86_64)0:228-150.98.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.25.1(s390x|x86_64)0:7.60.0-4.25.1(aarch64|ppc64le|s390x|x86_64)0:1.4-15.3.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.35.1(s390x|x86_64)0:2.11.2-5.35.1(ppc64le)0:2.11.2-5.35.1(s390x)0:2.11.2-5.35.1(aarch64|ppc64le|s390x|x86_64)0:1.8.22-29.21.1(s390x|x86_64)0:1.8.22-29.21.1(aarch64|ppc64le|s390x|x86_64)0:2.32.3-2.66.1(aarch64|ppc64le|s390x|x86_64)0:1.0.25-36.23.1(s390x|x86_64)0:1.0.25-36.23.1(aarch64|ppc64le|s390x|x86_64)0:3.5.25.3-5.19.2(aarch64|ppc64le|s390x|x86_64)0:10.2.39-3.36.1(aarch64|ppc64le|s390x|x86_64)0:2.11-36.9.1(aarch64|ppc64le|s390x|x86_64)0:1.9.1-9.7.1(aarch64|ppc64le|s390x|x86_64)0:78.13.0-112.68.1(aarch64|ppc64le|s390x|x86_64)0:6.3.26-13.12.1(aarch64|ppc64le|s390x|x86_64)0:2.11-36.12.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.302-27.63.2(aarch64|ppc64le|s390x|x86_64)0:2.11-36.15.1(aarch64|ppc64le|s390x|x86_64)0:5.3.1-28.6.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.39.3(s390x|x86_64)0:1.0.2p-3.39.3(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.36.2(s390x|x86_64)0:1.1.1d-2.36.2(aarch64|ppc64le|s390x|x86_64)0:5.6.1-4.5.1(aarch64|ppc64le|s390x|x86_64)0:0.60.6.1-18.11.1(s390x|x86_64)0:0.60.6.1-18.11.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-6.37.1(aarch64|ppc64le|s390x|x86_64)0:1.0.6-17.3.1(aarch64|ppc64le|s390x|x86_64)0:5.22-10.21.1(s390x|x86_64)0:5.22-10.21.1(aarch64|ppc64le|s390x|x86_64)0:2.8.10-4.23.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.42.2(s390x|x86_64)0:1.0.2p-3.42.2(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.39.2(s390x|x86_64)0:1.1.1d-2.39.2(aarch64|ppc64le|s390x|x86_64)0:10.2.40-3.39.1(aarch64|ppc64le|s390x|x86_64)0:3.68-58.54.1(s390x|x86_64)0:3.68-58.54.1(aarch64|ppc64le|s390x|x86_64)0:4.32-19.18.1(s390x|x86_64)0:4.32-19.18.1(aarch64|ppc64le|s390x|x86_64)0:3.2.8a-2.17.1(aarch64|ppc64le|s390x|x86_64)0:0.6.0-11.3.1(aarch64|ppc64le|s390x|x86_64)0:9.52-23.42.1(aarch64|ppc64le|s390x|x86_64)0:0.2.7-12.12.1(aarch64|ppc64le|s390x|x86_64)0:91.1.0-112.71.1(aarch64|ppc64le|s390x|x86_64)0:91-35.6.6(ppc64le|s390x|x86_64)0:1.8.0_sr6.20-30.78.1(aarch64|ppc64le|s390x|x86_64)0:3.36.0-9.18.1(s390x|x86_64)0:3.36.0-9.18.1(aarch64|ppc64le|s390x|x86_64)0:2.22-114.15.1(s390x|x86_64)0:2.22-114.15.1(aarch64|ppc64le|s390x|x86_64)0:2.32.4-2.71.2(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.80.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.30.1(s390x|x86_64)0:7.60.0-4.30.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.63.2(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.63.1(aarch64|ppc64le|s390x|x86_64)0:91.2.0-112.74.1(aarch64|ppc64le|s390x|x86_64)0:5.1.3-26.16.1(aarch64|ppc64le|s390x|x86_64)0:10.18-4.19.6(aarch64|ppc64le|s390x|x86_64)0:0.13.0-3.19.1(aarch64|ppc64le|s390x|x86_64)0:3.2.8b-2.20.1(aarch64|ppc64le|s390x|x86_64)0:2.37-9.39.1(aarch64|ppc64le|s390x|x86_64)0:2.0.1-13.1(aarch64|ppc64le|s390x|x86_64)0:2.11.2-5.40.2(s390x|x86_64)0:2.11.2-5.40.2(ppc64le)0:2.11.2-5.40.2(s390x)0:2.11.2-5.40.2(aarch64|ppc64le|s390x|x86_64)0:2.37-9.44.1(aarch64|ppc64le|s390x|x86_64)0:8.45-8.7.1(s390x|x86_64)0:8.45-8.7.1(aarch64|ppc64le|s390x|x86_64)0:91.3.0-112.80.2(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.307.b3899d08cc6-3.64.2(s390x|x86_64)0:4.6.16+git.307.b3899d08cc6-3.64.2(aarch64|ppc64le|s390x|x86_64)0:14.1-3.3.1(s390x|x86_64)0:14.1-3.3.1(aarch64|ppc64le|s390x|x86_64)0:10.19-4.22.1(aarch64|ppc64le|s390x|x86_64)0:2.32.4-2.74.5(aarch64|ppc64le|s390x|x86_64)0:1.8.0.312-27.66.1(aarch64|ppc64le|s390x|x86_64)0:1.7.0.321-43.53.2(aarch64|ppc64le|s390x|x86_64)0:2.1.9-19.6.1(aarch64|ppc64le|s390x|x86_64)0:0.103.4-33.41.1(aarch64|ppc64le|s390x|x86_64)0:2.34.1-2.77.1(aarch64|ppc64le|s390x|x86_64)0:7.2p2-78.13.1(aarch64|ppc64le|s390x|x86_64)0:3.68.1-58.57.1(s390x|x86_64)0:3.68.1-58.57.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.83.2(s390x)0:4.12.14-95.83.2(aarch64|ppc64le|s390x|x86_64)0:91.4.0-112.83.1(aarch64|ppc64le|s390x|x86_64)0:2.48.2-6.3.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.25.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.28.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.313.502515a5bfc-3.67.2(s390x|x86_64)0:4.6.16+git.313.502515a5bfc-3.67.2(aarch64|ppc64le|s390x|x86_64)0:4.1-5.9.1(aarch64|ppc64le|s390x|x86_64)0:10.2.41-3.44.3(aarch64|ppc64le|s390x|x86_64)0:2.7.17-28.64.1(s390x|x86_64)0:2.7.17-28.64.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.68.1(s390x)0:4.12.14-95.68.1(aarch64|ppc64le|s390x|x86_64)0:2.6-15.13.1(aarch64|ppc64le|s390x|x86_64)0:2.8.10-4.26.1(aarch64|ppc64le|s390x|x86_64)0:1.900.14-195.25.1(s390x|x86_64)0:1.900.14-195.25.1(aarch64|ppc64le|s390x|x86_64)0:4.0.4-23.6.1(aarch64|ppc64le|s390x|x86_64)0:9.11.22-3.29.1(s390x|x86_64)0:9.11.22-3.29.1(ppc64le|s390x|x86_64)0:1.7.1_sr4.80-38.62.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.282-27.56.2(ppc64le|s390x|x86_64)0:1.8.0_sr6.25-30.81.1(aarch64|ppc64le|s390x|x86_64)0:0.7.8.2-12.27.2(aarch64|ppc64le|s390x|x86_64)0:2.0.876-12.27.2(aarch64|ppc64le|s390x|x86_64)0:78.8.0-112.51.1(aarch64|ppc64le|s390x|x86_64)0:2.1.4-7.34.1(aarch64|ppc64le|s390x|x86_64)0:2.02-12.47.1(ppc64le)0:2.02-12.47.1(s390x)0:2.02-12.47.1(aarch64|ppc64le|s390x|x86_64)0:2.4.41-18.83.1(s390x|x86_64)0:2.4.41-18.83.1(aarch64|ppc64le|s390x|x86_64)0:1.2-18.83.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.36.1(s390x|x86_64)0:1.0.2p-3.36.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.71.1(s390x)0:4.12.14-95.71.1(aarch64|ppc64le|s390x|x86_64)0:2.6-15.16.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.30.1(s390x|x86_64)0:1.1.1d-2.30.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.43.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-28.67.1(s390x|x86_64)0:2.7.18-28.67.1(aarch64|ppc64le|s390x|x86_64)0:78.6.1-112.42.1(aarch64|ppc64le|s390x|x86_64)0:2.48.2-12.22.1(s390x|x86_64)0:2.48.2-12.22.1(aarch64|ppc64le|s390x|x86_64)0:4.60.99-5.9.1(aarch64|ppc64le|s390x|x86_64)0:1.39.2-3.5.1(s390x|x86_64)0:1.39.2-3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.33.1(s390x|x86_64)0:1.1.1d-2.33.1(aarch64|ppc64le|s390x|x86_64)0:78.9.0-112.54.1(aarch64|ppc64le|s390x|x86_64)0:2.3.8-16.29.1(ppc64le|s390x|x86_64)0:1.7.1_sr5.5-38.68.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.5-30.87.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-3.6.1(s390x|x86_64)0:1.2.11-3.6.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.0-30.84.1(aarch64|ppc64le|s390x|x86_64)0:2.29.2-9.17.1(s390x|x86_64)0:2.29.2-9.17.1(aarch64|ppc64le|s390x|x86_64)0:3.68.3-58.69.1(s390x|x86_64)0:3.68.3-58.69.1(aarch64|ppc64le|s390x|x86_64)0:91.8.0-112.98.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-4.15.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-33.8.1(s390x|x86_64)0:2.7.18-33.8.1(aarch64|ppc64le|s390x|x86_64)0:91.5.0-112.86.1(aarch64|ppc64le|s390x|x86_64)0:5.0.5-6.7.1(s390x|x86_64)0:5.0.5-6.7.1(aarch64|ppc64le|s390x|x86_64)0:0.6.22-8.13.1(s390x|x86_64)0:0.6.22-8.13.1(aarch64|ppc64le|s390x|x86_64)0:1.16.1-4.40.1(s390x)0:1.16.1-4.40.1(s390x|x86_64)0:1.16.1-4.40.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.96.1(s390x)0:4.12.14-95.96.1(aarch64|ppc64le|s390x|x86_64)0:1.6-9.6.2(aarch64|ppc64le|s390x|x86_64)0:2.78-18.18.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.52.1(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.49.1(s390x|x86_64)0:2.9.4-46.49.1(aarch64|ppc64le|s390x|x86_64)0:1.2.15-15.17.1(s390x|x86_64)0:1.2.15-15.17.1(aarch64|ppc64le|s390x|x86_64)0:2.34.3-2.82.1(aarch64|ppc64le|s390x|x86_64)0:6.9-13.20.1(aarch64|ppc64le|s390x|x86_64)0:0.16-20.15.1(aarch64|ppc64le|s390x|x86_64)0:91.9.0-112.104.1(aarch64|ppc64le|s390x|x86_64)0:5.0.5-6.12.2(ppc64le|s390x|x86_64)0:1.7.1_sr5.0-38.65.1(aarch64|ppc64le|s390x|x86_64)0:1.6-9.9.1(aarch64|ppc64le|s390x|x86_64)0:2.36.0-2.96.1(aarch64|ppc64le|s390x|x86_64)0:1.43.8-3.17.1(s390x|x86_64)0:1.43.8-3.17.1(aarch64|ppc64le|s390x|x86_64)0:91.9.0-112.108.4(aarch64|ppc64le|s390x|x86_64)0:2.48.2-12.28.1(s390x|x86_64)0:2.48.2-12.28.1(aarch64|ppc64le|s390x|x86_64)0:2.4.41-22.10.1(s390x|x86_64)0:2.4.41-22.10.1(aarch64|ppc64le|s390x|x86_64)0:1.2-22.10.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.12.1(s390x|x86_64)0:2.1.0-21.12.1(aarch64|ppc64le|s390x|x86_64)0:10.21-4.28.3(aarch64|ppc64le|s390x|x86_64)0:91.9.1-112.111.1(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.54.3(s390x|x86_64)0:2.9.4-46.54.3(aarch64|ppc64le|s390x|x86_64)0:10.34-1.7.1(aarch64|ppc64le|s390x|x86_64)0:2.9-15.22.1(aarch64|ppc64le|s390x|x86_64)0:14.3-3.9.3(s390x|x86_64)0:14.3-3.9.3(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.172.1(ppc64le|s390x|x86_64)0:2.1.17-3.26.1(aarch64|ppc64le|s390x|x86_64)0:0.113-5.24.1(aarch64|ppc64le|s390x|x86_64)0:1.2.15-3.6.3(aarch64|ppc64le|s390x|x86_64)0:91.10.0-112.114.1(aarch64|ppc64le|s390x|x86_64)0:5.1.3-26.20.1(aarch64|ppc64le|s390x|x86_64)0:3.68.4-58.72.1(s390x|x86_64)0:3.68.4-58.72.1(aarch64|ppc64le|s390x|x86_64)0:2.02-143.2(ppc64le)0:2.02-143.2(s390x)0:2.02-143.2(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.99.3(s390x)0:4.12.14-95.99.3(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.99.2(aarch64|ppc64le|s390x|x86_64)0:2.36.3-2.99.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.91.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.53.1(s390x|x86_64)0:1.0.2p-3.53.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-1.15.3(aarch64|ppc64le|s390x|x86_64)0:10.2.44-3.50.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.93.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.56.1(s390x|x86_64)0:1.0.2p-3.56.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.66.1(s390x|x86_64)0:1.1.1d-2.66.1(aarch64|ppc64le|s390x|x86_64)0:2.0.8_k4.12.14_95.99-4.9.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-33.11.1(s390x|x86_64)0:2.7.18-33.11.1(aarch64|ppc64le|x86_64)0:17.11.7-5.12.1(aarch64|ppc64le|s390x|x86_64)0:91.11.0-112.119.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.69.1(s390x|x86_64)0:1.1.1d-2.69.1(aarch64|ppc64le|s390x|x86_64)0:7.2.1-4.14.1(aarch64|ppc64le|s390x|x86_64)0:7.2.1_k4.12.14_95.99-4.14.1(aarch64|ppc64le|s390x|x86_64)0:8.24.0-3.58.2(aarch64|ppc64le|s390x|x86_64)0:8.45-8.12.1(s390x|x86_64)0:8.45-8.12.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.31.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.35.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.102.1(s390x)0:4.12.14-95.102.1(aarch64|ppc64le|s390x|x86_64)0:2.36.4-2.102.1(aarch64|ppc64le|s390x|x86_64)0:0.29.0-23.8.1(aarch64|ppc64le|s390x|x86_64)0:2.0.24-9.11.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.332-27.75.2(aarch64|ppc64le|s390x|x86_64)0:3.79-58.75.1(s390x|x86_64)0:3.79-58.75.1(aarch64|ppc64le|s390x|x86_64)0:4.34-19.21.1(s390x|x86_64)0:4.34-19.21.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.57.1(ppc64le|s390x|x86_64)0:1.7.1_sr5.10-38.71.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.10-30.90.1(aarch64|ppc64le|s390x|x86_64)0:10.34-1.10.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.324.6bba9ddab76-3.73.1(s390x|x86_64)0:4.6.16+git.324.6bba9ddab76-3.73.1(aarch64|ppc64le|s390x|x86_64)0:91.12.0-112.124.1(aarch64|ppc64le|s390x|x86_64)0:2.2.31-19.29.1(aarch64|ppc64le|s390x|x86_64)0:7.1.1-3.8.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.320.a2d80a7efef-3.70.1(s390x|x86_64)0:4.6.16+git.320.a2d80a7efef-3.70.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.105.1(s390x)0:4.12.14-95.105.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.38.1(s390x|x86_64)0:7.60.0-4.38.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.345-27.78.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-3.9.1(s390x|x86_64)0:1.2.11-3.9.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-13.19.1(ppc64le|s390x|x86_64)0:1.7.1_sr5.15-38.74.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.11-30.93.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.26.1(aarch64|ppc64le|s390x|x86_64)0:0.6.11-12.6.45(s390x|x86_64)0:0.6.11-12.6.45(aarch64|ppc64le|s390x|x86_64)0:1.8.3-16.6.2(aarch64|ppc64le|s390x|x86_64)0:10.22-4.31.1(aarch64|ppc64le|s390x|x86_64)0:2.36.5-2.107.2(aarch64|ppc64le|s390x|x86_64)0:5.7.3-6.9.1(s390x|x86_64)0:5.7.3-6.9.1(aarch64|ppc64le|s390x|x86_64)0:0.12.1-4.3.1(s390x|x86_64)0:0.12.1-4.3.1(aarch64|ppc64le|s390x|x86_64)0:91.13.0-112.127.4(aarch64|ppc64le|s390x|x86_64)0:5.2.4-9.3.1(aarch64|ppc64le|s390x|x86_64)0:2.36.7-2.110.1(aarch64|ppc64le|s390x|x86_64)0:0.103.7-33.50.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.15-30.96.1(aarch64|ppc64le|s390x|x86_64)0:2.1.3-3.8.1(aarch64|ppc64le|s390x|x86_64)0:14.5-3.14.9(s390x|x86_64)0:14.5-3.14.9(aarch64|ppc64le|s390x|x86_64)0:102.2.0-112.130.1(aarch64|ppc64le|s390x|x86_64)0:102-35.9.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.108.1(s390x)0:4.12.14-95.108.1(aarch64|ppc64le|s390x|x86_64)0:1.0.25-36.26.1(s390x|x86_64)0:1.0.25-36.26.1(aarch64|ppc64le|s390x|x86_64)0:3.39.3-9.23.1(s390x|x86_64)0:3.39.3-9.23.1(aarch64|ppc64le|s390x|x86_64)0:102.3.0-112.133.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.25.1(s390x|x86_64)0:2.1.0-21.25.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.36.8-2.113.1(aarch64|ppc64le|s390x|x86_64)0:9.11.22-3.43.1(s390x|x86_64)0:9.11.22-3.43.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.96.1(aarch64|ppc64le|s390x|x86_64)0:3.5.21-26.38.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-33.14.1(s390x|x86_64)0:2.7.18-33.14.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-33.14.2(s390x|x86_64)0:2.7.18-33.14.2(aarch64|ppc64le|s390x|x86_64)0:0.103.5-33.44.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.111.1(s390x)0:4.12.14-95.111.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.56.1(s390x|x86_64)0:4.0.9-44.56.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-24.3.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.88.1(s390x)0:4.12.14-95.88.1(aarch64|ppc64le|s390x|x86_64)0:0.7.3+177+suse.b16d5dc-2.23.1(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.59.2(s390x|x86_64)0:2.9.4-46.59.2(aarch64|ppc64le|s390x|x86_64)0:2.9.4-46.59.3(aarch64|ppc64le|s390x|x86_64)0:5.13-5.31.1(aarch64|ppc64le|s390x|x86_64)0:102.4.0-112.136.3(aarch64|ppc64le|s390x|x86_64)0:1.2-167.10.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-1.21.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.43.1(s390x|x86_64)0:7.60.0-4.43.1(aarch64|ppc64le|s390x|x86_64)0:1.0.1-17.24.1(s390x|x86_64)0:1.0.1-17.24.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-4.18.2(aarch64|ppc64le|s390x|x86_64)0:1.8.22-29.24.1(s390x|x86_64)0:1.8.22-29.24.1(aarch64|ppc64le|s390x|x86_64)0:4.9-3.13.1(s390x|x86_64)0:4.9-3.13.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.34.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.28.1(s390x|x86_64)0:2.1.0-21.28.1(aarch64|ppc64le|s390x|x86_64)0:2.22-114.22.1(s390x|x86_64)0:2.22-114.22.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-8.26.1(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.33.1(aarch64|ppc64le|s390x|x86_64)0:102.5.0-112.139.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.59.1(s390x|x86_64)0:4.0.9-44.59.1(aarch64|ppc64le|s390x|x86_64)0:0.34.0-8.3.1(s390x|x86_64)0:0.34.0-8.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.102.2(aarch64|ppc64le|s390x|x86_64)0:0.23-12.18.1(aarch64|ppc64le|s390x|x86_64)0:1.35.0-4.3.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-33.17.1(s390x|x86_64)0:2.7.18-33.17.1(aarch64|ppc64le|s390x|x86_64)0:2.39-9.50.1(aarch64|ppc64le|s390x|x86_64)0:2.38.2-2.120.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.20-30.99.1(aarch64|ppc64le|s390x|x86_64)0:2.02-153.1(ppc64le)0:2.02-153.1(s390x)0:2.02-153.1(aarch64|ppc64le|s390x|x86_64)0:24.3-25.9.1(aarch64|ppc64le|s390x|x86_64)0:1.12.5-40.43.1(s390x|x86_64)0:1.12.5-40.43.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.352-27.81.1(aarch64|ppc64le|s390x|x86_64)0:2.22-114.19.1(s390x|x86_64)0:2.22-114.19.1(aarch64|ppc64le|s390x|x86_64)0:102.6.0-112.142.1(aarch64|ppc64le|s390x|x86_64)0:4.0.12-4.21.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.39.1(ppc64le|s390x|x86_64)0:1.7.1_sr5.15-38.77.1(ppc64le|s390x|x86_64)0:1.8.0_sr7.20-30.102.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.114.1(s390x)0:4.12.14-95.114.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0814-17.9.1(aarch64|ppc64le|s390x|x86_64)0:0.5.0-12.9.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.15.1(s390x|x86_64)0:2.1.0-21.15.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.45.1(s390x|x86_64)0:4.0.9-44.45.1(aarch64|ppc64le|s390x|x86_64)0:4.9.2-14.20.1(aarch64|ppc64le|s390x|x86_64)0:91.6.0-112.89.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.83.1(aarch64|ppc64le|s390x|x86_64)0:2.34.5-2.85.3(aarch64|ppc64le|s390x|x86_64)0:2.1.26-14.5.1(s390x|x86_64)0:2.1.26-14.5.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.18.1(s390x|x86_64)0:2.1.0-21.18.1(aarch64|ppc64le|s390x|x86_64)0:5.0.5-6.19.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.93.1(s390x)0:4.12.14-95.93.1(aarch64|ppc64le|s390x|x86_64)0:91.6.1-112.92.1(aarch64|ppc64le|s390x|x86_64)0:10.2.43-3.47.1(aarch64|ppc64le|s390x|x86_64)0:5.3.1-14.5.1(aarch64|ppc64le|s390x|x86_64)0:2.34.6-2.88.1(aarch64|ppc64le|s390x|x86_64)0:0.99.beta18-14.6.1(aarch64|ppc64le|s390x|x86_64)0:91.7.0-112.95.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-21.22.1(s390x|x86_64)0:2.1.0-21.22.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.48.1(s390x|x86_64)0:1.0.2p-3.48.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.61.1(s390x|x86_64)0:1.1.1d-2.61.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.322-27.72.2(aarch64|ppc64le|s390x|x86_64)0:9.11.22-3.40.1(s390x|x86_64)0:9.11.22-3.40.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.88.1(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.36.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.63.2(aarch64|ppc64le|s390x|x86_64)0:102.7.0-112.145.1(aarch64|ppc64le|s390x|x86_64)0:3.79.3-58.91.1(s390x|x86_64)0:3.79.3-58.91.1(aarch64|ppc64le|s390x|x86_64)0:3.0.15-2.23.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.384.9fec958bed-3.76.1(s390x|x86_64)0:4.6.16+git.384.9fec958bed-3.76.1(aarch64|ppc64le|x86_64)0:17.11.7-5.14.1(aarch64|ppc64le|s390x|x86_64)0:3.5.11-6.7.1(s390x|x86_64)0:3.5.11-6.7.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.36.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.48.1(aarch64|ppc64le|s390x|x86_64)0:2.38.5-2.131.4(aarch64|ppc64le|s390x|x86_64)0:1.8.20p2-3.39.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.69.1(s390x|x86_64)0:1.0.2p-3.69.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.78.1(s390x|x86_64)0:1.1.1d-2.78.1(aarch64|ppc64le|s390x|x86_64)0:228-150.108.2(s390x|x86_64)0:228-150.108.2(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.81.1(s390x|x86_64)0:1.1.1d-2.81.1(aarch64|ppc64le|s390x|x86_64)0:9.52-23.51.1(aarch64|ppc64le|s390x|x86_64)0:102.10.0-112.156.1(aarch64|ppc64le|s390x|x86_64)0:1.4.5-8.3.1(s390x|x86_64)0:1.4.5-8.3.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.0-30.105.1(aarch64|ppc64le|s390x|x86_64)0:2.6.4-6.14.2(aarch64|ppc64le|s390x|x86_64)0:2.6.4-6.14.3(aarch64|ppc64le|s390x|x86_64)0:2.6.4-6.16.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.94.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-7.9.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.72.1(s390x|x86_64)0:1.0.2p-3.72.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-44.65.1(s390x|x86_64)0:4.0.9-44.65.1(aarch64|ppc64le|s390x|x86_64)0:1.16.1-4.43.1(s390x)0:1.16.1-4.43.1(s390x|x86_64)0:1.16.1-4.43.1(aarch64|ppc64le|s390x|x86_64)0:2.38.6-2.136.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.69.1(aarch64|ppc64le|s390x|x86_64)0:4.2.1-27.22.1(aarch64|ppc64le|s390x|x86_64)0:9.0.1234-17.12.1(aarch64|ppc64le|s390x|x86_64)0:102.11.0-112.159.1(aarch64|ppc64le|s390x|x86_64)0:1.5.0-1.24.4(aarch64|ppc64le|s390x|x86_64)0:15.3-3.9.1(s390x|x86_64)0:15.3-3.9.1(aarch64|ppc64le|s390x|x86_64)0:7.60.0-4.56.1(s390x|x86_64)0:7.60.0-4.56.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.125.1(s390x)0:4.12.14-95.125.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.372-27.87.1(aarch64|ppc64le|s390x|x86_64)0:5.8-8.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.84.1(s390x|x86_64)0:1.1.1d-2.84.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.75.1(s390x|x86_64)0:1.0.2p-3.75.1(aarch64|ppc64le|s390x|x86_64)0:1.7.5-20.39.1(s390x|x86_64)0:1.7.5-20.39.1(aarch64|ppc64le|s390x|x86_64)0:2.8.10-4.33.1(aarch64|ppc64le|s390x|x86_64)0:102.12.0-112.162.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.5-30.108.1(aarch64|ppc64le|s390x|x86_64)0:1.9.1-9.12.1(aarch64|ppc64le|s390x|x86_64)0:1.6.2-12.30.1(s390x|x86_64)0:1.6.2-12.30.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.128.1(s390x)0:4.12.14-95.128.1(aarch64|ppc64le|s390x|x86_64)0:0.4.3-4.10.1(s390x|x86_64)0:0.4.3-4.10.1(aarch64|ppc64le|s390x|x86_64)0:5.13-5.39.1(aarch64|ppc64le|s390x|x86_64)0:2.38.6-2.139.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.89.1(s390x|x86_64)0:1.1.1d-2.89.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.78.1(s390x|x86_64)0:1.0.2p-3.78.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-33.20.2(s390x|x86_64)0:2.7.18-33.20.2(aarch64|ppc64le|s390x|x86_64)0:3.39.3-9.26.1(s390x|x86_64)0:3.39.3-9.26.1(aarch64|ppc64le|s390x|x86_64)0:9.11.22-3.46.4(s390x|x86_64)0:9.11.22-3.46.4(aarch64|ppc64le|s390x|x86_64)0:14.337.5-3.3.1(aarch64|ppc64le|s390x|x86_64)0:5.6.2-6.33.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.42.1(aarch64|ppc64le|s390x|x86_64)0:9.52-23.54.1(aarch64|ppc64le|s390x|x86_64)0:115.0-112.165.1(aarch64|ppc64le|s390x|x86_64)0:115-35.12.2(ppc64le|s390x|x86_64)0:1.8.0_sr8.6-30.111.1(aarch64|ppc64le|s390x|x86_64)0:5.18.2-12.26.1(s390x|x86_64)0:5.18.2-12.26.1(aarch64|ppc64le|s390x|x86_64)0:4.6.16+git.393.97432483687-3.81.1(s390x|x86_64)0:4.6.16+git.393.97432483687-3.81.1(aarch64|ppc64le|s390x|x86_64)0:115.0.2-112.170.2(aarch64|ppc64le|s390x|x86_64)0:0.6.1-7.5.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-3.64.1(s390x|x86_64)0:1.0.2p-3.64.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-2.75.1(s390x|x86_64)0:1.1.1d-2.75.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-24.6.1(aarch64|ppc64le|s390x|x86_64)0:10.2.44-3.53.1(aarch64|ppc64le|s390x|x86_64)0:2.8.0-7.6.1(aarch64|ppc64le|s390x|x86_64)0:5.3.1-14.7.3(aarch64|ppc64le|s390x|x86_64)0:1.5.3-8.7.1(aarch64|ppc64le|s390x|x86_64)0:0.9.0~git.1456906198.f422461-21.30.2(aarch64|ppc64le|s390x|x86_64)0:2.28.1-6.5.23(s390x|x86_64)0:2.28.1-6.5.23(aarch64|ppc64le|s390x|x86_64)0:1.2.37-8.6.21(aarch64|ppc64le|s390x|x86_64)0:1.7.5-20.46.1(s390x|x86_64)0:1.7.5-20.46.1(aarch64|ppc64le|s390x|x86_64)0:15.2-3.6.1(s390x|x86_64)0:15.2-3.6.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.117.1(s390x)0:4.12.14-95.117.1(aarch64|ppc64le|s390x|x86_64)0:6.8.8.1-71.183.1(aarch64|ppc64le|s390x|x86_64)0:2.26.2-27.66.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.362-27.84.1(aarch64|ppc64le|s390x|x86_64)0:0.103.8-33.53.1(aarch64|ppc64le|s390x|x86_64)0:102.8.0-112.150.1(aarch64|ppc64le|s390x|x86_64)0:3.79.4-58.94.1(s390x|x86_64)0:3.79.4-58.94.1(aarch64|ppc64le|s390x|x86_64)0:0.43.0-16.22.1(aarch64|ppc64le|s390x|x86_64)0:1.1.28-17.15.1(s390x|x86_64)0:1.1.28-17.15.1(aarch64|ppc64le|s390x|x86_64)0:308-5.9.1(aarch64|ppc64le|s390x|x86_64)0:2.15-6.3.1(aarch64|ppc64le|s390x|x86_64)0:24.3-25.12.1(aarch64|ppc64le|s390x|x86_64)0:2.38.3-2.123.1(aarch64|ppc64le|s390x|x86_64)0:1.19.6-4.45.1(aarch64|ppc64le|s390x|x86_64)0:3.4.10-25.108.1(aarch64|ppc64le|s390x|x86_64)0:9.0.1386-17.15.4(aarch64|ppc64le|s390x|x86_64)0:102.9.0-112.153.1(aarch64|ppc64le|s390x|x86_64)0:2.4.23-29.97.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-95.120.4(s390x)0:4.12.14-95.120.4(aarch64|ppc64le|s390x|x86_64)0:2.0.8_k4.12.14_95.117-4.11.1(aarch64|ppc64le|s390x|x86_64)0:2.02-158.1(ppc64le)0:2.02-158.1(s390x)0:2.02-158.1